{"id":18086,"date":"2026-06-24T13:17:07","date_gmt":"2026-06-24T13:17:07","guid":{"rendered":"https:\/\/www.securitytoday.de\/?p=18086"},"modified":"2026-07-01T18:15:22","modified_gmt":"2026-07-01T18:15:22","slug":"when-hci-turns-backup-into-an-attack-surface","status":"publish","type":"post","link":"https:\/\/www.securitytoday.de\/en\/2026\/06\/24\/when-hci-turns-backup-into-an-attack-surface\/","title":{"rendered":"When HCI Turns Backup into an Attack Surface"},"content":{"rendered":"<p style=\"color: #69d8ed; font-size: 0.9em; margin: 0 0 16px; padding: 0;\">8 min read<\/p>\n<p><strong>HCI simplifies infrastructure-but doesn\u2019t automatically make it secure. When virtualization, storage, networking, backup, and cyber protection converge on a single platform, a new core area emerges: the control plane. It decides who builds systems, protects data, and restores operations in an emergency. For security teams, it belongs in Tier 0.<\/strong><\/p>\n<div style=\"background: #003340; color: #fff; padding: 32px 36px; margin: 32px 0; border-radius: 8px;\">\n<p style=\"margin: 0 0 18px 0; font-size: 0.95em; font-weight: 800; text-transform: uppercase; letter-spacing: 0.2em; color: #69d8ed; border-bottom: 2px solid rgba(105,216,237,0.25); padding-bottom: 12px;\">Key Takeaways<\/p>\n<ul style=\"margin: 0; padding-left: 22px; color: rgba(255,255,255,0.92); line-height: 1.6;\">\n<li style=\"margin-bottom: 12px; color: rgba(255,255,255,0.92);\"><strong style=\"color: #69d8ed;\">Consolidation shifts risk.<\/strong> HCI reduces operational overhead but also concentrates permissions, APIs, backup jobs, and recovery paths in one place.<\/li>\n<li style=\"margin-bottom: 12px; color: rgba(255,255,255,0.92);\"><strong style=\"color: #69d8ed;\">Backups need separation.<\/strong> Integrated protection only counts if immutable copies, separate admin roles, and an isolated restart are part of the plan.<\/li>\n<li style=\"color: rgba(255,255,255,0.92);\"><strong style=\"color: #69d8ed;\">Recovery is the real test.<\/strong> Before rollout, it must be clear which workloads come back in what order and who restores the control plane itself.<\/li>\n<\/ul>\n<\/div>\n<p style=\"font-size: 0.88em; color: #666; margin: 20px 0 32px 0; border-top: 1px solid #e5e5e5; border-bottom: 1px solid #e5e5e5; padding: 10px 0;\"><span style=\"color: #004a59; font-weight: bold; text-transform: uppercase; font-size: 0.72em; letter-spacing: 0.14em; margin-right: 14px;\">Related:<\/span><a style=\"color: #333; text-decoration: underline;\" href=\"https:\/\/www.securitytoday.de\/en\/2026\/06\/05\/3-2-1-1-0-restore-test\/\">Backup against ransomware<\/a> <span style=\"color: #ccc;\">\/<\/span> <a style=\"color: #333; text-decoration: underline;\" href=\"https:\/\/www.securitytoday.de\/en\/2026\/06\/06\/when-the-backup-server-itself-becomes-the-vulnerability\/\">When the backup server itself becomes the vulnerability<\/a><\/p>\n<p><em>A contributed article by Markus Fritz, General Manager DACH at Acronis.<\/em><br \/>\n<strong>What is HCI with cyber protection?<\/strong> Hyperconverged Infrastructure combines compute, storage, networking, and virtualization in a unified operating model. Cyber Protection layers on backup, disaster recovery, security functions, monitoring, and management. Many tools become one platform that governs both operations and protection. The occasion is <a href=\"https:\/\/www.acronis.com\/en\/products\/cloud\/cyber-protect\/cyber-frame\/\" target=\"_blank\" rel=\"noopener\">Acronis Cyber Frame<\/a>, an HCI and IaaS platform for service providers. Acronis describes the solution as multitenant, starting at five nodes, and integrated into Cyber Protect Cloud. For SecurityToday, the product name matters less than the fundamental question: what happens when infrastructure, protection, and recovery share the same control point?