Google Cloud has introduced air-gapped backup vaults as part of its enhanced Backup and Disaster Recovery (DR) service.
This new feature, currently available in preview, aims to provide robust protection against the rising threat of ransomware attacks and unauthorized data manipulation.
Google’s new air-gapped backup vaults provide enhanced protection for data backups against ransomware and other cyber threats.
The centerpiece of this update is the backup vault storage feature, which offers immutable and indelible backups. This means that once data is stored in these vaults, it cannot be modified or deleted, even by authorized users, until a predetermined retention period has elapsed.
These backup vaults are logically air-gapped, residing in a Google-managed project separate from the customer’s self-managed Google Cloud project.
This isolation significantly reduces the risk of direct attacks on backup resources, as they are not visible or accessible to users within the organization.
Administrators can specify a minimum enforced retention timeframe for vaulted backups, ensuring compliance with security initiatives and regulatory requirements.
This feature provides a layered approach to data protection, addressing both immutability (protection against modification) and indelibility (protection against deletion).
Decoding Compliance: What CISOs Need to Know – Join Free Webinar
Flexible Recovery Options
The new backup system offers enhanced flexibility in recovery scenarios. Vaulted backups are self-contained and can be used for recovery even if the original resource is no longer available.
Furthermore, backup vaults can be created in a different project from the source, ensuring that backups remain accessible even if the source project is compromised or deleted.
Google has also introduced a centralized backup management experience, making data protection more straightforward for users. This fully managed solution allows for easy setup of backup plans and protection of Compute Engine VMs.
The process has been streamlined to three simple steps: creating a backup vault, defining a backup plan, and initiating VM protection.
The new features integrate seamlessly with existing VM management tools, supporting automation through gcloud CLI, APIs, and Terraform. This integration allows organizations to incorporate backup processes into their broader infrastructure management strategies.
These new features are currently available in preview in supported regions, with general availability expected in the coming months. The backup vault feature supports protection for Compute Engine VMs, VMware Engine VMs, Oracle databases, and SQL Server databases.
By introducing these air-gapped backup vaults and simplified management tools, Google Cloud is providing its customers with a powerful defense against ransomware and other cyber threats, ensuring critical data remains secure and recoverable in an increasingly hostile digital landscape.
Simulating Cyberattack Scenarios With All-in-One Cybersecurity Platform – Watch Free Webinar