This is part of Solutions Review’s Premium Content Series, a collection of contributed columns written by industry experts in maturing software categories. In this submission, Quest Software‘s Technology Strategist and Principle Engineer Adrian Moir compares proactive data backup vs. reactive disaster recovery and why wins out every time.
It’s been two-plus years since the global pandemic changed the business landscape forever. The shift to hybrid work environments and steady work-from-home opportunities prompted organizations to change the way they protect their data across all platforms – physical, virtual, and cloud – as well as their way of thinking. Alongside these environmental changes came cyber-attacks like we’ve never seen before. And while the pandemic may have steadied a bit, the likelihood of cyber-attacks dying down anytime soon is not even a reality.
Gone are the days when organizations can sit back and react to a situation. Today’s ever-evolving threat landscape has forced many businesses and IT leaders to be proactive in their efforts to thwart such attacks by having an optimized backup and recovery strategy in place.
Data Backups Remain the Best Way to Mitigate the Risk of Data Loss
It’s critical that businesses keep their data secure. Organizations should limit data access to those that have a need; they should secure endpoints, use anti-virus software, train employees to recognize attempted attacks and at the end of the day, so to speak, back up data. The backup is safe, secure, and immutable is the last line of defense for businesses to prevent data destruction or theft once all of the other actions have been put in place.
A recent Data Protection Trends Report found that 89 percent of organizations are not protecting data sufficiently. The same report shows that despite backup being a fundamental part of any data protection strategy, 18 percent of global organizations’ data is not backed up; it’s completely unprotected. That is not okay, as almost 69 percent of businesses worldwide were victimized by ransomware in 2021 alone.
Today’s modern organizations have tons of data, and it’s everywhere – figuratively and literally. The sheer volume of data can be overwhelming when it comes to backing it all up, and some organizations just don’t have the means to protect everything. In these instances, it’s important that organizations identify which data systems are critical and essential to back up, and then prioritize what the business absolutely needs to survive and thrive. From a business perspective, back up what’s needed and critical as opposed to what’s wanted. Understanding your data set and then intelligently planning for when things go wrong allows organizations to recover prioritized data faster and optimize how and where money is being spent.
If organizations have the means to back up all data, then by all means they should do so.
When it comes to data in the cloud, most would assume that it’s safe offsite. Unfortunately, that’s not always the case, as data can be just as vulnerable – if not more vulnerable, due to the increased attack surface – in the cloud as on a physical machine. Laminar’s State of Public Cloud Data Security Report 2022 found that 50 percent of cloud environments experienced a breach in 2020 or 2021. While some cloud service providers (CSPs) back up data, most do not; they might only back up a subset of an organization’s data, and if they do, accessing that data in a recovery effort can take time – from hours to days – depending on the provider’s available resources and the volume of data.
That’s why it’s important for businesses to also consider backing up their cloud data outside of the construct of the CSP. In most solutions, that responsibility falls on the customer and not the CSP, per the Shared Responsibility Model.
But it’s not just about backing up data and forgetting about it. Yes, backups are critical. Organizations should use a backup system that allows multiple iterations of the backups to be saved in case a copy includes encrypted or infected files. They should also routinely test backups for data integrity and to ensure it is operational. This last step is often overlooked until the organization attempts to recover their data after a breach. By then, it’s often too late.
Plan Ahead and Test the Plan
Improving data protection and accelerating backup performance is an essential business need that won’t be going away any time soon. The increase in major cyber-attacks making headlines should not be the main reason organizations are backing up their data; they should have been doing that already to ensure data resiliency. The ability to get a server, network, storage system, or entire data center back up and running amidst a disruption or breach is vital; the goal is no downtime or as little downtime as possible. That takes some planning. When things go wrong, IT leaders must move quickly. If they’ve done the work ahead of time, they can apply their recovery strategy plan in real-time.
The challenge for many organizations is that they don’t think about data recovery until after an attack occurs. Then, in a panic, they rush to get their data back quickly. In today’s remote and virtual workplace, it’s important that easy and efficient solutions are in place to ensure data can be tracked and most importantly, properly protected. This is vital to keep businesses up and running. Additionally, companies must continue to plan and test their plan before tragedy strikes. Ensure that backup and recovery strategies put in place are actually effective – if they’re not, plan again.