To help protect against evolving digital threats like ransomware and malicious deletions, last year, we introduced backup vault in the Google Cloud Backup and DR service, with support for Compute Engine VM backups. This provided immutable and indelible backup capabilities for mission-critical VMs, for both VM metadata and all their attached disks.
Today, we’re announcing two enhancements to backup vaults that can help you protect more types of workloads, better:
-
Backup vaults now support standalone Persistent Disk (PD) and Hyperdisk backups. Now in preview, it enables the direct backup of data on individual disks, providing a granular alternative to backing up the entire virtual machine.
-
Backup vaults can now be created in multi-region locations. Now generally available it supports regional data resilience and helping to meet business continuity requirements.
Immutability and indelibility
Traditional backups have a well-known vulnerability. If a malicious actor gains access to your environment, if they attempt to delete or corrupt the backup, preventing recovery and thus causing business loss, there is nothing preventing this from happening. This is where backup vaults fundamentally change the game.
A backup vault provides a secure, isolated storage environment in Google-managed projects that helps ensure your backups are immutable (secured against data modification) and indelible (secured against data deletion), providing protection against cyber attacks such as ransomware. When creating a backup vault, you can specify that vaulted backups must be secured against modification and deletion — even by a backup administrator who would traditionally have the ability to expire backups — until the specified minimum enforced retention timeframe has elapsed.
Once a backup is stored in a vault, it’s logically air-gapped from your Google Cloud project, and cannot be changed during its user-defined enforced retention period. This means:
-
No deletion: The backup can’t be accidentally or deliberately deleted before its enforced retention period expires.
-
No alteration: The backup data cannot be changed, and remains exactly as it was when it was created.
This gives you the confidence that your crucial recovery points have not been modified, so they are available when you need them.
Source Credit: https://cloud.google.com/blog/products/storage-data-transfer/backup-vaults-add-support-for-disk-backup-and-multi-region/
