For many years, backup and recovery have been a staple of every business across the globe. From Database Backups, File Server Backups, Active Directory, Hypervisor, Network Devices, Firewalls and many more. We have all been taught that you NEED a backup and you MUST have multiple backups (typically nightly) to restore from – both statements have always been accurate and not widely contested.
The issue of course is that both NEED and MUST should also be regularly evaluated, tested and reviewed against the art of the possible as well as the evolving landscape.
For example, a ‘backup’ is typically considered a point in time capture of quiesced data that can (if needed) be used to recover data, information systems and entire environments back to a working state but equally as valuable as the backup capability itself is the recovery point objective (RPO) as well as recovery time objective (RTO). Without considering the whole, the constituent parts can very well lead to inaccurate expectation, failure to meet requirement and what is worse, result in something, that over time, simply no longer functions or meets business expectation.
When it comes to a restore or data/system recovery, inherently we make assumptions, the hardware is the same, the software is the same, the versions have not changed, the skills, credentials and physical access needed to perform the recovery will be available, the media will be reliable and that the recovery point will be usable.
But, just in case we have integrity violations, unrecoverable data or the backup simply failed, the ability to select a previous backup job (normally 24 hours prior) provides options, although in reality, with the reliance held on our IT systems, 48, 72 or 96 hours earlier may simply feel like too big a gulf of lost data.
So, what’s wrong with the above ? After all, this may be eerily close to what you have implemented today…
Our need to have a backup or ‘insurance policy’ is to safeguard against an outage and ultimately to reduce business risk. A backup, historically, allowed (hopefully) for the safe recovery of a system that had malfunctioned (hardware or software based) and over time it had the added benefit of acting as a failsafe for recovery after a virus had corrupted data or systems.
A fear from more recent years has been that of a Ransomware Attack, a more sophisticated and crafted attack designed (typically) to require multiple events to trigger before a seemingly benign file on the PC or Server can then result in remote access that leads to full data encryption beyond your control, leading to the inevitable ‘ransom’.
Sadly, backups can’t always safeguard against this as a recovery of data overcomes the immediate issue of encrypted file(s) but unless you know which one(s) led to the encryption, you are simply waiting for a repeat activation (a game of cat and mouse). Of course, exactly the same scenario occurs where this data is replicated to a secondary location, whether that be real-time or scheduled (synchronous or asynchronous).
Even by adopting the 3-2-1 principle for backing up three points of data, two locations, one immutable or air gapped, the offending file(s) may still reside in that backup or replication of the data.
The top five challenges facing business leaders today
- What are our requirements?
- What are we trying to protect?
- Do we only need to protect against a single scenario?
- Does this solution really provide the risk mitigation intended?
- What more can we do?
Unfortunately there isn’t a single answer, no silver bullet solution and also no one-size fits all design that fixes this problem. Also, with the outward advances to Public Cloud, a single backup strategy may not be feasible the more widespread our data becomes.
So where to start with the evaluation, testing and review of our solutions?
Top 10 areas for consideration:
- What is our backup requirement?
- What level of risk are we prepared to accept?
- What is the Maximum Tolerable Downtime?
- What is our RPO?
- What is our RTO?
- How do we validate data integrity?
- When do we test our backups?
- How do we protect against systems or data compromise?
- Can we manage this ourselves?
- Is our solution robust enough in design to protect against a Ransomware attack?
Sound familiar? Most Customers we speak to can answer all but the last point, which is probably the most significant of them all.
At Frontline we support our customers to select the most suitable Backup and Data Recovery solutions for their business.
For more information and advice on how we can help your business operate securely get in touch today:
info@frontline-consultancy.co.uk