Picture this: Going to bed tonight with no worries about ransomware destroying your business. Lost files are just a few clicks away from retrieval. Crashed servers no longer mean hours of recovery and days or weeks of lost productivity. Welcome to the realm of robust backups.
Why Backups Are Non-Negotiable
When looking at your business operations, backups stand tall as a non-negotiable safeguard. While monitoring watches over live operations and patching fixes vulnerabilities, backups are your last defense against unforeseen calamities.
So, why is it imperative to back up your data? Here’s a glimpse.
- Data Loss: This is the obvious monster. From accidental deletions to malicious attacks, there are myriad ways to lose data. Backups ensure you can restore your operations without skipping a beat.
- Financial Implications: Data loss can have staggering financial consequences. From lost sales to the cost of recovery, not having backups can be an expensive oversight.
- Reputation At Risk: In today’s digital age, customers trust businesses with their data. If you lose that data, or ransomware gangs lock it up, you can’t do business anymore.
- Operational Hurdles: Lost data can halt operations, force your business to operate blind, and tie up all your critical personnel until data is restored.
Backup Successes and Failures
Code Spaces (Failure):
- Event: Code Spaces, a code hosting service, was the victim of a devastating DDoS attack. The attacker gained access to their Amazon Web Services (AWS) console and demanded ransom. When Code Spaces tried to regain control, the attacker began deleting resources, including data, off their AWS.
- Outcome: Code Spaces had to shut down permanently because they couldn’t recover all their data.
- Lesson: If they had offsite backups that were inaccessible to the attacker, they could have recovered.
GitLab (Success):
- Event: An engineer from GitLab accidentally deleted a directory on the wrong server during maintenance, wiping out 300GB of user data.
- Outcome: GitLab did have multiple backup procedures in place. However, all of them had issues. Fortunately, they had a snapshot of the data, which was six hours old, preventing total data loss.
- Lesson: It’s crucial not only to have backups but also to test them regularly.
Ma.gnolia Bookmarking Service (Failure):
- Event: Ma.gnolia, a bookmarking service, experienced data corruption and data loss in its primary and backup databases.
- Outcome: The service couldn’t recover user data and had to start anew. Many users lost their saved bookmarks permanently.
- Lesson: Redundancy doesn’t always equal recoverability. Always consider the type and replication of data when deciding how to back it up.
City of Atlanta (Success):
- Event: The city of Atlanta was hit by a ransomware attack that locked city officials out of several critical systems.
- Outcome: By having backups in place, Atlanta was able to recover much of its essential data without paying the ransom. However, recovery took days, and some data was still lost.
- Lesson: Regular backups can help reduce the impact of ransomware attacks.
Ransomware Protection
We’ve all heard the horror stories about ransomware. A common type of attack involves encrypting your data and demanding payment to unlock it. Here are a couple of sobering facts.
- There were over 500 high-profile ransomware attacks in September 2023 alone. This is part of a long trend towards increasing numbers of successful attacks.
- The average ransomware payment is now in the millions of dollars, adding further stress to businesses already facing economic uncertainty. And this doesn’t even factor in lost business or eroded trust.
- Businesses of all sizes are affected, including governments, finance, and large enterprises. Small businesses are especially tempting.
- Gartner estimates that up to 35% of data is unrecoverable even after paying the ransom, and Crowdstrike claims that 96% of businesses that pay up have to pay even more in coming months as the extortion continues. The data is paywalled, but here’s a source for reference.
A solid backup plan means you can recover quickly from ransomware attacks without spending a dime on extortion.
What Should You Backup?
In short you want to backup as much as possible. Every technology you use should have some method of data replication. Make a list of all the things you use to run your business and create a checklist. Here are some common data types to get you started.
- Business-Critical Data: This includes client data, transaction histories, and all core business data. Essentially, data that would prevent your business from functioning if lost.
- Servers and Cloud Configurations: Whether you have physical servers, virtual machines, cloud serverless technology, or anything else providing services to your business or your customers, it should be backed up in an easily replicable fashion.
