With a Veeam VTL implementation, one assumes we could get similar protections that tape provides, with the benefit of still storing on physical hard drives.
This is basically what I'm trying to accomplish now with Amazon Storage Gateway VTL, however, that requires that all the data eventually be uploaded to Amazon (with all its associated costs).
Thinking back to Gostev's latest "The Word From Gostev:"
Maybe something like a Veeam VTL is what Gostev is alluding to, but virtual air-gapped (yes, I know, a virtual air-gap is not an air-gap) tapes would work brilliantly in an all physical hard drive environment that needs ransomware protection. Maybe the solution literally disables the NIC on the destination until the scheduled time of the next run, etc... who knows what the minds at Veeam will come up with.Apparently, [another Veeam client's] Board became so concerned with all those recent high-profile ransomware cases that they decided they could live with slower backups for now – and instead prioritized introducing air-gapped backups into their otherwise solely online disk-based backup strategy. For which they of course decided to use tape, but in a very unusual manner that I've never encountered before! Since they have plenty of backup storage capacity already, they decided to maintain copies of only the most recent backups on tape - namely last 7 days – with literally the only goal being protection of their latest backups from ransomware, cyberattacks and insider threat. So no spending millions on huge fancy robots or years of retention worth of tape media – just a single modern library coupled with the process of physically removing daily media set and storing tapes in a safe, rotating every 7 days.
In my mind, I quietly applauded to this cheap and elegant solution of blending tape right into their existing backup strategy – which is to remain largely the same, but now augmented with air-gapped copies of their latest backups. It really is brilliant, and this is also a truly universal approach - something any IT shop out there can afford implementing! Also, that explicit focus on only the latest backups was especially appealing to me, because these are exactly the backups you want that extra level of 100% bulletproof protection for. No spoilers – but we're actually working on something along the same lines that will not even require tape and is arguably better anyway - but unlike tape, it will not be suitable for everyone. Sorry for leaving you wondering, but I can promise you will be the first to hear details here once we're ready to disclose this new technology later this year.
Just thinking out loud as I get more and more anxious every day for the eventual ransomware attack at my company. In my mind, it's not IF, but WHEN (regardless of how safe I think we are with our NGFW's and sandboxing, etc etc etc).
Thank you!
~Bill
