Immutable backups are not some sort of technology voodoo. The idea of data permanence has been around for as long as humans have desired to indefinitely retain information. Think of the cave paintings at Lascaux. It’s just a matter of format.

Today, the most valuable kind of information takes on a much more ethereal nature. Digital data is the life blood of business, government, and our everyday virtual lives. In this context, an immutable backup is simply stored digital data that, once saved, is fixed and unchangeable—and cannot be changed, overwritten, or deleted.

What is an immutable backup?

An immutable backup is a backup file that can’t be altered in any way. An immutable backup should be unchangeable and able to deploy to production servers immediately in case of ransomware attacks or other data loss.

Immutable and Mutable backup

Why are Immutable Backups Critical?

One of the most pressing risks facing every organization is the threat of a ransomware attack. Ransomware can strike any Internet-accessible device without warning and then quickly spread throughout your entire infrastructure. An attack can disable business operations and cost significant time and real money to resolve. In addition, the pervasive use of network share techniques throughout enterprise computing elevates the risk of spreading malware once any system connected to your network is breached.

Conventional data backups may not be effective for restoring data that has been encrypted by an attack, because your backup may also be encrypted or deleted by an attack. In fact, ransomware attacks that specifically target backups are on the rise. How do you ensure that your backup data is not vulnerable?  

While primary storage systems must be open and available to client systems, your backup data should be isolated and immutable. It’s the only way to ensure recovery when production systems are compromised. An immutable backup is immune to subsequent ransomware infections.

Data protection goes well beyond simple file permissions, folder ACLs, or storage protocols. Because these protocols are not completely secure and can be circumvented, immutability must be integral to your backup architecture and not be bolted on after the fact.

A built-in immutable backup helps ensure recovery from ransomware attacks by ensuring you always have a clean backup. Maintaining immutable backups means you will be able to recover data after a ransomware infection and avoid paying a ransom.

In addition to protecting against malicious data corruption, having an immutable backup helps you conform with regulatory data-compliance requirements—ensuring that accurate copies of data are retained.


Rubrik’s Immutability Approach

Rubrik uses an architecture that combines an immutable filesystem with a zero-trust cluster design in which operations can only be performed through authenticated APIs.

Rubrik’s approach contrasts with other data management systems that use general purpose storage. Those systems rely on standard protocols such as NFS or SMB to advertise availability to clients.  

Because data management solutions that use general purpose storage can employ limited or ineffective techniques for securely transacting data, they can leave files in their native format while allowing clients to read the backup data directly. This represents a breach of confidentiality that forces you to secure data storage independently from your data management solution. Not so with Rubrik.

Learn more about how Rubrik protects your data against ransomware attacks with immutable data backup.