Have you ever been confused by technical jargon like 3-2-1 backup, online / offline / onsite / offsite backup, cold / warm / hot, redundancy, immutability, snapshots, blah blah blah.
Even I find the jargon frustrating – and I’m in the industry!
There’s no shortage of voices telling you to do this or that. But in the end – the question is, what for?
Don’t let the tail wag the dog. You’re in control of your own data – and in just 10 minutes I’ll help you get on top of your own cyber-resilience.
You don’t want a backup. You want a guaranteed recovery.
A Harvard professor once said, “people don’t want a drill, they want a hole.”
Let me take a wild guess. You’re not really interested in backup. What you want is a guaranteed recovery.
The problem with the tech industry is so much conversation is about the technical features of a product (the drill), it’s easy to forget what the bigger picture is (the hole).
After 24 years, I’ve finally figured out an EASY way to explain backup and help people choose how to get the right backup for them.
I call it the Ladder of Cyber-Resilience – and it’s a commonsense way to understand exactly what risks you’re protected against with any given backup strategy.
The higher you are up on the ladder, the more resilient you are to these risks.
Is this self-explanatory? If so – great! If not, read on…
Let’s start with the risks –
Here’s a summary of the major risks that will cause you to lose data. These risks apply to both business and personal situations.
| Category of Risk | Example |
|---|---|
| Accidental data deletion (human error) |
|
| Hardware failure |
|
| Physical theft |
|
| Inside sabotage |
|
| Hardware destruction |
|
| Automated cyber-crime |
|
| Targeted cyber-crime |
|
Now let’s group the risks and simplify –
It turns out that we can map out each of the risk categories according to their commonalities, and escalating need for mitigations.
| Level | Risk Categories | Commonalities | Mitigation Needs |
|---|---|---|---|
| 1 |
| Damage is not widespread. It’s isolated to a piece of data, or a device. | Maintain backups of data, going back in time. |
| 2 |
| Damage spreads to multiple machines, often your entire on-premise infrastructure. | Keep some backups elsewhere, in case main office gets destroyed. |
| 3 |
| Intentional, malicious electronic destruction such as deleting or encrypting the backups, wiping hard drives. | Ensure local backups can withstand intentional sabotage. |
| 4 |
| Hijacking of cloud storage account, with intention to cripple the backups. | Ensure cloud backups can withstand intentional sabotage. |
By grouping and ordering these risks like this, it means each level of risk will require more sophisticated mitigations.
But the benefits will be cumulative. For example, if you can properly protect yourself at say Level 3 with a well-designed backup strategy, you’ll also be protected at Levels 1 and 2.
Choose a backup strategy that protects against each risk
Now it becomes much easier to choose a backup strategy that will protect you. Based on our philosophy of multiple layers of protection, and our 24 years of experience, here are our recommended backup strategies:
| Level | Backup Strategy Recommendation | Why |
|---|---|---|
| 1 | Locally stored backups Back up locally, keeping at least 180 days of past data (a.k.a. backup history). | Fast local recoveries. |
| 2 | Offsite backups Back up locally, with rotating hard drives which are disconnected and stored offsite. and / or Back up to cloud storage, keeping at least 30 days of past data. | Geographic separation protects against physical destruction. Offline drives are inaccessible to thieves and saboteurs. |
| 3 | Tamper-safe local backups Same as Levels 1 & 2, but with extra steps:
| Minimizes the possibility that intentional sabotage will work. |
| 4 | Tamper-safe cloud backups Cloud offsite backups, with cloud immutability turned on and a minimum 180-day retention period. | Last line of defense – cloud data is guaranteed available until retention period ends. |
Of course, if you have special circumstances, you’ll need to tweak the recommendations to suit your situation. But the table above gives you a very good starting point, and a way to double-check that your customizations still fulfill the intended requirements of the backups.
Get started today
It’s really easy to get started.
- Start by identifying which risks you want to mitigate.
- Use the Ladder of Cyber-Resilience to determine a suitable backup strategy.
- Customize the strategy to suit any special circumstances.
If you need assistance with Steps 2 or 3, contact us and we can put you in touch with an appropriate I.T. professional who can help.
Until next time – stay safe, and stay cyber-resilient!
