It happens to all of us — that one precious photo or video that immortalised a special moment but doesn’t exist anymore. Damaged hard drives, poorly functioning phones, hacked computers or other glitches that erased irretrievable items-we’ve all experienced it. That’s why March 31, observed as World Backup Day, reminds us to make multiple copies of our digital treasures, or risk losing them all forever. Considering how reliant humans are on technology now, it is concerning that we still haven’t developed habits that will ensure that our information and personal data are safe and secure.
So what should modern day data backup look like? what are the strategies that businesses must adopt to ensure that their critical data is fully backed up and secure? At Tahawultech.com, we spoke to cybersecurity experts to find out what they think.
Edwin Weijdema, Field CTO EMEA & Lead Cybersecurity Technologist, Veeam
Since the start of world backup day in 2011, technology and the data that powers it has continued to evolve. This is particularly true with enterprise organisations, which are more focused than ever on protecting and securing their data across increasingly complex IT environments. As we recognise World Backup Day 2023, what do enterprises need to focus on?
Firstly, a Modern Data Protection strategy and the deployed backup solution supporting it must be able to protect workloads across any IT environment. The rise of cloud migration and affiliated services has meant that the physical data center is no longer the heart of the IT infrastructure. Many enterprises still rely on “legacy” backup solutions that were designed to protect physical on-site servers and are simply not fit for purpose in our hybrid world. These legacy backup mechanisms rarely yield good outcomes when protecting modern virtual or cloud-hosted workloads. So why haven’t more enterprises pivoted to solutions that cover cloud-hosted workloads like Licensing as a Service (LaaS) or Software as a Service (SaaS)? It’s partly because it’s not the top priority for many – it typically has to start hurting before enterprises start moving. An equally significant factor is that many of these legacy solutions have vendor “lock-in” making it harder for organisations to migrate their data to a different solution. When looking at backup solutions I would always advise looking at vendors without any kind of lock-in for this exact reason – you’ll never know when you need to change or move things around.
You’d think backup and recovery go hand-in-hand (backup is what you use to recover to after all) but there is often a disconnect which makes data recovery less reliable than needed. This is due to how infrastructure is designed. Architecture built for backup might be able to duplicate 100% of its data and workloads in the space of 24 hours but when it comes to recovering this data and restoring it to the live environment, it might only be able to do 5% of this in the same time frame. It’s like a motorway with six lanes in one direction, but only a single lane going the other way. Enterprises need to start designing their infrastructure with recovery in mind to reduce downtime in the event of an outage or ransomware event and ensure they get the most out of their backups.
While many enterprises have made huge strides in how they think about backup, there are many who still have a long way to go. Backup needs to be transformed from an afterthought to the crux of the IT infrastructure. Building resilience to cyber-attacks or accidental outages is simply not possible without a modern backup strategy that is cloud-native and is built with recovery in mind.
Fred Lherault, Field CTO EMEA and Emerging Markets at Pure Storage
Organisations need a two-pronged strategy: advanced, immutable copies of their data and an ability to not just backup fast but to restore rapidly and at scale. Immutable copies are protected because they can’t be deleted, modified or encrypted – even if an attacker gains access to sensitive data. They are also relatively easy to restore, but depending upon the situation might not be a viable option. Traditional tape or disk-based backup can restore roughly one to two terabytes an hour. That’s not going to cut it for most organisations, as this could lead to hours or days of downtime which could cause immeasurable financial and reputational loss to the world’s biggest organisations. Thankfully, some flash-based solutions can offer speeds of up to 270TB an hour and are needed to get an organisation up and running with minimal negative impact.
The final thing organisations should be doing is gaining a real understanding of their data, what internal and external policies govern its retention and, drawing up policies that avoid a “store everything forever” end-state and ensuring that the policies are adhered to. They should also ensure that the backup and restore performance capabilities can grow in sync with the amount of data protected. Only by doing this can organisations sustain backups for recovery, regulatory & compliance and ransomware mitigation purposes with the growing dataset sizes that we will see in the next 5-10 years, especially with unstructured data.
Dr. Johannes Ullrich, Dean of Research, SANS Technology Institute
How should organisations approach balancing both cloud-based and on-premise backup options relative to their unique risk profile? What steps should be taken in order to effectively fuse both options together?
Data should be considered “at risk” if it can’t be found in at least three locations. Organisations should aim to maintain an on-premise copy, a cloud or online-remote copy, and an offline remote copy of critical data. In particular, sophisticated ransomware will attempt to disrupt recovery from backups, and any online backup, remote or local, is at risk.
