HomeTECHNOLOGYData Security With Backups And Replication

Data Security With Backups And Replication

In the course of the corona pandemic, many companies are faced with the challenge of having numerous employees working from home. In addition to how these can be integrated into the company network, data backup also plays a central role. Of course, a lot of data accumulates in the home office, or a computer breaks down. 

This also increases the company’s requirements and costs for backup and recovery, i.e., the backup and restoration of this data. Backup and Replication are often mistakenly used interchangeably. With a backup, copies of data are created at specified times and stored if the original is lost or damaged. On the other hand, Replication makes instant copies of files in near real-time and then makes them available in the data center or the cloud.

Reliable Protection Against Ransomware

Ransomware is malware used for hacker attacks, in which the data storage of the attacked company is encrypted to extort a ransom. Hacker groups operate like small businesses these days. In most episodes, it is to be expected that the attacker will sooner or later personally log into the attacked system to penetrate deep into the company network. The attackers know: If they cannot get the backups and encrypt or delete them, then the attacked company’s willingness to pay is relatively low.

It follows from this: Backups must be specially protected. In other words: it’s about safeguarding backups from the administrator because of what the administrator can do, such as deleting backups. The solution is to protect the data in the cloud storage so that not even the company itself can change it. Amazon AWS, for example, offers an object lock with a timestamp for its S3 storage. This can then be configured so that the data remains unchangeable for 30 days, for example. The data in the cloud is therefore safe. 

The question remains, how can the local primary backup, which is on-premises in the company network, be protected? The solution is called Linux. Because Linux file systems such as ext4 support an “immutable flag” that makes files immutable, good protection can be guaranteed with standard hardware if SSH is switched off and root access is generally not allowed.

Also Read: The IoT Is Helping Digital Twins On Their Way

Continuous Data Protection

Snapshots in the VMware environment place a heavy load on the systems. Solutions such as Veeam Backup & Replication v11 have a function called Continuous Data Protection (CDP): This involves replicating virtual machines that enable recovery points in a matter of seconds. No snapshots are created, but the data traffic is branched off and mirrored.

Recovery Time Objective (RTO) and Recovery Point Objective (RPO) are important key figures in a backup solution. RTO is about how quickly data can be made available again. It relates to downtime and represents how long it will take to recover from the incident before normal operations are available to users again. RPO means how much data is lost when something is restored. 

A backup at midnight will result in 15 hours of data loss by three in the afternoon. The goal is to get as close as possible to zero for both values. CDP enables this and is therefore particularly suitable for the most critical applications. Modern solutions kill several birds with one stone: backup, VM-based Replication, storage snapshots, and continuous data protection.

Backup Archives In The Cloud

Another keyword is “Archive to Cloud,” which means outsourcing backups to the cloud. But long-term storage in the cloud usually costs a lot of money. That doesn’t have to be the case if you choose the correct memory. For Example, AWS S3 Glacier Deep Archive offers very affordable storage space for storing backups over the long term. It costs only a fraction of the conventional S3 storage. 

The 3-2-1 rule still applies. This means companies should have three copies of the data, on two different media, with one copy in an off-site location. In the context of ransomware, it is also worth adding a one and a 0 to the 3-2-1 backup rule, and this is where the “immutable flags” come into play: One of these copies should be “immutable,” that is unchangeable or exceptionally resilient, and thus safe from ransomware or insider attacks – that is the first Cloud Connect is outsourced to the service provider. 

Of course, the traditional “tape” also provides good protection, provided the tapes are regularly swapped out and updated. In addition, regular tests should be carried out to determine whether the data can be restored – that puts the 0 on the tablet. It stands for “zero errors” in restoration. This can be achieved through continuously running and automated recovery tests and anti-virus scans of the backups. The latter can be carried out quickly if a corresponding function is already integrated with the respective security solution. 

This can be achieved through continuously running and automated recovery tests and anti-virus scans of the backups. The latter can be carried out quickly if a corresponding function is already integrated with the respective security solution. This can be achieved through continuously running and automated recovery tests and anti-virus scans of the backups. The latter can be carried out quickly if a corresponding function is already integrated into the respective security solution.

Working With Backups

The importance of backups for data protection has established itself as an essential task in companies. But that’s only one side of the coin. The backups should not only be backups in the form of dead data, which one can no longer do anything with, but companies can work with the backed up data. Backups can be started in a sandbox, such as testing migrations, trying out patches, or training employees. It might also be a good idea to scan backups with virus scanners. As part of the backup strategy, companies need to consider which data is most important and which type of recovery is appropriate. 

In addition, there is the ever-present danger from ransomware attacks and the new scam of double blackmail. Data is encrypted, but previously some important ones were stolen and threatened with publication if the ransom should not be paid. On the one hand, micro-segmentation of the network helps enormously protect oneself against ransomware via the IT architecture; on the other hand, good backup and restore functions are just as indispensable. With a well-maintained backup, encrypted systems can be corrected immediately to prevent the damage caused by encryption, and at least stolen data is not entirely in the hands of the hackers. 

This gives companies back the opportunity to take action instead of just being victims of the attack. To protect yourself effectively against ransomware via the IT architecture, on the other hand, good backup and restore functions are just as indispensable. With a well-maintained backup, encrypted systems can be repaired immediately to prevent the damage caused by encryption, and at least stolen data is not entirely in the hands of the hackers. 

This gives companies back the opportunity to take action instead of just being victims of the attack. To protect yourself effectively against ransomware via the IT architecture, on the other hand, good backup and restore functions are just as indispensable. With a well-maintained backup, encrypted systems can be repaired immediately to prevent the damage caused by encryption, and at least stolen data is not entirely in the hands of the hackers. 

This gives companies back the opportunity to take action instead of just being victims of the attack. And stolen data is at least not entirely in the hands of the hackers. This gives companies back the opportunity to take action instead of just being victims of the attack. And stolen data is at least not entirely in the hands of the hackers. This gives companies back the opportunity to take action instead of just being victims of the attack.

Backups As A Service

Many companies have recognized the charm of the idea of ​​outsourcing backups to a service provider. This goes so far that some service providers provide customers with a black box. The customer no longer has anything to do with it. The service provider takes care of everything. This is particularly interesting for small and medium-sized companies where IT may not be part of the core competency or the appropriate funds, and specialists for self-managed solutions are simply lacking. 

The service providers are then called Backup-as-a-Service (BaaS) and Disaster-Recovery-as-a-Service (DRaaS). Here, of course, it is essential to select precisely which service provider is allowed to take on this critical task because these are crucial assets of the company that are now being taken over into its care. Reliability always plays a significant role in data backup and data management.

Also Read: Artificial Intelligence In Compliance: 3 Fields Of Application

RELATED ARTICLES

RECENT ARTICLES