“It’s critical to not only back up your critical workloads, but also to secure those backups against subsequent modification and deletion.”
Google has fitted a new backup storage vault feature into its flagship cloud service to help organizations protect backed-up data from crippling ransomware attacks.
The new feature is promising immutable (preventing modification) and indelible (preventing deletion) backups, securing data backups against tampering and unauthorized deletion
The new utility, being added to the Google Cloud Backup and Disaster Recovery (DR) service, is meant to combat ransomware attacks that target backed-up data during encryption and extortion cyberattacks.
“Backups often represent the last resort for recovery when production data becomes unavailable or untrusted,” Google said in a note describing the feature. “It’s critical to not only back up your critical workloads, but also to secure those backups against subsequent modification and deletion. Backup vault provides secure storage for backups.”
The company said backup vault data is stored in a Google-managed project and is logically air-gapped from an organization’s self-managed Google Cloud project.
“The underlying backup vault resources are not visible or accessible to users in your organization, which prevents direct attacks against those resources,” Google said.
“When creating a backup vault, you can specify that vaulted backups must be strongly secured against modification and deletion until the administrator-specified minimum enforced retention timeframe has elapsed. This layered protection enables you to deliver on backup immutability (security against data modification) and indelibility (security against data deletion) objectives, which are often driven by security initiatives or by regulatory compliance requirements,” Google added.
The company touted reliable and flexible recovery of data via vaulted backups that are self-contained and enable recovery even when the source resource is no longer available.
“Backup vaults can be created in a project that differs from the source project (e.g., the project where a protected Compute Engine VM is running), thus ensuring that backups remain accessible even if the source project or resource is no longer present. As a result, you can configure your backup policy to provide strong resilience against source project deletion,” the cloud provider said.
The new utility also supports immediate recovery of production applications to pre-existing or newly-created projects, including recovery into projects configured as isolated recovery environments (IREs) for pre-recovery testing/forensics in the aftermath of a ransomware attack.
The backup vault feature supports protection for Compute Engine VMs, VMware Engine VMs, Oracle databases, and SQL Server databases.
Related News
To Win Customers, Traditional Institutions Must Meet the Neobanks Head On
By David Evans, The Financial BrandClick here to read the entire article. American banking customers are sending a clear message about what drives satisfaction and loyalty in 2025, with digital-first…
OCC Cites 9 Big Banks’ ‘Inappropriate’ Debanking Actions
By Dan Ennis, Published in Banking DiveClick here to read the entire article. The agency stopped short of detailing specific instances but pointed to policy statements from 2020 through 2022…
Treasury’s Bank Regulation Takeover Has a New Goal: Anti-Money-Laundering Rules
By Dylan Tokar, Wall Street JournalClick here to read the entire article Bessent wants department to be ‘a gatekeeper’ on rules that force banks to monitor for illicit transactions and…