The modern business environment relies upon constant access to data, regardless of your industry or your product. Whether it be company emails, customer records, in-progress projects, or your website, it’s almost certain that business continuity is dependent on a shared repository of data being constantly available.
This means downtime of any sort can be highly disruptive - it can halt productivity, destroy revenue, damage your reputation, and increase customer churn. As your organization gets larger, the more substantial this cost can be. Last year IBM estimated that on average, companies lost $1.52m worth of business due to downtime resulting from data breaches.
Preparing for these breaches is vital to avoid unnecessary sunk costs, such as urgent repairs in the case of a system failure, or hefty fees if you succumb to a ransomware attack that locks you out of your data. Whatever the cause, the most affordable way to quickly end downtime and get your business back online is to have a data redundancy strategy in place.
Creating a data redundancy strategy
As a general engineering term, redundancy refers to replicating critical parts of a system to increase its reliability. When it comes to data, a redundancy strategy means having in place an adequate number of backups so that you can swiftly get back online with minimal disruption. While it’s possible that no one backup is immune from being affected by bit rot, malware, or human error, an organization can build a great deal of redundancy and resilience through having multiple backups at once.
A common and reliable method that can serve as a bedrock for a data redundancy strategy is the so-called “3-2-1” rule. This refers to the idea of keeping three copies of your data, with two on different media formats, and one being off-site. Keeping three copies with two on different media formats is good practice, as this dramatically cuts down the risk of being affected by whatever might interrupt data availability. Multiple copies increase the amount of targets that need to be affected by accidental, malicious, or natural damage that would cause downtime, and keeping two of those copies on different media formats further increases the difficulty of replicating the same downtime cause.
What’s often overlooked when implementing 3-2-1, though, is the “1” part - keeping a copy off-site. This is because there are risks with clustering assets physically and geographically, and these cannot be offset through copying. These risks can be in the form of natural disasters such as fires, floods, and earthquakes, or in the form of disgruntled employees or seasoned black-hat hackers who may know of and how to access your separate on-site copies. Keeping backups off-site allows you to create distance between your day-to-day operations and that copy, in what we call an “air-gap”, which makes it much more resilient to natural or man-made disasters.
Why the cloud should be your off-site option
One problem presented by air-gapping is that, traditionally, it meant taking more time to restore data from your backup. If your data is backed up in a hard disk in storage a hundred miles away, for example, then you’ll have to wait for a courier to collect and deliver the data. In practice, this might mean in the order of days - for many businesses, such a pause could represent a death-knell.
Thankfully, technology has allowed us to have the best of both worlds and enjoy rapid access to off-site copies, in the form of cloud storage. Along with providing an air-gapped backup, backups in the cloud benefit from the fact data centers are staffed and online around the clock, which ensures backups are subjected to stringent security alongside instantaneous support when they’re needed.
Cloud data centers benefit from economies of scale, specialized and well-trained teams, and strong relationships with hardware and software vendors. For cloud storage, supply leads demand, which means users can ask and near-instantly receive more storage on demand. This means cloud storage is a very affordable and scalable way to store data compared to traditional on-premises storage, especially as the pricing model of cloud storage replaces the large up-front capital expense of on-prem storage with a smaller regular operational expense in the form of a subscription.
Guarding against cybercriminals
The air-gapping provided by the cloud is a huge boon to a data redundancy strategy, since it substantially cuts the risk of all your backups being damaged or destroyed. However, just using cloud backups will not eliminate all risk.
There remains a small but substantial risk arising from human intervention. Two-thirds of data loss incidents are caused by human error, software misconfigurations, malware, or sabotage. If any of these befall your cloud data backup, then it can be rendered useless.
When it comes to hackers, saboteurs, and ransomware operators, many of them know that taking down a cloud backup is essential to their goals and will seek out access. Savvy cybercriminals will work to gain access to an organization’s cloud credentials through social engineering or targeting weak spots in organizational security, and then will proceed to delete backups. Having rendered an organization defenseless, cybercriminals then will have total freedom to enact whatever plans they have against their target organization.
To counter this, organizations that wish for extra confidence in their data redundancy strategy should work with a cloud provider that provides immutable storage. Data that’s been immutably stored cannot be overwritten, altered, or deleted by anyone throughout a pre-planned timespan, which means that even if your cloud credentials are obtained by a malicious actor they won’t be able to sabotage your backups. This also cuts down the risk of an accidental misconfiguration or deletion destroying your backup, which further boosts your resilience.
Following the 3-2-1 rule, making sure that you keep a backup in the cloud, and leveraging functions like data immutability when appropriate are all sound principles to base a modern data redundancy strategy upon. For most organizations, following these rules will present an ideal balance between organizational resilience and an ability to quickly resume business operations when a crisis presents itself.
David Friend, co-founder and CEO, Wasabi Technologies