[BreachExchange] 5 Essential Tips to Create a Better Backup Plan

Destry Winant destry at riskbasedsecurity.com
Thu Oct 18 15:29:48 EDT 2018


Data loss can be disastrous for a business; potentially leading to
financial losses, damage to the organization’s reputation, and lengthy
downtime. For this reason, it is essential to protect all critical and
relevant data and databases. The best way to accomplish this is to
implement data backup planning practices with technology that allows
data to be accessible quickly and securely, while simultaneously
protecting it. To start you off right, we’ve compiled a list of
essential tips to make a better backup plan.

Determine Data Backup, Retention, and Destruction Policies

The foundation of an effective data backup strategy is built on these
three policies. Additionally, when an audit is being conducted, these
policies are a necessity. A data backup policy refers to the process
of determining what data will be backed up, the technology and tools
that will be used during backups, the timing and frequency of backups,
and the procedure for accessing data that has been backed up. Data
retention aims to identify what data will be retained, the format the
data will be stored in, and how long the data will be stored. Finally,
a data destruction policy determines what data needs to be destroyed,
when that destruction will happen, and the method used to destroy the
data and the media it is stored on.

Be Prepared for Exponential Data Growth

No matter what your data storage requirements are currently, your
backup needs should be based on the fact that your organization’s
capacity will most likely grow year after year. Regardless of what
storage resources you have in place at this point, whether they are
on-site or in the cloud, ensure that you can scale cost-effectively
and quickly if necessary.

Develop a Backup Environment Made Up of Multiple Elements

Many businesses are still using physical data storage arrangements
on-site, including NAS, tape, and file servers. However, the
increasing use and acceptance of cloud-based and remote storage
options is notable. The pricing of remote storage, on the whole, is
more affordable than on-site options, and if the provider’s security
measures are effective, remote storage can be a viable option for your
business. A common backup best practice is the 3-2-1 Rule, which
states that at least three copies of your data should be available,
stored on at least two storage devices, with at least one of those
devices located remotely. Amazon, Microsoft, and IBM are all major
players in cloud storage that offer a range of options and pricing

Coordinate Backup Plans with Business Requirements

Though it’s relatively easy to implement a backup strategy that
requires backups once a day of incremental data changes and backups of
all data once a week, your organization may be beholden to regulatory
requirements. In this case, you will potentially need to have a backup
strategy for the regulated data, and a separate arrangement for other
company data. It’s possible that some data will have to be backed up
or replicated almost immediately, whereas other data can be backed up
more infrequently. Evaluate the needs of your business and base your
data backup plan on them.

Test, Test, Test

This may seem obvious, but the importance of testing your backup
strategy cannot be understated. This is especially critical if a
disaster has happened. Similarly to a disaster recovery plan, your
backup plan must be tested periodically in order to avoid a loss of
data and credibility from users. Ideally, testing your data backup
plan would be an element within a test of your disaster recovery plan.

More information about the BreachExchange mailing list