Data breaches cost companies $4.24 million per incident on average, according to a report from IBM and the Ponemon Institute. There are many scenarios in which data loss can occur, such as ransomware attacks, human error, storage failures, server failures, and natural disasters. In addition to the monetary ramifications, organizations risk crippling production delays and reputational damage when data is stolen or compromised.
World Backup Day was created to remind organizations and individuals of the need to back up business and personal data that is deemed of value. With the cost and frequency of data breaches on the rise, this annual March 31 event is the ideal time to talk with your managed IT service clients about reevaluating their data protection and privacy policies.
Tips to Secure the Backup Environment
Backup is a copy of an organization’s most valuable digital assets. Implementation of secure backup policies is necessary to facilitate disaster recovery protocols when adverse events threaten to disrupt operations. A successful backup strategy requires a deep understanding of the different types of data under protection and the urgency of the data for the users who depend on it. Backup policies, recovery time objectives (RTOs), and backup intervals vary depending on the type of data.
In honor of World Backup Day, consider these three tips for discussing a more secure backup infrastructure with your clients:
1. Don’t confuse cloud storage and cloud backup.
Cloud storage is designed to supplement existing hard drive space and requires manual selection of the files an organization wants to store in the cloud. It doesn’t include data integrity checks, and the data in transit inside the physical boundary of the provider is not necessarily encrypted, both of which create security risks. It also lacks file versioning and point-in-time restore. A cloud backup service, on the other hand, is designed to let organizations restore files in the event of data loss, automatically saves and syncs files on designated devices to the cloud, and often includes private-key encryption.
2. Know your data.
Be sure your clients understand what data their business cannot function without. Identification of mission-critical data allows organizations to prioritize backup tasks based on desired recovery options. This is especially important when dealing with large datasets.
Take the time to learn what data is part of a critical application, and how that data and application ties into business operations and/or revenue. Does the data need to be archived? Does the data live in a legacy system? Is it subject to regulatory frameworks, which could expose a business to penalties if data is breached? Backup plans should account for all data and storage a business has, from cloud to local, including archived data.
3. Determine whether backup and disaster recovery solutions are best kept on premises or in the cloud.
The shift to remote work has accelerated cloud adoption for many businesses and IT organizations. While it’s important to diversify data in the cloud, many IT decision makers still rely heavily on traditional on-premises infrastructure to support business operations. Maintaining backup and disaster recovery solutions within the on-premises ecosystem is recommended for organizations with stringent RTOs and those wanting to keep a central repository of data. Because business needs change and operations evolve, a periodic review of policies and procedures is recommended.
Data backup is a continuous process, not a project. Backup security requires constant monitoring and improvement. Consistently review and test your backup strategy and recovery plans for your customers. Watch for any new applications or data sources that have been added.
It is important to note that data backup is not limited to servers, desktops, and laptops. A comprehensive data backup program should take into consideration all endpoints, including tablets and mobile devices, so that data is protected no matter where it lives.
EDDY FARRAT is senior director of product management at OpenText Security Solutions. He is responsible for the company’s data management offerings, which include Carbonite data backup and recovery solutions.
