Data Backup Strategy: A 9-step Path to Safety

Things inevitably break. It is true for every system, but especially for the complex ones. Today’s data infrastructures are notoriously complex in and of themselves and often connected to the World Wide Web. As such, they are incredibly vulnerable to compromise. Although the vulnerability is inherent in their design, a robust data backup strategy successfully mitigates it.

What is a data backup strategy?

Data backup is the act of copying data to a safe location so it’s not lost or unduly manipulated by other parties, accidentally or on purpose. It is the reality of our times that data remains under constant attack by malicious forces. In particular, ransomware gives companies a run for their money. In 2023 alone, they paid its perpetrators a record amount of 1.1 billion dollars.

A data backup strategy is a set of planned actions that help businesses recover their data with no or minimal damage after a ransomware attack, natural disaster, or other incident. In practical terms, it is a framework for performing regular backups and storing them in different places. Easier said than done. In today’s information infrastructure, resources and assets are often interconnected in ways that elude even their administrators and become apparent only after audits. This intricacy of modern data systems makes it imperative to design resilient data backup solutions. This article demonstrates how it can be done.

Why is it essential to have a backup strategy?

Data can be compromised in many ways. Hardware may suddenly stop functioning; a person may inadvertently delete something; an attacker may use malware or social engineering to gain access to company data and surreptitiously modify it with malicious intent; and finally, in extreme cases, a natural disaster, such as a fire or flood, may destroy the physical media that store the data.

Whatever the reason behind it, data failures come with a hefty price tag. In 2023, companies lost a total of 4.45 billion dollars to data breaches, constituting a 15% increase over three years prior. Broken down, the numbers look even more alarming. Atlassian estimates the cost of a single downtime falls between 2300 and 9000 dollars per minute, and the average ransomware payment in Q2 2023 was about 750,000 dollars per incident. A data backup strategy can undo data loss brought about by those and other factors, saving companies millions of dollars.

What should be included in a data backup strategy?

Strategies should be context-specific. By gathering relevant information about your business case, you will be able to tailor the backup strategy to your circumstances and make it more effective.

Risk assessment

Identify the most risk-prone areas in your company’s data infrastructure. This information will help you decide which assets to include in backups and which to forgo as non-essential or non-vulnerable.

Business impact analysis

Estimate potential repercussions of critical systems going offline due to data loss or breach. These repercussions may be financial, reputational, or other, but they must have the potential to derail your operations and impinge on your profits. Use this insight to narrow down your data backup strategy even further.

Data assets

Take stock of all your data assets to avoid omitting something important. Consider that 43% of organizations don’t know where they store their data, according to a report by the Institute of Directors.

Backup frequency

Decide on how often you want to perform backups. This frequency will translate into your backup strategy’s recovery point objective or RPO. RPO determines the amount of data your organization is willing to lose in the event of a disaster—the more frequent the backups, the less data is at risk of being lost.

9 Elements of a Successful Backup Strategy Implementation

You should now have all the information to support the implementation of your data backup strategy. It is time to design, and no strategy is complete without tactical decisions and tools. Here’s a checklist of everything your backup strategy won’t do without.

1. Time range: Backup data accumulates over time, which drives up the cost of maintenance. It’s simple. The more data you have, the more storage you need, and the more you pay for it. Minimize the costs by strategizing on how long you want to keep your backups. Will 90 days do? Or do you need an archive of 5 or 10 years? These numbers may vary. For example, the law may require you to keep certain records for years, but you may offset it elsewhere. Take a case-by-case approach and try to strike a balance between cost and security.
2. Storage type: File storage reigns supreme in personal computers and laptops. Other storage systems include block and object. Block storage is used for databases, email servers, and VMFS volumes. Object storage lends itself best to backups. It supports large volumes of unstructured data, scales easily, and supports object lock for immutability.
3. Immutability: Immutability makes data structures to which it is applied resistant to change. Write permissions are revoked; no one, including admins with root access, can overwrite, delete, or otherwise modify the data. Object storage supports immutability through S3 Object Lock. By making backups immutable, organizations protect themselves from ransomware because perpetrators aren’t able to encrypt the backups even if they penetrate them.

