Data backups are the safety net for recovering from just about any system failure, hardware loss, or destructive cybersecurity incident. Far too often, the effectiveness, completeness, and appropriateness of a backup strategy is not tested until an incident actually occurs and the backups are left as the critical last resort. There are countless horror stories of businesses turning to their backups, only to find out they weren’t running, they weren’t backing up all the data they should have been, or the way in which they were backing up data makes the restoration process extremely difficult. At the end of the day, not all backups are alike, in this article we shed some light on some of the key factors that we take into consideration when determining the ideal backup strategy for your business.
Where is the backup data stored?
The appropriate location of stored data is the first place we start. While local backups are quick, easy, and cheap - they remain vulnerable to physical dangers wiping out your data and your backup in the same incident such as a fire, flood, or theft. Remote backups require more setup, planning, and network bandwidth, but provide an extra layer of protection against localized risks by taking a copy of your data outside of your environment.
Data is backed up to physical media that is in the same physical location as the primary data being backed up. This is most often an external hard drive, USB drive, or a local backup appliance or NAS. The backup is transferred either directly onto the drive, or across the local network resulting in this being the fastest backup method. This approach works well for backing up non-critical data that would be inconvenient to lose, or backing up very large sets of data where the cost and bandwidth required to store them remotely can’t be justified.
Data is backed up to a different site, such as another office or data center that you rent or own. The backup is transferred across the internet, usually using a secured protocol or VPN, so transfer rates can be slower especially for large sets of data. The advantage over local backups is that backups are now protected from being impacted by failures and risks in the environment that contains the primary data, such as flood, fire, and theft. Also, if the primary environment becomes inaccessible or goes down, it can be rebuilt from backups that are accessible at the secondary site. With this strategy comes additional responsibility to maintain and secure the secondary environment where backups reside, and to ensure that those backups are accessible as needed.
Cloud backups follow the same approach as off-site backups, except rather than the backup data being located at another site that you rent or own, they are stored in a storage pool or container at a trusted cloud services provider. In addition to the benefits provided by Off-Site Backups, the cloud provider is now responsible for maintaining the availability, operation, and security of the environment storing your data. In general, this is a very good thing as they employ teams of specialized engineers who are working around the clock to maintain, secure, and monitor the environment.
Redundant Off-Site/Cloud Backups
Redundant Off-Site/Cloud Backups mirror your backup data between two or more different secondary locations. A redundant strategy may back up to multiple different clouds, different sites, or a combination of sites and cloud providers. For the most critical backup scenarios where the loss of even a single bit of data is unacceptable, this provides the maximum level of assurance against data loss.
Hybrid Backups retain both a local copy as well as an off-site or a cloud backup. This strategy often strikes a good balance for small businesses as they benefit from the speed and accessibility of local backups, with the added assurance of an off-site/cloud strategy.
How are backups copied?
There are two ways that a backup system copies your data: file-based and image-based.
File-based backups copy individual files from the host system and save them as individual files on the backup system, allowing you to selectively download and restore individual files from your backup system. File-based backups require you to configure exactly which files and folders are backed up, and can be ineffective in backing up certain types of data. For example, databases and certain business applications may not effectively back up properly with file-based backup because of how they are constantly reading from and writing data into files. Additionally, in the event of a total system loss you cannot directly restore the lost system from a file-based backup. The system will have to be rebuilt from scratch with a fresh operating system, freshly installed applications, and a fresh configuration. Only after a new system is built and configured can the files be selectively copied back onto the host machine in an attempt to restore it to its previous working state. This is not the ideal way to restore a system, as there are no guarantees that the freshly installed applications will be compatible and functional with directly copied files from a different system. This restoration process is very time intensive, extending the downtime before recovery.
Image-based backups clone the entire system and save it as a completely functional system image. The advantage of image-based backups is that a backup from any point in time can be booted as a virtual machine allowing you to go back in time and see the entire state of the host device at the time of the snapshot. The process to recover individual files from an image-based backup can vary. Some solutions require you to restore and boot the entire image as a virtual machine to access the data, but many modern solutions allow you to browse the files backed up within an image backup just like a file-based backup system and selectively restore individual files - providing the best of both worlds.
File-based backups are useful for selectively backing up collections of static data, such as documents, photos, and videos. However, when an entire system needs to be backed up including databases and applications and you need the ability to quickly recovery from a loss of the primary system, image-based backups are the way to go if budget allows.
Unencrypted vs. Encrypted Backups
Backed up data can either be stored encrypted or unencrypted. When it is encrypted, if someone were to try to access the backup data they’d be unable to read anything of value without knowing your encryption key.
Local backups are often left unencrypted since they are already in a secured environment and usually the host system being backed up is also unencrypted. However, once data moves off-site or to the cloud, encryption should be considered a requirement.
