As a business, you will know that you generate large quantities of information on your computers and the cloud on a daily basis. Much of this information is crucial for the running of your business, and could have serious implications if it is lost in any way.
What would happen if the computer that contains a key set of documents saved locally is suddenly unavailable? Or if your cloud space was hacked, and all your data was encrypted or destroyed?
The best answer is nothing. Because your data backup is all safe and sound. Right? You know that a copy of everything your organisation owns is safely saved somewhere else, and that you can restore that backup in a matter of minutes if it is suddenly needed.
Or do you? If you are not confident that you have usable backups in place then this World Backup Day is the perfect time to start rectifying this. Read more for our backup best practices.
This may sound obvious, but how often is regularly? Could your business manage if it lost an entire week’s worth a day’s worth, or even a few hours’ worth of data?
Where the most obvious backup schedule is usually daily, at night, after work has been completed for the day, some organisations may find that this is not enough. An attack can happen at any time, and if it does, everything that is not backed up could potentially be lost, including everything you have achieved since the last backup.
While it may only be possible to take a full backup at night, there are options for incremental or differential backups that can be done more quickly and easily over the course of a day, preventing a steep loss of data.
As alluded to above, there are different types of backup available.
Full backup: A complete copy of everything you have. A full backup is the easiest to carry out, and will capture everything in the system on a regular basis, and any backup can be used to restore all data for a specific period of time. However, full backups take time to carry out, and can quickly overload storage.
Incremental backups: A copy of all changes since the last incremental backup. Incremental backups are quick to carry out, and demands on storage are low. However, as each change is only saved once, they can be complex to restore.
Differential backup: A copy of all files that have changed since the last full backup. The differential backup will continue to save all changes since the last full backup until the next one is carried out. Differential backups are quicker to carry out than full backups, but they only contain partial data in any one backup.
Every backup type has its uses, and a combination of backups may be the most useful to build a backup strategy that best suits your business needs.
Backups are basically a copy of your data, saved at a point in time. They contain sensitive data about your organisation and your customers. As a result, every precaution should be taken to protect backups, including encrypting them.
Encrypting backups means that if they are accessed, they can’t be tampered with and that any data that is stolen is essentially useless to the attacker.
There is nothing worse than thinking something is safely saved, only to discover too late that it has not been saved. There are several things that can go wrong with a backup, such as a system that doesn’t back up properly, the storage capacity has been exhausted and items are no longer saving, a power failure reset the backup and it is taking place at the wrong time, and so much more.
Every backup process should send a confirmation email, and backup best practices suggest that you review the backup information to make sure that everything is working as it should.
The 3-2-1 backup rule states:
3 copies of data: One is the original, production data, the other two are two more copies of the same data.
2 different media: Backups should be held in two different places.
1 offsite backup: One of the two backups should preferably be offsite.
While the 3-2-1 backup rule is slightly out of date, the rule can easily be modified. Backup best practices are to have two backups in two different data regions, or one on-prem and one on the cloud backup, or some other combination that works for the organisation. The purpose of two backups is that one should work in the event that the other fails.
The backup should also be stored remotely, as if all IT systems are down, the backup will also be down.
Another purpose of a backup is to provide a clean version of data and systems should they be corrupted. For example, some cyber attackers will dwell inside a network for some time before launching an attack, requiring a backup from before they entered the network, which could be days, weeks, or even months earlier.
In addition, some regulations will require that certain data backups are held for extended periods, for example financial regulators may require you to hold onto data for several years. These regulations will need to be taken into account when setting a retention and deletion schedule.
It may sound contradictory to the above, but companies don’t need to hold on to backups for too long.
Most restorations will be from the latest version, and it is rare to need to restore a version that is several months old, let alone several years. In addition, regulations such as the GDPR also relate to the data held in a backup, so it is imperative that data that is deleted as a result of a request is not accidentally held and restored from a previous backup.
Besides, holding onto backups for too long costs storage space and money. A balance needs to be found between the two.
You may need to rely on the backups one day, and it is important to check that you are able to fully restore every application on demand.
From time to time manually restore all systems and verify that the backup can indeed be fully restored and usable.
Backups are the key ingredient in disaster recovery efforts as they feed into business continuity should an incident take place. However, in a disaster recovery effort, time is of the essence. It is therefore vital to ensure that all restore processes are known and understood by the relevant teams, and that they are able to work smoothly.
Plan ahead. Take the time to work out how the data backup can be restored in different scenarios, including for example a full restoration from a secondary backup, or how to restore a backup in the event that all the main infrastructure is compromised, the order in which different backups for different systems should be restored, and more. And don’t forget to test the strategy to check that it is working.
As we have seen, while backing up data is a simple concept, it is much harder to get right in practice.
Talk to us to understand how we can help you develop a backup strategy that supports your business needs.