printer friendly version

The seven deadly sins of real-world backups

Although most businesses often back up their critical data, they seldom protect the backup media after the fact. A smaller number fail to perform any form of backup whatsoever, claims Paul Mullon, divisional director of marketing at Metrofile.

It is common practice for people at ground level responsible for protecting corporate information to lose sight of the value of their task. This often results in backups never being performed, failed backups not being rerun, and backup media being haphazardly transported and stored.

In some cases business leaders believe that one of their most valuable corporate assets is secure because backups are consistently and regularly performed. In truth the information contained on magnetic tapes is being transported in environmentally insecure car boots and insecurely stored at technicians' houses, or in a manager's office.

Some of the most common results of this approach are:

* Loss of control.

* Lack of data protection.

* Technicians forget to bring the tapes back to the office, resulting in lost data.

* Companies cannot adhere to corporate governance legislation.

* Business continuity is at risk.

* Back-ups are also destroyed in the event of a disaster.

* Risk management spirals out of control.

* Lack of environmental controls destroys information.

Problems associated with this haphazard approach are numerous, but critically they will result in stagnant and possibly failed businesses if ever the need to restore information should arise.

Consider the case where Bank of America lost only five backup tapes in transit. According to a report in The Boston Globe, the information on these tapes related to a contract with the US government to supply senators and federal agencies with corporate credit cards. 60 US senators were affected, along with 1,2 million employees of more than 24 agencies that included three military branches and the Department of Justice. The lost tapes contained personal financial information.

It is this type of issue that, in part, has given rise to cyber insurance, according to Ecommerce Times. Cyber insurance aims to protect businesses from, among others, human error and lost or stolen customer data. Ecommerce Times reports: "Loss of income and data plus lawsuits filed against your business are the expected consequences of hacker and virus attacks. These are potentially more threatening to businesses today than negative cash flow and the threat of buyouts."

Remedial action is straightforward. Businesses can contract a third-party backup storage specialisation company that offers best practice-based services that apply internationally recognised and accepted processes.

This includes the necessary infrastructure to transport and store the media offsite. A vault with reinforced walls, ceilings and floors is used to store the media and is designed to prevent unauthorised access and disaster. Security is paramount and many control methods are employed by reputable businesses. Temperature, dust and humidity are all controlled in a quality vault, even down to the anti-static paint on the vault walls and floors. Fire protection is also critical and there should be some form of gas that extinguishes fires but not employees.

Transportation of the backup media is the second critical component in the formula, and vehicles with environmentally controlled storage areas or containers should be used to properly protect the media in transit. In addition, particularly in South Africa, vehicle-tracking solutions offer a measure of protection, as does having two employees in the vehicle.

A greater number of vault facilities also means that vehicles do not have to travel great distances, reducing the time to restore backups should that be necessary, and reducing exposure to uncontrollable risks during transit.

Companies performing their own backup and storage seldom perform these tasks or develop infrastructure of this calibre because it is too costly and not their area of expertise. Employing a third-party organisation also ensures that scheduled backups and data rotation takes place with processes to ensure that data can be quickly restored if required.

Paul Mullon, Metrofile

Share this article:

Further reading: