Offsite “cybervaults” that combine encrypted, immutable backups with an air-gapped design can help organisations survive ransomware attacks and speed up recovery when criminals try to corrupt or delete backup data, according to a report published by market researcher IDC and sponsored by data resilience firm Veeam.
The report said everyday recoveries often involve restoring a file lost through human error, but large-scale disaster recovery and cyber-recovery can require rebuilding systems across multiple sites under severe time pressure. Having access to “known, clean backup copies” can reduce stress and help IT teams restore operations more quickly, it said.
IDC cited its own research showing fewer than one-third of organisations can fully recover from a cyber-attack without data loss and without paying a ransom. It said roughly half of attacks involve attempts to delete, corrupt or compromise backup systems, and attackers succeed in about half of those attempts, leaving about one in four victims without a recovery path using their own systems.
What is cybervault?
The report defined a cybervault as a backup repository that uses encryption, immutability and an air-gapped architecture to make destruction or compromise “nearly impossible”. It said cybervaults are typically deployed offsite, helping protect data from natural disasters such as fires and floods as well as from cyberattacks that can leave on-site systems inaccessible.
It added that many organisations follow a “3-2-1” backup approach, meaning three copies of data on two different media with one offline copy. IDC said growing use of cloud services and rising cyber threats have pushed some firms towards a “3-2-1-1-0” model, which adds an offsite copy and aims for “zero errors” in backups through verification and immutability.
IDC said core cybervault functions include immutability to prevent modification or deletion, encryption to reduce the value of stolen data and counter data exfiltration, two-factor or two-person authentication to reduce misuse of credentials, and an air gap that separates access routes and control paths using different credentials.
The report discussed Veeam Data Cloud Vault, describing it as a fully managed cloud storage service integrated with Veeam’s backup products and sold through the Azure Marketplace and partners.
IDC said the service uses object storage with synchronous replication and “12 nines” of availability, is “immutable by default” and uses a zero trust architecture to limit access by attackers. It said pricing is based on a flat per-terabyte rate intended to include management, updates and support.
IDC also flagged implementation risks and gaps. It said moving backups to the cloud does not automatically create an air gap, and organisations should ensure separation of the data path and control path with distinct credentials alongside multi-factor or two-person controls.
It added that some organisations may prefer a cybervault option on a cloud platform other than Microsoft Azure, where Veeam Data Cloud Vault is currently offered, or may want replication across multiple hyperscalers for regulatory or resilience reasons.
IDC stressed an offsite copy is critical for disaster recovery and cyber-recovery, but added that “an offsite copy alone is not enough” because it must be protected from both external and insider threats.
