Sergey Nivens - Fotolia
Virtualized backup security is not one item but several separate items.
First and foremost, any modern data backup system should have encryption built in, both in flight and at rest. Make sure it is configured and used correctly. The encryption algorithm should be a strong, robust one, such as AES (Advanced Encryption Standard) 256.
Those encryption keys should be kept by the customer, as they are an essential component of the security of data. If a cloud vendor is ever breached, the only thing standing between a low-level incident and full data loss is that encryption key, hence why it should be strong and kept in a very secure location.
Secondly, if a company is not in direct control of its data (i.e., using the cloud), the stability of the cloud host should be beyond reproach. A single virtualized backup or vendor is a potentially serious point of failure. Do your due diligence on your vendor(s) of choice.
On a physical level, there should be network separation of the virtual environment -- ideally, a nonroutable network on a separate virtual LAN. Doing this helps keep backup traffic away from the production network and also limits network exposure.
The virtualized backup management server should be kept secure and use a good security posture. For example, does the management server need to talk to the internet? What needs to connect to it? Anything not required should be turned off. Alongside, firewalls should be employed judiciously to help prevent unauthorized access. For example, a nightmare scenario is that your backup and disaster recovery (DR) management server gets successfully attacked by malware. It takes a bad scenario and makes it a hundred times worse.
Take advantage of virtual backup gifts
Most virtual environments now provide agentless backup. If your virtualized backup product isn't using it, you are missing a trick. Not only is it more efficient in terms of resources, but it also supports such useful items as snapshot backups that provide complete, crash-consistent copies of the data.
Lastly, make sure to test the backups. The great thing with virtualized backup and DR is that doing a restore doesn't require physical hardware. It is a gift.
I recommend creating an isolated network in the virtual environment for testing restore capabilities. Restoring backups -- that are being tested -- onto a live network is an absolute no-no. Doing so could mean you cause more damage when you end up with two identical machines on the network and the environment gets itself tied in a knot. Setting up an isolated network is simple. It could prevent a self-inflicted system outage.
Backups are your last line of defense against human error, malicious software, data corruption and everything in between, so it's key to make sure the backup is not only good but safe and secure, and not putting other systems at risk.
Dig Deeper on Backup for virtual servers
Related Q&A from Stuart Burns
Mistakes happen. Thankfully, in Git, admins have two command options to roll back to a previous commit. Learn more about both here. Continue Reading
Both Ansible and Ansible Tower offer enterprises a wealth of resources for config management, but they aren't equals. Assess their differences in ... Continue Reading
Even though Ansible has its roots in open source software and Linux, is it possible to use the configuration management tool for Windows environments? Continue Reading