World Backup Day just whisked by with little fanfare. And that is not surprising. Compared to topics like ChatGPT, datafication, Extended Reality, backup is a non-starter as a conversation piece among consumers and users of data.
As a geezer in the tech world, I thought it made sense to look back at where backup started to see where we are headed as we come out of the pandemic.
History of backup
A backup may have its roots in the punch card – a piece of paper with holes in it that was first used in the United States as part of the country's census exercise in 1880. Its success in the 1890 census paved the way for the founding of the Computing-Tabulating-Recording Company (CTR) in 1911, renamed in 1924 to International Business Machine (IBM).
The magnetic tape came to replace the punch because the media was re-writable, in addition to one roll of magnetic tape replacing 10,000 punch cards. Taking the same charged material but putting it on a flat media, floppy disk, meant data could be stored and recorded instantly.
Hard drives were just extremely denser versions of floppies, and solid-state drives – the purely electronic evolution of hard drives. And of course, these days we have the cloud where organisations are learning to run not only their applications but store their data as well – regulations willing it.
So, in the age of heterogeneous, distributed computing, where data exists in many forms, is stored on different devices – with some in a near-constant state of change – and criminal elements relentlessly looking for ways to acquire it, how do you protect data?
Do what Ukraine practice almost religiously – backup your data. It may sound old school and archaic but Rob Joyce, director of the US National Security Agency's cyber security arm, speaking at the Silverado Policy Accelerator summit, attributes the ability of Ukraine to get back following cyberattacks.
He pointed out that "Ukraine has been under tremendous cyber pressure for years, long before the invasion. And so they, by necessity, had to learn from that. They got religious about backups; they got to the point where their sysadmins understood how to respond to a breach, clean up, and move on. They were practised."
FutureCIO spoke to Clement Lee, security solutions architect at Check Point Software Technologies, for his take on backup strategies, practices and trends.
It’s been 12 years since World Backup Day was first observed. What are the top 3 changes since as viewed from technology, operations, sentiment
Clement Lee: Backups from 12 years ago have changed significantly as the mode of IT operations has also changed drastically. This is largely due to the proliferation and adoption of cloud technologies, with the promise of better management and availability.
At Check Point Software Technologies, we are seeing many companies downplay the importance of backup as they feel that it is “the responsibility” of the cloud provider to maintain the availability of the assets. However, many miss out on the other principles of data security, which are primarily integrity and confidentiality.
Expanding from that, authentication and non-repudiation have been ignored which as well is dependent on the industry and applicable national laws surrounding each vertical.
"Most organisations lack remediation strategies, regardless of whether it is an organisation-wide malware infestation or a wide-scale ransomware infiltration."
Clement Lee
When consultants and experts say that we are likely already breached today, it implies some of our backups may be compromised already. What happens then?
Clement Lee: When a breach is discovered, likely, such attacks or infiltration by criminals have probably been happening for some time. This is where risk management and business continuity planning come into play.
Understanding the potential consequences, risks and development of a response plan should be planned out by businesses from the get-go. From locking down access to the cessation of further spread and a comprehensive remediation strategy — there is no silver bullet, but it is best for organisations to already have a response strategy that is in place with risk posturing studied and reviewed periodically.
Most workers probably see backup as an IT job. How do you make backup a company-wide practice without introducing additional friction to the way of work?
Clement Lee: In the past few years, we have seen SaaS providers (such as Microsoft 365) bundle inexpensive and massive cloud storage into their offerings. There should not be any reason why backup is not convenient or resilient.
However, the organisation should always contemplate the other principles of data security as well as mitigation strategies for prolific data-centric security risks, such as ransomware. As for system-based backup strategies, there are also cloud-based solutions that may prove to be more convenient and cost-effective, in most circumstances.
Individual organisations should review the management and operations CAPEX and OPEX of cloud-based versus “traditional” backup solutions with a serious emphasis on Recovery Point Objectives (RPO) and Recovery Time Objectives (RTO) effectiveness.
Given that data is scattered across device, edge, core and cloud, is it feasible to have one overarching data backup strategy and will it involve a massive overhaul of existing strategies in 2023 and beyond?
Clement Lee: The discussion on the rigour of data discovery, classification and management is almost exclusive to the most mature of organisations. In most instances, it may not be feasible to stick to an overarching data backup strategy across organisations, not to mention how it increases in difficulty met with more complex environments.
Perhaps, companies can benefit from establishing an overarching data backup principle or objective and use it as a guideline in their strategy instead. With that said, there is unlikely to be an overhaul but hopefully, a revolution to awareness of the need for backing up during World Backup Day.
