In today's digital world, our lives are increasingly reliant on technology. We store our photos and documents on our computers. Unfortunately, everyday, digital lives are wiped by ransomware, hardware loss or human error. Creating and maintaining well-executed backups provide the best defence against these threats.
With World Backup Day having just passed us, it is a good time to review what backups are, what to avoid and how to set yourself up for success.
Backups are a copy of important files in one or more safe locations. In case of loss, the files can be easily restored from the chosen safe location. They can be stored on physical media, such as hard drives, or in the cloud using a cloud storage service. The best backups are taken to automatically on a regular basis and they allow for multiple versions to be archived.
A widely recommended approach is the 3-2-1 backup strategy. This involves creating three copies of your important data, storing them in two different locations, and having one copy stored offsite. This means that even if one of your backups fails or is destroyed, you will still have multiple other copies in different locations that can be used for recovery.
What to avoid?
Not all data protection strategies are effective backup solutions. For example, a disk RAID (Redudant Array of Independant Disk) will protect against a failing disk, but remains ineffective if the RAID controller fails, or in the case of ransomware. Synchronization software provide good redundancy, but are terrible backups. If a file is accidentally or intentionally altered or erased, so is the sync'ed copy.
In addition, not all mediums are good for backups. Removable media, such as USB Keys or SD cards degrade faster than most other media. Unfortunately, file degradation is only noticeable when trying to access the files themselves, which means it is noticed only when it is too late. In addition, they can be easily damaged, lost or even stolen.
What do you need?
The first step in setting up a good backup solution is deciding what needs to be backup. The overall size of the backup will have an important impact on your strategy. For example, a home user that uses their computer sparingly might only backups of a couple of gigabytes. However, a profession photographer will have backups measured in terabytes.
The second step is to determine your retention strategy, which means how many backups you want to keep and for how long. Long retention strategy are good when you need to retrieve files that were accidentally deleted a while ago, or recover from a ransomware that laid dormant for a while. Unfortunately, each additional backup you keep adds to the storage requirement.
The third step is to decide what you are trying to protect yourself against. The best defence against an effective ransomware, which will attack all storage devices connected to your computer, is an offline backup, which spends most of its life disconnected from the computer. If you want your data to survive a house fire, then you need that backup to be stored off-site, which means away from your computer.
The last consideration when planning your backup strategy is the speed and complexity of recovery when disasters strike. Some solution allow you to recover your files almost immediately, while others could take days as you need to retrieve a physical device from a distant location. In addition, the bigger the backup, the more complex the recovery can be.
Given your requirements, you might decide on multiple backup strategy. For example, you might decide a solution with multiple copies and long retention for your everyday documents, but something simpler for home photo.
Who manages your backups?
The final step in backup planning is to decide which solution to use. Strategies can be broken down into two categories : cloud managed and self-hosted.
The easiest solution are cloud managed, where a provider will charge you a monthly fee to protect your data. Typically, these solutions require you to create an account and install a backup agent. This backup agent will copy your files to the providers storage, often referred to as "cloud" as the data is stored off-site in a massive data storage infrastructure. Storage limits, retention policies and recovery options differ from provider to another, which means smart shopping is a must. This is especially important as you must trust the cloud provider with the personal data you are backing up. Even if they claim your data is encrypted and they cannot access your data, a malicious backup provider could still have the necessary tools to access your data. Cloud managed backups trade privacy for ease of use. Two well known providers for this type of backups are BackBlaze and CrashPlan.
Privacy focused users might prefer the more complicated option of managing their backup themselves. This means they will need to decide which backup software they want to use, and where they wish to store their backups. Typically, self-managed backups are stored on removable hard drives or a NAS (network attached storage) which requires some upfront cost, but has no monthly recurring fees. They can also be setup offline, which protects them from online security breach. However, these solutions are vulnerable to physical damage or loss. Some examples of self managed backup solution would be Duplicity and BackupPC. In addition, several storage solutions, like Synology NAS or Western Digital hard drives, also come with their own backup solutions.
An hybrid solution is to self-manage the backup software, but to use cloud storage, such as Amazon S3. This avoids the upfront hardware cost and provides an easy off-site solution. Depending on the chosen solution, this solution can also solve problems related to privacy, as long as the data is encrypted before it is sent to cloud storage. However, this can make backups extremely slow to recover as the cloud storage has no knowledge of the data and must simply recover everything. A good example of a self-managed solution backup to S3 would be CloudBerry Backup.
Did you test it?
The most common failure of backup strategies is the lack of testing. Like any other software, backups can fails and archives can be corrupted. This failure can go undetected until the archive is needed, to catastrophic result. At the enterprise level, it is not uncommon to have restore activities planned on a regular basis. This is because restoring a backup is the only reliable way to ensure that it is good.
That said, it would be unreasonable to test every backup that is taken. However, testing a restore every 3 to 6 months is not unreasonable given the importance of your data.
Everyone that uses a computer should have a backup strategy. Those unfamiliar with the technology should use a managed services, preferably recommended by a trustworthy college or friend. The link provided in this articles are example, but shouldn't be taken as recommendations.
Those preferring a self-hosted solution should be ready to invest the time needed to do it properly. Regardless, any strategy should be tested on at least a quarterly basis.
Because without backups, consider your hopes of recovering loss data pretty slim.