The Safe Mode feature is designed to provide an enhanced layer of security for your Cloud environment, reinforcing our commitment to keeping your data safe.
Safe Mode empowers you to quickly and effectively respond to potential security incidents by restricting access to the Cloud platform and adding granular data restrictions for administrators. For example, in case of potential attack and activation of Safe Mode, only the administrators you specifically allow will be able to access the Cloud platform, scheduled backups will be stopped. Furthermore, you can prevent administrators from running backups, restores, and downloads.
This capability significantly improves efficiency and response time in the event of an attack, helping you contain breaches and minimize impact. When Safe Mode is activated, it enforces the specific restrictions you have defined.
Important Capabilities:
Instant Response: Respond to potential threats immediately and automatically.
Granular Control: Simplify and enhance incident response with fine-tuned access and data restrictions.
Self-Service Workflow: Activate Safe Mode through a complete, user-friendly self-service process.
SOAR Integration: Seamlessly integrate with your existing threat intelligence tools for Security Orchestration, Automation, and Response.
Admin Authorization for Support: Grant Support the ability to activate Safe Mode on your behalf, ensuring rapid response when threats are detected.
We leverage Managed Data Detection and Response (MDDR) service for continuous threat monitoring. MDDR service provides 24/7 monitoring, detection, and response for your backups within the Cloud platform, identifying anomalies and suspicious activities to help mitigate threats and prevent data loss. You can learn more about MDDR here.
NOTE:
Safe Mode is currently not available for AWS Workloads.
MDDR service is not available for GovCloud customers and MSP customers. Upon detection of any security incident - whether through your internal monitoring or third-party tools - it is crucial to collaborate with Support to activate Safe Mode. To enable this rapid response, we recommend customers to configure safe mode.
Configure Safe Mode
There are two ways you can activate and take benefit of Safe mode -
Configure Safe Mode by authorizing support: By configuring Safe mode, you authorize Support to monitor your environment and, when necessary, activate Safe Mode.
This crucial configuration allows our team to take immediate action if a threat to your infrastructure or data is detected, either by you or by our periodic scans of your backed-up data.
While we will always notify you if a threat is found, we cannot activate Safe Mode without your explicit permission established during this configuration step.
By enabling this, you ensure the fastest possible response and an invaluable first line of defense against evolving threats.
Self-Service Activation: For even faster response, customers can directly activate Safe Mode from the Cloud Platform Console without waiting for Support.
Configure Safe Mode by Authorizing Support
It is crucial to configure Safe Mode and configure its associated settings for your account. Support can only activate Safe Mode on your behalf if these specific settings are pre-defined by you.
When configured, we will prevent your administrators from performing these selected tasks, and scheduled backups will cease.
Procedure to configure Safe Mode (click here)
Procedure to configure Safe Mode (click here)
Click on the hamburger menu button on the top-left corner of the Cloud Console and select Cloud Settings from the menu.
On the Settings page, select Safe Mode from the left panel.
On the Safe Mode page, locate and click Configure on the "Authorize Support" card. This will direct you to the "Authorize Support" page, where you can configure the Safe Mode control settings.
The "Authorize Support" page requires you to provide details across the following critical sections:
Access RestrictionsThis section defines which administrators can access your Cloud Console while Safe Mode is active:
Restrict administrator logins to Cloud Console:
Specify the administrators who will retain access to the Cloud platform when Safe Mode is activated. It is essential to select at least one administrator to ensure continued access and accountability.
We recommend keeping this setting enabled and carefully specifying who can sign into the Cloud Console and continue access for investigation purposes. You can specify up to five Druva Cloud administrators.
Block API access for all credentials:
Enable this setting to disable API access to your account during Safe Mode.
You can also select or exclude specific API credentials that will remain functional, even when general API access is restricted. You can specify at most 15 API credentials.
We recommend excluding APIs used for tool integrations like SIEM, SOAR, and internal scripts.
Backup and Restore Restrictions
Specify the data operation limitations/actions you want to disable when Safe Mode is active. You can choose to:
Stop Backups: All scheduled backup operations will be halted.
Stop Restores and Downloads: Administrators will be prevented from performing any data restoration or download tasks.
Note - On-going backup & restore operations will continue to progress and no safe mode restrictions immediately apply.
Notifications To
This section ensures relevant stakeholders are informed:
Specify email addresses that should receive immediate notification when Support activates Safe Mode for your account. You can specify up to 20 email addresses to send notifications.
By default, all Druva Cloud administrators will receive this notification.
