Sergey Nivens - Fotolia
Virtualized backup security is not one item but several separate items.
First and foremost, any modern data backup system should have encryption built in, both in flight and at rest. Make sure it is configured and used correctly. The encryption algorithm should be a strong, robust one, such as AES (Advanced Encryption Standard) 256.
Those encryption keys should be kept by the customer, as they are an essential component of the security of data. If a cloud vendor is ever breached, the only thing standing between a low-level incident and full data loss is that encryption key, hence why it should be strong and kept in a very secure location.
Secondly, if a company is not in direct control of its data (i.e., using the cloud), the stability of the cloud host should be beyond reproach. A single virtualized backup or vendor is a potentially serious point of failure. Do your due diligence on your vendor(s) of choice.
On a physical level, there should be network separation of the virtual environment -- ideally, a nonroutable network on a separate virtual LAN. Doing this helps keep backup traffic away from the production network and also limits network exposure.
The virtualized backup management server should be kept secure and use a good security posture. For example, does the management server need to talk to the internet? What needs to connect to it? Anything not required should be turned off. Alongside, firewalls should be employed judiciously to help prevent unauthorized access. For example, a nightmare scenario is that your backup and disaster recovery (DR) management server gets successfully attacked by malware. It takes a bad scenario and makes it a hundred times worse.
Take advantage of virtual backup gifts
Most virtual environments now provide agentless backup. If your virtualized backup product isn't using it, you are missing a trick. Not only is it more efficient in terms of resources, but it also supports such useful items as snapshot backups that provide complete, crash-consistent copies of the data.
Lastly, make sure to test the backups. The great thing with virtualized backup and DR is that doing a restore doesn't require physical hardware. It is a gift.
I recommend creating an isolated network in the virtual environment for testing restore capabilities. Restoring backups -- that are being tested -- onto a live network is an absolute no-no. Doing so could mean you cause more damage when you end up with two identical machines on the network and the environment gets itself tied in a knot. Setting up an isolated network is simple. It could prevent a self-inflicted system outage.
Backups are your last line of defense against human error, malicious software, data corruption and everything in between, so it's key to make sure the backup is not only good but safe and secure, and not putting other systems at risk.
Dig Deeper on Backup for virtual servers
Related Q&A from Stuart Burns
VMware's ESXi hypervisor is free to license and use, but its capabilities are limited without vSphere. You get what you pay for. Continue Reading
Software-as-a-service backup is an important, but sometimes overlooked, aspect of data protection. It's also complex, so planning, documentation and ... Continue Reading
GDPR looms large over many data protection processes, and virtual backup is no different. Overall management is important as well, as data volume ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.