Every year, on the 31st of March, we celebrate World Backup Day – a reminder for everyone to back up their important data as we generate more and more in this digital era. Interestingly, this occasion falls a day before April Fools’ day – as if to remind us that “you’d have to be a fool not to back up your data”.
Indeed, backing up data is essential for anyone who wants to protect their important files in case of an emergency, such as server crashes or having your systems infected by malware. For enterprises, the stakes are even higher. One unexpected incident can render all of your data – from irreplaceable corporate files to mission-critical databases – corrupted or gone in the absence of a backup.
A Brief Look at the Evolution of Backup
As backup becomes increasingly paramount in today’s digital landscape, we ought to know just how it started, where we are right now in backing up data and where we are heading to. With that, let’s look at how backup has developed and what technologies are being used to improve it.
Punch Cards – Holes on Papers:
The earliest form of backup (since the Industrial Revolution) was in the form of a stiff paper with holes, which represented alphabetic and special characters. Punched cards were used primarily in the 1950s for data entry, processing and storage, with applications ranging from time clocks to voting machines.
Drums and Tapes – The Use of Magnetic Technology:
As data became more complex, the need to store and back it up beyond paper-based methods also increased. In the early days of tech, this resulted in the use of magnetic technology in drum-like devices, which stored information on the outside of a rotating cylinder coated with ferromagnetic material and circled by read/write heads in fixed positions. In the 1960s, magnetic tapes were developed, which brought significant progress since one roll of magnetic tape could store as much data as 10,000 punch cards. This technology includes cassettes, cartridges and floppy disks. Up to this day, magnetic tape technology is still popularly used for backup.
Optical Disks – CD and DVD Introduced Optical Storage:
The aforementioned storage media were not that portable and the advent of computers necessitated better mediums that were more compact, small and easily insertable to desktops. Optical disks, like CDs and DVDs, brought this to the table but they were also fairly fragile, easily damaged and could only store so much, making them unsuitable for enterprise backup.
Drives – The Rise of USB Sticks, Hard and Flash Drives:
Perhaps in today’s landscape, the majority of people are using this technology in backing up their data. In just a simple USB flash drive, an individual can store up to 256 gigabytes worth of data on average. For much larger capacities, businesses use disk-based backups such as HDDs, which are becoming ever more reliable, equipped with capabilities such as data reduction and deduplication. Companies can also place their disk-based backups on-site or off-site to ensure data protection.
Cloud – Data Anytime and Anywhere:
Today, the cloud enables you to store and access data anywhere and from any device. Organisations are increasingly using the cloud for their backup purposes since it offers its own advantages and can greatly reduce backup and even disaster recovery costs. In addition, cloud providers offer convenience and security for the company, since they provide the staff expertise and maintenance. These days, the cloud provides a perfect off-site backup facility for ensuring business availability and continuity.
What Do the Experts Say About Backup in 2021?
Most of the mediums mentioned above, from magnetic tapes to the cloud, are still used up to this day. The jury is still out whether tapes, disks, the cloud or a brand-new technology we are yet to see will become the dominant medium for backups. What’s clear is that technology has come a long way and will continue to evolve in line with the times.
To find out where backups are headed as we get into 2021 and beyond, DSA reached out to industry experts to get their views on this essential technology.
Moving On From Legacy Backup Infrastructure
According to Andy Ng, Vice President and Managing Director for Asia South and Pacific Region at Veritas Technologies, as more organisations implement the hybrid working model, it is more important than ever for them to adopt the most flexible infrastructure to ensure business continuity against any potential disruptions. The current pandemic has necessitated the move to the cloud, with more data being created and processed outside the data centre or at the edge. This called for a new approach to data protection.
“Traditional backup and recovery must evolve to provide unified data protection across the physical and virtualised infrastructure of the hybrid cloud. It will be the game-changer for organisations seeking an accelerated post-pandemic recovery. The ability to manage data protection from a single pane of glass and to move data within and across public and private clouds will enable businesses to achieve the agility they need to support its data-driven recovery and beyond”, said Andy.
Meanwhile, Raymond Goh, Senior Director, Systems Engineering, APJ, Veeam, believes that legacy backup solutions compel IT administrators to spend too much time and effort on backup. As a result, he explained that they lack the time, resources and energy to proactively tackle the real business challenges that are holding businesses back and slowing them down.
“Over the last few years, we have seen a shift in backup solutions moving from on-premises to cloud-based solutions that are managed by a service provider. Self-managed backups through exclusive on-premises solutions are on pace to decline as the rate of adoption for cloud-based, Backup-as-a-Service-managed backups accelerate. This is according to our recent research which found that organisations are increasingly realising the need for modern data protection platforms that match their evolving data protection needs”, said Raymond.
