Frequently Asked Questions

Immutability & Ransomware Protection

What is an immutable backup and how does it protect against ransomware?

An immutable backup is a backup that cannot be altered or deleted once it is created. This means that even if a ransomware attack or accidental deletion occurs, the original backup remains intact and recoverable. Immutability is often implemented using the WORM (Write Once Read Many) model, ensuring that backup data is preserved in its original state. This approach is critical for meeting regulatory requirements and protecting against data loss from both malicious and accidental events. Note: Immutability protects the backup itself, but does not prevent initial infection or compromise of production data.

How does N2W implement immutability for AWS backups?

N2W supports immutability for AWS backups through integration with Amazon S3 Object Lock and by enabling cross-account and cross-region snapshot backups. With S3 Object Lock, backups can be set to governance or compliance mode, preventing deletion or modification for a specified retention period. N2W also allows users to copy snapshots to a separate AWS account (a "break glass" account) and restrict deletion permissions, further enhancing immutability. Note: S3 Object Lock must be enabled when creating the S3 bucket and cannot be retroactively applied to existing buckets.

What are the two main ways to achieve immutable backups in AWS with N2W?

The two main methods are: (1) Using Amazon S3 Object Lock, which enforces WORM (Write Once Read Many) protection on backup objects, and (2) leveraging highly secure snapshot vaults by copying backups to a separate AWS account with restricted permissions. Both methods ensure that backups cannot be deleted or altered, providing strong protection against ransomware and accidental deletion. Note: S3 Object Lock requires bucket-level configuration at creation time; cross-account snapshot protection depends on proper IAM permission management.

How frequently can immutable backups be created with N2W?

N2W allows backups with immutability to be created as frequently as every five minutes when using S3 Object Lock, enabling near-instantaneous recovery points for AWS workloads. Note: Backup frequency may impact storage costs and should be balanced with business requirements.

What happens if N2W itself fails or is compromised?

If N2W is deployed as an Amazon Machine Image (AMI) through the AWS Marketplace, it can restore itself using snapshots. Even if the N2W agent is disabled, backups remain fully restorable, and backups can be restored directly from the EC2 console without requiring N2W. This ensures there is no vendor lock-in for restores. Note: Self-restoration depends on maintaining access to the relevant AWS account and permissions.

Features & Capabilities

What are the key features of N2W for backup and disaster recovery?

N2W offers automated backup and recovery for AWS and Azure, immutable backups, cross-cloud recovery, granular restore (file, folder, or environment), intelligent storage tiering (reducing long-term backup costs by up to 92%), custom disaster recovery retention policies, multi-tenancy for MSPs, and automated compliance reporting. Note: Some advanced features, such as cross-cloud recovery, require configuration across both AWS and Azure environments.

Does N2W support integrations with third-party tools?

Yes, N2W integrates with third-party monitoring tools such as Datadog, Splunk, and Bocada for enhanced observability and compliance tracking. It also offers a RESTful API and CLI access for custom automation and integration with external data management tools. For API documentation, see N2WS RESTful API documentation. Note: Integration capabilities may require additional configuration and permissions.

What compliance and security certifications does N2W have?

N2W is ISO/IEC 27001:2022 certified and SOC compliant by inheritance through AWS and Azure. It supports compliance with HIPAA, GDPR, FedRAMP, ITAR, and CJIS. Security features include immutable backups, end-to-end encryption (TLS/HTTPS), multi-factor authentication, and air-gapped protection. For more, visit the N2W Trust Center. Note: Customers should verify specific compliance requirements for their industry with N2W support.

Use Cases & Benefits

Who can benefit from using N2W?

N2W is designed for cloud directors, IT managers, managed service providers (MSPs), enterprises with petabyte-scale data, public sector entities, healthcare and finance organizations, and industries with strict compliance needs. It is also suitable for retail, education, and nonprofits seeking cost-effective, scalable, and secure backup solutions. Note: Organizations with highly specialized on-premises environments may require additional integration work.

What business impact can customers expect from using N2W?

Customers can achieve up to 92% savings on long-term backup costs and up to 50% on compute costs. N2W provides near-instant recovery, automated compliance reporting, and operational efficiency through automation and unified management. These benefits help minimize downtime, ensure regulatory adherence, and support business continuity. Note: Actual savings and impact depend on environment size and configuration.

What are some real-world examples of organizations using N2W?

Organizations such as Skechers, St. John's University, DB Systel (Deutsche Bahn), City of Oakland, Bahrain Ministry, and Gett have used N2W to streamline costs, improve backup reliability, and achieve rapid recovery. For example, Skechers standardized backup and recovery across a multi-cloud estate, while Gett saved 50% on cloud costs using N2W's Resource Control. See more at N2W case studies. Note: Results may vary based on organizational needs and implementation.

Implementation & Support

How long does it take to implement N2W and how easy is it to get started?

N2W implementations can be completed in as little as two weeks, supported by dedicated Customer Success Managers, onboarding calls, and detailed documentation. Customers can deploy N2W as an Amazon Machine Image (AMI) from AWS Marketplace or use CloudFormation templates. A 30-day free trial is available without a credit card. Note: Implementation time may vary for complex or highly regulated environments.

What technical documentation and resources are available for N2W?

N2W provides comprehensive user guides, release notes, RESTful API documentation, upgrade guides, and IAM permission files. These resources cover deployment, configuration, integration, and compliance. Access documentation at N2W User Guide and Release Documentation. Note: Some resources may require registration or support contact for access.

Competition & Comparison

How does N2W compare to AWS Backup for ransomware protection and backup management?

N2W offers several features not available in AWS Backup, including immutable backups (air-gapped, tamper-proof), cross-cloud recovery (AWS and Azure), granular file/folder-level restore, custom disaster recovery retention policies, and multi-tenancy for MSPs. N2W also provides a RESTful API for automation, while AWS Backup requires Lambda scripting. However, AWS Backup may be suitable for organizations with basic AWS-only workloads and simpler compliance needs. Note: N2W requires configuration across multiple cloud environments for full multi-cloud support.

Pain Points & Limitations

What common pain points does N2W address for organizations concerned about ransomware?

N2W addresses high disaster recovery costs, downtime and data loss, ransomware threats, manual backup processes, compliance challenges, complexity in multi-cloud environments, scalability for large data volumes, and long-term backup costs. Features like immutable backups, automation, and intelligent storage tiering directly target these issues. Note: Detailed limitations not publicly documented; ask sales for specifics regarding edge cases or unsupported environments.

Ransomware-Proof your AWS using Immutability (2 Ways)

What's better than a backup? An immutable backup, of course! Read this post to learn how immutability can protect against ransomware.
Share post:

Current State of Ransomware

Gartner had a recent prediction that 75% of IT organizations are going to face one or more ransomware events by 2025. That means 3 out of 4 of the IT leaders reading this post should expect an attack in the next couple of years. As the famous Benjamin Franklin quote goes, “by failing to prepare, you are preparing to fail.” And, when it comes to protecting your data, that’s even more true. That’s why it’s so important to be aware the latest and most effective tools available in order to maximize your security in the cloud.

This is part of a series of articles about immutable backups.

The Tendency to Downplay Ransomware

Although organizations are forced to disclose data breaches, ransomware attacks are, more often than not, downplayed and they don’t give enough information to warrant a proper response from the users affected.

For example, the Minneapolis school district recently had a tragic data breach that shut down schools for an entire week and exposed more than 189,000 files with secure, personal information. The school district officially called it an ‘encryption event’ and didn’t provide safety protocol in a timely manner.

In December of 2022, the company Rackspace had an attack that caused significant outages and disruptions for its Hosted Exchange services. This affected 27 of their customers who couldn’t access their email during the so-called ‘security incident’. Rackspace ended up giving up altogether and had to rebuild their email servers.

