Protect Mission-Critical Backups from Accidental or Malicious Deletion with Druva's Rollback Actions

Himanshu Arora, Associate Product Manager

The security landscape is ever-changing, and here at Druva, we make sure that we are always steps (not just one) ahead of the attackers. Last October, we introduced a $10M Data Resilience Guarantee — Total Coverage and Zero Compromise, one that highlights the confidence we at Druva have in our products to ensure your data is safe no matter what the threat is.

Previously, attackers used to target just production servers, but with the emergence of Data Protection companies, the attackers know that there are backup systems that would defeat the attacker’s purpose. Hence in the last few years, we have seen more and more cases of attackers trying to gain access to backup systems and delete those precious backup copies. 

At Druva, we provide multiple layers of protection to make sure your backup tenant is safe. We have various platform security features such as Multi-factor Authentication using App-based Authentication and SMS, Single Sign-on capabilities, Security Event Monitoring, Geofencing, and Mandatory Strong Password Policy to keep your backup data safe and secure from unauthorized access. 

As per the 2023 Insider Threat Report Cybersecurity Insiders Report, the number of incidents of insider threats is increasing significantly year over year - 74% of companies are moderately vulnerable to insider threats. Privilege misuse i.e. admin going rogue is listed among the top reasons in Verizon’s 2022 Data Breach Investigations Report. After all, the admin has all the credentials to pass the various layers of authentication. In any other backup vendor’s system, the rogue administrator might go and delete all the backups, thus erasing all the backup data. But here at Druva (only at Druva), we ensure even such cases are covered and that your backup data is safe no matter what the attack is.

Now let’s talk about the feature that makes this happen — Rollback Actions.

Rollback Actions dashboard

Think of Rollback Actions as analogous to a Smart Recycle Bin. Every bit of deleted data goes to Rollback Actions just like the case with a normal Recycle Bin. But the distinction lies in its capability that data can not be deleted from it but just expire after a fixed set of days. And this provides the administrators with the opportunity to roll back unintended actions without any loss of data and enables the restoration of productivity rapidly.

So if the bad actor comes and deletes your backup data, the backup data goes to the Rollback Actions, from where the bad actor can’t permanently wipe out any data. If the deletion was intended and exactly how you wanted it to be, no problem, the data will age out and there will be no impact on what you were trying to do.

Now the question comes, how long will the data stay in Rollback Actions? The data stays in Rollback Actions as long as the customers want it to be there — it is a one-time configurable field whose value can be set any time between 1 day to 7 days, with the default and recommended value being 7 days. But what if the customer forgot to set it, and the bad actor sets it to 1 day? Even this situation is taken care of in Rollback Actions. Any reduction in the Rollback Window takes a cooling period of 7 days to come into effect — and the change is notified to all Cloud Admins twice in 7 days so that the customer can reach out to Druva if this change wasn’t an intended one.

Another place where we have seen Rollback Actions used extensively is accidental deletes in which administrators accidentally delete backup copies. For example, if there were two users named Peter — and you ended up deleting the wrong Peter. Though your first reaction would be — who does that? But we receive at least one such request every week. With Rollback Actions, even such accidental deletions can be reverted and deleted backup copies can be rolled back. 

It is often said in the SaaS world, “Simplicity is genius." At Druva, we strive to make sure the user experience of whatever we build is simple and intuitive. With Rollback Actions, you can roll back TBs/PBs of deleted backup copies within minutes with just a single click.

Rollback Actions Report

Rollback Actions report

You also receive a Report in which you can find the granular details about all deletions and rollbacks that have happened in your backup system. With the Rollback Actions Report, you can get to know which data got deleted, when the delete happened, who deleted the data, as well as the reason for the deletion in the first place? All this information is present in a single report which can be subscribed to as well.

Rollback Actions enhances your data security posture and gives you observability of the changes that take place in your backup data. If the changes were not intended, it provides you with the option to act upon them and undo them with a single click. 

Rollback Actions is available as a part of  Druva’s Cyber Resiliency offerings. Want to know more? Take a quick 2-minute Product Tour to see the feature in action first-hand.