A disaster? In my datacenter? It’s more likely than you think, and whether it comes from a site disaster, a user falling victim to ransomware, or an administrative oops (not that those ever happen) the one thing you hope you can rely upon are your backups. Given your job might rely upon the ability to restore data when the worst happens, you want to make sure you protect your backups at least as well and as thoroughly as you do anything else in the environment, so here is our list of the top ways to help protect your backups. And as with all the best lists, this one goes to eleven! Let’s start with the first one, which is also the one more overlooked than any other…
It only seems obvious after it’s been missed and is now needed, but because it takes time and log files tell you all is good this one is so easy to skip. VERIFY your backups by, you know, actually restoring from them. The only way to be sure you have a good backup is to confirm it by restoring data from the backup. You should make this a regular part of systems maintenance, and every piece of media you use to backup should be confirmed on a regular basis. The last thing you want to do is come to a point where you have to rely upon a restore job, and only then find out the media is bad.
How do you do backups? Do you do fulls of everything every day? Do you do fulls on Sunday nights, and incrementals during the week? Or maybe differentials instead? It doesn’t really matter to me, or for purposes of this article, which you do, as long as you do them consistently. Trying to run different backup methods on different datasets in an attempt to save time, money, or storage space may seem like a good idea on paper, but it’s being penny-wise and pound-foolish. Not only do you increase the chance of doing something wrong, when it comes to restores after a disaster, you have to try to remember which method was used for which dataset and how to actually do the restores. Trust me on this. When it comes to backups (or anything else you have to do during an emergency) KISS is the way to go. Keep It Simple and Straightforward! That way you can just follow your procedure without having to think, or remember, how things are different. Just make sure you run the checklist!
Backups are valuable. They contain all that critical data you protect with firewalls and ACLs and even locked server room doors. So treat your backups the same way. Keep them locked up. Whether you shelve them in a cabinet, toss them in a fireproof safe, or hand them to a courier, make sure they are locked up tight both in transit and in storage, so they don’t grow wings and fly away.
Password protect your backups and your backup system, and protect those credentials. In a Windows environment, the administrative group “Backup Operators” can bypass all file system security. They have to, else how could they back up files with restrictive ACLs? But of course that means if a bad guy compromises the username and password if the Backup service account, which probably won’t have MFA enabled since it’s a service account, they can use that account to access pretty much any data you have. Use strong passwords, change them frequently, and audit both the successes and the failures.
Tapes go missing ALL THE TIME. It happens. Whether it happens in your own datacenter, or while in the possession of a courier or even stored at their facility, tapes go walkabout, and if the data on them gets into the wrong hands, it can be a disaster. Imagine if all your customers’ PII was in a database that you secured, but the backup tape with that database was stolen. Do you think your customers will be okay with the explanation that it was the courier’s fault? Using encryption does take longer, but it’s worth it. Use strong encryption on all backups to protect data from falling into the wrong hands.
Fireproof safes are fireproof, it’s true, at least, for a certain number of hours. Consult your owner’s manual for specifics. What they are not is heat proof, and it doesn’t take that much heat to melt a backup tape into so much slag. Heck, leave a tape in the boot of your car on a hot Summer’s weekend and then try to read data from it come Monday morning. Tapes are sensitive, and have acceptable ranges for heat and humidity, as well as a very low tolerance for magnetic fields. Wherever you choose to store your tapes, both before and after you have used them, make sure the environmental conditions are within the tolerances.
Onsite tapes are great when you have to recover a dead server, since they are ready at hand and you can just start to restore. But what if your disaster wasn’t a failed hard drive, but rather a site disaster. Floods, fires, and worse can happen, and if your tapes are in the same building when that happens, they are worthless too you. Offsite storage is critical. You can backup to another datacenter if you have one, or to the cloud (since we have only one physical datacenter where I work, we use Azure Backup, but there are also services from Amazon and others) or have a service that comes to you for pickup, storage, and return of tapes, the important thing there is that if a site disaster takes out your datacenter, it doesn’t also take out your backups.
Rotate tapes, eventually to the shredder
Tapes have a limited shelf life, and a limited usable life, and they may become unreliable for restores long before they start to show errors when writing to them. Make sure you rotate tapes, never use a tape from a lower security system in a higher security system, and when they reach their end of useful life, you shred them. That can be physical destruction or degaussing, but don’t underestimate the lengths someone may go to when trying to steal data. A backup that is largely corrupt and useless to you may still have some useful data for a competitor or identity thief, so never let tapes hit the bin unless you know they are destroyed.
Disk to disk instead of tape
Tapes are expensive, slow, and often proprietary. Disks are cheap, fast, and with USB you can connect to just about anything. If you aren’t already looking at disk to disk backup solutions, you should, because you may find that a couple (or a couple of dozen) portable drives can handle all of your backup media requirements with the added benefit of being usable in an emergency with just about any hardware you can scrounge up, so you don’t have to buy two of those expensive tape autoloaders.
Keep copies based on your data retention policy
It’s usually a good idea to keep a copy of backups made on some regular basis, like monthly or quarterly or even annually. That way, just in case the boss’ boss tells you she deleted a file in January of last calendar year but really needs you to get it back for her, you have something to go to. Just make sure that when your document retention policy says it’s time for that data to go away, it does, else you might find it dredged back up during some future litigation. What? You don’t have a document retention policy?
Logged and tracked
Finally, and while this may seem obvious, it couldn’t go first so we saved it for last, make sure all your backups are logged and the physical media is tracked. Larger companies go as far as to put RFID tags on every tape they have. That may be more than you can afford, but you can put a Trackr tag in the plastic storage bin you use to transport those USB drives you’re using now for backups. That way, should they actually grow wings and fly away, you not only know what data was lost (in case you need to report it or make customer notifications, which should be okay since the data was all encrypted, right???) you might actually be able to find which coffee shop you accidentally left the case in when you got your triple mocha breve with skim.
Backups and the corresponding restores are absolutely essential to ensuring you don’t lose data even when a disaster strikes. Sure, you can spend inordinate sums of money and even have a dedicated backup team, but you also may be an SMB or even a sole proprietorship who runs the business, cleans the restrooms, puts paper in the printer, and does the books, so when are you going to have time to worry about backups? With the above, hopefully you will see it won’t take that much time, and the time it takes is time very well spent to protect you from loss. Always remember, hardware is rated using MTBF, mean time between failures, because it’s not IF hardware will fail, but when. When it does, you want to be able to carry on. Sure it will be a pain, but at least you won’t have lost any data!