How Secure is Cloud Connect?

VMware specific discussions

How Secure is Cloud Connect?

Veeam Logoby J1mbo » Wed May 17, 2017 11:27 am

Obvious a hot topic this week!

Veeam backups are online, should the Veeam server be compromised it would be technically possible for the backups to be deleted.

OK so replicas are stored on remote VMFS volumes, however the Veeam servers of course have access so *conceivably* could also be damaged.

Now we turn to Cloud Connect backup copies. Here is the key question: Can data from a cloud connect repository except by the repository itself? i.e. if there is a retention period of 14 days, is it only the repository itself that can purge data according to that schedule? And what if the schedule is changed?
J1mbo
Expert
 
Posts: 261
Liked: 29 times
Joined: Tue May 03, 2011 12:51 pm
Full Name: James Pearce

Re: How Secure is Cloud Connect?

Veeam Logoby dellock6 » Wed May 17, 2017 11:39 am

Hi James,
your concerns are correct. If you get access to the tenant Veeam server and you either ask for deleting the backup files from disk, or you lower the retention, restore points stored at the service providers are deleted, since the VBR server at the provider receives a valid request from an authenticated users. What VCC right now protects you from is an attacker trying to delete backups via the network (like an smb share or attacking the repository server operating system), but not if the attacker gets access to the Veeam server. That's why we recommend customers to heavily protect the Veeam server, as it's the only place where the VCC credentials are stored.

There are some discussions both in the service provider forums and internally about additional protection technologies we may put in place in the next versions to allow service providers to offer even better protection, stay tuned ;)
Luca Dell'Oca
EMEA Cloud Architect @ Veeam Software

@dellock6
http://www.virtualtothecore.com
vExpert 2011-2012-2013-2014-2015-2016
Veeam VMCE #1
dellock6
Veeam Software
 
Posts: 5047
Liked: 1330 times
Joined: Sun Jul 26, 2009 3:39 pm
Location: Varese, Italy
Full Name: Luca Dell'Oca

Re: How Secure is Cloud Connect?

Veeam Logoby J1mbo » Wed May 17, 2017 12:40 pm

Thanks.

It strikes me it is quite simple to solve, the remote end needs to not be able to delete anything on instruction from an external end point prior to the ageing period set when the object was initially sent.

Simple for me to say of course :)
J1mbo
Expert
 
Posts: 261
Liked: 29 times
Joined: Tue May 03, 2011 12:51 pm
Full Name: James Pearce

Re: How Secure is Cloud Connect?

Veeam Logoby dellock6 » Wed May 17, 2017 4:31 pm

This concept of "mandatory minimum retention" is one of the possibilities we are discussing about, so thanks for confirming that it could be a viable approach.
And yes, coding a feature is a bit more difficult than talking about it, as our developers keeps telling me too ;)
Luca Dell'Oca
EMEA Cloud Architect @ Veeam Software

@dellock6
http://www.virtualtothecore.com
vExpert 2011-2012-2013-2014-2015-2016
Veeam VMCE #1
dellock6
Veeam Software
 
Posts: 5047
Liked: 1330 times
Joined: Sun Jul 26, 2009 3:39 pm
Location: Varese, Italy
Full Name: Luca Dell'Oca

Re: How Secure is Cloud Connect?

Veeam Logoby J1mbo » Tue Jul 11, 2017 6:00 am

@dellock6 - just checking in on this, whether any decision had been made as to the strategy and any possible release date.
J1mbo
Expert
 
Posts: 261
Liked: 29 times
Joined: Tue May 03, 2011 12:51 pm
Full Name: James Pearce

Re: How Secure is Cloud Connect?

Veeam Logoby v.Eremin » Tue Jul 11, 2017 12:50 pm

The discussions are still going on. We cannot provide any ETA at the moment.
v.Eremin
Veeam Software
 
Posts: 13255
Liked: 968 times
Joined: Fri Oct 26, 2012 3:28 pm
Full Name: Vladimir Eremin


Return to VMware vSphere



Who is online

Users browsing this forum: No registered users and 17 guests