Did You Know:
During the cold war, atomic scientists were struggling with the question of how to protect top-secret nuclear launch codes.
One of the suggestions put forward was to implant a capsule next to the heart of a volunteer that maintained a close relationship with the president.
If the president ever wanted to launch a nuclear weapon, he would have to kill this innocent volunteer – with his own hands – to get the code. Ironically, this idea was rejected by members of the pentagon because it might make the president reluctant to start a nuclear war.
What Does This Have To Do With Backup?
The need to keep data private, while also preserving for the long-term, are 2 forces of nature that constantly work against each other.
Despite the fact that backing up to the cloud is objectively better in nearly every way, we understand that some people will always want to protect their data “the hard way”.
That’s why we’ve decided to share the “secret sauce”. Even if you decide to perform all of your own off-site backups through an in-house process, we’re going to show you how to harden this process and ensure total security for your backup data.
How to harden your off-site backups:
#1 — Maintain multiple versions
Although many people think “replication” is backup, it simply is not. If you’re just copying your files over to another hard drive every night – and your files get corrupted – you’re simply overwriting older valid copies with this newly corrupted data.
In order for a process to be considered “backup”, it must maintain historical copies of changes in your files. This allows you to go back in time, whenever unwanted changes are made to your files.
Note: Now that we’re in the age of file sharing and collaboration, it’s very common for people in our networks to make changes to our local documents without anyone noticing. This point-in-time recovery capability is now more important than ever.
#2 — Back up often
In the backup industry, we use the term “Recovery Point Objective”, or RPO, to describe the amount of data loss that can be tolerated in an emergency.
For example, if you only back up once a month, then you have an RPO of one month. That’s not very good. You should be updating your backups as often as possible. In a perfect world, you should be backing up every few seconds. But that simply isn’t realistic, if you’re doing your backups manually.
At the very least, you should be backing up on a consistent daily basis, in order to maintain a 24-hour RPO.
#3 — Encrypt your backups
Today, theft of backup media is one of the leading causes of data leaks and breaches. Every time you make a copy of a file, the odds of a privacy leak go up exponentially.
This is especially true in the case of backup, since most IT admins will store their backup media in an environment which is less secure than the primary production location.
One way to prevent such breaches is to always encrypt your data before backing it up. This makes it more difficult for hackers and other criminals to access your data, in the event that your backups are stolen.
You should also make sure that only authorized people can decrypt the data.
#4 — Keep your backups off-site
Too many people keep their backups at the same physical site as their primary computers. If you keep your external USB backup drive in your house, it will be destroyed – along with your computer — in the event of a natural disaster.
Your backups should be kept in another building that’s located far away from your primary computer.
#5 — Transfer your backups over a secure network
You should avoid manual handling of backup media, whenever possible. When you’re sending your backup storage media off-site, it could become lost, stolen or damaged.
It’s much safer to keep all of your storage devices within your off-site storage location, and to transfer your backup data over a secure encrypted connection.
This transfer should ideally occur over an encrypted network, such as a TLS/SSL connection.
#6 — Keep your backups in a physically secure facility
If anything happens to your backups, the consequences could be devastating. That’s why you should keep all of your backups in a secure facility.
It should feature things such as:
- Technology-friendly fire suppression systems
- 24/7 live security guards
- Redundant power generators
- Redundant power connections
- Redundant network connectivity
- Security cameras
- Reinforced physical infrastructure
- Tailgate-prevention gates
- Etc..
#7 — Maintain multiple copies of your backups
You should maintain backups of your backups, in case anything happens to your primary backups. Ideally, we recommend one local backup copy, and 2 additional off-site copies.
#8 — Assign a backup administrator
You should have an individual whose job it is to regularly monitor your backups for consistency. When potential problems arise, they should take proactive measures to fix them, before they become an issue.
#9 — Test your backups regularly
You should schedule periodic recovery drills, in order to ensure that your backups can be recovered in an emergency. Practice with different scenarios, to simulate different types of data disasters. If you spot potential issues, modify your backup process to correct them.
And there you have Storagepipe’s recommendations for securing your backup process.
- #1 — Maintain multiple versions
- #2 — Back up often
- #3 — Encrypt your backups
- #4 — Keep your backups off-site
- #5 — Transfer your backups over a secure network
- #6 — Keep your backups in a physically secure facility
- #7 — Maintain multiple copies of your backups
- #8 — Assign a backup administrator
- #9 — Test your backups regularly
If you have the time, money and energy, you can ensure that your own in-house backup process is secure and reliable.
But if you want to save time and money, you could also consider backing up your files through a fully-managed cloud backup and disaster recovery provider. It’s simply easier, faster, more economical and more secure.
Now that you have the “secret sauce” to backup security, the choice is yours. You can do it yourself, or you can outsource your backups to a dedicated professional.