Your data is under attack more than ever before. The onslaught of cyber attacks around the world is unrelenting, and organizations of all sizes have found themselves on the other end of the ransom demand. As hard as it is to imagine, organizations like the Cybersecurity and Infrastructure Security Agency are warning us that things could get even worse due to the crisis in Ukraine. Cybercriminals like Conti have threatened retaliation against countries that “threaten Russia’s infrastructure.”
As if that wasn’t enough, the world is facing an increase in natural disasters created by climate change. These attacks on your infrastructure are exacerbated by the fact that it is now spread across data centers, cloud, and SaaS vendors, coupled with the fact that there is a worldwide shortage of IT talent to help address these challenges. In other words, you have much more to do with fewer resources to use.
As we think about World Backup Day, we should think about how backup needs to evolve to address these ongoing risks to your data and computing infrastructure. It is not enough to simply have a backup; this backup must be made resilient against all of the things that would do it harm. Celebrate World Backup Day by showing your backups some love and helping them to become more resilient.
A Backup History Lesson
World Backup Day has been around for quite some time, and it is really just a tool to help remind individuals and organizations at least once a year that someone should be paying attention to the backup and recovery infrastructure. March 31st was chosen on purpose because if you do not back up your data, the next day you will be an April fool. The challenge with backup historically (and currently) has been that no one wants to be the person responsible for the backup and recovery system; it’s a great way to end up with arrows in your back. No one remembers the thousands of backups you got right; they only remember the one restore you got wrong.
But if you’re a person that cares about your organization’s raison d’être, you need to do a little more than simply ensure that your organization has a decent backup in place. Data is the lifeblood of most organizations, and the loss of your data would mean that your organization can no longer serve the purpose for which it was created. Therefore, everyone across your organization should care about backup and should care that it be made resilient. There is no point in a backup system that hasn’t been made resilient against the things that would attack it.
Ensuring Data Resiliency on World Backup Day, and Beyond
A data resiliency system starts with a comprehensive backup and recovery system. The difference between the two is that a data resiliency system takes into account all of the things that your backup could be used for, as well as the risks to the data. Anyone can make a backup; not everyone can use that backup to perform a quick recovery after a disaster or ransomware attack, while also ensuring that the backup itself doesn’t become part of the disaster.
In this new world of hybrid work, cloud and hybrid computing, and myriad SaaS services, take a moment to do a few things to improve the resiliency of your backup system. First, conduct an inventory of all of the places where your organization creates and stores data, and then conduct a risk assessment on the damage to the organization if that data was lost. This damage must be specified in monetary terms. For example, you would lose $1 million per day of data lost for a given resource. A complete loss would cost your organization $50 million.
Next, you must investigate all of the ways that you are currently protecting all of this data, and examine what recovery capabilities each method has. Conduct recovery tests and ensure that the recovery capabilities of each backup method match the recovery time objective (RTO) that you have set for that data set, as well as the recovery point objective (RPO) that determines how much data you are allowed to lose. Only actual recovery tests will give you this information.
Finally, take a look at all of the elements of your backup infrastructure and ask yourself, how well are they protected against disasters or internal and external threats? Are your backups written on a server that could be attacked by ransomware? Is your DR copy stored too close to your data center in such a way that a large flood or another natural disaster could damage both your primary and DR copy? Could a privilege escalation attack, such as the log4j exploit from last year, allow a hacker to simply delete all your backups at will? Or are all your backups air-gapped in such a way that no kind of damage to your primary could spread to your backups? This is the only way to achieve data resilience.
This is no small task, but this is no small need. Cyber criminals are coming for your data, and natural disasters are only getting worse. It’s time for a data resiliency system. Give yourself one for World Backup Day.