In 3-2-1 to a successful backup strategy

Disaster strikes. Despite your best precautions, ransomware got in and that on your PCs and servers is encrypted. Fortunately, you have good backups that the criminals could not touch, they are up-to-date and you can restore them smoothly. Right?

A good backup is the best insurance against IT problems, human error and cyber attacks. To highlight the importance of a good backup strategy, March 31 has been declared World Backup Day. But really, every day should also be backup day.

Everyone knows that backups are necessary, but in too many cases the backup strategy is set and forget. The backups are set, so everything will be ok. Unless ransomware can encrypt the backups along with it, of course. Or maybe your office burns down and both server and backup are broken. Or the backup is somewhere, but how do you restore the environment and how long will that take?

Golden 3-2-1(-1-0) rule

The rule of thumb when backing up is the 3-2-1 rule. The term comes from the photography world and has been widely embraced in the IT sector today. Only backups that follow that rule are worthy of the name.

3: Make sure you have three versions of your backup: one primary version of your data (the servers you work on) and two copies;
2: Keep those three versions on at least two different media (i.e., not two copies on the same physical server);
1: Place at least one copy in an external location (such as the cloud).

The 3-2-1 rule protects you from just about any problem. One device breaks down? Then your data is still in two other places. Does a disaster strike your office? Then you can call on the remote location.

Although the rule has stood the test of time well, backups must adapt to the latest technological developments. That’s why some experts add two additional digits to the 3-2-1 rule. The updated rule is then called 3-2-1-1-0, which might as well be the combination of a combination lock.

1: Make sure at least one backup is unalterable or air-gapped (disconnected from the Internet);
0: Test your backups to make sure they contain zero errors.

Types of backups

There are several ways to do backups. The most obvious method is a full backup. As the term suggests, this involves making a copy of all files and folders within the defined scope, including those already backed up previously. The first backup you make of a file or data set should always be a full backup.

Like everything in life, full backups have advantages and disadvantages. This type of backup offers the highest degree of security because all data is included without any exceptions. Consequently, when restoring, only one backup needs to be restored. On the other hand, the more data you need to replicate, the longer the backup takes and the more storage space it takes up.

Therefore, after making an initial full backup, it is often switched to incremental backups. This type of backup only looks at changes to the data made since the last backup. This allows for faster and lighter backups. However, changes to data must be carefully tracked. An incremental backup only has to go wrong once and all subsequent backups will be incomplete or incorrect, with dramatic consequences for data loss and recovery.

Between full and incremental backups are differential backups. A differential backup likewise considers only modified data, but takes the last full backup as its reference point each time. The process is therefore slightly less error-prone than incremental backup, but still takes up less storage space than full.

Ransomware

Backups are not only the best weapon against disasters or failures but also against cyber threats. Do not underestimate the risk of this: any organization can face it. Backups are the ransomware criminal’s biggest fear in the event of a successful attack. Why pay to get your encrypted data back when you can put the data back via an external backup?

To avoid that, ransomware specialists often secretly disable your backups. When they then leave your environment running without backups for a month or two to then activate the ransomware, you’re left with very few options.

Therefore, make sure you keep a close eye on whether your backups are still working. Check them regularly for completeness, but also configure them in such a way that it is impossible to modify them from the normal company network. Access to the backup should be one of the best-managed parts of your entire IT environment.

Testing and repair

Does the backup check mark in the console look green? Fine, but how confident are you that you can restore an entire environment? And how long will that recovery take? If your backup is part of your cybersecurity and disaster recovery strategy, you need to test regularly. That way, you know with certainty that your data will effectively be accessible to everyone again after a disaster and that applications will work again as expected for both internal and external users.

Moreover, a scenario in which a backup has to save your environment is, by definition, quite stressful. To avoid panic, it is helpful that everyone knows what needs to be done. When the IT team goes through the recovery functionality of the backup solution for the first time when it is urgent and necessary, you are asking for mistakes.

Finally, know how long it will take to get your entire environment operational again from backup. Do you need two weeks to restore everything, but your business only has cash flow for a week? Then big problems are looming. Yet the importance of backup testing is still too often underestimated. Organizations bravely create backups according to the rules, but then prefer to stay away from them. Backups of your most critical data should be tested at least weekly and preferably even daily.

Location

Where do you place a backup now? Several considerations come into play. First, already realize that your backup contains sensitive data. Encryption is a must, but where does that encryption happen? It’s not a good idea to send personal data to a data center in China or the U.S. when it will only be encrypted there. This could get you in trouble with GDPR regulations.

If your primary source of data is on-premises, then you need at least one remote location to store your data. That could be the cloud or a colocation data center, but just as easily an in-house server or data center in a satellite office at least several dozen miles away.

Don’t think everything is fine when your entire company is in the cloud. Your cloud environment can also be cracked, and no provider is immune to disasters. The chances of fire or other forms of calamity breaking out in a large data center are slim, but not non-existent. It’s up to you to make sure your data are safe in an offsite location. That can be an alternative data center from the same provider, as long as it is a different physical location.

Your data, your responsibility

It is a common fallacy that putting all data in the cloud counts as a full-fledged backup. The cloud is an excellent medium for backup, but it is not blissful. Providers feel only limited responsibility for your data. They provide security options, but you have to set them up yourself, and if data is lost, you shouldn’t turn to the provider. Also, don’t think your data will automatically be transferred with you when you cancel your contract.

A golden advice: read the fine print of the user agreement. When all is said and done, your data is solely your responsibility.