On September 11, 2023, Google Cloud introduced a new security feature called Backup and DR (Disaster Recovery) Vaults, designed to enhance data protection against ransomware and other cyber threats. These “air-gapped” vaults offer a more secure method for storing backups by isolating them from regular systems, minimizing the risk of unauthorized access and data manipulation during an attack.
The concept of an air-gapped vault involves keeping critical data backups in a physically or logically separated storage system, effectively disconnected from the main network. This isolation ensures that even if ransomware infects the main systems, the backup vaults remain untouched, providing a secure fallback for organizations.
Key Features of Google’s Backup and DR Vaults
- Air-Gapped Protection: The vaults are either physically or logically isolated, providing an extra layer of defense by restricting access to backups.
- Immutable Snapshots: Backups stored in these vaults are immutable, meaning they cannot be altered or deleted once stored, ensuring data integrity.
- Automated Data Management: Integration with Google’s Backup and DR service allows for automated backup scheduling, efficient recovery processes, and compliance with data retention policies.
- User-Controlled Access: The vaults require strict access control and multi-factor authentication, further securing sensitive backups from unauthorized use.
Why it Matters
Ransomware attacks have increasingly targeted organizations by locking access to critical data and demanding payment for release. By using air-gapped vaults, Google aims to ensure that even in the event of a ransomware infection, businesses can recover from recent backups without having to pay ransom or deal with significant downtime.
This development addresses the growing concern among enterprises about safeguarding data amid the surge in ransomware and malware incidents. The vaults are a proactive step in enabling companies to create more resilient disaster recovery plans and data protection strategies, reducing risks posed by evolving cyber threats.
With Google Cloud’s latest feature, businesses can more confidently implement comprehensive backup solutions that prioritize data security and business continuity.
Flexible Recovery Options
The new backup system offers enhanced flexibility in recovery scenarios. Vaulted backups are self-contained and can be used for recovery even if the original resource is no longer available.
Furthermore, backup vaults can be created in a different project from the source, ensuring that backups remain accessible even if the source project is compromised or deleted.
Google has also introduced a centralized backup management experience, making data protection more straightforward for users. This fully managed solution allows for easy setup of backup plans and protection of Compute Engine VMs.
The process has been streamlined to three simple steps: creating a backup vault, defining a backup plan, and initiating VM protection.
The new features integrate seamlessly with existing VM management tools, supporting automation through gcloud CLI, APIs, and Terraform. This integration allows organizations to incorporate backup processes into their broader infrastructure management strategies.
These new features are currently available in preview in supported regions, with general availability expected in the coming months. The backup vault feature supports protection for Compute Engine VMs, VMware Engine VMs, Oracle databases, and SQL Server databases.
By introducing these air-gapped backup vaults and simplified management tools, Google Cloud is providing its customers with a powerful defense against ransomware and other cyber threats, ensuring critical data remains secure and recoverable in an increasingly hostile digital landscape.