By: Steve Snook, Head of Cloud, Securecom

Though we all know how important they are, backups are often only treated with the respect they deserve directly after an incident where one would save the day. Nobody deserves the panic of lost data, and avoiding that pain is as simple as applying the 3-2-1 rule. And then backing that up, so to speak, with regular testing.

The alarming reality which most will probably acknowledge, is that very few individuals or indeed organisations apply this level of rigour to personal or even business-critical data. That also means right now isn’t too late to improve your backup measures. Leave it a day, and something bad might happen resulting in permanent data loss.

So what is the 3-2-1 rule?

A proper backup regime has at least 3 copies of your data. The first copy is ‘production’ data, explained simply as the stuff you’re working on now. The other 2 copies are backups stored on two different storage mediums, with 1 of those copies geographically separate from the others.

Different storage mediums mean (for example) one copy on a hard drive, and another saved to a cloud storage service like OneDrive, SharePoint, or Dropbox.

What this means in practice is when a production system fails, you’ll have two separate locations from which data can be restored.

Note that if a hard drive copy is on the same failed production system, you’ll only effectively have one copy (perhaps in the cloud). This demonstrates that separation is an excellent idea for all your data copies – and at least one should have an ‘air gap’, that is, a copy not connected to the internet.

Achieving an air gap can be as easy as taking the hard drive home (though relying on human action for a backup isn’t good practice) or using a separate service from your technology provider.

Cloud and SaaS is no guarantee of a backup

With the popularity of the cloud comes the assumption that data is backed up as a matter of course, and so separate copies aren’t needed.

But the data isn’t backed up!

For example, Microsoft makes no contractual assurances that data in Office 365, SharePoint or OneDrive is backed up. While the vendor will do it’s best to look after your data, it is not guaranteed.

This means the necessity for 3-2-1 isn’t diminished when using cloud services. You should still have those 3 copies, with two on different media and in different places. Unless it is in black and white that backup is part of your service…assume that it isn’t.

Protect your backups

Ensuring backups are safe is equally as important as taking them. They contain critical business information you don’t want that data falling into the wrong hands.

Encrypt with a strong decryption key or password and store securely (for example, with a password manager). This prevents anyone from being able to read or recover information from your backups.

Immutability prevents instances of ransomware or human-error rendering backups unusable; immutability means nothing can modify or delete backups for the specified time.

Make sure you can recover far back enough

Do you only access certain files or systems on an irregular basis or have requirements for your industry to retain data for several years? Make sure you have enough retention points beyond a couple of nightly backups with a combination of continuous daily, week end, month end and year end restore points. This helps data recovery for sporadically accessed systems in case of corruption or deletion which isn’t immediately noticed.

Testing is the missing link

Backups are all well and good, and now that you have 3 copies as recommended, you’re safe right? Not necessarily.

One of the great neglects when it comes to backup is the restore. There’s no assurance that anything has worked as planned unless it’s tested.

The importance of doing a regular random restore evaluating the integrity of the backups cannot be overestimated. If the file is corrupt, the tape unreadable, the disc drive disappeared, the software said it is backed up, but it isn’t – these things can and do happen – then the best backup in the world is worthless.

We test backups as standard procedure which doesn’t only confirm that they work, but also establishes procedures so that when something does go wrong, our customer (yes, and us as a service provider) know what is important to them, how long a restore will take, and who is responsible for the necessary actions to get things working again. Fast.

For further information contact or call us on 0800 002 015.