How likely it is that you will need your offsite backups?
If you have done a risk assessment and think that it is unlikely that you will ever need to use your offsite backups, you could be in for a nasty surprise.
When companies implement the 3-2-1 rule of backup (3 copies of your data on 2 different types of media with 1 copy being stored offsite), it can be tricky to imagine situations where you would actually need the offsite backup. You would have to lose both your normal data and your onsite backups at the same time before you have to restore from the extra backup. Typical scenarios that are used when trying to determine how likely this would be includes:
- Theft – Your main servers and onsite backup devices could be stolen at the same time. This risk is normally mitigated through not only the general security of the premises, but also through additional security, including access control, for the server room.
- Fire – If a fire sweeps through your whole building, it could destroy both the servers and the onsite backup. Even if automatic fire detection systems and/or fire fighters manage to prevent the fire from spreading, the computer equipment could be damaged by water.
- Natural disaster – This includes flooding, earth quakes and storms / tornadoes. In South Africa, the chances of this happening is a lot less than in other parts of the world.
There are however a number of other scenarios that could result in your onsite backup not being available when you lose data. If this happens and you don’t have an offsite backup, the impact could be huge. There are in fact many cases where a company has had to close down as a direct result of losing their data.
Other scenarios where you will need your offsite backups
These scenarios often involve something going wrong with the onsite backups and it not being picked up until it is too late. In recent months, a number of QSupport’s customers have had to restore their data from their cloud backups and were extremely happy that they had in fact implemented the 3-2-1 rule properly.
- In the first case, the onsite backup media had run out of space and the backups were no longer running. Although the external IT service company responsible for managing these backups had received notifications highlighting the issue, they had failed to take remedial action over a period of two weeks. When the customer did a price change on their SAP system and this caused data corruption, they contacted the service provider to do a restore, only to discover that the backups were in fact not running. Fortunately, the company was able to restore their data from the cloud backups provided by QSupport.
- Ransomware is becoming an ever increasing occurrence and when one of our customers was hit by an attack, their backup media was also encrypted, rendering them useless. Their cloud backup was however fully intact and they managed to restore their systems using these.
- In the third case, the onsite and offsite backups were affected simultaneously. When we noticed that the customer’s daily cloud backups were not running, we alerted them. An investigation showed that the servers had gone down a few days previously due to a lightning strike. When the servers rebooted, the automatic backup process failed to start. A simple restart solved the problem, but if the problem had not been discovered and fixed, the results could have been disastrous.
Offsite backups are critical, no matter how unlikely you think it is that you will need them
Although all 3 scenarios described above are simple and should have been prevented easily through effective management and notifications, they happened. What should have happened and what actually happened are often very different and wishing things to be different does not make it so. At the end of the day, we rely on people to make things happen, and people make mistakes. It does not matter how automated your system, or how strong your management is.
The 3-2-1 rule of backup has stood the test of time and has been proven time and again to be the only effective way to protect your data through making solid backups.