IBM Spectrum Virtualize Safeguarded Copy
Several months ago I was asked by a local organization here if I could recover files from a system that had been encrypted by a ransomware attack. After looking at the hard drive in the system and doing some research, I told the organization that I could not. It did not have a backup of the files, at least not a recent one. The most critical data loss for this organization was financial records. It took a few months and a lot of work to recover most of the missing records. Had the organization done something as simple as periodically plug in a USB drive, run a backup and then remove the drive, that would have saved them a lot of work. The USB drive is somewhat of an immutable copy of the data, at least as long as it is not plugged into the computer while the computer is still infected. However, a USB-attached drive doesn't really scale well at the enterprise level, and it is not a true immutable copy, since if it is plugged back into a computer that is infected, it will be encrypted also.
The answer for cyber attacks and other problems is IBM Safeguarded Copy. Safeguarded Copy creates a copy of the production data that cannot be accessed directly by a host. The copy is immutable - hosts or applications can't read from or write to the copy once it is created. This prevents ransomware from attacking past copies of data.
Here are some uses cases for Safeguarded Copy, in addition to creating immutable copies of the data:
- Data Validation - regularly test the copy to ensure it is good data without affecting the production data
- Data extraction - extract only the data that is needed from the copy to restore back to production rather than restoring an entire volume
- Offline backup - back up the copy to tape or other medium to create a greater retention period or meet any regulatory requirements.
- Catastrophe - restore an entire environment if the Safeguarded copy is the only option
- The administrator can create Safeguarded Copies and Policies but cannot delete existing copies or damage them
- The superuser can remove copies or the backup location (a pool) but this account can be disabled for security. It can be re-enabled by IBM Remote Support
- The Security Administrator can managed users, security and remove a Safeguarded Copy or a pool