<\/p>\n<h2 style=\"margin-top: 48px; margin-bottom: 18px;\">Why VMware\u2019s restructuring is ratcheting up the pressure<\/h2>\n<p>Many service providers are currently re-evaluating their infrastructure. The <a href=\"https:\/\/www.broadcom.com\/blog\/broadcom-announces-successful-acquisition-of-vmware\" target=\"_blank\" rel=\"noopener\">Broadcom acquisition of VMware<\/a> has set license models, contract logic, and migration plans in motion. Providers running IaaS are no longer assessing the next platform purely on technical merits; they\u2019re also weighing margin, support pathways, multi-tenancy, and how quickly new capacity can be spun up. In this environment, HCI looks increasingly attractive: fewer discrete components, fewer interfaces, faster provisioning. For providers serving many small and medium customers, that\u2019s compelling-classic virtualization stacks are notoriously hard to automate. Yet the very strength that makes HCI attractive is also its greatest risk: the more functions that converge on a single console, the greater the blast radius if an admin account is compromised. The <a href=\"https:\/\/www.verizon.com\/business\/resources\/reports\/dbir\/\" target=\"_blank\" rel=\"noopener\">Verizon Data Breach Investigations Report 2026<\/a> shows how deeply ransomware continues to drive real-world security incidents. These attacks increasingly target backup consoles, hypervisors, and management servers-where the leverage is far greater than on a lone file server. <\/p>\n<div class=\"evm-stat evm-stat-highlight\" style=\"text-align: center; background: #f0f9fa; border-radius: 12px; padding: 32px 24px; margin: 32px 0;\">\n<div style=\"font-size: 48px; font-weight: bold; color: #004a59; letter-spacing: -0.03em;\">48 percent<\/div>\n<div style=\"font-size: 15px; color: #444; margin-top: 8px;\">of breaches examined in the Verizon DBIR 2026 contain ransomware.<\/div>\n<div style=\"font-size: 12px; color: #888; margin-top: 8px;\">Source: <a style=\"color: #004a59;\" href=\"https:\/\/www.verizon.com\/business\/resources\/reports\/dbir\/\" target=\"_blank\" rel=\"noopener\">Verizon Data Breach Investigations Report 2026<\/a><\/div>\n<\/div>\n<h2 style=\"margin-top: 48px; margin-bottom: 18px;\">Where fragmented stacks let protection slip<\/h2>\n<p>The classic stack is rarely cleanly separated. There\u2019s a virtualization console, a backup console, an RMM system, a security tool, bespoke scripts, and multiple provider portals. Each domain has its own roles, API keys, logs, and elevated privileges. On paper, that\u2019s defense in depth. In practice, it\u2019s drift: an ex-employee retains rights in an old backup tenant, an API key never expires, a service account can delete snapshots even though it\u2019s only supposed to pull reports, an EDR alert never reaches the team that handles restores. In fragmented stacks, these gaps surface late-no one sees the entire chain. An integrated platform can shrink that surface. It can standardize permissions, tighten tenant separation, and merge backup, security, and operations into a single event stream. That\u2019s not a free pass; it\u2019s a trade-off: fewer blind spots in exchange for a more critical management layer.<\/p>\n<h2 style=\"margin-top: 48px; margin-bottom: 18px;\">The control plane belongs in Tier 0<\/h2>\n<p>When rolling out HCI with cyber protection, treat the control plane like an identity system. It needs phishing-resistant MFA, role-based rights, break-glass accounts, admin access only from hardened networks, and a separate log target that a compromised platform admin cannot delete. Crucially, delete authority must be split: an attacker encrypting production VMs should not also be able to wipe immutable backups or silence replicas. That sounds obvious, yet it often fails because of convenient super-admin roles. In multi-tenant environments, this separation must be technically and organizationally enforced-not merely visible in the UI. For customers, the audit question changes. It\u2019s no longer enough to ask whether backup is integrated. The decisive factors are who can alter policies, who can launch recovery jobs, which actions require dual approval, and how long audit logs are retained outside the platform.