Every modern backup platform ticks the immutability box. The decision-relevant difference is air-gap topology, recovery cleanroom architecture, and the operational cadence of cyber drills.
Why the Marketing Slide is Misleading
Veeam, Commvault, Druva, Atempo — every major backup platform now ships with immutable storage as a feature checkbox. The marketing slide implies that turning the feature on solves the ransomware problem. It does not. It solves one part of the ransomware problem — the part where attackers try to encrypt the backups themselves.
The harder parts — authentication-plane compromise, lateral movement to backup credentials, exfiltration of unencrypted archives, time-to-recovery once the attack is contained — are not addressed by immutability at all.
What Actually Matters — In Order
- Identity-plane separation. Backup admin credentials live in a different authentication domain from production credentials. If your domain controller is compromised, the attacker still cannot touch the backup retention policy.
- Hardware or software WORM enforcement. Immutability that is enforced by the storage media or filesystem, not the application — because an application can be reconfigured.
- Recovery cleanroom architecture. An isolated network where you can restore, verify integrity, and forensically clean a workload before promoting it back to production.
- Drill cadence. Quarterly, scripted, time-measured, written-up. The drill report is the artefact that survives the marketing claim.
Immutability without identity separation is a lock on a door whose key the attacker already has. — Field note, ransomware engagement, August 2024
The Cleanroom Conversation
When ransomware hits — and statistically, for any Indian enterprise above ₹500cr in revenue, it will — you cannot restore back into the same compromised environment. The attacker is still there, in some form, until proven otherwise. A cleanroom is a parallel network with its own credentials, where you stand the recovered workload up, verify it, then promote it. It is not improvised in the moment. It is pre-architected.
What Not to Do
- Do not assume the immutability checkbox is sufficient.
- Do not co-locate backup credentials with production identity.
- Do not skip the quarterly drill because the platform vendor says one is unnecessary.
- Do not measure success in backup completion rate. Measure it in restoration time.
The Test
If your backup platform vendor's slide says "immutable backups" and stops there, ask them for the recovery cleanroom diagram and the drill methodology. The presence or absence of those two artefacts tells you the entire story.