Backup and backup strategy. Things you need to know.

What does an effective backup strategy consist of and how to choose the right solutions for your organization’s needs? Who will benefit the most from implementing professional backup tools and is there an “ideal” method of securing data? Dariusz Cudak, Pre-Sales Engineer at Xopero Software, one of the leading providers of data management and recovery solutions, will answer these and other questions about backup and information security.

Get ready for a large dose of good practices (and data).

In a word – Joanna asks, Darek answers.

Let’s start with the basics. What is backup and why is it important?

Backup is the process of creating a backup copy of data that allows it to be restored in the event of a system failure or data loss. Imagine that it is like having a digital insurance policy – in the event of problems, you can quickly recover your data. Data backup protects against the loss of valuable information, system failure or even theft. In the event of a system failure or data loss, creating a backup copy allows for quick data restoration, minimizing losses and the risk of data loss. Thanks to this, you can sleep peacefully, knowing that your data is safe.

In the context of ransomware, data backup seems to be the basic line of defense. What makes it so effective?

Ransomware works – to put it simply – by blocking access to data and extorting a ransom. Data backup (creating backups) allows for quick restoration of data from intact copies.

It is worth emphasizing that ransomware attacks already constitute 50% of all cyberattacks, and their number is constantly growing. According to the latest data, there has been a 30% increase in the number of ransomware attacks compared to 2023. This means that every 8 seconds a computer falls victim to this type of attack.

In the face of such a dynamic increase in threats, it is crucial to invest in advanced solutions to minimize the risk of data loss. One such solution is the concept of spherical security, integrating monitoring and response to threats in real time. It is based on ensuring data protection in the area of ​​Disaster Recovery, storage, data access, secure data transmission and their safe and effective isolation.

What types of backups can we create?

There are several types of backups, each with its own unique advantages and disadvantages. Choosing the right type of backup depends on the specific needs of your organization.

• Full backup: This is a copy of all data, performed regularly. It is the most comprehensive, but takes up the most space and time.
• Differential backup: A copy of data that includes only the changes since the last full backup. It is faster and takes up less space than a full backup, but requires regular full backups.
• Incremental backup: A copy of data that includes only the new data since the last backup, regardless of the type. It is the most space-efficient, but can be more complicated to restore.

Each of these types of backups has its own uses, and choosing the right one depends on your data protection needs.

You mentioned Disaster Recovery. How is DR different from backup?

Backup is the foundation, the technology that allows you to back up your data. Think of it as an insurance policy – ​​it gives you the ability to recover your data in the event of a disaster.

Disaster Recovery (DR) is a broader approach. It is a strategy that defines how a company should return to business after a serious incident. DR is a plan that includes not only data recovery, but also restoring the entire IT infrastructure, applications, systems, and even business processes. It is like a comprehensive rescue plan that tells you what to do, who is responsible for what, and how to bring the company back to its pre-disaster state.

As Xopero emphasizes on its blog, Disaster Recovery is part of a broader concept of Business Continuity Management, or business continuity management. It is a comprehensive approach that takes into account both technical and organizational aspects. That is why it is worth thinking about DR as an investment in the security and continuity of the company’s operations, and not just as a cost. After all, we do not want to find out that the company will find money to pay for ransomware, but will not find it for cybersecurity.

Are there resources that we should cover with backup more than others? Or those for which it is impossible to build a backup strategy?

Definitely yes. Data backup and security are a priority wherever we deal with data critical to the functioning of an organization. Data stored in such systems must be properly secured so that their loss does not paralyze the business or expose it to serious financial losses.

Systems that generate real-time data, such as analytical applications or IoT platforms, may require additional protection methods, such as continuous replication and real-time archiving. In such cases, technology based on spherical security enables dynamic monitoring of data integrity and rapid response to anomalies.

However, there are infrastructure elements for which traditional backup strategies may be insufficient or difficult to implement. This includes data in RAM, which is volatile and requires specialized solutions for creating so-called “snapshots”. Similarly, some embedded systems or IoT devices may have limited capabilities in terms of storing and sending backup copies. In such cases, it is necessary to use non-standard protection methods, such as data replication at the application level or the use of hardware redundancy mechanisms or isolating the environment outside of production networks (solutions: AirGap).

The backup strategy is of great importance. The 3-2-1 strategy is often referred to. Is it enough in the era of advanced threats?

The 3-2-1 strategy (three copies of data, stored on two different media, with one offsite copy) is a solid foundation. Current realities require its expansion. I will again refer to a report, this time from Sophos. Their “State of Ransomware 2023” indicates that as many as 75% of organizations that paid the ransom, despite having a backup, had problems recovering their data. This shows that the 3-2-1 strategy alone may be insufficient, and the implemented security policies may be poorly designed.