4. Redundancy: Redundancy is a system property that allows it to preserve integrity despite fragmentary loss. In language, redundancy makes utterances comprehensible even when they’re incomplete. In the backup strategy, redundancy refers to multiplying backups for security.

   Redundant backups are the backbone of the 3-2-1 backup rule, an industry-standard approach that involves keeping three identical backup copies on two different media, with one in an off-site location. In the unlikely event of losing two copies, one will remain.

   The 3-2-1-1-0 approach extends on the original. Here, one of the three copies must be kept offline; another should be air-gapped or immutable, and all must be regularly tested to ensure they’re error-free.

5. Where do you store your backups in the 3-2-1-1-0 approach? The 3-2-1-1-0 approach relies on using two types of storage: onsite and offsite. Each has its own considerations. Let’s take a closer look at them.

   Onsite backups

   Choosing the right medium for immutable onsite storage can be tricky, but hard drives will most often suffice in modern organizations. They’re affordable, accessible, and command large volumes. In addition, they support software-driven immutability powered by S3 Object Lock, which saves money on storage by enabling reuse of the same storage space.

   Offsite backups

   Offsite backup is kept beyond the perimeter of the organization. The farther, the better. Companies may invest in building their own remote data centers for this purpose or use external providers - for example, cloud service providers.

   Cloud backup services

   Cloud backup services remove a lot of logistics involved in setting up and maintaining a self-owned offsite backup. They provide the storage, the connectivity, the software, and the automation. By opting for the cloud, you avoid the hassle of do-it-yourself, but it remains your responsibility to carefully vet the provider before entrusting it with your data.

6. Security standards in data centers: Make sure the data center you’re planning to use (cloud-based or other) for offsite backup complies with proper security standards. Specifically, look for a badge showing SSAE 16 Type 2 certification. A data center with this credential is proven by audit to adhere to industry security requirements.

   In the absence of the badge, check if the center has access and availability controls. These include alarms, guards, surveillance, gates, backup power supplies such as diesel generators, extra cooling systems, and internet connection.

7. Data transmission control: Whether you’re transmitting backup data within the perimeter or from the outside, bad actors can intercept it on the fly unless you encrypt it. Gone are the days of perimeter security. In line with Zero Trust philosophy, assume anyone in your organization can be an accessory and encrypt data in flight with a 256-bit encryption protocol such as AES, Twofish, or Triple DES.

   External hard drives versus removable media

   Hard drives remain the best option for storing large quantities of data and are widely used both in-house and by external data centers. Sometimes, however, the security protocol in a company will necessitate the use of good old USB sticks. A USB stick is the most secure data transmission control tool one can imagine. It cannot be infiltrated in transit because it is entirely disconnected throughout. This is why manual data transfer on USB sticks is sometimes employed for air-gapped backups, the type that precludes any external connectivity.

8. Backup software: An intuitive operating system complements a backup medium and makes it a pleasure to operate, minimizing the risk of human error. Ideally, it should allow for backup automation and be separated from the storage layer as an additional hurdle against potential attacks.
9. Backup testing: Backup testing is a requirement in the 3-2-1-1-0 rule, and for good reason. Sometimes, things just break without any nefarious intervention. The average hardware lifespan ranges from 3 to 5 years, so it’s wise to regularly test your storage to catch early signs of degradation. If you’re worried (or certain) that your backup appliance is reaching the end of its life, consider replacing it before it’s too late.

Strengthen your data strategy with Ootbi

Veeam users seeking an option for the local tier in their 3-2-1-1-0 strategy can breathe a sigh of relief. Ootbi (out-of-the-box immutability) is a backup appliance purpose-built for Veeam that utilizes object storage technology to bring S3-compatible immutability on-premises. It can be racked, stacked, and powered in less than 15 minutes, even by a non-technical person. Its Linux-based operating system is similarly user-friendly and Veeam-optimized, with built-in support for Veeam’s SOSAPI. In addition, Ootbi follows the principles of Zero Trust by separating the software layer from storage. What more can you want? Speed. Imagine 4GB/s at ingest - that’s what Ootbi can do with four 128-TB nodes.