The what, why, and how of backups.
There are two types of storage devices: ones that have failed and ones that are going to fail.
Cybercriminals are now so fast and sophisticated that security experts say attacks are inevitable: plan for when, not if they occur.
If you deal with IT on a regular basis it won't take long to realize that we are a divisive lot. That's because there are multiple ways to design a computer network properly. However, no self-respecting technician will ever tell you to not include backups as part of your network no matter how redundant you have made your data storage. We agree on that much at least. A risky sales technician might make the claim to sell a product, but they will do so at the cost of their reputation. I would make the argument that proper backups are the most vital part of any computer network. Why? Because it is the single thing that will save your data from most any threat. Are they expensive? They tend to be. Are they annoying to deal with?
You bet. Consume time that could be spent on production? Oh yes. Will they save your business when all other safeguards have failed? Working ones will.
According to the Economist the world's most valuable resource is no longer oil, but data. So why are you storing the beating heart of your company on a hard drive from 2007? Generally speaking there are three reasons why I see this type of behavior.
A Lack of Knowledge
Information Technology is often not well understood by SMEs. While larger corporations have dedicated employees in this sector that call these shots, in smaller businesses owners and managers are often wearing multiple hats and the IT hat is often not worn, or at least not well. In these situations backups are often poorly implemented or not implemented at all.
Budget constraints, and Risk Taking
It's interesting that budget handling and risk taking go hand in hand. The "It will never happen to us." mentality falls into this category as well. To those of you who fall into this category I want to say yes backups can be expensive but given the proven volatility of data it is vital to perform backups.
Bad advice is unfortunately all too common amongst SMEs, especially Micro Enterprises (0-9 employees.). Being tech-savvy is an all too common claim and those who claim this tend to take a great level of pride in their savviness which leads to advice giving. I have been in the industry for nearly half a decade and I do not consider myself tech-savvy. A trait that goes a long way in this industry is humility as you will need it to ask perceivably stupid questions. Shadow IT, especially shadow IT driven by bad advice is incredibly dangerous. While I am all for companies independently taking care of their own backups, they need to do so wisely.
Of the 20 some data recovery requests I handled last year only 2 of them had proper working backups in place. In one case I had to restore from a 2 year old backup, this resulted in over $5000 in losses, and hundreds of hours of labor. In another case I was about to give up and outsource to a data recovery lab, this would of costed the company tens of thousands in downtime and if the data recovery lab was unable to restore the results would of been catastrophic.
Advanced data recovery typically starts at around $1,000, and there will be a handsome fee if it is requested to rush the recovery. Even then there is not a guaranteed that the data is recoverable.
This is especially important knowledge to individuals who cannot afford this. I hate to see people have to choose between $1,000 for a chance to get family pictures back or accept that they are gone forever. About one third of the cases I handle I am unable to recover the data for the client. My evidence may be anecdotal but my suspicions is that there is still much need for education surrounding backups for SMEs as well as for individuals.
We've discussed the why of backups now for the What and How. But before we dig in too deep let me start with a statement the whole world needs to hear: Cloud Storage should not be considered a backup in 99% of cases!
Thank-you for letting me get that off my chest. Non-proper configurations of Cloud Storage have been a recent bane resulting in data loss. Typically the data is technically still available but figuring out what exactly the Shadow IT did with it is a cause for grief and results in downtime. The myth that because the data is stored in the cloud it does not need to be backed up has been debugged by so many other technicians that I won't waste anyone's time by telling the reasons except to say data stored in the cloud is susceptible to most the volatility that locally stored data is.
So what exactly should be backed up, how many backups, and what type of backups? Some technicians will say everything needs backed up and to a degree I agree with them, but we already said backups tend to be expensive, so at what point should we say you are spending too much on backups? There is no one answer to this question. A critical and informed decision needs to be made by those in charge. A list of potential backup configurations is beyond the scope of this article, however the rest of blog post will be dedicated to implementing proper backups.
How much of your budget are you willing to allot towards backups?
The answer to this question will be the basis of how the other questions can be answered.
Are digital forensics required by law or otherwise in the event of a security breach?
If yes, event log collection is important.
Is your data critical to keeping business running on the day you loose access to it?
If yes you may want to consider a mirrored backup that can be near instantaneously restored. Figure out how much money is lost per hour of downtime. Yes some places need to figure out the per minute ratio. Compare this number to the cost associated with a mirrored backup solution and decide from there.
How far back may you need a different version of your data?
Backups typically consist of what are called retention points which are a point in time that your data can be restored at. Retention points are obviously good but also increase the cost as it is more data being backed up. This cost can often be offset by compressing the data, but the more compression that is used the longer it takes to perform and restore the backup.
Those are a few good questions to be asked but as a companies specific needs are more understood there are more questions to be considered. Companies and individuals
with less complex needs should follow the rule of three which states data should be stored in three separate locations. A very typical implementation of the rule of three is one being your working data, one on an external device, and one in the cloud. What if your data is in the cloud you ask? This is still your working data and should be backed up to two different cloud locations or one cloud location and one local.
There is a lot more that could and should be said, but I've already garnered a reputation for being too wordy when it comes to technology. Instead if anyone has further questions don't hesitate to reach out to me! Of course Tech Horse Electronics would love to take care of your backups for you, but we also like to see SMEs take care of their own backups so long as they do so properly. Small to Medium Enterprises are the back-bone of Canada and we need to work together!
We have not touched on privacy and regulation pertaining to Cloud Backups but those are massive subjects in and of themselves. Hey! Have you checked if your backups are working recently?