<\/p>\n<h2 style=\"margin-top: 48px; margin-bottom: 18px;\">Consolidation only works with control points<\/h2>\n<p>Consolidation is not inherently a security issue. It becomes dangerous only when it\u2019s treated as a shortcut. Good platform architecture reduces operational pressure in the environment but keeps control points visible. Poor platform architecture hides complexity behind a surface and sells the absence of friction as protection.<\/p>\n<div style=\"background: #f7fbfc; border: 1px solid #d8eef3; border-radius: 8px; padding: 24px 28px; margin: 28px 0;\">\n<p style=\"margin: 0 0 14px 0; font-size: 0.78em; font-weight: 800; text-transform: uppercase; letter-spacing: 0.16em; color: #004a59;\">Pre-rollout checks<\/p>\n<p style=\"margin: 0 0 12px 0;\"><strong>Roles:<\/strong> Uniform permissions and clear tenant separation must be established before migration.<\/p>\n<p style=\"margin: 0 0 12px 0;\"><strong>Backups:<\/strong> Immutable copies require separate keys and dedicated deletion rights.<\/p>\n<p style=\"margin: 0 0 12px 0;\"><strong>Recovery:<\/strong> Recovery runbooks need real workloads, dependencies, and clear sequences.<\/p>\n<p style=\"margin: 0;\"><strong>Logging:<\/strong> Platform events belong in a destination outside HCI administration.<\/p>\n<\/div>\n<p>The difference isn\u2019t decided by the spec sheet. It\u2019s revealed in the authorization concept, network segmentation, and whether the platform itself remains controllable after an attack. An HCI environment can accelerate recovery. It can also become the place where a single breach unlocks the most doors at once.<\/p>\n<h2 style=\"margin-top: 48px; margin-bottom: 18px;\">Rollout needs recovery proof<\/h2>\n<p>Before going live, the team shouldn\u2019t just build a migration plan-it should build a restart plan. The first question: which systems must be back within the first hour? Next come identity, network, management, business processes, databases, and the order of dependencies. Without clear priorities, an incident will drown in equally loud voices and no reliable sequence.<\/p>\n<div class=\"evm-timeline\" style=\"border-left: 3px solid #69d8ed; margin: 28px 0; padding-left: 22px;\">\n<p style=\"margin: 0 0 18px 0;\"><strong>Pre-rollout:<\/strong> Document roles, tenants, emergency accounts, API keys, and external log targets. Anything that can delete backups or alter snapshots gets its own review.<\/p>\n<p style=\"margin: 0 0 18px 0;\"><strong>Pilot phase:<\/strong> Run restore tests with real dependencies. Don\u2019t just recover a VM-verify the application, identity, DNS, network path, and monitoring together.<\/p>\n<p style=\"margin: 0;\"><strong>Post-launch:<\/strong> Recertify rights regularly, test break-glass accounts, audit immutable copies, and validate recovery times against contractual commitments.<\/p>\n<\/div>\n<p>Service providers should standardize these proofs. Customers don\u2019t buy IaaS to learn forensics on the provider stack. They need a clear statement of which layers are protected, where their responsibility begins, and which recovery promises have been technically tested.