Register for Semperis' Hybrid Identity Protection (HIP) Conference - June 30 - July 1 Register for Semperis' Hybrid Identity Protection (HIP) Conference - June 30 - July 1
Cloud Computing

Azure Backup Protects Against Deliberate Attacks

backup-hero-img

Microsoft’s cloud backup solution, Azure Backup, has added new protections to defend your data against deliberate attacks. This post will explain what this means for you.

Background

A report on the subject of “ransomware” and businesses that was published earlier this year by Symantec makes for very sobering reading. Malware, such as CryptoLocker, that attacks a business by scanning for data on the network, encrypting it, and demanding a bitcoin ransom to decrypt the data, is becoming more common. Ransoms are increasing, and terms such as ransomware-as-a-service have been coined to describe these professional attacks that are orchestrated by criminal organizations. The success of these forms of attacks has inspire other attackers, greedy for a slice of the pie; kits are available to build your own ransomware!

Ransomware attacks were once entirely random, but targeted attacks are become more common. That’s a worry because it implies that an attack will be better planned to defeat defenses. One approach to protecting yourself against a crypto attack is to restore your files from backup. That can be an expensive (human effort and downtime) solution but that might be better than paying an attacker — I have heard stories of a decryption failing and the attackers requiring a second ransom!

What if the attacker also prevented access to your backup? Maybe they deleted your backups? Azure Backup has implemented new security mechanisms to protect your backup data from these deliberate kinds of attacks.

New Azure Backup Security Features

There are 4 features that have been added to protect your backup data:

  • Retention of deleted data: Your data will be retained by the recovery services vault for 14 days after you delete it. This means that even if some ransomware manages to delete your backups, you can still restore your data.
  • Minimum retention range checks: Maybe you need to go further back in time to before the infection. This feature ensures that you can restore from more than just 1 recovery point.
  • Alerts and notifications: You will be alerted in the event of a backup schedule being stopped or backup data being deleted. You’ll know that an attack is underway if no human initiated this action.
  • Multiple layers of security: You can require a PIN to be entered to perform certain actions. For example, if I attempt to stop a scheduled backup and delete all of the data from a MARS agent, I will be prompted to enter the PIN.

Enabling Azure Backup Security Features

If you have an existing Azure recovery services vault, then you can navigate to Properties in the vault to enable the new security features. Note the option where you can configure a PIN for sensitive actions.

 The security settings blade of an Azure recovery services vault [Image Credit: Aidan Finn]

The security settings blade of an Azure recovery services vault [Image Credit: Aidan Finn]
Click Update under Security Settings to open a Security Settings blade. Here you can:

  • Specify if you have enabled multi-factor authentication (MFA) in Azure AD. Your options are Yes, No, and I Will Configure It Later. MFA will introduce two-factor authentication to allow Azure to verify that any instructions really do come from an administrator.
  • Enable the security settings of Azure Backup. Note that you cannot undo this action.

 

The security settings blade of an Azure recovery services vault [Image Credit: Aidan Finn]
The security settings blade of an Azure recovery services vault [Image Credit: Aidan Finn]

Please note that to use these security features, you must have up-to-date on-premises software:

  • The latest version of the MARS agent
  • Azure Backup Server with Upgrade 1

System Center Data Protection Manager (DPM) does not support these features yet.

Related Topics:

BECOME A PETRI MEMBER:

Don't have a login but want to join the conversation? Sign up for a Petri Account

Register
Comments (0)

Leave a Reply

Aidan Finn, Microsoft Most Valuable Professional (MVP), has been working in IT since 1996. He has worked as a consultant and administrator for the likes of Innofactor Norway, Amdahl DMR, Fujitsu, Barclays and Hypo Real Estate Bank International where he dealt with large and complex IT infrastructures and MicroWarehouse Ltd. where he worked with Microsoft partners in the small/medium business space.

Register for the Hybrid Identity Protection (HIP) Europe Conference!

Hybrid Identity Protection (HIP) Europe 2021 - Virtual Conference

Mobile workforces, cloud applications, and digitalization are changing every aspect of the modern enterprise. And with radical transformation come new business risks. Hybrid Identity Protection (HIP) is the premier educational forum for identity-centric practitioners. At the inaugural HIP Europe, join your local IAM experts and Microsoft MVPs to learn all the latest from the Hybrid Identity world.