How to Utilize IBM Safeguarded Copy

Data breaches are some of the most concerning and expensive threats to businesses today. In the past, most organizations have developed and implemented high availability (HA) and disaster recovery (DR) solutions to protect their data, but these measures aren’t enough for protection against cyberattacks in the present. 

Organizations are becoming increasingly worried about accidental or intentional logical corruption, which is when all hardware components are working as expected, but data is destroyed or corrupted on a content level. Logical corruption cannot be prevented with HA/DR solutions, as these solutions are not content-aware. 

IBM’s newly enhanced Safeguarded Copy is the latest protection mechanism for data on DS8000 storage systems. IBM DS8000 Safeguarded Copy sessions help secure data to prevent it from being compromised, either accidentally or deliberately.

LCP Data Protection

Safeguarded Copy provides immutable copies of data for logical corruption protection (LCP), enables hidden, nonaddressable backups for additional security, offers simple implementation on IBM DS8900F storage solutions and integrates with many HA/DR environments. 

LCP is a type of data protection that provides secure, point-in-time copies of production data that are later used for identification, repair or replacement of data that has been compromised by either cyber or internal attack or corrupted by system failures or human error. 

LCP provides data validation, forensic analysis, surgical recovery, catastrophic recovery and offline backup services in order to better protect data. 

In order to address LCP, Safeguarded Copy provides immutable points of data recovery per production volume that are hidden and protected from being modified or deleted. 

Safeguarded Copy uses a backup capacity, which can be created for any production volume. The size of the backup capacity depends on the frequency of the backups and the duration they need to be retained. The session creates a consistency group across the source volumes to create a safeguarded backup. The production volume of the Safeguarded Copy is the source volume for a Safeguarded Copy relationship. While a recovery volume is used to restore a backup copy for host access, the production volume continues to run on the production environment. 

Safeguarded Copy has many advantages: 

• It provides up to 500 backup copies per production volume to restore data in case of a logical corruption or destruction of data 
• The backup volume is a hidden, nonaddressable volume that doesn’t consume any of the regular volume addresses, and copies can be maintained at either production or recovery sites 
• Storage targets are protected with additional security provided through unique user roles 
• Safeguarded Copy capacity is allocated in the best-performing storage tier, minimizing performance impacts from writing backup data 

Using the Safeguarded Copy Function

To use the Safeguarded Copy function, you must schedule backups and assign backup capacity. The backup capacity should be allocated with enough space to accommodate your SLAs to meet your requirement for frequency and retention period of backups. You can set up an internal scheduler for the backups in Copy Services Manager to run automatic backups at the frequency required. 

Different user roles and authority levels can be used to manage production source volumes, backup capacity and recovery volumes. For security purposes, administrators need at least two interfaces in order to create, enable and manage Safeguarded Copy. The DS8900F DS command line interface or GUI is needed to create backup capacity. 

The need for efficient, secure date protection is growing. Safeguarded Copy and other IBM systems within the DS8900F family offer expanded security capabilities and options to help better protect data.