Backups, from both a compliance and a business continuity point-of-view,
are essential, particularly in the financial services sector. For example, backing
up of e-mail communication is important as it may be required even years later for
reference in a legal case–either in prosecution or defence.
Backups are inherently vulnerable, however; they can easily
be damaged and rendered useless by a number of culprits, including fire, water,
sunlight exposure or magnetic radiation. This is the main reason that backups
should be stored off-site. You could have the most advanced backup mechanism in
the world, but if the tapes are stored in the same building as your systems,
therell be a small problem when the building burns down. Ah but we have ours
in a fireproof safe, you say; that wont help much if the building collapses
on top of it!
Backups are also physically vulnerable to theft. If I wanted
to steal data from a company, I would have a few options. (1) Compromise the
premises and physically bug the systems (key logger, data box, etc.): It’s difficult
to do, slow, and even if you gain access to internal systems like thisdata
will no doubt still be protected and retrieval will need further work. (2)
Compromise the premises and physically steal the data: Not a good idea, very
intrusive. (3) Hire a hacker to break in and steal the data: Probably
expensive, definitely very slow, and he or she will probably just vanish with
your money. (4) Plant an employee within the company to mine data: Slow,
expensive, and difficult. (5) Wait until the IT manager throws the latest
backup in the back of his car, then break in and steal it: Really, not too
hard. Okay, so I dont actually want to steal anyones data, but the point is
that backups not only need to be stored off-site, but they need to be
transported and stored securelybetter known off-site vaulting firms will
collect your tapes in an armoured van!
It used to be that there was only one media for the backup
of datamagnetic tape. However, as technology has developed (and gotten
cheaper) alternative forms of storage have become available. Tapes can often be
slow and cumbersome, especially as they lack the ability to randomly access
data. For small (less than 10 GB) amounts of data; writable DVD media have become
quite tempting. The problem is that optical media (CD-R, DVD-R, DVD+R, etc) is
volatile. It may be cheap, fast to create, and even faster to access, but that
wont matter when you go to retrieve an important document in two years time
and find the media cant be read!
There is much evidence for so called DVD Rot,
basically, the physical degradation of DVD media. While one may be tempted to put
this down to cheap or brandless media, it is worth considering that DVD Rot
has been reported in pressed media too, which we would be led to believe is
much more durable and long-lasting than its writable cousins. 20th
Century Fox only offers a 90-day warranty on their DVDs!
Unfortunately, for long-term, stable storage, magnetic tape
looks like our only option. LTO tapes can carry 400 GB of data and have a 30
year shelf life. Even if were conservative and assume that in real world
conditions the tapes are good for 15 years, thats a lot better than more
volatile media can offer.
Next week well look at some other solutions for backup and
disaster recovery.
What media does your firm use for backups? How do you assure
the security of your data? Let us know, leave a comment!