That is why we recommend expanding it to the 3-2-1-1-0 model. Additionally, it assumes having a copy in Immutable Storage technology and choosing a solution that pays great attention to it. Storage of this type protects data from modification and is a kind of fortress foundation for our data.

It is also very important to regularly test backups and restore them in test environments or sandboxes – while enabling automated testing processes for backed up systems. Research conducted in 2023 shows that companies using the 3-2-1-1-0 model reduce data recovery times by an average of 40% compared to those using only 3-2-1.

Immutable Storage sounds promising. How does it work?

Immutable Storage (Fortress Storage) is a technology that saves data in a form in which it cannot be modified or deleted for a specified period, even by the system administrator. This is a key feature in ransomware protection and in the context of long-term data storage, as it prevents attackers from encrypting or deleting backups.

According to the IDC report “Data Protection As-a-Service: Market Landscape, 2022”, companies that implemented Immutable Storage saw a 60% decrease in the number of successful ransomware attacks.

What’s more, Immutable Storage is a perfect fit for the concept of data replication. Imagine a scenario where your primary data center is attacked by ransomware. By replicating your data using Immutable Storage in another location, such as the cloud, you can be sure that your backups are safe and will not be modified or deleted by attackers. This creates a multi-layered protection that minimizes the risk of data loss.

You mentioned replication. Why is it important to store backups in multiple locations?

Replication is a key element of a backup strategy, which involves creating and maintaining backups and copies of data in multiple locations. This approach diversifies risk, protecting data from loss caused by various factors, such as hardware failures, ransomware attacks, human error, and even natural disasters.

And a real confirmation of my statement – ​​according to Thales’ “Data Threat Report 2023”, as many as 45% of organizations have experienced a data loss incident in the last year.

Storing data both locally and off-site (e.g., in the cloud, on a separate device) ensures that even if one location is compromised, the other copies remain safe. Furthermore, data replication allows for a shorter recovery time to data (RTO) in the event of a disaster because access to backups is faster and easier.

Let’s get back to testing backups. Why do companies neglect this element?

Here the statistics are shocking. Over 30% of organizations do not test their backups! Testing backups, although often overlooked, is crucial in the backup process to ensure that the backup works correctly in the event of a crisis.

However, testing is often overlooked due to the time it takes and the need for dedicated resources. IBM in its “The Cost of Data Breach Report 2023” states that only 30% of companies regularly test their backups. Our research shows a more critical aspect – over 30% of companies do not test them at all!

Meanwhile, the lack of testing can lead to the discovery of faulty backups only at the time of failure, which generates additional costs and extends downtime. Test automation, which not only verifies the possibility of restoring data, but also measures the time needed for this process, is crucial.

Integrating these automated tests with monitoring systems based on Spherical Safety technology allows you to continuously maintain a high level of backup reliability and significantly improve your organization’s recovery times.

How quickly should an organization be able to recover data after a disaster?

The key metrics in this context are RPO (Recovery Point Objective) and RTO (Recovery Time Objective). RPO determines how much data you can potentially lose, while RTO defines how quickly systems should be restored to operation.

The average downtime of critical applications due to a disaster is currently 2.5 hours. Organizations that have implemented Instant Restore capabilities achieve RTOs of several minutes, which is especially important for critical operations. Automation of recovery processes, supported by monitoring technologies within the sphere of security, ensures that the recovery time of systems is constantly optimized, minimizing downtime and losses.

What about companies that are just starting to build their backup systems? Where should they start?

A key step is to identify critical data – the data without which the organization would not be able to function, such as databases, system configurations, and key documents. It is for them that we need to create a backup in the next step.

Next, it is worth conducting a risk analysis to determine what threats may affect your resources – from ransomware, through hardware failures, to human errors. It is risk analysis, as we often emphasize at Xopero, that is the foundation of an effective emergency plan. It allows you to identify potential threats and estimate their impact on the company.

On this basis, a comprehensive backup policy is created, which includes a backup schedule, various methods of storing them (locally, offsite, in the cloud), and regular tests. Another important element is the development of a Disaster Recovery Plan (DRP), which is discussed in the context of restoring business continuity after a serious failure.

A good plan should include, among others: risk analysis, a catalog of critical applications, an organizational chart for the DR project, and procedures for handling failures.

Remember that backup is just one part of a broader business continuity strategy, and a comprehensive approach to DR is key to the security of the organization. When creating systems, it is worth consulting with external engineers who will provide easy-to-understand advice on how to do it most safely. Because who, if not them, has the most experience with the most common mistakes in disaster recovery planning or backup plans.