What Is an Immutable Backup?

An immutable backup is a backup copy of your data that cannot be altered, deleted, or changed in any way—even by system administrators or the users, applications, or systems that created the data. It’s especially useful when you need to recover data that has been lost or damaged by an attack or natural disaster. 

Making an immutable copy of your data is wise, but the other piece of that wisdom comes from ensuring that the immutable backup is kept secure from disasters or attacks and that it is quickly recoverable when it’s needed.

Air-gapped vs. Immutable Backup—What’s the Difference?

Air-gapping is the practice of disconnecting a server or other storage medium from your network. That means the storage medium is completely offline and protected from malware, viruses, or ransomware that can spread across your connected systems. 

Air-gapped data or applications are not quite the same as an immutable backup, but they both serve a similar purpose and have a similar goal. Both are ways of protecting data from being tampered with. Air-gapping a storage medium such as a server can give the data stored on it a form of immutability because no one can log into the system through the network and modify that information. However, that data is not truly immutable because even though it’s not connected to the network, there’s nothing stopping an administrator or a malicious actor inside the company from signing on to the server and deleting, encrypting, or corrupting the stored data in that way. 

While air-gapping prevents anyone from remotely accessing the stored data, immutability “locks down” your data more thoroughly so no one can modify or delete it, regardless of where it’s stored and who can access it.

How Immutable Backups Work

When you create an immutable backup, you effectively put an “object lock” on your data. That lock keeps anyone from accidentally or purposely altering or deleting the data for a specific amount of time, typically designated by the user who creates the backup. While immutable, the data is considered WORM-protected. WORM stands for “write once, read many” and means that once the data has been saved, it can be accessed any number of times but cannot under any circumstances be written over. 

When the time period has lapsed, the object lock will be released and the backup is no longer immutable. While it’s possible to make a backup immutable for an indefinite period of time, it’s not very common because every organization’s data changes over time and the immutable backup could become seriously out-of-date over time.

Why Use Immutable Backups?

Currently, immutability is one of the highest levels of backup protection an organization can have. Immutable backups can’t be altered, encrypted, or deleted by anyone during the user-determined time period. 

One of the reasons organizations are increasingly turning to immutable backups is because of the also-increasing frequency of ransomware attacks. In a ransomware attack, an organization’s data or systems are encrypted by an attacker and a ransom is demanded before the organization can regain control of its data. Savvy attackers know how to corrupt, encrypt, or delete data backups, too, to make a company even more likely to pay a ransom for its hijacked data. However, if the backup data can’t be encrypted, the ransomware attack is much less threatening. While no defense, not even immutability, is 100% effective, it can head off most ransomware attacks, as well as malware, viruses, and other attacks. 

If you do lose your data in an attack or it gets corrupted or lost during a natural disaster, having an immutable backup makes it easy and fast to get your systems up and running again. 

Immutable backups can also be a real benefit when it comes to regulations that stipulate that you must have several copies of your data. Staying compliant with these regulations can save organizations a lot in terms of avoiding penalty fees and a hit to their reputation if their noncompliance becomes public news.

How Immutable Backups Fit into a 3-2-1-1 Backup Strategy

When it came to backup strategies, IT departments used to employ the 3-2-1 rule, which dictated that they should have three (3) copies of their data stored on two (2) different mediums, such as hard drives and the cloud, with at least one (1) of those copies being stored off-site (in the cloud or in a physical data center geographically distant from headquarters). 

Today, however, with the rising prevalence of ransomware and other advanced attacks, the 3-2-1 rule has become the 3-2-1-1 rule. This refers to the need for three copies of data stored on two different mediums with one of those copies being stored off-site and one copy being an immutable or air-gapped backup.

Benefits of Immutable Backups

• Make it harder to lose data due to equipment malfunction or human error
• Protect against ransomware, malware, viruses, etc.
• Recover files more quickly and with confidence after an attack or natural disaster
• Gain peace of mind with better prevention of threats from internal or external bad actors
• Protect against unauthorized changes to data
• Retain data for legal or compliance purposes
• Supply a chain of custody
• Secure digital evidence

Disadvantages of Immutable Backups

No security practice is completely foolproof, and that also applies to immutable backups. While immutability comes with many benefits, there are also some potential drawbacks:

• You might end up storing undeletable data for longer than you want, and that can get expensive if it’s a lot of data.
• Immutability doesn’t protect against physical damage to your storage mediums, such as hard drives or tape, which can get damaged or lost. Also, testing and updating immutable backups on hard drives or tape requires IT to be on-site with the storage medium. Without frequent testing, IT may discover that the medium has been corrupted when they go to recover their immutable data. 
• Immutable backups could be vulnerable to advanced ransomware that uses sleeper attacks or trojan horses.

How to Keep Immutable Backups Secure

While immutable backups can play a critical role in your security strategy, they should be combined with other defenses and not relied on as your only security solution. A smart approach to backup and data recovery should include at least some of the following: 

• Backup encryption
• Backup verification through regular testing and updates
• Role-based access control to restrict unauthorized access
• A zero-trust model that imposes stringent identify verification on users
• Multifactor authentication 
• Multilevel resiliency
• Automated alerts and mitigation measures when an attack or threat is detected

Immutable Backup FAQs

Can immutable backups be stored in the cloud? 

Yes! In fact, storing immutable backups in the cloud is becoming the most common option for many organizations. 

Immutable backups in the cloud are as effective as immutable backups stored on premises. The difference is in the scalability, performance, and up-front costs. For most organizations, however, cloud-based immutable backups are better suited for archiving and long-term retention. 

How long should backups be immutable?

It’s really up to you and your organization’s needs. Many organizations, especially those in highly regulated industries such as healthcare and financial services, are required to retain data for years. You can set the time period to be indefinite, but as mentioned previously, unless the backup is for archived data, its relevance will decrease over time as your production data changes. 

How often should immutable backups be updated?

Again, this is up to you. There’s really no set limit or expected frequency. The point of having a backup is to restore data quickly and efficiently if your system is attacked or corrupted, so it’s important to keep a backup that reflects your latest production data. For some organizations, that can change every day at the very least. You need to decide how current that backup data should be and what your organization can afford to lose if a data breach or data loss occurs. Is losing a day of data acceptable? How about a week or several weeks? 

In addition to being updated, your immutable backups should be tested periodically to make sure they’re still good. Equipment can malfunction and hard drives (or other storage mediums) can be lost. Test your backups frequently enough that you’re able to have confidence that your critical data will be available and current enough when you need it. 

Are immutable backups safe?

While no defense can prevent every attack every time, immutable backups are a powerful defense against accidental and malicious data modification, encryption, corruption, and deletion. They also represent strong protection against malware, ransomware, viruses, and other attacks or data mishaps. Combined with other security and data protection tools and protocols, immutable backups should be a critical element of every organization’s security strategy.