If encryption is necessary, there is also the question of how the encryption key is managed:
Vendor Shared Key
Vendor Shared Key means that encryption is provided by a vendor who maintains a single encryption key for all of their clients. This is like a master key that can open every single door in an apartment building. Each apartment door is locked and can only be opened with a key, however a compromise of that one key leaves every single apartment exposed. This is a less secure practice that introduces additional risk.
Vendor Dedicated Key
Vendor Dedicated Key means that your data is encrypted with an encryption key that is generated specifically for you and only decrypts your data - no one else’s. This key is also known by your backup services vendor, so you are trusting them to keep the key safe as well. If a key is compromised, either by the fault of a client or your backup services vendor, the only data that can be unlocked by that key is the client data the key was generated for. For many applications, this can be considered acceptable or even preferred. If your vendor has a copy of your key, they can assist you in the event that you lost track of it. However, for situations where sensitive data is included in the backup may warrant additional scrutiny or compensating controls.
Private Key means that your data is encrypted by a key that you generated exclusively for your own use that is not known to anyone else, not even your backup services vendor. This can be the most secure practice, however a large burden now resides exclusively on you to secure and protect that key, and also not to lose it. Since the vendor doesn’t know the key, they won’t be able to provide it to you if it is lost or forgotten, and they won’t be able to help in the event of an issue or incident without you first decrypting the data for them.
As with any decision related to security, there is always a balance between functionality and security that needs to be customized based on your own unique business requirements.
The most important thing about backups is that the backups actually run! It is common to think of backups as a “set it and forget it” measure, but just like any critical process they require regular monitoring and maintenance to remain in good health.
Most consumer backup services and many other backups that run as apps have no monitoring, limited monitoring, or require advanced configuration to enable monitoring. Without monitoring, the only way you’ll know if your backup is running and running without errors is if you remember to specifically go and look on a regular basis. Unmonitored backups are like walking on thin ice, you’re asking for trouble and chances are that eventually that ice is going to break, right when you need it most.
Monitored backups are watched on a continual basis so that any failure or error immediately notifies the appropriate staff who can then respond to the issue. As any system is subject to failure, well-monitored backups are manually inspected to ensure that everything is ok and catch an issue even if the notifications fail. Monitored backups should be considered an essential for any backing up of mission-critical data that cannot be lost.
Versioning and Retention
How backups are versioned and how long they are retained is an important consideration in your strategy, and may also be subject to certain requirements under applicable laws or compliance standards. For example, the IRS requires that CPAs retain client records for a certain number of years after they are filed in case they are needed as part of an audit or investigation. Here is an example of a versioning and retention strategy:
- Incremental backups every hour
- Full backups every night
- Retain all backups for 7 days
- Retain all nightly backups for 90 days
- Retain a weekly backup for 1 year
- Retain a monthly backup for 3 years
Often data losses, corruption, and accidental deletions are not detected for many days, weeks, or even months. Always consider your versioning and retention policy against what you are required to do, and also against the level of risk you’re willing to accept in terms of the possibility of data loss due to older backups being purged.
Cloud Provider Security
It’s relatively simple these days to set up your own cloud, create a marketing website, and advertise yourself as a “secure cloud backup service”. If your strategy involves Cloud Backup, be sure that you take responsibility to vet the trustworthiness and security practices of the cloud provider - as you are implicitly trusting them to take care of and secure your data as if it were their own. You can never ask too many questions, but are a few good things to look out for:
- A detailed, transparent document or webpage that details their security policies, practices, and procedures.
- All data encrypted at rest with AES-256 encryption or better.
- All data transmitted using SSL.
- Redundant, highly available infrastructure.
- SOC2 Compliance.
- PCI-DSS Compliance (if you are storing credit card data).
- HIPAA Compliance and the ability to provide you with a Business Associates Agreement or BAA (if you are storing Protected Health Information).
- 2 factor authentication used by both the vendor, and also made available to you if you are provided the ability to login and access your data online.
Even with the best backup strategy, multiple sites, and 24/7 monitoring - you never know if your backups are complete and functional until you try to use them. For maximum effectiveness of your backup strategy, employ regular testing of backups. Some systems allow for this to be automated, where your backed up images are booted as a virtual machine and proof is provided daily with a screenshot of the booted machine. For the most critical of applications, nothing beats a restoration exercise where you simulate a system outage and perform a full recovery from backup to verify everything is as it should be. Consider what level of testing and verification is right for you, and build it into your security policies and regular schedules.
At NorthSky Technology, we are backup and disaster recovery experts. We help our clients understand the nuances and trade-offs between backup options and find the right balance that fits their business, technical, and budget requirements. To learn more about how how our backup and disaster recovery solutions can maximize the continuity of your business, contact us today!