<\/p>\n<h2 style=\"margin-top: 48px; margin-bottom: 18px;\">Pre-rollout demands clarity<\/h2>\n<p>The strongest HCI platform helps little if it\u2019s treated in the security model like a standard admin portal. Before rollout, three things must be verifiable: separation of operations and backup authority, protection of the management plane, and a validated restart for both platform and customer workloads. This doesn\u2019t make HCI with cyber protection less compelling. It makes the view more sober: linking infrastructure and protection lets you deploy faster, automate cleaner, and respond more orderly during incidents. The price is governance at a central level that was once scattered across multiple tools. For IT teams, that\u2019s the real decision: consolidation can simplify operations, but it must not render the security architecture invisible. Only when recovery, rights, and logs remain independently auditable does an integrated platform become more than a new attack surface.<\/p>\n<h2 style=\"padding-top: 64px; margin-bottom: 20px;\">Frequently Asked Questions<\/h2>\n<h3>What does HCI mean in this context?<\/h3>\n<p>HCI stands for Hyperconverged Infrastructure. It refers to an infrastructure architecture that combines compute, storage, networking, and virtualization within a unified operational model. In the service-provider context, IaaS is often added-i.e., the provisioning of virtual machines, storage, and network services for customers.<\/p>\n<h3>Why is the control plane critical?<\/h3>\n<p>The control plane manages production systems, tenants, permissions, backups, and restores. Whoever controls it can not only start or stop workloads but often alter protection mechanisms as well. That\u2019s why it belongs in the same protection class as identity systems, domain controllers, and central admin tools.<\/p>\n<h3>What role do immutable backups play?<\/h3>\n<p>Immutable backups prevent saved data from being deleted or altered within a defined period. Yet they\u2019re only part of the answer. Crucially, the roles for managing these copies must be separate, and keys, logs, and deletion rights must not end up on the same account.<\/p>\n<h3>Where\u2019s the difference between consolidation and lock-in?<\/h3>\n<p>Consolidation lowers operational overhead when standards, roles, logging, and recovery processes become clearer. Lock-in arises when data, workloads, and operational processes are so tightly bound to a single platform that switching becomes nearly unmanageable. That\u2019s why exit paths, export formats, and tested migrations belong in every architecture review.<\/p>\n<h3>Which checks belong before rollout?<\/h3>\n<p>Before rollout, teams should verify roles and super-admin rights, define external log targets, separate backup-deletion rights, run restore tests, and rehearse platform restart procedures. Also essential: break-glass accounts, MFA, API-key lifecycles, and a clear priority order for critical workloads.<\/p>\n<h3>Editor\u2019s reading list<\/h3>\n<ul>\n<li><a href=\"https:\/\/www.securitytoday.de\/en\/2026\/06\/05\/3-2-1-1-0-restore-test\/\">Backup against ransomware: 3-2-1-1-0 instead of 3-2-1<\/a><\/li>\n<li><a href=\"https:\/\/www.securitytoday.de\/en\/2026\/06\/02\/mid-market-privileged-access-management\/\">PAM without enterprise budget: keeping admin rights in check<\/a><\/li>\n<li><a href=\"https:\/\/www.securitytoday.de\/en\/2026\/05\/28\/network-segmentation-small-business-vlan-microsegmentation\/\">Network segmentation in SMEs: where to start<\/a><\/li>\n<\/ul>\n<div style=\"margin: 40px 0 24px 0;\">\n<p style=\"margin: 0 0 12px 0; font-size: 0.78em; font-weight: bold; text-transform: uppercase; letter-spacing: 0.18em; color: #666;\">More from the MBF Media Network<\/p>\n<div style=\"padding: 14px 18px; border-left: 3px solid #0bb7fd; background: #fafafa; margin-bottom: 6px;\">\n<div style=\"font-size: 0.7em; font-weight: bold; color: #0bb7fd; text-transform: uppercase; letter-spacing: 0.12em; margin-bottom: 4px;\">cloudmagazin<\/div>\n<p><a style=\"font-weight: 600; line-height: 1.4; color: #1a1a1a; text-decoration: none;\" href=\"https:\/\/www.cloudmagazin.com\/2026\/04\/22\/vmware-post-broadcom-2026-dach-migrationsstrategie-nutanix-proxmox\/\">VMware price shock: DACH firms face tough choices<\/a>\n<\/div>\n<div