BACKUPS, THE ORIGINAL CYBER SECURITY NO-BRAINER
For many people outside the cyber security industry, security signifies peace of mind. For those inside the industry, it often represents the exact opposite. Protecting information technology assets is a balancing act of vulnerabilities, threats, mitigations, security controls, and (as always) how much you can convince your company to pay for. Cyber security is always acutely and often painfully aware of how much residual risk still exists, even for relatively well-protected systems.
However, there is one cyber security measure that can make system administrators and cyber security professionals feel almost like home security gurus, smiling contentedly at their exhaustively tweaked network of outdoor and indoor cameras whose only blind spots are not only well-documented but also well-booby-trapped. In other words, one cyber security measure gives IT professionals peace of mind: offsite backups.
There are many risks that still wait in the wings despite and sometimes because of backup systems. Backups themselves must be protected and the mechanism that performs each backup must be secure: having copies of your data is not good if those copies are being served to bad actors on a silver platter.
These concerns, though, do little to outweigh the centrality of backing up company data intelligently and regularly. I used to think any redundancy was terrible: it was a waste of breath to say anything twice, and having three of something when you only needed one was nearly an unpardonable crime. The naïveté of my young mind was enamored with precision: I did not realize that reality rarely shoots straight, everything is a moving target, and not every target has a bullseye.
With that in mind, my paradigm (at least for information technology) has shifted dramatically. Having two where one will do is mere prudence: having four or five begins to approach sainthood. IT deals with machines whose only language is written in black and white, zeroes and ones. These systems ought to be straightforward, but their sheer complexity lends them an element of chaos that leads those who work with them daily to assign their setups a certain level of mystery. It is our job and our pleasure to unravel these mysteries, but in the meantime, having copies of our systems, configurations, and information stored in multiple places allows us the freedom to experiment and test creatively. Anything that we inadvertently destroy can be restored with the click of a few buttons.
At an even more basic level than allowing IT technicians to build, rebuild, and troubleshoot systems safely, backups provide more than just insurance against disaster: they provide assurance. Suppose the server containing your company’s files has all its data encrypted for ransom by hackers, deleted by a disgruntled employee, erased by catastrophic hard drive failure, or otherwise destroyed by flood, fire, or a zombie apocalypse. In that case, you have the same information available elsewhere. Like Galaxar’s clones from DreamWorks’ Megamind, your server can get knocked down on Monday, possessed on Tuesday, and burned at the stake on Wednesday: your proprietary business information is still intact, provided it is stored in a separate location.