Data Backup - The last line of Data Protection defence

If your business relies on data and you use Public Cloud Service like Microsoft Office 365, Google Apps or Salesforce please spend five minutes to read this blog and check you have this protection in place, it could save you a lot of pain.

Introduction

Data2Vault’s objective is to always deliver the data protection services that organisations need, securely and in the way that they need it provided. As those needs evolve, then so must service delivery models, while always retaining a consistent focus on security and management of risk, wrapped up in a high-quality service.

WannaCry, NotPetya, SAMAS, SAM SAM and Cerber, Locky, Isiris, look them up, see what they do. Then run a test to see how your organisation would recover if all of your most critical data was encrypted by one of these forms of Ransomware.

Backup has been around since the early days of the Computer industry, in those days everyone understood the need for backup, it was to make sure you could recover lost data, and Ransomware didn’t exist.

Backup solutions were typically supplied by the same company that provides your hardware or software. Over the last five years with the shift to Cloud Computing there has been confusion in the market about the need for backup.

Many users of Cloud services, including Microsoft Office 365, Google Apps and Salesforce believe that the Cloud service providers are backing up their data, checking the backups each night, correcting problems to ensure the data can be recovered should it get deleted, irrespective of whether it was on purpose or accidentally; or if it got corrupted, or even encrypted by Ransomware, but these Cloud providers don’t backup your data.

Their Service Descriptions and Service Level Agreements don’t include a backup service.

So, if you are ultimately responsible in the event your data is lost, it’s worth asking your suppliers to prove they backup your data. Asking for a simple report listing the backup sets they backup, so you can check the data listed matches, is a start, but then make them test a recovery to prove it works.

Unfortunately this problem usually only comes to light when data is lost, and the client asks for their data to be recovered, if it’s a simple deletion, and the data is still in the trash, you may get it back, otherwise it then quickly becomes your headache.

office grey

In their Organisational Resilience Report 2018, the Business Continuity Institute survey concluded that Cyber attacks are now the Number 1 threat to Organisational Resilience, and during the same period Ciarin Martin, Head of the National Cyber Security Centre (NCSC), part of GCHQ, stated that organisations should prepare for a “When, Not If scenario”. Prepare for “When” they suffer a breach and data loss, “Not If”, and this means a full recovery plan and testing.

Phishing continues to be the most common means of attack, and the result is often an ever-evolving Ransomware package that encrypts user data, paying the Bitcoin Ransom, doesn’t mean you will get you data back, as this is outside of your control.

Having a backup service that protects against Ransomware puts the control back in your hands.

When looking at a Backup and Recovery plan, its worth bearing in mind a few well established good practices, the 3, 2, 1 of Data Protection:

3 – Keep a minimum of 3 copies of the data, 1 in the operational systems and 2 in backup. You can keep more in backup if you want

2 – Ensure that the backup infrastructure (hardware and software) is completely independent of the hardware and software used in you operational systems. This is very important when protecting Public Cloud data

1 – At least 1 of the backup copies of the data should be geographically separated and air gapped from the rest of the backup copies, onsite and offsite

Backup systems are also under attack, SAMAS and SAM SAM Ransomware discovers backup files on networks and deletes them before encrypting user data. So we would recommend you look for a backup service that possess anti-Ransomware facilities to safeguard your data against these most advanced threats.

For more information, or assistance with a backup recovery and test plan please contact

or call 0333 344 2380