Let’s talk about backup baby, let’s talk about you and me, let’s talk about all the good things and the bad things that may be. Let’s talk about back-up. Let’s talk about backup!
Anyone growing up in the 90’s will undoubtedly be singing Salt ‘n Pepa’s hit single in their heads right about now. I know I am. Albeit with very different wording….
But the point of this article really is to talk about backup. About having your own back and protecting yourself and your company against any cyber threats that may present themselves (Power to you!).
In our article Cloud hosting – Managed or traditional?, we set out the importance of storing your data in the cloud, specifically highlighting the benefits of a managed hosting service –
“And what are the benefits of managed hosting for companies?
Companies using a managed hosting service get data protection benefits such as high availability and disaster recovery. Servers are also constantly and critically monitored for any irregularities or potential failures (hosting providers are well equipped with various tools and have tons of experience dealing with server security related issues). They constantly scan the operating system and core application to find security vulnerabilities, which they can fix in order to prevent the server from being attacked. Running security audits like spam filtering, virus scanning, software firewall configuration and OS updates is an invaluable tool in your “prevention is better than cure” arsenal.
It’s good to have back up, wouldn’t you say?”
And we stand by that. But even with your data “safely” stored in the cloud, where a collection of networked computer hardware systems work together to provide complex webs of remote servers thereby providing a reliable network which is constantly scanning operating systems and core applications to find security vulnerabilities – you are still not bulletproof. None of us are. Unfortunately.
And losing any amount of data can compromise your personal identity, erase your family history, and even bankrupt your entire firm. It doesn’t matter whether you store years of highly sensitive customer data or just save hundreds of pics of your cat, you never want to find out that a large chunk (or even all) of your data is suddenly gone, like “Poof” it has dis-a-ppeared into thin air (literally).
Remember the Linux based data centres, such as those used by AJS (to host their clients), whilst remarkably resilient, are still not 100% safe. So, perhaps, where the integrity of your data is concerned, there is no one better qualified (than yourself) to ensure that your data (managed or not) remains as “safe as houses”.
Scared? Take deep breaths, we’ve got you.
Firstly, what is Backup?
Backup (in the information technology world) is defined as “a digital copy of computer data that is taken and stored safely on another computer system so it can be used to restore the original in the event of data loss”.
The reality is, not everyone knows why they need more than one data backup or why they even need to backup in the first place. But, the fact is data loss can be a disaster for a small businesses, large businesses, and even individuals. And as we believe – prevention is always better than the cure.
But, why do I also need my own backup (especially if the company that I host with does the backups and has a disaster recovery site in place)?
Ctaccess lists the following reasons in their article Understanding the importance of data backup and recovery in 2020 for you to consider –
- ”Human Errors Are Common – all humans err and your employees are no different. Despite having the best intentions, they will make mistakes every now and then, and this means your data may be inadvertently (or advertently) compromised. A data backup and recovery solution can undo this costly mistake. Incidents involving the accidental deletion of important data, data theft, system crashes, loss of hardware, are more common than you know. Having a quality data backup and IT disaster recovery strategy in place can ensure that you don’t end up losing any critical information and your business operations continue unhampered despite any kind of human error.
- Cybercriminals Are after Data – with data becoming as valuable as currency, it should come as no surprise that cybercriminals are always going to go after it. Take the example of ransomware, which is a type of malware that can deny you access to your own files stored on your computers, servers, and mobile devices. The cybercriminal will not only steal your sensitive data, but also threaten to misuse/publish it on public platforms. You may be able to unlock your files only after paying a ransom. Over time, cybercriminals have devised several ways to launch these kinds of attacks on businesses. Businesses need to protect themselves with anti-virus software, firewalls, proper authentication, and user training, among other measures. Despite these safeguards, a cyberattack can still wreak havoc and data can be lost. Proper data backup and recovery systems are crucial to minimizing damage in such cases.
- Unexpected Downtime Costs Are Heavy – a good backup and recovery solution matches your RTO (recovery time objective) to the solution. RTO refers to the amount of time it takes to restore your backups. This should be minimal so that the data is back online as soon as possible. Unfortunately, data loss almost always results in downtimes because employees cannot work without information, mission-critical applications, and programs. Even servicing clients efficiently can become impossible without their contact details and account information saved by an effective data backup solution. Without a proper data backup and disaster recovery solution in place, you will be forced to compromise and pay a huge price to recover lost data and rebuild your business from scratch.
- Protect Your Reputation – in the absence of data backup solutions, you may not be able to recover lost data or recovery may take too long, creating doubts in the minds of your customers about the strength of your business. Losing priceless customer data can result in immense delays, embarrassment, and reputational damage. If your business can’t operate for days after an outage because you’re still recovering, customers may lose faith in your abilities. They may even decide on never doing business with you again. Potential customers will also form an opinion that you lack professionalism, and are incapable of protecting their data”.
Question – Why does a state of the art data centre with all the securities, on line backups, data replication and data recoveries in place (like AJS’s managed cloud hosting system) still insist that the backup remains the responsibility of the client?
