Home > Enterprise Backup Solutions > Especially Secure Data Backup

Bacula Leads The Data Backup Industry in Security Standards

1 Star2 Stars3 Stars4 Stars5 Stars
(50 votes, average: 4.96 out of 5)
Loading...

Large western government and military institutions rely on Bacula, mainly due to the especially high levels of security that it offers. Read below to understand why you need to urgently move to Bacula’s security levels in your organization.

Bacula’s extreme flexibility to adapt and fit into a user environment without compromise inherently aids that organization’s security, and cannot be underestimated. Bacula’s modular architecture does not need, nor indeed allows two way communication between its individual elements, which removes the fundamental security vulnerabilities in one stroke that most of its competitors suffer from. Bacula’s exceptional security qualities are multiplied exponentially by the simple fact that although Bacula can protect practically any data from any operating system, its core engine runs on Linux. As a result, it is significantly more secure than its peers.

Bacula goes far beyond basic or normal security levels. Features such as two factor authentication and TOTP (Time-based One Time Password) are simply base-line features for Bacula, that no organization should be without. Here are some common security vulnerabilities in other backup and recovery solutions:

  • Not enough node kinds (no roles)
  • One node compromised could potentially compromise everything
  • Bi-directional connections
  • Client knows too much (storage port, host, kind…)
  • Excessive daemons (proxy, collector, monitor)
  • Hard to ensure & control minimal+secure connections between all of them
  • Data exchange through general REST APIs
  • More exposure & easier to identify, intercept or exploit
  • Weak backup admin permissions
  • Limited control and customizability inside the backup environment

Bacula offers restricted file agent paths, restricted RunScript directives, restricted UID per Director, automated system checks, volumes protection (both immutable and Append only), immutable Amazon cloud, an Antivirus plugin, Communications encryption, encryption at file agent level, LDAP access controls, and FIPS 140 conformity.

It is especially important that a backup solution offers the option to run the client/agent in read-only mode, and that the solutions supports tape encryption in case it is needed at some point. Bacula considers these types of options as basic level cyber-resiliency qualities, yet many backup solutions cannot offer this.

Organizations rely on the trustworthiness of your backup vendor. With closed source software and services, all the trust is focused on a single entity, and most vendors do not provide any insight into the building blocks used that are not under their own full control. Back doors often exist to secretly harvest information from backup solution users without their knowledge or consent. With complex software programs, any user has to trust a great number of people involved in providing the software. Software users typically do not want to – or cannot – follow the long and convoluted chains of trust down to their origins. Bacula, among a world of software providing companies, can demonstrate that it is exceptionally trustworthy. This is because open source software, as is used by Bacula, allows users a better insight, has traceable trust chains, and encourages a culture of greater openness and explicit trust relationships.

Bacula is an especially powerful tool to identify any hostile modifications and report them, because modifications by intrusions will require changing some files, and traces of those changes will be left. This is when Bacula, when doing a backup, is able to notice such an incursion. Compared to other tools to detect file system changes, Bacula can do extensive checks that can also be adapted to the target platform for greater insight.

Besides Bacula being a very powerful intrusion detection system, reporting or alerting can also be done independently of the backups and restores. As Bacula stores the original file system information off of the protected system, it is much harder for an attacker to modify the known-good records used to compare against. One advantage that Bacula has over many other intrusion detection systems is that it not only gathers data from a single system or a single family of systems, but rather from a wide range of systems throughout the organization.

With Bacula’s architecture, an attacker will have significant problems in trying to prevent Bacula software from doing its job because the important part of the work does not happen on the protected host, and any attack that changes the way it works will be noticed. Furthermore, Bacula allows system wide analysis and trending that can detect events carefully cloaked and / or slowly extending system compromises.

Bacula security capabilities go much further than other vendors. Contact us now to find out more about Bacula storage protection – such as WORM Tapes, Filesystem write protection, Cloud immutability, etc., permissions and access control, antivirus, Forensics, file integrity verification, extensive monitoring resources, disaster recovery, and much more.