In 2024, are backups still relevant? Should we be focusing on other data protection and security methods instead? Or will backups always have a place in the world? Some industry experts weigh in.
A lot has changed within the world of backup since World Backup Day was established in 2011. Sparked by a social media post where a user expressed their frustration at losing their hard drive and not having a backup, the initial idea of the day was to remind individuals and businesses alike to backup their critical data to avoid the negative consequences of its loss or theft.
Thirteen years later, the industry has moved on, driven by the growing sophistication of cybercriminals. One of the main benefits of backup is that, if you are attacked and your data is stolen or encrypted, you can reinstate your data and continue business operations as usual. But bad actors quickly got wind of this and have stepped up their game to target backups too. As Darren Thomson, Field CTO EMEAI at Commvault, explains, cybercriminals “no longer just infiltrate and corrupt production data and systems, but also insert malware into backups. So, when organisations prepare to recover from the attack, they are stuck in a vicious cycle of restoring the virus, and often the criminal’s original access, making it almost impossible for them to recover successfully and leaving them little choice but to pay the ransom.”
A new approach
With the changing threat landscape, it is easy to think that backups are redundant in the modern digital world. But Scott Tucker, Consultant at ThreeTwoFour, a Node4 company, argues that, “while this threat highlights the need for enhanced security measures and backup solutions, it does not diminish the overall importance of backups. Rather, it emphasises the necessity of implementing robust backup practices that incorporate multiple layers of security, such as immutable backups, strong access controls, offline backups, encryption, and regular integrity checks.”
Instead of abandoning backups altogether, a new approach is needed. Commvault’s Darren Thomson urges businesses to change their focus to clean backups and recovery. “It is ultimately all about cyber resilience – being able to withstand attacks and continue operations even when the worst happens,” he says. To be able to do this, businesses must be confident that they have a clean backup that has not been infiltrated so that they can quickly return to minimal viable operation after an attack.
“Anomaly detection and early warning systems are essential to this,” Thomson explains. “Only then can businesses stay ahead of the game and prevent cybercriminals from infiltrating backups in the first place. By getting closer to data, particularly the most critical datasets, any unusual activity – such as the encryption of a file – should be analysed and, if it is found to be malware, stopped in its tracks before it has the chance to spread.”
Best practices
So what are some best practices to ensure peak protection from backups?
Ensure end-to end-protection
“This World Backup Day, make it a priority to double-check your backup plans and ensure end-to-end protection across the data lifecycle,” urges Kevin Cole, Director, Product and Technical Marketing, Data Protection at Zerto, “It may not have the headline-grabbing power of IT’s latest bleeding edge innovations, but backup is one of the most critical tools in any organisation’s efforts to minimise data loss and take control of the data deluge.
Check if your cloud hosting provider offers comprehensive backup services
“SaaS providers take backups to ensure the integrity of their services, but they will not take responsibility for data loss that results from accidental deletion, malware or operational errors,” warns Myles Currie, Product Manager – End User Compute, Six Degrees. “This year’s World Backup Day is an opportunity for organisations to consider how they protect data stored in public cloud environments.”
Terry Storrar, Managing Director, Leaseweb UK, adds, “organisations need to ensure that they are choosing a trusted cloud hosting provider that offers comprehensive expertise, 24/7 support and robust disaster recovery solutions. From the data centre providers’ point of view, they need to take every necessary precaution to ensure that customers’ data is available around the clock, along with comprehensive backup. This includes the availability of emergency backup services, such as batteries and generators, in case of power outages.
“Agreements should also be in place with energy suppliers for redundant energy connections that enter the data centre from different locations, redundant internet connections, and an agreement with local authorities for evacuation work to reduce possible damage to any important cables. In the event of a disaster, it’s important to keep in mind that a proactive backup plan to ensure business continuity always has multiple moving parts to consider; having the right providers and products in place helps ensure these parts work in concert if disaster strikes.”
Don’t get complacent – keep pace with change
“Now that AI has burst onto the scene, especially in the last year, the data organisations are accumulating – and increasingly storing forever – holds the potential for far greater value than ever before,” says Tim Sherbak, Product Marketing at Quantum.
Key trends like this will change how we store and protect our data and subsequently continue to change how we manage and use backups. “Massive data growth and its required retention will drive the need for new levels of cost efficiency and accessibility in our data protection solutions,” adds Sherbak. “Emerging high-performance solid-state flash backup storage targets will become mainstream along with automated, software defined tape solutions for massive scale, low cost, and simple operations to effectively reuse and retain these valuable data assets for decades to come.”
Back it up
Ultimately, the key message of World Backup Day remains the same: backup your most critical data and systems so that should the worst happen, business continuity is ensured. As Zerto’s Kevin Cole summarises, “The best time to put in place a modern data protection strategy was yesterday; the second-best time is today.”
