This article is part of a new series on basic IT processes that should be part of every organization’s plan. Many times these processes are taken for granted or are implemented and never reviewed as organizational needs change. In this article, we focus on data backup and recovery. 

A well-designed, tested, and implemented data backup plan is important for any business. Many individuals and organizations have experienced the loss of some or all of their data at some point. Laptops and mobile devices can be lost or stolen, fires or other physical damage may occur, hardware failures happen frequently, or data may be corrupted or encrypted by malware or ransomware. 

Recreating data that has been lost can be challenging at best. More often it is impossible to recreate all that was lost. A backup and recovery plan is the key to avoiding this scenario and getting an organization back to business as quickly as possible.

When assessing an organization’s existing IT, backup policies and practices are one of the first areas we at Oceantec look at. We look for specifics such as if there is a formal process for identifying and backing up all business data, how often backups are made, how many copies of that data are maintained, and if an organization is regularly testing their backups to ensure they can restore their data when needed.

A Simple Rule: 3-2-1 Backups

A simple rule that we leverage when implementing a backup strategy is known as the “3-2-1 backup rule”. This rule simply states that an organization should maintain three copies of all critical data, on two types of backup storage, and one copy of that data should be stored off-premise in a remote location.

This rule does not define any particular storage method for the backed-up data. This is decided based on the needs of the organization. In small organizations, one backup copy of data may be copied to another computer on the network or, more commonly, a network-connected device dedicated to data storage. A second backup copy of the data may be placed on a portable USB drive that can be removed and stored at another location. This provides for the “three copies in two locations” requirement:

• The production data in its original location provides the first copy of the data
• The data copied to another computer or dedicated storage device provides the second copy
• A portable USB drive provides a third copy that can be stored offsite

Leveraging a portable USB drive, where the backup data is small enough to fit on such a drive, provides an additional layer of protection and security. As long as the USB drive is disconnected except when data is being copied to it, the device is considered “air-gapped” from the rest of the network. This added protection prevents the data on the USB drive from being infected by malware or ransomware should such an attack occur.

Cloud Storage and Backups

It is becoming more common with the rise of cloud services for cloud storage to play some role in a backup strategy. Organizations may choose to leverage a cloud backup solution directly or simply copy their backed-up data to inexpensive cloud storage. Either way, while this solution serves to provide one of the needed backup copies and store it offsite, there are additional concerns just like with any other cloud service. 

Specifically, the backed-up data must be secured. The best way to accomplish this is by encrypted the data. Oceantec recommends either encrypting the data before storing it in the cloud or leveraging a cloud backup solution that offers encryption as an option. Regardless if you choose an encrypted backup service or encrypt the backup on your own, be sure to keep a copy of your decryption key in a safe place. Without it, your encrypted backup will be of no use since it cannot be decrypted with the original key.

Many organizations are using cloud backups to provide a fourth copy of their data instead of as one of the three already described. As cloud storage is relatively inexpensive, especially for backup purposes, having three backup copies in addition to the original production data is an easy way to provide additional data protection.

Of course with each additional layer of protection, comes additional layers of complexity that must be managed. It is important to note that cloud backups cannot replace the “3-2-1” method completely, but may be a tool that helps implement the method.

Check For Errors

Regular testing of your backup process by restoring some or all of your data is just as important as having a backup plan. Finding out that your backup process had a flaw is not something you want to find out during the process of restoring lost data. 

Keep in mind that when testing your backups you will want to restore the data to a temporary location. You don’t want to overwrite your production data. This means that additional storage is needed somewhere in your environment to support this process. Once the testing is complete, the restored data can be deleted freeing up whatever disk space you temporarily used.

We recommend performing test restores of at least a portion of your organization’s data monthly. A successful test should find that there were no errors in restoring data.

Review Your Backup Processes

It is important to regularly review your backup processes. Details such as what data is being backed up, how frequently it is backed up, and where the original location of the data is should be documented. This process helps ensure no data is accidentally missed and left unprotected. It is very common for an organization to create a new location to store data – a new folder added, or a new computer introduced to the environment – only to discover much later on that the new location was never added to the existing backup plan.

Summary

Designing a backup solution for your organization requires careful consideration. Identifying what data must be backed up and how much storage is required is the first step. Choosing the correct tools to implement the “3-2-1” method is equally as important. Once implemented, organizations should document and regularly review their process. Backups should be tested frequently to ensure restoring data is possible.

Hardware failures, theft, natural disasters, and cybersecurity threats such as ransomware are always threatening to put your organizational data at risk. Properly planning and executing a data protection strategy is important, and a solid backup and recovery process is a key component.

At Oceantec we provide our clients with reviews and analysis of their data safeguard strategy and processes, including backup and restore practices. Contact us today to find out more about how we can help protect your organization from data loss.