Data backupping is like insurance. If there's a mishap by someone or the server's backup media fails, then thanks to backupping you have a backupped state of your data and you are able to restore it. Just like with insurance, you cannot sign the contract after the accident. Similarly, you cannot start taking precautions with your data after it is lost.
From time to time, we have seen backup solutions that are only partially done or not working at all. With this post, we are showing ways backupping can be done wrong, in ways it can be completely useless.
A common mistake, what often even many IT specialists are vouching for, is synchronizing data to the cloud. The given solution does protect files in the event of computer failure, but leaves it helpless against becoming infected with a crypto virus or in the event of human error. Data is synchronized to the cloud independent of whether the the error was intentional or not. Better cloud solutions offer saving multiple versions of a file. In this case the given solution is more long-term and usable in specific situations, but still makes data recovery time significantly longer in the event of a larger loss of data.
Often people think that when in server or computer a good manufacturer's hard drives are running on RAID-1, RAID-3 or higher, then it somehow protects data. RAID is not a backupping solution, but increases data redundancy, such that if the server's hard drive dies, then the server can continue running off of another hard drive while the former is being replaced. RAID however does not protect against the death of server or in the case of theft.
It is common to make the backup copy on the same computer's other hard drive or on to the NAS drive in the same room. This solution could work in some cases, but does not protect against dangers like theft or fire. However it does prevent the first kind of human error.
You can categorize backups into the following two: on-site and off-site. With on-site backupping the backup is created in the same location, be it the server room or the same building's other device. On-site backups mostly help against human errors such as accidental or non-accidental data changes or deletion.
Usually there are two directions backups are made: via the pull method or the push method. With the pull method, the backup server connects to the other server and downloads the backuppable data. With the push method, the backuppable data is sent to the backup server instead. One must be careful on how this solution is set up, because the backupped server also has write access to the backup server. Given the situation where the backupped server uses the push method and is breached by a hacker who encrypted its data, the hacker can simply also encrypt the backup server's data. In this case the backup copy is useless. It is also true with the pull method that there must be mechanisms in place on the backup server side such that previous backupped data cannot be deleted or overwritten. With the pull method the backupped server does not have access to the backup server, because the access keys are all in the backup server. We recommend using the pull method when possible as this is also the only surefire way against cryptographical viruses.
Often backupping solution is set up and then forgotten. In a better case, the backup server storage capacity is in monitoring and backupping status reports are reported. But there are a lot of situations, where retrieving a backup is necessary, but is unfortunately unable to do so due to errors unforeseen. Backup tests help against this situation, where a test frequency can be set by a backupping plan and the importance of the particular data. The more important the data, the more frequently tests ought to be run. In most cases the backup tests can also be automated.
Are daily backups enough? Can the company/person deal with the data loss of a full day of work? These sorts of question must be asked and based on the answer, a backupping plan can be created, where one can estimate how frequently and what in particular must be backupped. For instance, a person who sporadically writes text documents and mostly browses news sites on the web, is usually fine with only a monthly backup of their data. But if there is a lot of change within a company and the company data is in correlation, then a daily backup is not sufficient.
Backup server capacity has to be multiple times larger than in the backupped server, but this results in high costs in a good backup solution. The next step to lower costs usually would be to replace the hardware with cheaper counterparts and perhaps also cheaper software. But here it is easy to slip and go for the cheapest solution. A good backup solution works at both nighttime and daytime, and its lifetime tends to be in sync with the support period, which in practice is usually 5 years.
There are a multitude of different backupping methods and solutions and not everything is a one-size-fits-all solution. One must always consider the needs of the company and see it as a bigger picture. With backupping, every miscalculated detail could be a great threat to data persistence. Every company should set some time aside to analyze what happens when its computer or server stops working. Also whether there are copies of all important data and whether it is being backupped frequently enough in order to achieve as small as a loss as possible in such events. There should be a backup plan or at least documention on to where and with what frequency data is being backed up. If the company follows information security standards, be it ISKE or ISO27001, then within the information security frameworks a large part is backupping and related solutions.
Have a safe work!