Learn how to secure your immutable backup system with multi-factor authentication, role-based access control, and secure remote access in this practical guide.

Having an immutable backup system is great—but if attackers can compromise your backup infrastructure through weak authentication or misconfigured access controls, your immutability doesn't matter. In this episode, Curtis Preston (Mr. Backup) and Prasanna Malaiyandi discuss four critical security measures that go beyond basic immutability to truly protect your backup system from ransomware and insider threats.

What you'll learn:
• Why multi-factor authentication is non-negotiable for backup systems (and why SMS-based MFA isn't enough)
• The differences between TOTP, hardware tokens, and passkey authentication
• How to implement secure remote access without exposing RDP to the internet
• What role-based access control (RBAC) means for backup systems and why the backup admin is the most powerful person in your company
• The concept of "four eyes authentication" for destructive operations
• When to consider managed security service providers or SaaS-based data protection

Curtis shares his strong opinions on why SMS-based MFA is terrible, why RDP should be turned off entirely, and why the person with full backup system access can potentially destroy more data than anyone else in the organization. The discussion covers practical implementation strategies, from good to better to best approaches for each security measure.

This episode builds on their previous discussion of "10 Things Every Backup System Needs to Have" and addresses feedback from listeners who wanted more detail on security hardening. Whether you're managing on-premises backup infrastructure or evaluating cloud-based solutions, these security principles apply across all platforms.

Key timestamps and topics covered include the reality that ransomware is now the number one reason organizations reach for their backups, the importance of segregating backup systems from production networks, and why even small organizations need to think seriously about backup security.

Perfect for IT professionals, backup administrators, security teams, and anyone responsible for protecting their organization's data recovery capabilities.

Subscribe to The Backup Wrap-up for more practical advice on backup, recovery, and cyber-recovery from industry veterans who've seen it all.While you're here, Here's some great episodes from this year:
https://www.youtube.com/watch?v=ZZGn5xlYTec
https://www.youtube.com/watch?v=nHz5hGZy0nY&t=2s
https://www.youtube.com/watch?v=ov834MWoBXg&t=2s

This YouTube channel is also available as an audio podcast!
https://www.backupwrapup.com

We also have a blog that I've been running for over 20 years!
https://www.backupcentral.com

I've also written four O'Reilly books! My latest:
https://www.amazon.com/Modern-Data-Protection-Recoverability-Workloads-ebook/dp/B093TQTBC3