By: Alessandra Descalso on July 9th, 2021
What Your Data Backup and Recovery Plan Looks Like with ITS
When shopping around for backup services, hire a provider that offers a comprehensive and robust plan. Learn more about how ITS performs data backup and recovery services.
Hacking is big business. There are many ways hackers make money off corporate databases, such as selling personal and proprietary information on the dark web. However, extortion by way of ransomware attacks is perhaps the most lucrative means of it all.
According to cybersecurity firm Sophos, the average ransom paid per ransomware attack is $170,404. There are some companies, though, that have paid north of $3 million to recover their data.
To the uninitiated, a ransomware attack uses malicious software (malware) to lockout a user from their computer or prevent them from accessing their files.
A more sophisticated form of ransomware called crypto-ransomware, which is becoming increasingly common today, uses encryption to lock files and force users to pay a ransom for a decryption key.
Ransomware can be highly disruptive to businesses and can lead to up to 23 days of downtime.
One way organizations can cushion, or rather, mitigate the devastating impact of ransomware on their operations is by having a robust backup regime. Here at ITS, we implement the use of encrypted backups as a defensive measure against cyber-attacks for all of our 368 clients.
This article sheds light on our comprehensive backup strategy. We also talk about what backup media we use and the onsite and remote backup services we offer.
What Backup Medium Does ITS Use?
ITS uses network-attached storage (NAS) and cloud backups. All machines that are local to the NAS will have encrypted backups.
The company also deploys a backup and disaster recovery (BDR) appliance that serves as storage for backups.
"It could spin up backups in case one of the client's servers goes down. BDRs are more robust, and it’s what we use as a default," said Edgar Richarte, a Project Technician at ITS.
ITS has different types of backup jobs, such as:
- Agent-based jobs.
Agent-based jobs depend on the service provider console that manages the backups. It will generally have two jobs onsite that are encrypted and go to the NAS and an offsite job that goes to the cloud repository.
- BDR-based jobs.
The BDR has the VEEAM backup and replication application on it, which manages all the backups. The BDR does a backup copy job, which takes an exact copy of an onsite job and copies it to the cloud repository.
Are ITS Backups Encrypted?
ITS backups are encrypted with 256-bit AES encryption to protect its clients' data.
As it is a government-grade encryption standard, this encryption algorithm would be nearly impossible to crack. The only way any person would access the data is that they had the encryption password.
Clients can never get their hands on the encryption password as an industry-wide best practice.
Is There Any Reason Why You Shouldn't Encrypt Backups?
By default, ITS encrypts pretty much everything. The only time where it doesn't make sense to encrypt is when you're doing a backup copy job for a BDR, copying an onsite job to the cloud.
"It is possible, but it's not necessary because the original source is already encrypted. If you're encrypting it again to our cloud repository, it's pointless because you're adding overhead CPU processing," Richarte said. "That's the only time where you don't need to encrypt."
How Does ITS Prepare for Backup Operation Failures?
Hardware can't run forever and is meant to fail at some point. ITS has data redundancy everywhere it could.
The company uses a RAID 5 array by default—if a disk does go down, the company has a fault-tolerant parity drive. One disk is, thus, allowed to go down and be swapped out with another one when the RAID array is under maintenance.
Meanwhile, the cloud repository is on RAID 6.
"We have multiple drives that can fail, and we can still have our data intact. If something were to happen, we have all of our bases covered," Richarte said.
What Issues Do Some Clients Run Into with Their Backups?
The biggest issue that clients encounter is usually concerning their internet speed. If their Internet upload speed is slow, it won't be easy to perform cloud backups for clients.
Onsite local backups are relatively easy, but sometimes hackers can get through those backups since it is local to their environment. As long as organizations have a decent upload speed, cloud backups and offsite backups can be enabled for them for redundancy purposes.
What Backup Services Does ITS Offer Clients?
ITS is in the process of standardizing the deployment of BDRs for every client because it's easily manageable and it's the most effective. BDRs allow instant recovery: just in case one of their servers breaks down, they have more options to spin up from a backup and use that.
Meanwhile, ITS offers a service called Insider Protection. We keep extra copies of clients' restore points on our cloud repository. This is extremely useful when something happens over a long weekend and hackers can get in, wreak havoc and encrypt everything. Typically, hackers will push backups to our cloud repository to replace the ones that are currently there.
However, with insider protection, the old restore points don't get deleted—they get moved to another folder called the recycle bin. Once it's in the recycle bin, it can't be moved or changed. ITS can still recover that data for the client. The only drawback with the service is that it takes more storage; however, it's an excellent option to enable.
"Essentially, we've been able to save several clients where the hackers thought they were smart. They were able to push incremental backups to replace the ones that are on the cloud repository, but they weren't able to get to the backups that were in insider protection," said Richarte.
Ready to Work with A Provider to Safeguard Your Data?
Encrypting backups and having redundancy play an essential role in safeguarding your data from outsiders. By pushing backups to a BDR and to the cloud, as well as deploying various RAID technologies, clients can rest assured that their data is in safe hands.
At ITS, we make sure that our client's data is kept hidden away from the bad guys. We employ a comprehensive approach to security that protects our clients' network infrastructure and software from unauthorized access. Get in touch with our representatives to learn more about our enterprise-grade solutions for your business.