With World Backup Day commencing today, we explore how businesses can best ensure that data across the organisation is backed up

Having a strong data backup and recovery strategy in place for incidents such as cyber attacks and data loss is more vital than ever for companies in every sector. Not only does loss of data, along with possible outages put operations on hold, but losing customer data in particular can lead to a forfeiture of trust.

According to research from Acronis, only 13% of IT users and professionals follow backup best practices – leaving critical gaps in their data recovery and security strategy. In addition, 73% of IT users have lost data at least once, suggesting the need to backup or recover properly.

“On World Backup Day 2022, these numbers hold significant importance and serve as a reminder to IT leaders to update their data protection and recovery practices to keep pace with the cyber security landscape in 2022 – the third year in which we’re navigating a distributed and ever-changing world of work,” said Rajesh Awasthi, vice-president & global head of managed hosting and cloud services at Tata Communications.

Awasthi went on to recommend the following three-fold approach towards ensuring efficient backup of data:

1. Move your storage and recovery to the cloud: “Businesses need to evolve from backing their data up to tapes or managing it onsite to be more efficient and cost-effective. Cloud offers scalability, accessibility, reliability, performance, and most importantly, security and backup at a scale, better than any other technology.”
2. Choose your vendors carefully: “The vendors should be evaluated on three aspects: their network, their infrastructure and their security practices. For example, vendors with data centres geographically dispersed, or committed to sharing their security audit results with the customers, are more trustworthy.”
3. Have a robust backup strategy: “For a holistic data protection strategy, it needs to go beyond just preventing or warding off data loss, it is crucial to have a strong, always-on backup process in place which guarantees at least 99.9% uptime and shares exhaustive reporting, providing full visibility.”

Considering internal and external threats

The amount of data used in businesses continues to exponentially grow, along with the size of company networks with many firms persisting with hybrid working. With this in mind, it pays to give attention to internal and external threats to company security.

“Your data’s growth isn’t slowing down, and the amount of data growing in your system can outpace your IT or security team’s ability to back up and protect it. You need a backup solution that can keep up,” said Ben Gitenstein, vice-president of product at Qumulo.

“Rather than focusing on just external threats, organisations need a comprehensive security solution that takes both internal and external vulnerabilities into account. These solutions should understand applications in today’s file data environment aren’t siloed, and the only way to protect an organisation from dangerous and sophisticated security threats is by implementing a holistic, always-on defence strategy.”

Shared responsibility

With many businesses now partnering with cloud vendors to bolster their data management and security, it may be tempting to leave all backup responsibilities to the cloud provider. But as Adrian Moir, technology evangelist and principal engineer at Quest explains, this often proves to be a mistake.

“Most businesses assume their data security is totally in the hands of their cloud providers, which can lead to unfortunate situations when data is not backed up,” said Moir.

“This is why organisations must follow the shared responsibility model, which discourages the “out of sight, out of mind” attitude and reduces the risk of lost data. Unfortunately, those following the model struggle with backups, because data is stored in slow object Blob storage and the system is designed for the endpoint user — not the IT admin’s backup experience.

“Going forward, we expect to see new approaches to APIs that provide faster data restoration and give cloud customers more control and speed over their backups.”

Backing up collaboration data

The use of collaboration tools has seen a great surge since COVID-19 first took hold and staff started working from home. As this trend looks set to continue in the hybrid world, it’s vital that data shared across the organisation is backed up.

“Collaboration tools, which are commonly used in startups, and tools relied upon for an individual’s own personal note-taking (such as Notion and Obsidian) tend to process a lot of data,” commented Filip Verloy, technical evangelist EMEA at Noname Security.

“Despite much of this data being sensitive, it is not always clearly understood where that data is ultimately stored and how it is secured. Businesses should know exactly who owns it and who is responsible for it in terms of backup and recovery, to prevent data loss or exfiltration.

“Startups tend to prefer speed over process, which can lead to additional security exposure if not well managed. Businesses should ensure they cover the basics in terms of security. It is better to invest more time upfront, than risk losing all your data due to sloppy processes. For most modern businesses data is their lifeblood, so it makes sense to prioritise putting security measures in place to protect it.

“My advice to smaller businesses, with limited resources and budget, would be to limit the scope of tools they intend to support, and make sure they understand the SLO/SLAs of these tools when it comes to getting data back. For example, are they responsible for the data in Office 365, or is Microsoft?”

Cost of backup programs a barrier

According to Oliver Cronk, chief architect EMEA at Tanium, the cost of data backup programs has led to business leadership in many organisations forgoing this area of security. But he says that with backup and recovery often being the last line of defence, investment in such tools must be considered more deeply.

“The main reason I see for backup programs being neglected is cost. Financial and staff resources are required in order for regular, comprehensive backups to be completed, and sometimes IT leaders will choose to focus these resources on other areas,” Cronk explained.

“The crucial tasks that need this investment include identifying where the most critical data is stored and making sure it is always included in backups. It’s also important that backed up data is regularly tested to check that it can be fully accessed without any problems. I rarely see this testing being carried out, so it’s definitely an area for improvement.”

Related:

Accelerating IT disaster recovery with unified backup — Joe Noonan, product executive, backup and disaster recovery for Unitrends and Spanning, discusses how unifying backup can ensure quick recovery from IT disasters.

Why organisations need to take charge of Office 365 backup and recovery — Shai Nuni, vice-president of Metallic EMEA at Commvault, discusses why organisations need to take charge of backup and recovery for their Office 365 environments.