Having a contingency plan in place in case things go wrong is a sensible approach in most areas of life. It is becoming increasingly apparent that this principle should also apply to the digital collection and storage of data, which has risen substantially over recent years. Yet a significant number of organizations still do not have a data backup strategy in the event of cyber-attacks, to ensure their critical information is not lost forever. Andy Collins, head of security at Node4, said: “The cognitive bias of the human brain can lead to a false sense of security around prevention strategies and a lack of focus on backup and recovery. From overconfidence bias to loss aversion, humans are innately more likely to focus on avoiding negative outcomes – prioritizing prevention over backup and recovery provision.”
It is fair to say this year’s World Backup Day, held on March 31, takes on extra significance. This is not just because it is the 10th anniversary of this global campaign to educate people on the importance of backing up their digital documents as reliance on technology grows. It also comes around a year since countries throughout the world were plunged into lockdown restrictions in a bid to slow the spread of COVID-19, leading to a shift to home working and a much greater reliance on the internet for everyday services.
These trends have led to a vast increase in the data held by organizations, much of which may not be adequately secure. John Day, sales engineering leader, UK&I and Nordics at Commvault, said: “Businesses are experiencing the data explosion impact of remote working, and the data sprawl that this has brought to their environments. This, coupled with the knee jerk reactions that businesses were forced to undertake to tackle a world hit by the pandemic, has taken its toll. The acceleration of collaboration technology, cloud adoption and SaaS offerings with elasticity is top of mind, and due to the uncertain times, meant that organizations were forced to act first and revise later. This approach was necessary for businesses to minimize the impact, and in some cases, was needed for survival, but this has left a wake of fragmented data and dispersed technologies that need to be protected for compliance as well as business continuity.”
The shift has also expanded the attack landscape and cyber-criminals have taken full advantage, meaning organizations are facing more threats than ever before. Collins noted: “The 10-year anniversary of World Backup Day marks a significant turning point in the evolution of data security. We’ve seen some of the most sophisticated global cyber-attacks uncovered over the last year and several high-profile data breaches have already hit the headlines in 2021.”
While prevention should of course remain a key focus in this environment, there will always be a chance that a breach will occur. When this happens, “the financial, reputational and legal damage associated with data loss can be catastrophic,” outlined Gil Levonai, SVP product at Zerto.
“While it’s inherent in our human nature to hope for the best, in a business context, the smartest approach is to plan for the worst”
As such, the ability to preserve crucial data should quickly become standard practice. Mark Jow, EMEA VP, sales engineering at Commvault, commented: “While it’s inherent in our human nature to hope for the best, in a business context, the smartest approach is to plan for the worst. Businesses must always operate with the assumption that their data is under constant threat, because it is. So whether the threat is from hardware failure, human error, data breach, ransomware attack or natural disaster, having a plan in place which is underpinned with the right technology solutions, skills and processes will ensure that if any crisis occurs, you can get your data back quickly with minimal disruption.”
As well as the need increasing, the types of backup solutions available are becoming more sophisticated. This includes the ability to continuously backup data in real time, rather than periodic snapshots, which Levonai explained “places a massive burden on production environments and often force IT teams to run these at night to avoid disruption.”
He added: “As businesses focus on providing an ‘always-on’ service to their customers, and with the constant increase of cyber-threats, organizations are thinking about how they can protect their data continuously, with every change, update or new piece of data protected and available in real time. Continuous data protection (CDP) is enabling this change, saving data in intervals of seconds – rather than days or months – and giving IT teams the granularity to quickly rewind operations to just seconds before disruption occurred. Completely flexible, CDP enables an IT team to quickly recover anything, from a single file or virtual machine right up to an entire site.”
Additionally, cloud backup solutions are making backups much more practical. “One benefit of modern cloud backup solutions is that they are suitable for businesses of any size, enabling data backup from any server or device, anywhere with an internet connection,” observed Terry Storrar, managing director at Leaseweb UK. “Cloud backup solutions are easy to manage, and their providers offer reliable, hands-on customer support.”
It is also critical for organizations to select the specific backup solution that is tailored to their particular needs and risks. Day advised: “Businesses should backup their data by starting in reverse. Effective backup really starts with the recovery requirements and aligning to the business needs for continued service. Ensuring you have the right recovery solution that aligns to the criticality of the application and data, whilst balancing the cost to the business, as well as the simplicity of operations.”
Collins added: “With lean security teams under more pressure than ever, many organizations will benefit from working with a managed service provider that can provide technical support and advice on a backup and recovery plan that matches the specific risks facing their business. This includes carefully mapping out the operational impact to avoid performance degradation for systems and applications, identifying the most effective local or off-site backup location for each data tier and considering factors such as capacity and bandwidth availability to ensure recovery point objectives (RPOs) and recovery time objectives (RTOs) can be met.”
The rise in cyber-attacks, and large number of significant data breaches reported in the past year, emphasize the importance of backups to organizations’ overall security strategy. Increasing options for tailoring backups to the specific needs of individual businesses means that this practice should become standard very quickly.