- Operational Data: Software configurations, templates, scripts, and other operational tools.
- Archives: Old data that may not be accessed regularly but is essential for compliance, historical analysis, or other needs.
- Digital Assets: Websites, digital marketing materials, proprietary software, and any other digital assets.
- Communication: Emails, chats, and other communication that might be needed for future reference or compliance.
Backup Strategies for Optimal Protection
A robust backup strategy doesn’t stop at merely copying data. It involves:
- Regular Schedules: Depending on the data’s nature, daily, weekly, or monthly backups might be required.
- Multiple Locations: Store backups both onsite for quick recovery and offsite for protection against physical threats like fires or theft.
- Test Restores: Periodically test backups to ensure they’re functional and that data can be restored seamlessly.
- Encryption: Especially for sensitive data, encryption is a must to prevent unauthorized access.
- Versioning: Retain multiple versions of backups to restore data from various points in time if needed.
But Isn’t the Cloud Already Backed Up?
It’s a common misconception: “I’ve moved everything to the cloud, so I don’t have to worry about backups anymore, right?” Wrong. While cloud providers like AWS, Azure, and Google Cloud offer robust infrastructure and durability guarantees, the responsibility of data backup and integrity often rests squarely on the user’s shoulders. All the cloud providers have some form of backup service that you can configure, but it’s not on by default.
Here are some things to be aware of in the cloud.
- Shared Responsibility Model: Most cloud providers operate under a shared responsibility model. They ensure that their infrastructure is resilient and always available. However, safeguarding the data within, including backing it up, is typically the user’s responsibility. Simply put, the cloud provider ensures the cloud works; you ensure your stuff inside the cloud is safe.
- Data Durability Doesn’t Mean Backup: Cloud providers often tout impressive data durability figures, such as 99.999999999% (11 9’s) in Amazon S3’s case. However, this pertains to the data’s resilience against loss. It doesn’t account for human errors like accidental deletions, malicious actions like ransomware, or logical errors within an application.
- Native Backup Options Exist, but Aren’t Always On: Yes, platforms like AWS and Azure offer backup services like AWS Backup or Azure Backup. But these aren’t activated by default for all services. It’s up to you to configure and manage them according to your needs.
- Data Retention and Archiving: Just because you deleted something doesn’t mean you won’t need it later. Cloud providers might not retain deleted or overwritten data unless you’ve set up specific policies or backup solutions. Without proper configurations, once it’s gone, it might be gone forever.
- Cost Implications: While cloud storage is increasingly affordable, there are still costs associated with backup solutions, especially if you require frequent backups or long retention periods. Relying solely on a cloud provider’s default settings could lead to surprise costs or, worse, lost data.
- Restoration Times: Even if the data is backed up, the time it takes to restore can vary based on the solution and configuration you have in place. Some cloud-native backup solutions might not restore data as quickly as a business might need, leading to longer downtimes.
Selecting a Backup Solution
There are lots of players in the backup industry and it can be hard to know which one to choose. Here are some things to consider when choosing a backup provider:
- Automated Processes: Automation ensures consistency and reduces human error.
- Cloud Integration: A cloud backup solution offers scalability, offsite storage, and often cost-effectiveness.
- Differential/Incremental Backups: These backup only changed data, conserving space and time.
- User-Friendly Restoration: In times of crisis, you want a solution that makes data restoration swift and uncomplicated.
- Full and Individual File Restoration: Depending on your needs it may be faster, more reliable, and more business friendly to restore an entire machine in one stroke, or to restore individual files.
- Alerts and Reports: It is common for backups to fail for various reasons. If you don’t get alerts on these failures, you likely won’t realize there’s a problem until you need a backup that doesn’t exist.
- Immutability: No one should be able to change a backup once it’s made. This keeps your backups accurate and prevents cascading data loss scenarios.
In Conclusion
As our digital dependencies grow, the importance of backups becomes even more pronounced. It’s not just about preventing data loss; it’s about business survival. Backups are your safety net. By investing in them, you’re not just protecting bytes and pixels – you’re shielding your business’s very essence.