Data is an important aspect of this era that significantly impacts businesses.  Locky, WannaCry, and  Petya were the serious ransomware attacks which encouraged users to take special measures to retain data security. The increased innovation in ransomware technology has removed the access boundaries for hackers to access data. To ensure the safety of backup data, Azure has taken essential measures which help users to guard those backups in the model as backups are the last line of defense customers can use.

How Does Azure Secure Backups?

Multi-layered security is helpful for the safety of data as it not only provides the backup but also addresses the security issues so ransomware cannot affect it.

Offsite backups: Azure secures backup in a storage account and keeps it separate from the customer’s subscription.

Encryption: The backup data should be encrypted both during the transit and at rest. Backups are encrypted using AES 256 and sent via HTTPS to the cloud.

Multi-factor authentication: All operations associated with the backup data should be difficult to perform and need multi-factor authentication. For example, if someone tries to delete data from backup, the notification and authentication requests undergo separate procedures. By using Azure RBAC, specific access can be granted to various roles in an organization.

Alerting: Notifications are necessary for critical operations that impact the availability of backup data.

Delayed deletion: Azure Backup ensures that backups are retained for a minimum period of time which is 14 days after a deletion request from an authenticated user.

Backups monitoring and automation 

See this article for further reading on how to keep your Azure Backups stable and automate backup jobs.