The Threats are Many and so are the Protection Methods
In a modern society, the need for cyber security touches a surprisingly large portion of our day-to-day lives. Because of the Internet of Things (IoT), we can scarcely climb out of bed each morning before we use a device that is connected to the internet in some way. Whether it’s our smart phones, Alexa, Siri, tablets, laptops, television or even our automobiles, we are potentially putting personal data out on the internet before we’ve even had our first cup of coffee (or even as we order our coffee for pickup as we head into work). We pay our bills online, we use our phones to deposit checks and we even have wi-fi enabled automobiles.
As individuals, we are responsible for looking out for our own security. As IT Professionals, we are responsible for protecting the data our company produces and collects. In many cases, the data we are protecting in our professional role is personal data, possibly our own. But, the recent Equifax breach is a harsh reminder that, even companies we associate with security are vulnerable. If there is any lesson we can take away from our personal experiences, and the stories behind the headlines, it’s that there is not single solution that will protect us from the threat of our data ending up at the mercy of people with bad intentions. Those of you reading this post are intimately familiar with the steps needed to protect company data. From the network to the desktop, and all points in between, there are many layers to a data protection strategy. One such layer is the Data Backup solutions we use.
Backup, the Original Data Protection
Decades ago, during simpler times, data protection meant being diligent about performing regular backups of data in case a file was accidentally deleted, corrupted or the hard drive crashed. Back in that simpler time, the media to which businesses directed those backups was almost always Tape, lots of tape! This process typically included keeping a set of tapes onsite for immediate restore needs and sending a second set offsite in case of catastrophe and for longer term retention. However, over time, Tape has been increasingly replaced by disk-based backup targets (think HPE StoreOnce, Data Domain, ExaGrid).
Disk-based backup targets started out as a faster way to get data backed up. Tape was still used but typically as a secondary backup target and for longer term retention offsite. The need to go to an offsite backup for file recovery was rare and so tape became that insurance policy that was never going to be needed. As use of disk-based backups became more prevalent, the technology employed to store data evolved. Improvements in compression, deduplication, and replication improved the efficiency of storing larger amounts of data (in the petabytes) and replicating that data to offsite facilities. In fact, with the ability to replicate data from one disk-based target to another over distance, we have started to see Tape being replaced at offsite facilities as well.
Backups As Our Last Defense
While we originally used backup for recovery from accidentally deleted files, random corruption and the occasional disk crash, the world we live in today requires a broader definition for Data Backup. Today, we may need to leverage our backups to recover from a Cyberattack that has either corrupted our data or rendered it unusable as part of a Ransomware attack. Because these kinds of attacks target files on volumes that are persistently mounted to hosts, the vulnerability of disk-based backup targets has come under some scrutiny lately.
Of course, many question whether the risk to disk-based backup targets is very high. After all, backup environments are typically isolated from other, more accessible, areas of the IT infrastructure. Moreover, because of the potential for Cyberattacks on the disk-based backup targets, other processes have been documented and are being implemented to mitigate the risk further. We are starting to see some of these added protections built into the backup software we use and many manufacturers of the disk-based backup devices are providing their own best-practice processes.
Despite the fear of risk for disk-based solutions, we aren’t seeing a trend away from disk-based backup, but we are hearing reports that some companies are once again turning to Tape as their last form of defense against the type of Cyberattacks that would corrupt, delete or encrypt their data. And while disk-based technology has been evolving, tape technology has also continued to evolve. LTO7 technologies provide capacities as high as 15TB (compressed) per tape cartridge. In addition to high capacities and a low TCO, Tape offers encryption at-rest, can be kept offsite and most importantly offline.
So, as we implement safeguards to keep the bad guys out of our IT infrastructure, we need to remember that our plans should include multiple layers. We also need to prepare for the possibility that our best efforts will be thwarted and that our data will be compromised. So, as part of our protection against malicious behavior and risk to our data, we need to carefully plan our Backup processes by taking the layered approach as well.