As I mentioned in the previous posts (click here : the contept, the script), “Backup” is one of the key pilars in terms of security.

It will not only help you in case you did a mistake (so restore the data to fix it), but also help you to prevent security attacks.

Most of the countries all around the world have security agencies here to help you, not only as a company but also as a citizen.

In France, ANSSI (https://www.ssi.gouv.fr/entreprise/precautions-elementaires/dix-regles-de-base/) reminds you the 10 rules of security which of course, it contains Backup.

FBI, in the USA also recommend “Cloud Backup” to face Ransomware problems : https://www.fbi.gov/news/stories/incidents-of-ransomware-on-the-rise

If you think “hybrid infrastructure”, you can easilly turn this very standard “Backup” concept into something more modern and more efficient. You will not only lower your costs by storing your data in Microsoft Datacenters, but you will also embrace the power of hybrid to add more “value” in this scenario.

In the previous posts I introduced in details the concept I wanted to cover in this Blog (3 in fact) :

1) Ability to backup in the Cloud leveraging Azure Backup (servers and workstation) : no more tapes, no more “tape” devices, no more expensive external storage…

2) Now that data is secured in Azure, you automate the restore tests on a monthly basis to validate at 100% that your data is ready to be used in case of a problem. Backup is good, restore is better ! and it can be totally automated. Some regulations ask you to “test” restore. This will be done from Azure to Azure, same Datacenter, so quick.

3) But let’s go higher, why don’t we leverage this restored data and run security checks, just to make sure that we have not in this data some threats that were not detectable in the past.

If you combine all the layers of this approach, you are really in an hybrid world !

What are these checks

It is always interesting to see that if you are asking the same question to different people (so with different roles), you may have different answers, and in fact the sum of these answers make this concept even bigger.

1) Some people told me that they wanted technical statistics about the data itself : why don’t you run solutions such as TreeSize ? (the scriptable version is not free, I used the evaluation one for my tests).

2) Security folks asked me to run an Antivirus Scan. As you may know, by default, Windows 2016 (the OS I selected for my VM in Azure) contains by default Defender. This product is also scriptable.

3) Some others will ask to check for ransomware. This is quite easy to check a file servers, located in your datacenter, but what about workstations ? Especially with people travelling all the time, and most of the time a strong target for bad guys.

In fact this is just a few examples to envision the concept. For your company, you really need to go though this brainstorming phase, and identify what makes sense for you.

A few examples

.. currently adding samples… Coming soon.