By Samantha Agather, Information Security Analyst – Intrinium
Having some form of backup, or copy, of your data is fairly standard practice in IT these days. However, testing these backups is always an afterthought when you need the backup to work right away, such as when there’s a disaster that’s occurred recently. Additionally, having other copies of your data will help you recover after a said diaster.
Have you ever considered what would happen in the event of a disaster? You’ve got your backups, but how do you restore them? Do you know if they’ll even work? Or worse- one set of your backups has been destroyed (example: on-premises backups were encrypted/destroyed in a natural disaster, or your cloud backup provider got hacked and your data’s gone)- do you have an alternate way that you’re keeping copies of your backups?
If you ask yourself these questions now, when an emergency hits, you will have the answers prepared and ready.
Most companies believe that having only one set of backups is fine- the cloud is infallible after all. But in reality, it’s just as fallible as your own system- they may just have more eyes watching it at any given time. The cloud, in short, is just someone else’s computer, or server, and if they don’t do their due diligence, you’re left holding the bag. If you are wondering about your provider, please contact Intrinium- we can help by vetting your cloud backup provider to ensure that they have a backup of your backups and do their due diligence by protecting themselves against outside threats.
A preferred tactic is the rule of three: have at least three copies of your data stored in at least two different media types with one copy offsite. For example, you can have one cloud backup, one on an air-gapped on-premises solution, and one on a device like a tape or portable hard drive that can be disconnected from the network and rotated with another hard drive. This should all be in alignment with the value of the data being saved of course.
There are two main kinds of disasters: digital and physical. Physical can be anything from a spilled coffee into a piece of hardware to a natural disaster like a tornado. Digital is anything from ransomware to a corrupted file.
Physical disasters are subjectively more difficult to recover from as not only do you have potential data loss, you have likely hardware loss as well. Getting the replacement domain controller server in could take days and getting the replacement specialty server shipped and configured properly could take upwards of a week- and that’s not including recovering the actual workplace either.
Digital disasters are easier to recover from as you’re only working with one element- the data. As long as you have copies of your data that are intact, you can be up and running within as little time as a few minutes.
Backup and Data Recovery are so closely intertwined that without having data backups you cannot easily recover after a disaster. This is why it is absolutely critical to have multiple backup styles, a plan for testing them, and a solid backup recovery plan (see also Incident Response Planning).
Use caution, however, as having only one or the other leaves you with an incomplete picture of your disaster preparedness. No backups? Sure, you can replace the hardware, but your data is gone. No Disaster Recovery Plan? Sure, you’ve got your backups, but what state are they in?
Know if you’re ready for whatever the two worlds may throw at you, and if you are unsure, contact us. We have specialists who can help get you to where you need to be. Your customers can be proud to use your services or products with confidence, and you can be proud that you’re ready for anything.