Backups - Protecting Data with Copies

About 2 min read

A backup is the act of storing a copy of data in a location separate from the original storage to prepare for data loss caused by failures, human error, or cyberattacks. A surprising number of organizations say "we are taking backups" yet have never once verified a restore (recovery); the true value of a backup is determined by whether the data can actually be restored. It is a technology that forms the core of any disaster recovery strategy, and it serves as the last line of defense against ransomware as well.

The 3-2-1 Rule

The most widely known basic principle of backup is the "3-2-1 rule." The idea is to keep 3 copies of your data, store them on at least 2 different types of media (for example, an SSD and cloud storage), and keep 1 of those copies in a physically remote location (offsite). This rule represents the minimum configuration needed to eliminate a single point of failure. In response to the increasing sophistication of ransomware in recent years, there is also a movement to extend it to the "3-2-1-1-0 rule." The additional "1" refers to a copy isolated offline or by an air gap, and the "0" means that restore verification produces zero errors.

Types of Backup

There are mainly 3 backup methods. A full backup copies all data in its entirety; the restore is the simplest, but it consumes a large amount of time and storage capacity. A differential backup copies only the data that has changed since the last full backup. To restore, you only need 2 things: the full backup plus the latest differential backup. An incremental backup copies only the changes since the previous backup (full or incremental); its backup time and storage consumption are minimal, but to restore you must apply the full backup plus all incremental backups in order, making the procedure more complex. In practice, a common combination is a weekly full backup with daily incremental backups.

Offline Backups as Ransomware Protection

Modern ransomware employs a tactic of targeting backup servers on the network first. This is because once the backups are encrypted, paying the ransom becomes the only remaining means of recovery. To counter this threat, offline backups that are physically disconnected from the network are essential. Backing up to tape media and using immutable storage that cannot be altered after being written (such as AWS S3 Object Lock) are effective approaches. Isolation by an air gap physically severs the path by which ransomware could reach the backups. Please also refer to the ransomware protection guide.

Encryption and Caveats of Cloud Backups

Backing up to cloud storage is widely used as an easy way to achieve offsite storage. However, since you are entrusting your data to the cloud, you must confirm that both encryption at rest and encryption in transit are ensured. Particularly important is who controls the encryption keys. With server-side encryption, where the cloud provider manages the keys, there is a risk that data is exposed if the provider itself is breached. For highly confidential data, the recommended approach is to encrypt it on the client side before uploading (zero-knowledge encryption).data backup strategy books (Amazon) explain in detail hybrid strategies that combine the cloud and on-premises. The cloud storage security article is also helpful.

The Importance of Restore Verification

The biggest pitfall of backups is the state of "thinking you have them but being unable to restore." Even when a backup job completes successfully, it is not uncommon for restores to fail for reasons such as corrupted files, lost encryption keys, or undocumented restore procedures. As part of a business continuity plan, you should perform restore verification at least once per quarter and confirm that full recovery from the backup is actually possible. The verification should also assess whether the recovery time (RTO: Recovery Time Objective) and the allowable amount of data loss (RPO: Recovery Point Objective) meet your business requirements. You can review the basic operational procedures in the introductory backup guide.