Following the excelent Gostev's post this week about Ransomware as a service
At the end of this post there is a proposed solution to this threat: air-gapped backups.But what if the problem is not in remote vs local access to backups? What if the problem is in trust we put in one person?
How about putting more (different) people in the scheme.
The temptation of money in Ransomware as a service scheme, and hence morally failing IT administrator, can be mitigated by putting the responsibility for backups onto more people:
Primary backups administered by one person, but secondary (or every second backup) administered by different entity (outsourced / Veeam partner / etc.). This way there has to be too many different people involved in troubles, not just one person from IT department with bad day.
For some environments backing up 10's of TB's daily this would be much more practical solution than air-gapped backups. What do you think?
Don't hesitate to share your proposals too.