Even CodeSpaces, who did everything “right”, went out of business after 24 hours. Why? It simply took too long to recover their data. The fact is that 43% of organizations that lose their data for 30 days end up losing their entire business. And that’s because…

The Biggest Cost Isn’t the Ransom

The cost per hour of downtime to your critical applications is rarely lower than 6 figures. The loss of data is one thing, but the cost to your business of not operating is huge. And in the end, damage to a company’s reputation as a secure business partner will cost them in the long run with the ever-real threat of being shut down entirely.

Even more alarming the healthcare industry, which has been increasingly attacked with ransomware, reported that a rise in cyberattacks leads to increased mortality rates. That’s a high price to pay.

Should You Pay the Blackmailer?

Once you pay the bad actor, what’s to prevent them from coming back? Blackmailers don’t return data and usually never intended to return it. Paying the ransom is no guarantee of anything.

The only guarantee of returning your data is to have a reliable backup and recovery solution in place (more on that in a bit).

Why Is Ransomware so Prevalent?

Besides the draw of easy money, the anonymity of cryptocurrency, and the lack of strong controls with an increasingly remote workforce, another big reason we’re seeing a spike in ransomware is due to something called “Ransomware as a Service” or RaaS.

RaaS is a simple business model that anyone can signup for. It exists on the dark web, Twitter profiles, and many more easy-to-access channels. The malicious actor simply chooses what kind of attack they want and the preferred paid channels. Then the RaaS operator provides the malicious code intended to introduce and attack the organization’s system. No programming skills required! The RaaS market has gotten so competitive that there are different RaaS models competing with each other for business, running marketing campaigns, distributing white papers and drumming up business on Twitter.

How does ransomware work?

  1. The initial infection can come from many different avenues, primarily phishing emails.
  2. The execution then triggers and possibly multiplies throughout the corporation’s network and environment.
  3. Encryption locks data and it suddenly becomes inaccessible.
  4. Bad actors then send or show a demand combined with a time limit to force a knee jerk decision.
  5. Payment, when it’s given, is mainly through cryptocurrency so it’s sure to be untraceable. If you’re very lucky, you’ll get an encryption key. But, typically, that data is never seen again.

The Castle Analogy: defending against ransomware

The castle analogy is a convenient visual in order to understand that any single element does not provide a complete security solution against ransomware.

Email filtering, web blocking, software updates, employee training, anti-malware and anti phishing software are all recommended uses for certain levels of defense against invaders. These would be your moats, ramparts, ditches, embrasures, and other external defenses.

But how do you make your castle truly impenetrable? How do you secure the castle entrance? That’s where your backups come in. Your last line of defense, the only guaranteed method to get your data back is having a usable backup that you can easily recover. An effective backup and disaster recovery solution means that you are protected and able to recover your functions when all else fails.

Immutable Backups

What’s better than a backup? An immutable backup, of course!

What is Immutability?

Immutability isn’t a new concept —it means unchanging over time— and as we often say, the more we automate immutability, the better.

immutability diagram - what is immutability?

How exactly does immutability help us?

All kinds of things can go wrong within your cloud environment. Immutability can protect us against: accidental deletion of a resource, bugs, and previously mentioned malicious attacks. Immutability also captures that ‘golden copy’ of data and satisfies the increasing number of regulatory requirements that companies are mandated to comply with (healthcare and financial companies are particularly affected by this).

The WORM Model 🪱

When talking about immutable backups, it’s necessary to mention the WORM model, or Write Once Read Many. A good way to describe the WORM model concept is perhaps a coveted family recipe. Just like Grandma’s famous chocolate chip cookie recipe. There’s only one original copy and it’s not touched by anyone. Children and grandchildren can read and use it, but that original recipe isn’t altered.

Similarly, it’s fair game to read and replicate the immutable backup, but the original backup cannot be changed or deleted.

