Baseball & Backups

From the Nov. 2006 Issue

A month or so ago, the LA Dodgers were playing great baseball and found themselves in the thick of the pennant race. (For the non-sports fan out there, see “Wikipedia: baseball.”) Since the team’s success on the field has been rather meager for the last 17 years or so, this was no small deal for the fans in LA! Those who follow the Dodgers credit a good portion of their success to the fact that they have such a “deep” team. In other words, they have excellent reserve players who possess the skills and versatility to hit well and play any number of positions. When a regular player is injured or needs rest, the manager has the confidence and flexibility to insert one of these talented “backup players” into the lineup and know that the team will continue to be successful.

How does baseball teach us about information security? In the past several months, we’ve covered a number of security essentials including anti-virus software, personal firewalls, wireless security and spam filters. Creating a layered defense to guard against attacks is important. But just as the Dodgers need quality backup players in order to be successful, your ability to effectively restore and recover if, and when, systems are compromised is no less essential to your security strategy.

————————————————

Are they really necessary?
Yes, a dependable backup is crucial in addition to your other security measures. Reasons for this include the following:

Hardware failure. Servers or workstations can stop working at any time. If a hard drive crashes, a backup may be the only way of recovering data and applications. Note: This is something our organization has experienced first-hand no less than three times over the last year!
A security breach. If a computer is compromised and data is corrupted or stolen, a backup is essential for restoring applications and data.
Terrorism/disasters. Depending on your geography, you can fill in your disaster of choice. (For LA, I’ll go with earthquakes, fires, landslides, and riots. We seem to be a land of equal opportunity!) Any one of these disasters, natural or otherwise, can decimate the physical and data infrastructure of a company.

Unfortunately, many businesses underestimate the seriousness of existing threats and the importance of having an effective backup plan in place. Research firm Insight Express performed a survey of IT managers regarding backup practices and business costs associated with server failures. The results showed that over 30 percent of IT managers estimated that server failures cost their businesses at least $10,000 in revenue and productivity. In spite of the great cost and the fact that 72 percent of the respondents said that their organizations suffer at least one server failure per year, more than half of the survey participants (55 percent) don’t back up their entire system on a daily basis.

Following these sound backup and restore procedures are crucial to ensure the continued availability and integrity of critical programs and data in the event of a breach. Without adequate backup and restore procedures, small problems can quickly snowball into major ones!
—————————————————

Another Option
Historically, individuals and businesses alike have backed up their data to media such as DVDs, tapes or hard drives. By following best practices, backups can be maintained relatively inexpensively. Unfortunately, as is the case with other aspects of information security, people get lazy and assume things are working correctly. Tapes are not rotated properly, logs are not reviewed, backup media is left by the server, and/or backups are not tested regularly. As a result, IT managers and business owners often find out too late that they were not adequately protected.

Another approach now growing in popularity is to backup data online. Businesses can sign up with companies like eVault, Iron Mountain or Global Data Vault and completely outsource the backup process. The process is pretty simple. Once the proper software is installed on the client side, the data to be backed up, and the frequency and timing of the backup are selected. At the time of backup, the data is compressed, encrypted and transported to a secure data center.

Restoring is straightforward, as well. A user simply selects the files to be restored and “pulls” them back to the computer of their choosing. Listed prices on the Global Data Vault website (www.GlobalDataVault.com) range from $9 per month for up to 300MB of data to $399 per month for between 25GB and 35GB of data. Less expensive options include newer sites such as JungleDisk.com or ElephantDrive.com. These sites both use applications that communicate with Amazon’s S3 storage API. Pricing is very inexpensive. ElephantDrive.com is free while still in beta, and JungleDisk.com advertises the low price of $0.15 per gigabyte. Obviously, the less expensive services take a little bit more work to configure and maintain and should be investigated thoroughly for their ability to keep data secure and return it promptly if and when it is needed.

Which backup approach is best? Traditional media or online? The answer really depends on the IT resources at any given firm or company. Those with dependable IT resources and a solid backup plan may not need to spend the additional money for an online backup service. On the other hand, firms or companies without reliable IT personnel and a shaky backup plan may find an online service to be a very reasonable investment.

—————————————————

Conclusion
Do you have a backup solution? Is it integrated with your information security strategy? Does it actually work? You need to make sure your backup policy upholds best practices and that the technology you employ (traditional or online backup) allows mission-critical systems to be quickly brought back online in the event of a crash or disaster. If that’s not the case, you need to spend the necessary time and investment to bolster your “bench.” And Go Dodgers!! 

------------------------------------------

David Cieslak is a Principal in Information Technology Group, Inc. (ITG), a computer consulting firm with offices in Simi Valley and Huntington Beach, Calif. He is currently an instructor for K2 Enterprises and a frequent speaker on technology issues. He also currently chairs the AICPA IT Executive Committee and serves on the Information Technology Alliance board of directors and CalCPA Council.

Loading