Backups, from both a compliance and a business continuity point-of-view,

are essential, particularly in the financial services sector. For example, backing

up of e-mail communication is important as it may be required even years later for

reference in a legal case–either in prosecution or defence.

Backups are inherently vulnerable, however; they can easily

be damaged and rendered useless by a number of culprits, including fire, water,

sunlight exposure or magnetic radiation. This is the main reason that backups

should be stored off-site. You could have the most advanced backup mechanism in

the world, but if the tapes are stored in the same building as your systems,

there’ll be a small problem when the building burns down. ‘Ah but we have ours

in a fireproof safe,’ you say; that won’t help much if the building collapses

on top of it!

Backups are also physically vulnerable to theft. If I wanted

to steal data from a company, I would have a few options. (1) Compromise the

premises and physically bug the systems (key logger, data box, etc.): It’s difficult

to do, slow, and even if you gain access to internal systems like this—data

will no doubt still be protected and retrieval will need further work. (2)

Compromise the premises and physically steal the data: Not a good idea, very

intrusive. (3) Hire a hacker to break in and steal the data: Probably

expensive, definitely very slow, and he or she will probably just vanish with

your money. (4) Plant an employee within the company to mine data: Slow,

expensive, and difficult. (5) Wait until the IT manager throws the latest

backup in the back of his car, then break in and steal it: Really, not too

hard. Okay, so I don’t actually want to steal anyone’s data, but the point is

that backups not only need to be stored off-site, but they need to be

transported and stored securely—better known off-site vaulting firms will

collect your tapes in an armoured van!

It used to be that there was only one media for the backup

of data—magnetic tape. However, as technology has developed (and gotten

cheaper) alternative forms of storage have become available. Tapes can often be

slow and cumbersome, especially as they lack the ability to randomly access

data. For small (less than 10 GB) amounts of data; writable DVD media have become

quite tempting. The problem is that optical media (CD-R, DVD-R, DVD+R, etc) is

volatile. It may be cheap, fast to create, and even faster to access, but that

won’t matter when you go to retrieve an important document in two years time

and find the media can’t be read!

There is much evidence for so called ‘DVD Rot’,

basically, the physical degradation of DVD media. While one may be tempted to put

this down to cheap or brandless media, it is worth considering that ‘DVD Rot’

has been reported in pressed media too, which we would be led to believe is

much more durable and long-lasting than its writable cousins. 20th

Century Fox
only offers a 90-day warranty on their DVDs!

Unfortunately, for long-term, stable storage, magnetic tape

looks like our only option. LTO tapes can carry 400 GB of data and have a 30

year shelf life. Even if we’re conservative and assume that in real world

conditions the tapes are good for 15 years, that’s a lot better than more

volatile media can offer.

Next week we’ll look at some other solutions for backup and
disaster recovery.

What media does your firm use for backups? How do you assure
the security of your data? Let us know, leave a comment!