You can also provide additional email addresses, including aliases or email addresses of key security team members or IT leadership, even if they are not Druva Cloud administrators, to ensure comprehensive incident communication.
Authorize Support
This final step grants the necessary explicit approval:
Enable this setting to provide your explicit approval for the Support team to activate Safe Mode for your account in the event of a security incident.
Click Authorize to save your configurations and complete the authorization process.
Once you authorize Support to activate Safe Mode, they can initiate it either upon detecting a threat or at your direct request.
If you wish for Support to activate Safe Mode, you can submit a case. All email addresses specified in the "Notifications To" field will receive an email notification when Support activates Safe Mode for your account.
On the Safe Mode home page, the "Authorize Support" card will display the status as "Authorized", providing key details such as the configured Safe Mode settings, when it was configured, and by whom.
If you need to make changes to these settings in the future, please contact Support.
Activate Safe Mode Yourself
You also have the ability to activate Safe Mode directly.
There are two ways to do this -
Using Cloud Platform Console
Using API
Important Note: We require approval from at least one Druva Cloud Administrator to proceed with Safe Mode activation. Therefore, the platform will send an email to all Druva Cloud Administrators to seek the necessary approvals after you raise a request to activate Safe Mode yourself. Once approval is received from at least one Druva Cloud administrator, the platform will then activate Safe Mode for your account.
Activate Safe Mode using Cloud Platform Console (Click here)
Activate Safe Mode using Cloud Platform Console (Click here)
Click on the hamburger menu button on the top-left corner of the Cloud Console and select Cloud Settings from the menu.
Click on the hamburger menu button on the top-left corner of the Cloud Console and select Cloud Settings from the menu.
On the Settings page that appears, select Safe Mode on the left panel.
On the Safe Mode page, locate and click Activate on the "Activate Safe Mode" card. This will direct you to the "Activate Safe Mode" page, which provides options to configure the settings.
The "Activate Safe Mode" page requires you to specify details across the following sections:
Access Restrictions
This section defines which administrators can access your Cloud Console while Safe Mode is active:
Restrict administrator logins to Cloud Console:
Specify the administrators who will retain access to the Cloud platform when Safe Mode is activated. It is essential to select at least one administrator to ensure continued access and accountability.
We recommend keeping this setting enabled and carefully specifying who can sign into the Cloud Console and continue access for investigation purposes. You can specify up to five Druva Cloud administrators.
Block API access for all credentials:
Enable this setting to disable API access to your account during Safe Mode.
You can also select or exclude specific API credentials that will remain functional, even when general API access is restricted. You can specify at most 15 API credentials.
We recommend excluding APIs used for tool integrations like SIEM, SOAR, and internal scripts.
Backup and Restore Restrictions
Specify the data operation limitations/actions you want to disable when Safe Mode is active. You can choose to:
Stop Backups: All scheduled backup operations will be halted.
Stop Restores and Downloads: Administrators will be prevented from performing any data restoration or download tasks.
Note - On-going backup & restore operations will continue to progress and no safe mode restrictions immediately apply.
Notifications To
This section ensures relevant stakeholders are informed:
Specify email addresses that should receive immediate notification when Support activates Safe Mode for your account. You can specify up to 20 email addresses to send notifications.
By default, all Druva Cloud administrators will receive this notification.
You can also provide additional email addresses, including aliases or email addresses of key security team members or IT leadership, even if they are not Druva Cloud administrators, to ensure comprehensive incident communication.
Click Activate to save your configurations and complete the Safe Mode activation process.
Request is moved to pending approval state and sent to all Druva Cloud Administrators for approval.
Safe mode is activated when at least one Druva Cloud administrator approves it within 24 hours.
After Safe Mode is successfully activated, the "Safe Mode" card on the home page will reflect its current settings, including the applied restrictions, who activated it, and the activation timestamp.
Activate Safe Mode using API (click here)
Activate Safe Mode using API (click here)
You can programmatically trigger Safe Mode activation using the ‘Activate Safe Mode’ API. You can seamlessly integrate with your existing threat intelligence tools for Security Orchestration, Automation, and Response.
You must be a Druva Cloud Administrator with active Client Credentials.
For more information, see Druva Developer Portal.
Exiting Safe Mode: Resuming Normal Operations
Once all necessary security checks and due diligence have been thoroughly performed, and you have ensured that any data breaches are patched or fully addressed, you will want to resume operations.
To exit Safe Mode and deactivate its restrictions, you must contact Support. Our team will then work with you for deactivation of Safe Mode.