World Backup Day – is it time to take a step back on backups?
World Backup Day has served as a reminder to play it safe with data for more than ten years – but many question whether it has now run its course into redundancy. After all, whilst data protection, security and backup are considered standard practice, the old ‘golden’ 3-2-1 backup rule has become obsolete and many question whether the newer methods are all that more effective.
Combining issues such as data centre outages, misconfigurations, sleeper ransomware and supply chain attacks with the fact that attackers are now actively going after backup systems, arguably backup no longer offers the protection it once did. This then calls to question, is World Backup Day still relevant in 2024?
Not necessarily a want, but a must-have
The concept of data backups has been around for centuries, evolving from manual transcriptions onto physical media like paper or punch cards, to digital storage solutions such as magnetic tapes, optical discs, and cloud-based systems. This maturity over the years has made backups fall from front of mind to bottom of the pile.
“Backup is boring,” Kevin Cole, Director, product and technical marketing, data protection at Zerto, a Hewlett Packard Enterprise company, starts, “It doesn’t get the same hype as the latest trends in IT, whether artificial intelligence, cryptocurrency, or Web 3.0.
“Yet, backup remains more relevant than ever thanks to the explosive growth in data, distributed from edge to cloud, and an ever-evolving cyber threat landscape. Backup is still one of the foundational pillars in data protection alongside disaster recovery, archive, and cyber recovery. It may not have the headline-grabbing power of IT’s latest bleeding edge innovations, but backup is one of the most critical tools in any organisation’s efforts to minimise data loss and take control of the data deluge.”
Agreeing, Tim Sherbak, Product Marketing at Quantum, highlights how backups are necessary in supporting the new technologies currently possessing ‘headline-grabbing power’.
“Backing up data has been a necessity for decades for organisations to keep their data safe and recoverable. Now that AI has burst onto the scene, especially in the last year, the data organisations are accumulating – and increasingly storing forever – holds the potential for far greater value than ever before. Training an AI model to complete a task successfully relies on the quantity, quality, and variety of the data given as input. The more robust the dataset, the better the model will be able to detect specific patterns of interest and generate meaningful content.
“Many organisations look for publicly available data, pulled from the internet, to train their AI models. While this is certainly an option, organisations that have access to a wide variety of their own data – rather than data found online – have a critical advantage over their competitors. It is not only specific to their needs, but the data also uniquely influences their AI outcomes.”
Where an organisation’s data now holds significant potential in bolstering a business’s competitiveness, profitability and productivity, data backup arguably needs to become standard practice for successful AI innovation.
Back up, up, up we go
Prior to AI taking centre stage, the cloud emerged, revolutionising global business operations and offering a level playing field to innovate and optimise workloads. “In recent years the uptake of cloud services by end-users, businesses, and IT leaders has skyrocketed,” Terry Storrar, Managing Director, Leaseweb UK, explains, adding: “Approximately 89% of companies are currently utilising a multi-cloud approach and 97% of IT leaders have the intention to expand their cloud systems.”
However, Myles Currie, Product Manager – End User Compute, Six Degrees, warns that: “SaaS providers take backups to ensure the integrity of their services, but they will not take responsibility for data loss that results from accidental deletion, malware or operational errors. This year’s World Backup Day is an opportunity for organisations to consider how they protect data stored in public cloud environments.”
Leaseweb’s Storrar agrees that with the popularity of cloud backups, “organisations need to ensure that they are choosing a trusted cloud hosting provider that offers comprehensive expertise, 24/7 support and robust disaster recovery solutions.
“It’s important to keep in mind that a proactive backup plan to ensure business continuity always has multiple moving parts to consider; having the right providers and products in place helps ensure these parts work in concert if disaster strikes,” he finishes.
A target on your back(up)
In recent years, we have witnessed an alarming trend of backups being targeted and compromised by threat actors. Scott Tucker, Consultant at ThreeTwoFour, a Node4 company, concurs: “Ransomware strains such as SamSam and Ryuk are notorious for targeting backups as part of their attack rendering them inaccessible and ineffective. VEEAM’s 2023 Ransomware Trends report indicated that in 93% of ransomware incidents, the threat actors targeted the backup repositories.
“This trend poses a significant challenge to traditional backup strategies, as organisations may no longer rely solely on backups for data recovery in the event of an attack.”
Commenting on this trend, Darren Thomson, Field CTO EMEAI at Commvault, highlights that now, “the main focus should be on clean backups and recovery. Anomaly detection and early warning systems are essential to this. Only then can businesses stay ahead of the game and prevent cybercriminals from infiltrating backups in the first place. By getting closer to data, particularly the most critical datasets, any unusual activity – such as the encryption of a file – should be analysed and, if it is found to be malware, stopped in its tracks before it has the chance to spread.
“However, clean backups are only useful if you have a clean environment to recover into. In addition, a recovery plan that is not tested is no recovery plan at all! The issue is that properly testing and recovering to a clean environment (a “cleanroom”) has historically been very expensive and complex. Now, utilising the power of the cloud and AI, this is possible at a low cost and in a scalable manner.
“It is ultimately all about cyber resilience – being able to withstand attacks and continue operations even when the worst happens,” Thomson finishes.
Node4’s Tucker echoes this point, concluding that the present threat landscape does not diminish the overall importance of backups, but rather “underscores the importance of adopting a comprehensive cyber security strategy that includes proactive measures to prevent, detect, and respond to cyber threats effectively. While the landscape may be changing, the fundamental role of backups in data protection remains crucial, albeit requiring adaptation to address emerging challenges posed by cybercriminals.”