Hi guys,
Since this topic got no answers from other customers, let me share my personal opinion.
If we also assume a dedicated network/security team that can restrict management access (for example, blocking SSH/HTTPS management paths from the backup admin network), then the existing approach can already provide a very strong level of isolation. Backup admins wouldn’t be able to access a hardened repository or Object Storage at the operating system level.
Of course, if administrative credentials (for example, firewall/admin accounts) are documented or stored in a single place and an attacker gains access to both those credentials and the firewalls, then many of these controls can be bypassed.
Best,
Fabian
Since this topic got no answers from other customers, let me share my personal opinion.
I’d argue that in a high-security environment, administrative access to the hardened repository and administration of the object storage are typically handled by separate teams than the backup administrators; each with their own user accounts (local users or separate management domains).In high-security environments, existing hardened repositories and object storage immutability are valuable but still part of the same administrative domain. A dedicated cyber vault would provide:
If we also assume a dedicated network/security team that can restrict management access (for example, blocking SSH/HTTPS management paths from the backup admin network), then the existing approach can already provide a very strong level of isolation. Backup admins wouldn’t be able to access a hardened repository or Object Storage at the operating system level.
Of course, if administrative credentials (for example, firewall/admin accounts) are documented or stored in a single place and an attacker gains access to both those credentials and the firewalls, then many of these controls can be bypassed.
Best,
Fabian
Statistics: Posted by Mildur — Apr 30, 2026 12:57 pm