Related content: read our guide to Azure immutable backups

AWS Backup Checklist
Fill in the gaps in your backup and DR strategy

Fortify your cloud across every critical dimension.

the disaster-proof backup & DR checklist

Immutability using Amazon S3 Object Lock

Overview of Amazon S3 Object Lock

Amazon S3 is an object storage; it’s multipurpose and used by millions of customers. Storing backup data in S3 is one very common use case. With S3, AWS introduced a feature called Object Lock, designed to meet compliance regulations such as FINRA, CFTC and SEC.

Object Lock has two modes: governance and compliance —the difference being who can delete objects that have been locked using Object Lock. In governance mode, certain users have the permission to delete objects that have been written with the lock applied. In compliance mode nobody has this deletion permission.

N2WS Backup & Recovery recently announced support for S3 Object Lock, meaning once your S3 buckets are set up in AWS, you can backup your AWS workloads with immutability every five minutes and recover near-instantaneously using N2WS Object Lock integration.

Enabling Amazon S3 Object Lock

You can only enable Object Lock when you first create the S3 bucket (Object Lock cannot be turned on or off after the S3 bucket is created). You can then set up a bucket-level default retention period (measured in days or years) so that all objects written into the S3 bucket that has Object Lock enabled will inherit that default retention period.

When you are using a default retention, it sets a “retain until date” stored with the object and calculated when it’s stored. If you have a 30-day default retention when the object is written, S3 calculates the retain until date and puts that in the metadata, meaning that object cannot be deleted until that date.

Lastly, Object Locks can only be extended. They cannot be shortened or deleted.

Be sure to read through our step-by-step on how to set up your Amazon S3 buckets with Object Lock.

Immutability using a Highly Secure Snapshot Vault

Native snapshots cannot be altered but the risk of deletion remains. When you have backups stored in a certain AWS region, using N2W you have the option to perform automatic cross-region backups, making those backups available across the world. You also have the ability to perform cross-account backups and store the data in a completely unrelated AWS account. Simply copy your snapshots to a separate DR account and do not give N2W permission to delete them. This is a great way to have immutability security on short-term, high available workloads. If there is a malicious attempt, the benefit is extremely high availability with near-zero RTO.

Related content: read our guide to immutable snapshots

With N2W, users have the additional ability to easily perform Disaster Recovery drills. Most corporations don’t have the planning or workload capacity to run a DR test. Because it’s completely automated, users can perform DR drills once a week, prioritize resources recovered, and even run/submit reports.

Tips from the Expert
Picture of Sebastian Straub
Sebastian Straub
Sebastian is the Principle Solutions Architect at N2WS with more than 20 years of IT experience. With his charismatic personality, sharp sense of humor, and wealth of expertise, Sebastian effortlessly navigates the complexities of AWS and Azure to break things down in an easy-to-understand way.

Bonus anti-ransomware capabilities with N2W

Looking for more ways to secure your workloads against the increasing threat of ransomware? N2W has even more security capabilities built-in so you can rest assured you’re maximizing your ransomware protection.

  1. N2W can restore itself. What if N2W itself fails? Since it’s deployed as an AMI through the AWS marketplace along with the metadata, N2W can restore itself using snapshots.
  2. N2W can restore network data. Having the ability to bring back network configurations in addition to resources is extremely important. Restoring your VPC settings, subnet settings, and VPN connections along with your resources is critical in making them available and usable.
  3. Backups continue running. Even if the N2W agent is disabled, backups are fully restorable.
  4. Backups are always restorable. N2W backups can be restored even without N2W (using the EC2 console). There’s absolutely no lock-in and this is particularly convenient for those companies that keep backups for 7+ years because there’s no need to worry about restores in the far-off future. (As backup and restore experts, it is extremely important to us that our customer’s security needs come before any forced product commitment.)
  5. Indestructible backups. You are fully in control of your backups. They aren’t kept on any Windows/Linux machine or network share. There’s no way to improve on snapshots, so backup data never leaves that cloud native format. An attacker therefore is unable to destroy them.

Be sure to check out our webinar on Immutable Backups and Ransomware-proofing your AWS.

You might also like

Choosing the right backup & DR tool for your cloud

Choose the right backup & DR

Get the criteria to evaluate your best options