Firstly, having your own (additional) backup provides true “peace of mind” in that even if something happens to your service provider, you would still be able to restore your information. Secondly, going back a few years the Law Society of the Northern Provinces required that all firms who hosted their accounting information on a remote server should also have a backup copy of the data on-premises.
Simply put, backing up your own data offers an additional layer of security and protection that even data centres cannot provide. Data centres (due to the very fact that they are connected) are still susceptible to virus attacks and therefore cannot guarantee, beyond a shadow of a doubt, that your data will always remain completely secure. Whilst virus threats rarely affect sophisticated data centres such as AJS, they do happen and just like any back-up plan, having your own backup is imperative to ensure business continuity.
And it is at this point that we believe the need for multiple (and hopefully offline) backups has been sufficiently set out. So how do you go about it?
What does backup involve?
Essentially backing up your data involves (either by means of backup software, onsite storage and/or offsite storage) in some variation the copying of data from servers, databases, desktops, laptops, and other devices in case of user error, corrupt files, or a physical disaster that renders critical data inaccessible. It can also protect sensitive business data in the event of a hardware malfunction, hacker penetration, and many other threats posed to digitally stored information.
And we acknowledge that there are many things that you can do to keep your data safe – from choosing a first rate managed cloud hosting platform (as we set out in our Cloud Hosting article) to installing every type of high-tech anti-virus software available. But the single most important step you can take is to perform data backups yourself — early and often, always having a recent backup of your data close at hand. That way, if your data centre is hacked or threatened with a virus, your chosen backup method can ensure that you are not caught with your pants down….
A few of the different backup methods to choose from include –
Onsite backup
Onsite backup usually entails storing important data on a periodic basis on local storage devices, such as hard drives, DVDs, magnetic tapes, or CDs. These allow for immediate access to data which is less expensive, not requiring any access to the internet. However, if there is any type of catastrophic event (like a fire, flood or theft) onsite, your precious data can be completely destroyed or lost. Remember that because this method is still “connected” it will still be susceptible to virus attacks and is therefore not 100% safe.
Offsite backup
Off-site (and off-line) backup is a method of backing up data to a remote server or to media that is transported off site. It usually entails the replication of the data to a server which is separated geographically from a production systems site and can be achieved by way of direct access, over Wide Area Network (WAN). Offsite solutions allow for access to the data from any location by using File Transfer Protocol (FTP) or Internet ensuring that the data can’t be destroyed in case of a catastrophic event at the principle site. Offsite backup data can also be shared with a number of different remote locations. Additionally, offsite (and offline) backup is crucial when it comes to data recovery as it is not connected to data centre servers, which always remain online. This ensures that they will not be affected by viruses, which data centres (due to their constant online connectivity) are still susceptible to. However offline backup does not guarantee complete protection against Ransomware, which usually infects a computer long before it activates the attack.
Backup software
According to Techopedia, backup software is “any application that enables the backup of files, folders, documents, software data, most data types and the computer/server as a whole. Backup software enables the creation of an exact duplicate of computer files that can be used for restoring the original files in case of file corruption, accidental/intentional deletion or a disaster. It can be used for local/individual computers or for an enterprise’s computers, servers and networking devices. Backup software for individual use generally backs up selected files, folders and important operating system files on the same computer/hard drive. The advanced or enterprise-level software is typically integrated within each computer, server or node and backs up selected files and folders on a scheduled basis or as required”. It’s also important to note that multiple copies of backups can be saved. This can be done by retaining multiple points at once, or by saving the same backup on multiple drives or clouds. Additionally, backup software provides the ability to restore data if the original storage location is deleted. A definite plus. Again, remember that because this method is still “connected” it will still be susceptible to virus attacks and is therefore not 100% safe.
Grandfather-Father-Son Backups
AJS recommends following a Grandfather-Father-Son (GFS) Data Retention backup system. Used by AJS, this is a common backup system used as a hierarchical data retention strategy. For example, three sets of backups, such as weekly, monthly and yearly backups are defined. You are then able to vary this frequency to suit the requirements of your environment. The weekly or Son backups are rotated on a weekly basis with one graduating to Father status each month. The monthly or Father backups are rotated on a yearly basis with one graduating to Grandfather status each year. One or more of the graduated (Grandfather) backups is preserved for disaster recovery and archival purposes.
(For a more in-depth look at what backup is and the various methods involved, refer to this article).
Remember cloud hosting will count as data backup. However, we are of the opinion that it should not be your only means of data backup. It is always better to be safe than sorry. The more places your data is backed up, the better. In fact, whatever method you use is fine as long as you have multiple backups and you create them often. For maximum security, we recommend keeping several duplicate backups in different locations. And definitely ensure that one of your backups is offline. That way, even if you lose one, you’ll have a backup of your backup. You will have your own back!
Whilst some might say that “less is more”, we are of the firm belief that where data security is concerned – more is definitely better!
#datasecuritymaximalism
Written by Alicia Koch on behalf of AJS
