The big 3 of staying safe: Backups, archiving, and data governance

While it doesn’t hold the romance of Valentine’s Day, or require the rehydration efforts required by many on New Year’s Day, World Backup Day is a business biggie.

Observed on 31 March, World Backup Day serves as a timely reminder to back up your data to prevent loss in the case of cybercrime, accidents, failures or natural disaster.

For those small to medium-sized enterprises (SMEs) who make the mistake of thinking, “It won’t happen to me,” a prompt to think about backup is a good thing. Especially as the reality is that they are a prime target for cyber-attacks due to their less sophisticated defence systems. (The sad part is that most SMEs will struggle to stay in business if they fall victim to attack unless they have a rigorous and responsive backup regime.)

Before we talk backups though, it’s important to understand the difference between backups and archives. Because although both are business essentials, they play different roles in keeping your data safe and accessible.

How are they archiving and backups alike? Well, both protect your data. But more telling, are the differences.

Archiving moves data you no longer use or need to reference to a safe place for long-term retention. So, those emails from five years ago, the Christmas party photos from 10 years ago, or your customer payments from 15 years ago. It’s not a copy either, but the inactive data you need to keep for compliance and regulatory reasons.

The good news is that you can save money by moving inactive data off your costly primary storage device – you just need to make the right decisions about where it goes. The bad news? It ‘can’ be slow and difficult to access again.

Yep, backup (the star of today’s blog) repeats the data you already have, word for word. It’s an exact copy of your data that’s kept somewhere safe. I.e., not on a CD in the glovebox of your IT guy’s car or in a file box in the stationary cupboard.

The purpose of a backup is that if something does go wrong, and you lose the last 30 days of financial data, or two days or even 30 minutes of complex sales or legal proposals, that you can retrieve it pronto and restore your data to the same state it was in when disaster struck. Depending on your type of business, backups may be daily, hourly, or even more frequently.

So, where is this ‘safe place’ for backups?

Although tape used to be a popular choice, the same point made earlier about compatibility with today’s systems stands. Today, disk-based appliances (standalone disk-based storage devices configured and optimised for storing backup data) offer faster access time, improved data recovery speeds, and easier data management. And of course, there are managed cloud backup services – or a combination of the two (more on that further on).

No, you can’t.

Both archives and backups are essential to a comprehensive data protection strategy. They serve different purposes for your business, as the data has different demands on its availability. For example, if hit by a ransomware attack or a rogue middle-of-the-day power blackout, you can’t afford to wait days to retrieve and restore your business-as-usual data from your archives. By then, your frustrated customers have gone elsewhere.

Data governance means knowing what data you have, where it is, the condition it’s kept in, the security measures around it, its accuracy, its recoverability, and if you’re even supposed to have it. And this is regardless of whether that data is archived or backed up. The rules are the same for both.

So, old data must be subject to expiring and purging regimes, and sensitive data (for example patient records) must meet regulatory requirements. And all data is subject to defining who can see, use or modify it, and implementing controls to protect it from illegal access.

SaaS (Software as a Service) sprawl is very much a modern day problem when it comes to backing up your data.

As departments or individuals in your business randomly sign up for SaaS apps they can’t live or work without, they create a mass of solutions that slip below the organisational technology radar – until it’s too late. Often, it’s not until the bills come in that it’s even realised that some apps duplicate the same function, increase complexity, have no access control, or are personal rather than business tools, that alarm bells ring.

But what’s worse, is that they spread your data here, there, and everywhere. And just like that, your careful compliance around what, how, and where you store your data goes out the window.

The point here? All of the confidential data you hold needs to be protected by data access rights and saved according to data storage format rules and a data architecture plan. And you need to take a proactive hunt-find-destroy approach to any data that doesn’t hold business value to avoid data exposure and reduce risk.

Only by overlaying an effective data strategy with multi-factor authentication, secure file sharing, and appropriate cyber security tools and monitoring can you mitigate the risk of a data breach and the reputational and financial damage that inevitably follows.

Glad you asked. Your backup regime must be robust, regular, reliable, reported on, and secure. And being affordable (without compromising on quality or frequency) is no bad thing either.

What else?

Regular backups are a basic mitigation requirement of the Australian Cyber Security Centre’s  Essential 8. As a quick recap, to achieve Maturity Level 1 of the Essential 8, backups of data, applications and settings must be performed and retained in accordance with business criticality and business continuity requirements. They must be synchronised to enable restoration to a common point in time (which has to be tested) and retained securely and resiliently. And stopping access to backups (as well as the ability to modify or delete) by unprivileged user accounts must be enforced.

Managing backups internally requires time, expertise and dedicated resources. The backup process can be impacted by human error, and scaling internal backup solutions to match business growth can be challenging. That’s why partnering with an MSP (managed service provider) like Colton offers surety, scalability, and security to what can be a high risk process

To start with, we don’t put all your eggs in one backup basket.

Not on the cloud yet? We back up all your servers four times a day (more often if required) to an on-premises backup system, and then once a day we replicate all of that data to one of our data centres. If you’re on the cloud or hybrid cloud, the same degree of diligence applies. We use Arcserve UDP (Unified Data Protection) products to provide exceptional backup and protection for your SaaS cloud data too. Check out this story about why we use Arcserve to protect your business data and systems!

Downtime doesn’t need to be dramatic. If disaster does strike, we can help restore your data – from individual files to standing up full virtual machines. Urgent specific data recovery can be done within an hour (just in time to get that big sales proposal you spent all weekend on) back on deck and out the door. And your backups are retained for set periods so if you experience a double whammy disaster a week later, it’s not a problem, we still have your data.

We’re ISO9001 and ISO27001 certified too, so you know that what we say, we do – and to the highest standards. As always.