The modern digital landscape has created a dangerous paradox for businesses, where the very backups designed to be a lifeline during a cyberattack have become a primary target for sophisticated ransomware gangs. As attackers evolve their strategies from merely encrypting live data to actively seeking and destroying recovery points, organizations find themselves in an increasingly vulnerable position. A successful attack on backup repositories can render recovery impossible, forcing a company’s hand and making a ransom payment the only perceived option. In response to this escalating threat, Wasabi Technologies has developed Covert Copy, a resilience-focused security feature for its Hot Cloud Storage platform. This new capability is engineered to protect critical data not only from external cyberattacks but also from the significant and often overlooked danger of internal risks, offering a multi-layered defense in an era of persistent digital threats. The feature aims to redefine data resilience by making essential backups effectively invisible and untouchable, even to those with high-level access to the primary storage environment.
A New Paradigm in Data Protection
The Power of the Logical Air Gap
At the heart of Covert Copy’s defensive strategy lies a patent-pending implementation of a logical air gap, a modern evolution of a classic data protection concept. Traditionally, an air gap referred to a physical separation, where backup media like tape drives were physically disconnected from the network and stored off-site, creating an insurmountable barrier for any online attack. While effective, this physical method is often slow and impractical for the rapid recovery needs of today’s businesses. The logical air gap achieves the same fundamental goal of isolation but through software-defined controls rather than physical distance. It creates a virtual fortress around a copy of the data, making it completely separate and sealed off from the main network and production environment. This ensures that even if an attacker successfully infiltrates an organization’s primary systems, the air-gapped backup copy remains unseen and unaffected. By leveraging stringent access controls to enforce this separation, Covert Copy makes the data within this logical vault immutable, meaning it cannot be altered, encrypted, or deleted by unauthorized processes.
Beyond Traditional Immutability
While the concept of using a logical air gap to create immutable backups is not entirely new in the industry, with competitors like Veeam and Cohesity offering similar protections against external threats, Covert Copy introduces a crucial additional layer of security that sets it apart. According to David Boland, Wasabi’s vice president of cloud strategy, the feature’s key innovation is its ability to conceal the protected backup data from internal users who have legitimate access to the main storage account. This is a critical distinction because many data protection systems, while secure against outside attackers, still allow authorized administrators within the organization to view, modify, or even delete the supposedly immutable data from the storage console. This leaves a significant vulnerability open to insider threats, whether malicious or accidental, and to attacks involving compromised employee credentials. The Sophos report “The State of Ransomware 2025” identifies compromised credentials as the second leading cause of data breaches, highlighting the severity of this risk. By making the backup data completely invisible within the standard user interface, Covert Copy effectively mitigates this threat, ensuring the data is safe from anyone who could potentially change it.
Fortifying Security Through Authentication and Integration
The Multi-User Authentication Advantage
Underpinning this advanced security is Wasabi’s robust multi-user authentication system, a mechanism that provides a higher level of security than the more common multi-factor authentication (MFA). While MFA focuses on verifying a single user’s identity through multiple methods, multi-user authentication requires explicit approval from several designated individuals before a critical action, such as data deletion, can be executed. Specifically, Covert Copy mandates that at least three separate, pre-authorized security contacts within an organization must consent to the deletion of the protected data copy. This creates a powerful distributed defense system. As noted by Jasdeep Singh, a research manager at IDC, this process makes the system profoundly more secure. Even if a sophisticated attacker manages to gain complete control over a high-privilege account, they would still be powerless to destroy the backup data without somehow coercing or compromising multiple, independent security officers. This consensus-based approach to data deletion erects a formidable barrier against both external attackers and potential rogue insiders, making the solution particularly compelling for organizations in highly regulated sectors such as healthcare, finance, and government, where data integrity is paramount.
Seamless Integration and Future Prospects
In addition to its advanced security features, a significant advantage of Covert Copy is its seamless integration and ease of use, especially when compared to the offerings of major public cloud providers. While giants like AWS, Microsoft, and Google provide tools for creating immutable storage, their multi-user authentication features are often separate services that require complex and specialized configuration to implement correctly. This can create implementation gaps and potential misconfigurations that attackers can exploit. Wasabi has streamlined this process by building the multi-user authentication capability directly into the Covert Copy management console, simplifying deployment and ensuring that this critical layer of security is correctly applied without extensive technical overhead. Singh emphasizes that in a climate of growing data sovereignty challenges and the rise of AI-powered ransomware, this easily deployable resilience is no longer a luxury but a necessity. Further enhancing its value, Covert Copy is available at no additional cost to all subscribers of Wasabi Hot Cloud Storage. The company has also announced its intention to extend support for the feature to its high-performance SSD storage service, Wasabi Fire, in 2026, broadening its applicability to workloads requiring faster data access.
A Resilient Future for Data Storage
The introduction of security measures that rendered backup data invisible and required multi-party consent for deletion marked a significant evolution in the fight against ransomware. It became clear that reactive strategies focused solely on recovery were no longer adequate in the face of attackers who systematically targeted those very recovery mechanisms. This shift underscored a new imperative in the industry: building proactive resilience directly into the storage infrastructure itself. The integration of logical air gaps with advanced authentication protocols established a higher standard for data protection, one that accounted for the dual threats of sophisticated external cyberattacks and the persistent risk posed by internal vulnerabilities. This approach demonstrated a deeper understanding of the threat landscape, where the integrity of backup data was recognized as the ultimate line of defense, a line that had to be fortified against any potential point of failure. Consequently, organizations began to view data storage not just as a passive repository but as an active component of their security posture.
