The Cloud Backup and Recovery Service (CBR) has been extended by the functionality of “Backup Locking” in the EU-NL & EU-DE region. It is available for all 3 backup types (ECS, EVS & SFS). The activation of “Backup Locking” means that administrators are not allowed to delete backups manually from the vaults. The stored backups can only be removed via the assigned policy of the vault. However, manually created individual backups can still be deleted.
This function is practical as it prevents administrators from accidentally or deliberately removing backups from the systems. Especially in the case of ransomware attacks, backups are deleted first to prevent the attacked system from being restored. By using backup locking, the protection of backups can be increased so that compromised user accounts (administrator accounts) cannot delete the backups.
Important information: The backup policy could be an attack-gateway. We therefore recommend monitoring whether the policy is being hijacked, changed or deleted. This is done via the CTS key event notifications functionality. In the corresponding community blog, we explain how to configure backup locking and how to set the CTS key event notifications.
If you have any questions, please feel free to ask them in the corresponding OTC Community Blog article.