Backup strategy - the emergency plan in the drawer

Sep 20, 2021

A backup strategy is a bit like insurance. It costs time and money to deal with it. In some circumstances, it can even be a nuisance to put in the effort required for it.

In the event of damage, however, both can be worth hard cash. In today's world, data backups are more important than ever. Not only unforeseen hardware damage or loss due to theft or fire is a realistic scenario. Constantly increasing numbers of cyber-crime cases mean that even small businesses and medium-sized companies are now threatened by attacks. The encryption of data files, with the subsequent extortion of company owners, have become a serious problem that can bring businesses into existential difficulties.

Why backup needs a concept

Any form of data backup is, of course, better than having no backup at all. Nevertheless, it makes sense to give some thought to the type, scope and frequency in good time. Further consideration should be given to the questions of which media to back up to and how to store them. Backups are detrimental to the "business model" of cyber criminals. Accordingly, they go to great lengths to manipulate data backup routines and render stored backups unusable. The backup stored on a permanently mounted network drive is almost certainly simply encrypted as well.

Scope of the backup

A backup takes time and occupies resources. Therefore, it should be clarified in advance what needs to be backed up at all. It may be possible to set up simple workstation PCs in a few hours. If the administrator is in possession of a standard image, it may be even faster. In such a case, it may be sufficient to back up only the user's own files on a regular basis. In many cases, general data is better stored on a central server anyway.

The following backup types can be distinguished:

Full backup: This involves backing up entire drives, regardless of their contents. A differentiation can be made between logical and physical images. The logical image contains only the existing files, while the physical version creates a bit-precise copy of the data carrier. This is time-consuming, but has the advantage that files created between two backups and accidentally deleted can also be restored.

Incremental backup: After a full backup, only files that have changed since the last backup are copied. This saves time and storage space. However, in the event of damage, all backups must be restored one after the other. In addition, no backup in the chain may be corrupt.

Differential backup: A basic backup is created. At each backup time, a copy of all files that differ from the base backup is made. This is a good compromise between the two aforementioned variants. No unnecessary system files are replicated in multiple copies, yet only two backups are required for recovery.

Selective backup: The backup is specifically limited to certain important files and folders, such as databases or documents. This form of backup can be combined well with differential backup.

Synchronization: This is also a type of backup. In this case, files are automatically replicated to another storage location after each change. However, if it is permanent synchronization with a network drive or cloud storage, the protective effect is limited. In particular, it offers no protection against encryption Trojans and user misuse.

Really important data should be backed up daily or even several times a day. For programs and configurations, on the other hand, a backup is sufficient if there have been extensive changes, for example after a major update. Accordingly, it is a good idea to use multiple backup types for files of different importance.

Tools for a backup

All common operating systems already come with on-board backup tools. The manufacturers usually also offer instructions on how to use them:

Microsoft Windows: "Backup and Restore" is the name of the internal backup function of Windows 10, where the paths to be backed up and the frequency can be specified in addition to the storage path of the backup. However, the storage space must remain permanently connected for an automated backup. Manual backups to temporarily mounted storage are also possible. For server operating systems, there is a counterpart called "Windows Server Backup".

Apple MacOS: The popular backup tool from Apple is called "Time Machine". This offers comparable functions. Regular backups of relevant folders and files can be made. The storage location can be freely selected, and backups can be manually triggered at any time.

Ubuntu Linux: A program for creating backups is integrated in most Linux distributions. In Ubuntu, it is simply called "Data Backup". It does not differ fundamentally in functionality and handling from the backup programs of the two commercial operating system competitors. Of course, automated backup via command line tools, such as "rsync", is also widespread under Linux.

In addition, numerous free and commercial third-party programs are available for data backup. Under certain circumstances, an investment in such software can be worthwhile if, in return, working time is saved that would be lost for more cumbersome backup methods.

Retention, recoverability and other factors

At least as important as the scope and frequency of backups is the question of the backup media used, its retention, and the length of time older versions are stored. Permanently mounted storage can be rendered unusable by malware, as mentioned earlier. Storage media that are not kept physically separate offer no protection against elemental damage such as fire or water. Carelessly stored data in the cloud can cause data protection problems for companies.
The German Federal Office for Information Security (BSI) even recommends keeping several copies of data backups. Regular checks of stored backups for operability and recoverability should also not be forgotten. Careful documentation should also be kept. Otherwise, there is a risk that backups can no longer be correctly assigned later.

Of course, a backup strategy always depends on many factors in individual cases. In most cases, however, it makes sense to use a combination of several of the methods described above. For example, it could look like this for a small company:

  1. Complete backup after restarting computers and servers, spatially separated storage, e.g. on hard disks.
  2. Differential backup after major updates or other changes, spatially separated storage, e.g. on hard disks.
  3. Daily manual or automated selective backup of important files to external (network) storage in the building, subsequent encrypted storage on spatially separated network storage. Retention for at least seven days.
  4. Automated selective backup to internal storage several times a day using on-board resources.

Backup strategies complement IT security

IT security is of enormous importance to all businesses. Unavailability of data and systems can put companies in massive trouble. Backups are no substitute for measures to protect a company's own IT infrastructure. The leakage of important data usually damages the reputation of affected companies and often results in legal consequences. However, economic consequences, such as loss of earnings and file recovery measures, can be mitigated to a not inconsiderable extent by a clever backup strategy. This should be reason enough to deal with this topic on a regular basis.

Blog

9 months ago

How can Adey Meselesh contribute to the UN SDGs?

Adey Meselesh's integration of ESG principles into its ERP system demonstrates its commitment to responsible business practices and sustainable development.

a year ago

Supply Chain Act - a use case for smart contract and blockchain

The Supply Chain Act comes into force at the beginning of 2023 and obliges large companies to document their production chains. Smart contracts and blockchain technology are one way to implement it.

2 years ago

Network Security - The 10-point plan for your IT

Any weak point in your own IT infrastructure can become a point of attack for a cyber attack with unforeseeable consequences. We therefore offer our Network Security Assessment especially for SMEs without their own IT security department.