Data Lock for preventing malicious or accidental deletion of snapshots
Ransomware attacks are increasing at an exponential rate. Backup environments are popular targets for ransomware attacks. There can be various reasons when the backup copies can be modified or deleted. When it comes to protecting your data in the event of a ransomware attack, snapshots are critical components of your organization’s business strategy and data recovery plan.
Organizations can enable Data Lock to prevent modification, deletion, or tampering of business-critical data and make it immutable. Immutability has gained widespread attention with rising ransomware attacks that put enterprise data and business continuity at huge risk.
The following infographic displays how an immutable backup set responds to a threat from rogue admin or ransomware compared to a mutable backup set.
Benefits
Provide complete protection to the backed-up data from rogue admin threats.
After applying the Data Lock, no one can delete, modify, or encrypt the snapshots.
Alert notification and confirmation emails for any suspicious modification to the Data Lock settings.
Use cases
Rogue Admin
Let’s say your organization’s rogue administrator, who is a super admin or any person who has acquired the compromised super admin credentials, gains access to your backup environment and manually deletes the snapshots. Data Lock prevents modification, deletion, or tampering of such critical data.
Ransomware Attack
Let’s say your organization's administrator or any employee received an email from an unidentified source and for some reason, clicked on the attachment present in this phishing email. Since the ransomware attacker has access to your backup environment, they can modify or delete your snapshots. Data Lock will prevent the deletion or modification of snapshots.
Accidental deletion
When your organization’s administrator with access to the backup management interface accidentally deletes or reduces the intended retention period, this results in the loss of snapshots. In the process, some business-critical snapshots may be accidentally deleted. Data Lock will prevent the accidental deletion of such data.
Support Matrix for Data Lock
The following table lists the different workloads that support the data lock feature.
Products or Workloads | Entities | Applied on | License Editions |
Hybrid Workloads |
| Backup policy | Elite and Enterprise |
Endpoints |
| Profile | Elite and Enterprise |
SaaS Apps User-based - Exchange Online, One Drive, Gmail, Google Drive |
| Profile | Elite and Enterprise |
SaaS Apps Organization based - SharePoint, Teams, Groups, Public Folder, SharedDrive | Snapshots
Entities/per workload | individual entity (SharePoint site, Public Folder, Shared Drives, Teams, or Groups) | Elite and Enterprise |
Who can access this feature?
The Data Lock feature is available by default only to the Enterprise and Elite editions. Only cloud administrators can enable this setting.
Enable Data Lock
❗ Important
The Data Lock feature is available to Enterprise and Elite editions.
Only Druva Cloud Administrators can enable the Data Lock feature.
Once you enable the Data Lock feature, you cannot:
Disable the Data Lock setting.
Delete the entity.
Edit the retention period.
Considerations
You cannot change the retention period after applying Data Lock. But you will be able to change other options.
You cannot manually delete the entity (SharePoint site, Public Folder, Shared Drives, Teams, or Groups) once you apply Data Lock.
Enabling the data lock feature for Teams will also enable the feature for associated Teams sites, and you cannot delete Teams and corresponding Teams sites.
Enabling the data lock feature for Groups will also enable the feature for the associated Groups site, and you cannot delete Groups and corresponding Groups site.
You can enable the Data Lock feature during custom configuration, editing the existing custom configuration settings, and adding a site.
The following .gif walks you through how to enable the data lock feature for Groups and what happens after enabling this feature.
To learn how to configure for SharePoint, Public Folder, Shared Drive, Teams, and Groups, refer to the following links: