Discussions specific to the VMware vSphere hypervisor
Post Reply
J1mbo
Expert
Posts: 261
Liked: 29 times
Joined: May 03, 2011 12:51 pm
Full Name: James Pearce
Contact:

How Secure is Cloud Connect?

Post by J1mbo » May 17, 2017 11:27 am

Obvious a hot topic this week!

Veeam backups are online, should the Veeam server be compromised it would be technically possible for the backups to be deleted.

OK so replicas are stored on remote VMFS volumes, however the Veeam servers of course have access so *conceivably* could also be damaged.

Now we turn to Cloud Connect backup copies. Here is the key question: Can data from a cloud connect repository except by the repository itself? i.e. if there is a retention period of 14 days, is it only the repository itself that can purge data according to that schedule? And what if the schedule is changed?

dellock6
Veeam Software
Posts: 5718
Liked: 1611 times
Joined: Jul 26, 2009 3:39 pm
Full Name: Luca Dell'Oca
Location: Varese, Italy
Contact:

Re: How Secure is Cloud Connect?

Post by dellock6 » May 17, 2017 11:39 am

Hi James,
your concerns are correct. If you get access to the tenant Veeam server and you either ask for deleting the backup files from disk, or you lower the retention, restore points stored at the service providers are deleted, since the VBR server at the provider receives a valid request from an authenticated users. What VCC right now protects you from is an attacker trying to delete backups via the network (like an smb share or attacking the repository server operating system), but not if the attacker gets access to the Veeam server. That's why we recommend customers to heavily protect the Veeam server, as it's the only place where the VCC credentials are stored.

There are some discussions both in the service provider forums and internally about additional protection technologies we may put in place in the next versions to allow service providers to offer even better protection, stay tuned ;)
Luca Dell'Oca
Principal EMEA Cloud Architect @ Veeam Software

@dellock6
https://www.virtualtothecore.com/
vExpert 2011 -> 2019
Veeam VMCE #1

J1mbo
Expert
Posts: 261
Liked: 29 times
Joined: May 03, 2011 12:51 pm
Full Name: James Pearce
Contact:

Re: How Secure is Cloud Connect?

Post by J1mbo » May 17, 2017 12:40 pm

Thanks.

It strikes me it is quite simple to solve, the remote end needs to not be able to delete anything on instruction from an external end point prior to the ageing period set when the object was initially sent.

Simple for me to say of course :)

dellock6
Veeam Software
Posts: 5718
Liked: 1611 times
Joined: Jul 26, 2009 3:39 pm
Full Name: Luca Dell'Oca
Location: Varese, Italy
Contact:

Re: How Secure is Cloud Connect?

Post by dellock6 » May 17, 2017 4:31 pm

This concept of "mandatory minimum retention" is one of the possibilities we are discussing about, so thanks for confirming that it could be a viable approach.
And yes, coding a feature is a bit more difficult than talking about it, as our developers keeps telling me too ;)
Luca Dell'Oca
Principal EMEA Cloud Architect @ Veeam Software

@dellock6
https://www.virtualtothecore.com/
vExpert 2011 -> 2019
Veeam VMCE #1

J1mbo
Expert
Posts: 261
Liked: 29 times
Joined: May 03, 2011 12:51 pm
Full Name: James Pearce
Contact:

Re: How Secure is Cloud Connect?

Post by J1mbo » Jul 11, 2017 6:00 am

@dellock6 - just checking in on this, whether any decision had been made as to the strategy and any possible release date.

veremin
Product Manager
Posts: 16789
Liked: 1411 times
Joined: Oct 26, 2012 3:28 pm
Full Name: Vladimir Eremin
Contact:

Re: How Secure is Cloud Connect?

Post by veremin » Jul 11, 2017 12:50 pm

The discussions are still going on. We cannot provide any ETA at the moment.

Post Reply

Who is online

Users browsing this forum: PetrM and 28 guests