Raymond pointed out that in a post-pandemic world, IT teams need to think several steps ahead, taking ransomware, vendor lock-in, storage capacity and cloud mobility, as well as the unpredictable world economic and health factors into the equation. If anything, he believes the pandemic has compounded these pressures and with the explosion of remote working and the increasing sophistication of security attacks, now more than ever, data protection needs to be a priority.
Backup vs Ransomware
If there’s one thing that has significantly changed the dynamics of data and backup, it is ransomware. Matt Waxman, VP of Product Management at Cohesity feels that ransomware has almost become a household term due to its notoriety. He explained that sophisticated ransomware attacks are increasingly targeting backup data in addition to what resides in production to knee-cap organisations and their last lines of defence.
“Tracking ransomware is multi-faceted, but without a doubt having a comprehensive data protection strategy with a foundation built around immutability is no longer a nice to have but a must-have”, said Matt. He further explained that immutability is where data is fixed, unchangeable and unable to be deleted.
“Once you have saved an immutable backup it cannot be altered or written to; this is particularly important for countering malware or ransomware. An immutable backup is largely impervious to new ransomware infections but an archive of immutable backups gives even more assurances of a successful recovery, be that a full backup or snapshots”, added Matt.
But the question is, are businesses keeping pace with these requirements?
Interestingly, Andy Ng pointed out that Veritas’ latest report revealed that in the event of a ransomware attack, 60% of organisations globally either paid the ransom in full or in part. In the APAC region, India (43%) and Singapore (39%) are the top two countries most likely to pay the ransom in full. Overall, a staggering 72% of organisations in Singapore that have suffered a ransomware attack either paid the ransom in full or in part. There was also a correlation between an elevated level of investment in security and the ability to restore data in the wake of an attack: 46% of those spending more since the pandemic were able to restore 90% or more of their data, compared with just 40% of those spending less.
“The findings illustrated that businesses’ data protection strategies are not keeping pace with IT complexity and they are consequently feeling the impact of ransomware more acutely”, said Andy. He added that cybercriminals would lose most of their leverage the moment businesses are able to recover their data from backup sites in a timely manner. Hence, it would be a good practice for backup to be stored on a separate offline system and updated regularly to ensure that the system can be effectively restored after an attack.
Alexander Ivanyuk, Acronis Technology Director, concurred with this notion. He shared that ransomware is attacking someone every 11 seconds. However, nearly 40% of the victims who pay the ransom never get their data back and 73% of those that pay are targeted again later.
“The key idea is - if you have a backup, you don’t need to pay a ransom, since you can restore from it. But cybercriminals also quickly caught on. Since 2017, practically every ransomware strain began deleting or disabling Windows volume shadow copies and tried to disable traditional backup solutions. As many of these backup solutions have very basic self-protection capabilities - or none at all - this was easy”, he said.
Hence, Alexander strongly believes that backup is only effective if it is done properly.
“Backup will not be effective if it is just a simple backup without self-defence and ransomware detection and protection. It also won’t work if the 3-2-1 Backup Rule wasn’t followed. But if the backup has all these features in place and is done properly, for example, the ability to detect ransomware by behaviour rather than simple rules and signatures, self-protection done on a good proven level and backup to multiple locations and different media, then yes, it will be effective against any ransomware, unless the attacker has admin access to backup and can delete or encrypt all the copies of data his way”, explained Alexander.
The Golden Rules of Backup
The speakers mentioned a few important rules all businesses should adhere to when it comes to backup.
Alexander Ivanyuk believes that the 3-2-1 backup rule is among the most vital because if this rule is not followed properly, you won’t have the ideal backup system in play for your organisation. He explained that the rule simply means your business should keep at least three copies of your data on two different media types of which one is located offsite or offline.
Andy Ng added that apart from this golden backup rule, Veritas also recommends businesses to execute backups regularly, harden backup tools, consolidate backup solutions and understand your data that is being backed up. He added that “it pays for companies to have a proactive strategy of their data’s security through a solid data backup and recovery solution. Doing so can provide peace of mind for employers, employees, and consumers alike”.
For Raymond Goh, “With an increasing threatscape, it is imperative that a backup solution has a means of alerting suspicious and anomalous activity, as well as providing strong safeguards to ensure that backup data is safe from accidental or malicious destruction, encryption, or alteration. These capabilities should be available without having to purchase, deploy and manage proprietary hardware”.
As Matt Waxman puts it, “all companies, big and small, need to be on their guard and put defences in place to reduce the chances of becoming the next victim. For too long backup has been a chore or worse, an afterthought. However, in 2021, it is clear that sticking with your existing backup vendor’s protection without thoroughly assessing its immutability credentials is akin to doing nothing, which can no longer be an option”.
In conclusion, businesses need to ensure they have a well planned and executed backup strategy in their organisation. There is no saying when cyber attackers may strike but it’s always best to be prepared and ensure there is no major disruption should any incidences occur.