Author: Mykhailenko A.
A basic cybersecurity plan requires a data backup strategy to protect critical information. However, effective data protection goes beyond simply following the 3-2-1 backup rule, as backups themselves need additional security measures. Only then can you achieve a truly fault-tolerant system capable of mitigating all potential data loss scenarios. Veeam has addressed this need by introducing Insider Protection, now available in Veeam Cloud Connect.
What Is Insider Protection
Most companies need simple and effective solutions for backup creation, storage, and recovery. Services like BaaS (Backup as a Service) and DRaaS (Disaster Recovery as a Service) are ideal for this, especially when implemented using Veeam solutions. Cloud service providers offering these services allow clients to securely back up and replicate data in the cloud while minimizing configuration time and ensuring scalability.
A key recommendation in data backup best practices is to store copies in a secure location—a critical factor for ensuring IT infrastructure resilience. But what additional security measures can be taken if backups are already stored in a reliable data center—as is the case with Colobridge, where client data is hosted in two Tier III/Tier III+ certified German data centers? The missing piece in a 360-degree data protection strategy could be Insider Protection. This feature offers an additional security layer for cloud backups, preventing unauthorized deletion or modification, even if an attacker gains access to a Veeam Backup & Replication (VBR) account.
Insider Protection: How It Works
Imagine a cybercriminal gains access to a VBR account, granting them full control, including the ability to delete backups via the client console. Unfortunately, this is a real risk, as such attacks can cause severe damage, potentially disrupting business operations for weeks or even months.
How does Insider Protection prevent this? When a client administrator (or a hacker with admin privileges) deletes backups from the repository, the data is moved to a hidden “Recycle Bin” controlled by the service provider. The client console displays a deletion confirmation, but the backups remain inaccessible to the client or hacker. Only the cloud provider can view and manage the Recycle Bin. The service provider determines the retention period for the Recycle Bin, balancing storage costs with client risk factors.
Unlike standard cloud backups, Recycle Bin files cannot be restored directly by the client. To recover deleted backups, the client must contact the cloud provider, who will securely transfer the data via a protected network channel or a physical storage device. Once the client updates their VBR credentials, they can import the recovered Veeam VBR files and restore data using standard procedures.
While the service provider ensures that deleted backups remain recoverable, the client is responsible for securing the data content within those backups.
The Colobridge team makes every effort and applies best practices to ensure the security of client data, including cloud-stored backups. We also recommend restricting administrative access to the console, enabling two-factor authentication (2FA), and activating auto-logout to prevent unauthorized access to VBR. Contact us for recommendations on building a fault-tolerant IT infrastructure, connecting to BaaS or DRaaS services, and assistance in developing a disaster recovery plan.
