Let’s talk about backups

Backups are an essential practice for any organisation aiming for high-availability and redundancy. Nowadays the importance of backups is generally understood but a lot of people tend to overlook how their backups are stored. It’s important to look beyond the scope of your system when analysing critical functions as external factors can be just as impactful as internal events.

So in this blog article, we will be analysing some of the common methods organisations backup their data and evaluate how effective their storage solutions are in the event of a crisis.

This is a thought piece and something to get you thinking about your backups and hopefully landing you in a place where you are at least doing a better job than average of managing your backups.

A very high level look a some of the common types of backups systems:

Backups are something many small business fail to understand and manage.

Method 1: Local Backups to Same Disk (LBSD)

The first method we will be discussing is Local Backups to Same Disk (LBSD). What this means is that the backup information is stored on the same disk as the backup source. This is a rather poor method of protecting your data as it is physically stored on the same disk which puts both the backup source and destination at risk in scenarios of disk failure / data corruption.

Allow me to explain the LBSD ideology with an example being a house with a spare key stored inside the house. In the scenario that you were locked out of that house; the spare key would be useless as it is being physically kept inside the resource that you cannot access. Overall, we don’t recommend any organisation use LBSD backups as their only backup source as they’re not impactful enough in the event of a crisis and often provide a false sense of security.

Method 2: Local Backups to an External Device (LBED)

The next method is Local Backups to an External Device (LBED); this involves backing up your information to an external device that is kept in the same physical location as the source of the backup.  Following our trusty house example; this would be the same as having the spare key be stored outside the house but still close enough if needed in a locked-out scenario (under a doormat or potted plant outside). This is a lot better than LBSD as it is not prone to the same shortcomings of having one unified weakness instead replacing that with two independent devices that would require both disks to fail / corrupt before any data loss occurs.

This means that LBED has twice the redundancy of LBSD for minimal extra effort. However; there are still risks to this method as both disks are physically stored together, meaning that any crisis that affects the entire physical location would still affect both drives. This possibility can be mitigated by having multiple external drives that are rotated between the location and an external safe location.

Remote Backups over the Internet (RBOTI)

The last method we will be discussing is Remote Backups over the Internet (RBOTI). Remote backups are done by running a backup much like LBSD / LBED and uploading the result to a trusted destination across the internet. This removes the risk of any data loss incurred by damage to the hardware or software. In the house / key scenario this would be the equivalent of giving the spare key to a trusted neighbour that can give the key back to you if required. This backup method comes with its own set of risks and challenges though; For instance, the channel that you use to backup the data or the data itself should be encrypted or else you would simply be sending a copy of all your data to every malicious user along its path. It is also important that the recipient is trusted to protect your data and takes measures to prevent malicious access to your data because having a backup is just as valuable as having the original copy for a hacker. Another downside to this method of backup is that the restoration time post-crisis is significantly longer with current infrastructure as the restoration data would need to travel back over the internet to be used locally. All-in-All, we don’t recommend this as an independent backup solution because of its limitations post-crisis.

But what about good old manual offsite backups?

So one thing that we decided to NOT include in our main discussion points is the good old manual offsite backups. This means physically taking data offsite and storing it somewhere safe. This is of course what many people have been doing for years and many still do, but these days it should be the last option you choose after you encounter blockers for the other options. In today’s world, most people are time-poor, and therefore, people are an unreliable part of your backup system, so their failings should be avoided and strictly managed as a result.

What should I be doing?

Well, the answer these days, is usually using a combination of method two and three. By Utilising LBED with a disk rotation as well as RBOTI you are ensuring your data is protected from many common crises that can and will affect your business. It ensures that in the scenario that a simple restoration is required your business is not out of operation for a large amount of time as well as giving you some form of business continuity if for example; your primary business location burns to the ground, or more likely, gets robbed with valuable computers and servers being taken. It also gives you added redundancy in the scenario that the backups themselves have data loss as you will have two possible restoration points.

There are many other discussion points that we could have veered down in this brain dump, but we hope this at least gets the risk management juices flowing. On a closing note, if you are in a position where you are managing a businesses data, being your own business or as a manager in anothers business, do yourself a favor and call AUIT and book in for a free consultation with one of our Business Risk Managers. We have some very affordable ways to greatly enhance and assist you with reducing your I.T business risks, as well as increasing productivity and meeting security standards.

At AUIT we love to have a chat with business owners and hearing about your experiences, so please feel free to comment on this article, or give us a call or an email anytime. All of our quotes and recommendations are 100% obligation free, so please do reach out to us at any time.