This is the second article of a two-part series about operations and strategies for making backups. Backups are duplicates of important data necessary for one’s business or personal life. The original data can be lost due to a variety of reasons, such as being encrypted by ransomware, so backups play an important role in cybersecurity. Previously, we covered common backup operations and strategies for making different types of backups. This article will cover storage options for backups, as well as a common strategy for making and storing them.
A paper published in 2012 by Paul Ruggiero and Matthew A. Heckathorn for the United States Computer Emergency Readiness Team (US-CERT) mentioned a common and recommended strategy for backing up data: the 3-2-1 rule. This rule has three conditions: keep three copies of each important file (including the original file and two backups), keep these copies on two different types of media, and store one copy outside of your home or office. Although the paper is eight years old, the 3-2-1 rule and other advice provided in the paper is still relevant. In order to follow the 3-2-1 rule, you can choose between two general types of storage: local storage on a machine owned by you or your organization, or cloud storage offered by either your organization or a third-party.
With regards to local storage, Paul Ruggiero and Matthew Heckathorn note that one advantage of storing backups on your internal hard drive is being able to “quickly update backup files and maintain a simple file structure.” However, they and Alexa Drake of G2 note that storing backups internally makes them as vulnerable as the original files when it comes to physical theft, damage, and corruption. This would go against the entire purpose of making backups: safeguarding the original data. Backing up data to your internal hard drive regularly would be a rolling backup, a process in which new data overwrites old data on a periodic basis. However, Paul Ruggiero and Matthew Heckathorn note that “[r]olling backups can silently propagate any corruption or malware in the primary files to the backup files.” Furthermore, they also note that storing backups on your internal hard drive uses up space that could be used for new files. Thus, storing backups on the same machine that contains the original data isn’t recommended. In addition to storing backups in the cloud, Alexa Drake recommends storing backups in a local external hard drive or network-attached storage device. Local storage devices like these may use one of two types of memory: hard disk or solid state. Paul Ruggiero and Matthew Heckathorn list the advantages and disadvantages for using each type. Solid state storage devices—such as USB flash drives or removable solid-state drives (SSDs)—have the benefits of being compact, shock-resistant, resistant to degaussing (demagnetizing a hard drive to make it inoperable), compatible with most devices, and possibly encrypted with password protection. Although hard disk drives (HDDs) are bulkier and vulnerable to degaussing, each HDD is generally less expensive than an SSD with an equivalent amount of storage space. However, the storage capacity gap has been closing since 2012. Note that unlike cloud storage, all forms of storing backups locally are vulnerable to disaster and physical theft.
Storing backups locally would require purchasing a physical product, whereas storing backups on the cloud may involve subscribing to a service or at least creating an account on a website. Storage as a Service (abbreviated as STaaS as SaaS) is a type of cloud service that specializes in providing storage space that could be used for backups. Examples include Microsoft OneDrive, Google One, and Dropbox. Some services also qualify as Software as a Service (also abbreviated as SaaS), and are designed to automatically create and store backups of important files for you. Microsoft OneDrive and Google Drive both offer generic data storage as well as functions for automatic backup creation, while EaseUS Todo Backup is an example of software that specializes in making backups. All of these solutions have both free and premium versions for different needs. However, Paul Ruggiero and Matthew Heckathorn note that there are both pros and cons of using cloud storage for backups. Cloud storage isn’t vulnerable to disasters, physical theft, or worn-out local hard drives. Cloud storage can be accessed from anywhere and on any device owned by your or your organization. Unfortunately, making backups could be very difficult if your internet connection is unreliable. Furthermore, the cloud service itself may or may not be secure; if such a storage service gets compromised, your sensitive information could be publicized. Additionally, there is a risk that the service itself may tamper with stored data. If you plan to use a cloud service for backups, find one that is committed to your security and privacy.
Both local and cloud solutions for storing backups have pros and cons, and these factors should be considered when creating a backup strategy that works for you or your organization. Although there are risks associated with cloud storage, it goes hand-in-hand with the third condition of the 3-2-1 rule: store one copy of any important file outside of your home or office. The 3-2-1 rule itself is commonly known and recommended, but you or your organization may want to create a strategy that is tailored to your needs.