style=\"padding: 14px 18px; border-left: 3px solid #ff6b57; background: #fafafa; margin-bottom: 6px;\">\n<div style=\"font-size: 0.7em; font-weight: bold; color: #ff6b57; text-transform: uppercase; letter-spacing: 0.12em; margin-bottom: 4px;\">digital-chiefs<\/div>\n<p><a style=\"font-weight: 600; line-height: 1.4; color: #1a1a1a; text-decoration: none;\" href=\"https:\/\/www.digital-chiefs.de\/operating-model-reorg-decision-rights-schnittstellen\/\">The operating model that survives the re-org<\/a>\n<\/div>\n<div style=\"padding: 14px 18px; border-left: 3px solid #8b5cf6; background: #fafafa; margin-bottom: 6px;\">\n<div style=\"font-size: 0.7em; font-weight: bold; color: #8b5cf6; text-transform: uppercase; letter-spacing: 0.12em; margin-bottom: 4px;\">mybusinessfuture<\/div>\n<p><a style=\"font-weight: 600; line-height: 1.4; color: #1a1a1a; text-decoration: none;\" href=\"https:\/\/mybusinessfuture.com\/prozessoptimierung-scheitert-an-der-uebergabe-nicht-am-tool\/\">Process optimization fails at the handoff, not the tool<\/a>\n<\/div>\n<\/div>\n<p style=\"text-align: right; color: #868e96; font-size: 0.85em; margin-top: 48px;\"><em>Source of title image: Pexels \/ Panumas Nikhomkhai (px:37605910)<\/em><\/p>\n<p style=\"text-align: right; color: #868e96; font-size: 0.85em; margin-top: 48px;\"><em>Image source: Pexels \/ Panumas Nikhomkhai (px:37605910)<\/em><\/p>\n","protected":false},"excerpt":{"rendered":"HCI consolidates operations, backup, and protection. This reduces friction but shifts risk to the control layer. IT teams must treat it as Tier 0.","protected":false},"author":56,"featured_media":17992,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_yoast_wpseo_focuskw":"Cyber Protection","_yoast_wpseo_title":"When HCI Turns Backup into an Attack Surface","_yoast_wpseo_metadesc":"HCI streamlines operations, backup & cyber protection. Discover why central control becomes an attack surface & essential pre-deployment checks.","_yoast_wpseo_meta-robots-noindex":"","_yoast_wpseo_meta-robots-nofollow":"","_yoast_wpseo_meta-robots-adv":"","_yoast_wpseo_canonical":"","_yoast_wpseo_opengraph-title":"","_yoast_wpseo_opengraph-description":"","_yoast_wpseo_opengraph-image":"","_yoast_wpseo_opengraph-image-id":0,"_yoast_wpseo_twitter-title":"","_yoast_wpseo_twitter-description":"","_yoast_wpseo_twitter-image":"","_yoast_wpseo_twitter-image-id":0,"_evm_translation_lang":"","featured_post":0,"featured_post_sortierung":0,"_wp_old_slug":[],"footnotes":""},"categories":[3,2],"tags":[],"class_list":["post-18086","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-aktuelles","category-innovation"],"evm_reading_time_minutes":9,"wpml_language":"en","wpml_translation_of":17993,"_links":{"self":[{"href":"https:\/\/www.securitytoday.de\/en\/wp-json\/wp\/v2\/posts\/18086","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.securitytoday.de\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.securitytoday.de\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.securitytoday.de\/en\/wp-json\/wp\/v2\/users\/56"}],"replies":[{"embeddable":true,"href":"https:\/\/www.securitytoday.de\/en\/wp-json\/wp\/v2\/comments?post=18086"}],"version-history":[{"count":1,"href":"https:\/\/www.securitytoday.de\/en\/wp-json\/wp\/v2\/posts\/18086\/revisions"}],"predecessor-version":[{"id":18087,"href":"https:\/\/www.securitytoday.de\/en\/wp-json\/wp\/v2\/posts\/18086\/revisions\/18087"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.securitytoday.de\/en\/wp-json\/wp\/v2\/media\/17992"}],"wp:attachment":[{"href":"https:\/\/www.securitytoday.de\/en\/wp-json\/wp\/v2\/media?parent=18086"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.securitytoday.de\/en\/wp-json\/wp\/v2\/categories?post=18086"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.securitytoday.de\/en\/wp-json\/wp\/v2\/tags?post=18086"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}