Backup is Still Important - Options and Strategies

Data is king. Keeping it stored safely and securely is critical. Whether you are operating in the cloud, from an office, or from your home you need to be thoughtful about your data. In my professional life, strategies for keeping data safe have been mandatory for over 40 years. A consistent rule: to be able to recover, we have to have your data, no matter what. Further, the goal is to not lose any data on our watch.

If you have ultimate responsibility for the data in your office or home, you need to consider your strategies, your methods of backing up data and, ultimately, testing that you can restore from your data. This article will explain options, pitfalls and cautions on keeping your data safe. Further, you should comply with a written records retention policy. Backup copies, no matter where they are, need to be expired according to policy. The potential liability in keeping old backup, such as tape or USB sticks, for an extended period of time without managing expiration is extremely risky. Cloud vendors used for backup may also keep backup copies beyond your retention policy, including copies after you leave their service. For example, Microsoft deletes your files within 30 days of leaving their Office 365 service, but other vendors keep your data permanently.

 

What Options are Available?

Recommendations for good backup vary based on your size, recovery time objective (RTO or amount of time to recover), recovery point objective (RPO-how much data you are willing to lose), and your fault tolerance level. The quicker you want to recover and the less data you are willing to lose, the more expensive the approach will be. However, relatively short RTO and RPO is possible by using backup appliances. Backup appliances combine software and hardware into a product that operates with relatively little intervention to back up your data frequently and securely.

Costs vary widely by the solution. Clearly for homes and small firms, USB drives and Network Attached Storage (NAS) units are the low cost alternative, where a few terabytes of storage cost a few hundred dollars per month. Software frequently comes with a NAS for backup purposes. However a copy of your data needs to be in some off-site location, whether that is in the cloud or another home or office. Additionally USB and NAS alternatives typically don’t backup open files, SQL databases or email files correctly. When off-site cloud storage is used, expect costs in the fifty cent to one dollar (per gigabyte per month) range, although non-professional home grade storage is typically less expensive. You should not use home grade storage for professional purposes because the data does not have adequate protection. We expect providers to offer in excess of one terabyte of storage at no charge this year. Backup Appliances vary in price between $3,000 and $11,000. Two backup appliances can be used to backup from a primary location to a secondary location, eliminating the cloud storage costs, and potentially speeding the recovery process. If you contact me directly, I’d be pleased to review options with you directly, help you filter and select possible options, and obtain accurate pricing estimates for your situation. There would be no better use of my time than helping you or your firm prevent a loss of data.

The Backup Storage Options chart below illustrates some of the options available:

 

Pitfalls and Cautions

Things can go wrong with your data and corrupt either production files or backups. Cloud hosting and SaaS applications minimize the amount of responsibility you have for protecting the data. However, some vendors “lock the data up” and prevent you from getting your data back easily.

If you keep your data locally in your firm or home, user error, mechanical failure, intentional internal or external maliciousness, or other intrusions like viruses can destroy all of your data. Data may be mechanically safer in the cloud, but the regulatory risks increase. For example, the Patriot Act Section 215 provides for access to data stored in any data center without subpoena or notification in the U.S. According to our research over 25,000 such requests have already been made with less than 20 of the requests denied. If you store client confidential data in the cloud, this data may be provided to governmental agencies without your knowledge. According to Time Magazine, November 11, 2013, page 31, there is approximately 19 terabytes of information stored on the public web. There are another 7500 terabytes of information stored on the hidden or secret web that is used by government agencies and criminals alike.

Although not comprehensive, the Backup Pitfalls and Cautions chart above illustrates some of the issues for you to consider.

Key concerns with any backup data is the ability to restore, the protection of the data, the application of records retention policies, and the amount of time required to either backup or restore. With the 2013 disclosure of decryption technology held by governments around the world, my comfort level has dropped with cloud hosting, SaaS applications, and cloud-based backup. However, my caution primarily lies around risk mitigation and unexpected exposure of client confidential data. Make sure you have read the license agreement of any cloud storage provider before you use the service. Test your backups for reliability on a regular basis. And make sure you have ALL of your data backed up no matter what!

 

Randy Johnston is executive vicepresident and partner of K2 Enterprises and Network Management Group, Inc.

He is a nationally recognized educator, consultant and writer with over 30 years’ experience. He can be contacted at randy.johnston@cpapracticeadvisor.com.

Loading