As a result of a hack at the municipality of Hof van Twente last year, the Association of Dutch Municipalities (VNG) recommended secure backups with air-gap. The municipality of Gennep took up the challenge and inquired with supplier Avensus about the possibilities. Roel Janssen and Gerrie Gossens from the municipality of Gennep and Daan Lieshout from Avensus tell their story.
Gerrie Gossens is a system administrator at the municipality of Gennep. After the events at Hof van Twente, where hackers had control over the entire system, he and colleague Roel Janssen (Technical Information Advisor) realized that they had to take measures. “Suppose you’ve put a lot of money and energy into stopping hackers, things can still go wrong. Often it’s because of human error. Still, we wanted a secure backup that would be inaccessible to hackers, so that in the event of a hack or other calamity, we wouldn’t be completely helpless.” That thought was further fueled by the advice of the VNG.
Various solutions
After the advice of the VNG, the municipality of Gennep turned for advice to Avensus, the permanent IT partner for the municipality. Daan Lieshout says: “There are various solutions for this problem. You can write your data externally to a cloud service or a secure Linux server, but all these solutions are still connected in some way. Although writing to a so-called hardened Linux server is almost impossible to hack, the municipality of Gennep was right not to settle for ‘almost’. They want to make sure their data is secure.”
Reviewing options
So, it was time to look for a storage system with an air-gap, a physical separation between network and storage so that the backup cannot be reached by hackers via the system. Various options were considered. “We looked at storage on tape, but that proved too laborious and too slow, apart from some technical obstacles. Eventually we ended up at Silent Bricks. Everyone at the municipality of Gennep can see that the moment you remove a Silent Brick from the system, you literally create an air-gap. Silent Bricks also require very little handling, they are easy to use. It’s not rocket science.” Also important was the link with Veeam. Gerrie Gossens: “The system we work with is Veeam Backup, which makes a backup at the work location in the evening. Then a copy is written to the backup location. After these two jobs, a third job is done to feed a replica system with this data, based on the backups. So now we’ve expanded that to include an air-gapped backup system, linked to Veeam.”
Integration
There are various ways in which you can use the Silent Bricks and write data via Veeam software. Daan Lieshout: “We have tested these possibilities, looking for the most optimal way with the least actions. We looked for the easiest way from Veeam, and all in all we now manage to load two Silent Bricks into the system once every two days, after which the backup is made after a few clicks. And the goal: an air-gapped backup, is so accomplished. Remember that this backup is your last lifeline. Even in the event of a disaster, you want to be up and running again as quickly as possible after a restore with few resources and actions. You can do that in this way. It’s almost plug-and-play.”
Security
Gennep used several considerations when choosing this system. Roel Janssen: “This option was the most comprehensive and safest. The air-gap is instantly visible and that gave us security. In the event of a disaster, we can restore the system relatively quickly. This requires very few actions and equipment. After implementation, there were a few moments of fine-tuning and adjustment, but that all went smoothly and the system is running to our full satisfaction.” “And that’s nice,” observes Gerrie Gossens. “The municipality had to give its approval after all, and the managers then obviously want to see results. You hope that you never have to use such a backup, but you have to have it anyway.” The IT staff at the municipality of Gennep swap the Silent Bricks once every two days and making the backup is only a few minutes’ work. Gennep has a total of five Silent Bricks. Each Silent Brick is 24TB, but because of the redundancy in a Silent Brick, a number of disks may fail without consequence. Therefore, each Silent Brick has an effective capacity of 16TB. This means that Gennep’s entire environment can easily fit onto each Silent Brick. The five Silent Bricks are used to store the backups from Monday to Friday, rotating each week. If you want to keep extra weekly or monthly backups, you can add extra Silent Bricks. Roel: “It is nice that it is very scalable. So if you get more data, you just add another Silent Brick.”
Done!
Many municipalities have not yet properly addressed the issue of adequate and secure data storage. It is easy to get started with Silent Bricks and it is not complicated to use either. Moreover, it is a one-time purchase for a system that will last no less than ten years.