Backup types: What is the best option?
Blog: AuraQuantic Blog
A backup, or data backup, is the process by which existing information is duplicated from one medium to another. The objective of this process is to have an additional copy of the information that guarantees its adequate conservation at all times. Thus, reducing the risks derived from a possible cybersecurity attack in an organization, loss of data or failure of the first hosting support, among others.
It is important to note that data backup represents only the first step of an adequate data recovery strategy for any company or institution.
Once the entity carries out an analysis of the possible risks that may compromise data security, it is advisable to design a Security Master Plan detailing the objectives, the people involved and the necessary resources. Also, a Contingency and Continuity Plan should contain a roadmap to follow in the case of an incident that affects data security. These are both essential instruments to guarantee adequate protection of information systems (IS).
If you want to keep all your company data protected, don’t miss this article which explains everything you need to know about backups.
Why is it important to make a backup?
In today’s information age, the high volumes of data handled by entities represent a double-edged sword.
On the one hand, they are a strength, since, by having a greater volume of data, these can be filtered to prepare advanced and interactive reports, through applications such as Power BI Embedded, (LINK ) that optimize the process of strategic decision making.
On the other hand, they can represent a weakness, because any failure that affects the IS, can harm leadership, create legal problems in data protection, increase investment in data security systems, cause a drop in profits and, finally, result in a reputational crisis. A host of consequences that can even compromise the future viability of the organization.
Ultimately, companies and institutions must adopt the necessary measures to guarantee data protection, which must be stored on different media and based on criteria established by each entity.
Information management systems in organization
The information and data that entities manage and collect on a daily basis is carried out using ‘information assets’. According to the ISO 27001: 2017 standard, dedicated to Information Security Management Systems (ISMS), the information assets available in organizations are:
1. Information assets
- Digital data: Databases, backup copies, passwords, etc.
- Tangible assets: Postal mail, internal and external physical servers.
- Intangible assets: Patents, knowledge, image of the entity, etc.
- Software: Office automation applications (Word, Excel) and other programs (CRM, ERP), backup and database managers.
- Operating systems.
2. Physical assets
- IT infrastructure: Buildings, offices, cabinets.
- IT hardware: workstations, laptops, tablets, mobiles, peripherals, pen drives, physical servers.
- IT environment controls: Alarms, air conditioning, etc.
3. IT service assets
- Authentication services, network services.
4. Human assets
- Internal staff.
- External staff.
Once the organization has carried out an asset inventory, i.e., their identification, classification, attribution and labeling, the periodicity and type of backups can be determined.
A point to consider is that, although the ISO / IEC 2700: 2013 standard establishes that each organization must set the criteria that best suit their particular circumstances when classifying information assets, it is advisable to apply the CIA (Confidentiality, Integrity, Availability) and define several levels that determine the general value of the asset in the entity, for example: very high, high, medium, low and very low.
The CIA model, also called the CIA Triad is a model designed to determine the information security policies within an entity, based on three criteria: confidentiality, integrity and availability.
- Restricted (medium level of confidentiality).
- For internal use (lowest level of confidentiality).
- Public (when the information is accessible to the public).
- Damage to image.
- Legal consequences.
- Economic consequences.
- Cessation of activity.
- Customer and supplier information.
- Purchases and sales information.
- Information on personnel and internal management.
- Information on orders and warehouse processes.
All this information, related to the backup policy adopted in the organization, must be reflected in the Security Master Plan.
Once the periodicity with which the backups will be made has been determined, based on a detailed analysis of factors such as the volume of data and files, the cost of storage and legal obligations (GDPR), the types of backup should be chosen.
Therefore, below, we will talk about the different types of backup:
1. Full backup
Full backup consists of making a copy of all the data, on another medium.
This type of backup is the most common in the business environment. In addition, we must bear in mind that to perform either an incremental or differential backup, which we will see in the following sections, it is essential to first have a full backup.
- Contains a copy of all the entity’s data.
- Restoration is quick and easy.
- Increase in the system workloads.
- A large space is needed to store all the data, which directly affects costs.
- Increase in the time used to perform the backup.
- Great impact on the overall performance of IT resources.
2. Differential backup
A differential backup backs up only the files that changed since the last full backup, similar to an incremental backup.
However, the difference with the incremental backup is noted from the second backup. In this case, the differential backup will re-copy all the information that has changed since the full backup, whereas the incremental backup will copy just the data modified since the last differential backup.
- Less space required than a full copy.
- To recover a file it will only be necessary to use the last full backup and the last differential.
- Slower than an incremental backup.
- Requires more space than an incremental backup.
- Stores more data than an incremental backup, but less than a full one.
3. Incremental backup
Incremental backup only makes a copy of the data that has changed (new or modified), since the last backup made, whether it be incremental or full. Therefore, if a file is modified after the full backup, it is only copied to the next incremental copy and not to subsequent incremental backups. If no modification is made, the file will not be saved.
The main disadvantage of this type of backup is that it is chaining one copy after another. In the case of loss or failure of any intermediate incremental copy, it would not be possible to restore.
Which data does the application that performs the backup take into account to determine which have changed and which ones have not? Backup applications use the date and time of a backup. Therefore, when an incremental copy is carried out, the backup application will look for the date and time of the last copy and will only store the files that have changed in the system, since that registered date and time.
- Saves storage space.
- Decreases the time required to make the backup, compared to full and differential copies.
- To restore data after an incremental backup failure, the last full backup and all incremental backups are required.
Where to store the backups?
The support or type of device where the information from the backups will be stored is another of the points that must be reflected in an entity’s Security Master Plan.
Now, two factors that must be taken into account when choosing the type of support for backup copies are the amount of information to be stored and the investment destined for that purpose.
The main storage devices that can be used in the business environment include the following:
The benefits of backing up to the cloud are countless. The option for scalability, encryption technology, lower costs, ease of use or to delegate regulatory compliance to the cloud provider.
This is why more and more companies are opting for the cloud as one of their main supports when making backup copies.
2. DAT tape
Contrary to popular belief, this type of backup media continues to be used by many companies. Its low cost, durability and large storage capacity are the main advantages of this device, which has a similar appearance to a cassette tape.
3. External hard drive
It is an excellent alternative when making backup copies. However, external hard drives are not foolproof and in the long run they can end up failing. For this reason, it is very important that the entity puts into practice the 3-2-1 backup rule. A strategy based on making three backup copies of any file, on at least two different devices, of which one will be stored outside the organization’s facilities.
A NAS is a network-attached storage device that allows you to centrally store or backup data.
This type of storage unit is characterized by being economical and expandable, thanks to the storage units (hard drives) that it has inside, connected under RAID mode.
In short, it is a type of device with a very similar operation to that of a private cloud, but which allows access by authorized third parties.