Attackers are exploiting backup system vulnerabilities to access confidential information or to disrupt recovery after a ransomware incident. Cloud backups are often more vulnerable. Controls used to monitor access to on-premise backups do not always translate one-to-one to cloud-based systems. Designing a cloud-based solution, organisations need to consider how access is controlled, how requests to retrieve or store data are authenticated and how the backup live cycle from creation over retrieval to eventual deletion is managed.
One of the main reasons to invest in on-premise backups is to speed up recovery. Cloud and offsite backups will almost always be slower. In some cases, cloud backup providers may have mechanisms to accelerate the recovery of large amounts of data by shipping hard drives instead of using slower internet connections. Make sure you test recovery speed in order to better estimate how long it will take to recover large amounts of data.
Any data leaving your direct control, for example, physical backup media being shipped offsite, or cloud-based online backups, need to be encrypted before they leave the network you control.
Backups need to be encrypted while in transit but also while at rest at the backup location. This may, in some cases, cause additional complexity, but rarely used backup data should always be encrypted.
Manikandan Thangaraj, Vice-President, ManageEngine
Disaster recovery and data protection will play a crucial role in 2023. With ransomware attacks constantly garnering headlines, organisations should get used to the fact that it is impossible to prevent ransomware attacks entirely. It’s a question of when their operations will be affected by ransomware, not if. Moreover, with the rise of Ransomware as a Service (RaaS) over the past couple of years, global ransomware damage costs are predicted to exceed USD 265 billion by 2031.
The only way in which organisations can withstand the threat of ransomware is by investing in disaster recovery solutions. Disaster Recovery as a Service (DRaaS) has been on the rise for the past few years and its market size is predicted to reach USD 41.26 billion by 2030. The winner of the battle between the backup service providers and threat actors who leverage ransomware will be determined by how quickly DRaaS providers can react to potential new threats.
Organisations should prefer solutions built on the Zero Trust security model to ensure data security. When it comes to data backup and recovery, using a Zero Trust strategy will boost your data security because you’ll be authenticating both the user and the device initiating the backup. Of course, achieving Zero Trust is a long and challenging journey, but it is a must for organisations that care about data security. Zero Trust Network Access (ZTNA) is anticipated to increase by 31% in 2023 according to Gartner, making it the fastest-growing area of network security.
Another recommended strategy to meet today’s evolving threats is to implement the 3-2-1-1 backup rule—which is an update to the popular 3-2-1 rule with the extra ‘1’ covering immutable storage. Immutability will restore your data to its original, unaltered state and get you back in operation within minutes of a breach, so you can be sure that you can recover your data even after a successful attack.
Morey Haber, Chief Security Officer, BeyondTrust
World Backup Day celebrates everything related to data, application, and electronic technology backups. For most technology professionals, they will consider the importance of backups for servers, critical assets, and all kinds of data to protect against outages, technology failure, and threats like ransomware. Unfortunately, organisations forget the importance of backups for security disciplines. For example, having configuration backups prior to making changes is crucial just in case the desired results causes an outage or lack of service due to a mistake or undesirable secondary anomaly. In the world of privileged access management, backups are critical for detailed items like password history. Since privileged access management solutions vault secrets and passwords, and rotated them on a regular basis, at any point in time they could potentially be different between traditional backup intervals. If a system needs to be restored from a backup, then only the password history will tell you what the correct secrets or password was at any given time for the operating system, database, application, or any managed data. This fine detail is often overlooked when considering the importance of backups for security disciplines. On world backup day, technology professionals must consider all forms of backups not only for data and assets, but for individual security disciplines themselves, and their individual functions.
Thomas LaRock, SolarWinds Head Geek
A good recovery plan starts with a solid understanding of the business requirements. You need to understand some common acronyms such as SLA (service-level agreement), RTO (recovery time objective), and RPO (recovery point objective). Start with the RTO, the amount of time allowed for the recovery to be complete, and then RPO, the point in time to which you will recover. These two will combine to help define the SLA. For example, you could have a requirement to recover a database to a point in time fifteen minutes ago (RPO) and be allowed ten minutes for the recovery to be complete (RTO). If the volume of data is such that it could take you an hour to recover to yesterday, and the business thinks the SLA should be fifteen minutes, you can see a disconnect between expectations and reality.
Regarding backups, you should consider the following strategy: at least three copies in at least two different formats, one of which must be immutable, and one must be stored offsite. This may seem a bit much for your regular household computer, but for a corporate environment, it is a must. For businesses, regular backups are crucial, as they often deal with confidential data, which can result in serious consequences if lost or stolen. Remember, this is about minimizing loss risk and improving your chances of recovery. Taking a backup once a year isn’t as useful as regular backups more frequently, for example. And storing a backup on the same hard drive as your data isn’t as useful as storing it on an external drive, or in the cloud.
