This is my fifth excerpt from my The 7 Deadly Sins of Backup and Recovery whitepaper.
Software security threats often grab headlines and the attention of IT execs. But what is often forgotten is physical security, which can also disrupt a company’s operations and undermine its backup and recovery plans. Surprisingly, many companies do not have a formal process for regularly taking backup copies to a remote location. Those that do may use an assistant’s car trunk for tape storage and tape rotation…obviously not a suitably rigorous and reliable approach.
An increasingly large number of firms must store information off-site to comply with legislative requirements, like Sarbanes-Oxley and the Gramm-Leach-Bliley Act, which have requirements for formal (and often off-site) retention of key data.
Organizations think of off-site storage as protection against true natural disasters, such as hurricanes or other events that can physically destroy a building. While there’s ample recent evidence of this risk, the benefits of off-site storage cover a multitude of less dramatic but equally damaging potential problems.
For example, simple water damage from an air-conditioning drain or a leaking supply line can destroy a backup set in minutes. Burglary is a less-frequent but equally powerful risk. Loss of one’s only backup disks due to a burglary can destroy an organization’s information safety net.
Finally, we hear all too frequently of disgruntled employees who gain enormous power over an employer by destroying or holding hostage a crucial set of backups. Again, this risk can be mitigated easily by maintaining current copies off-site.
The logistics of keeping data off-site are much simpler today. Using removable disk drives as an archiving medium reduces the physical space required for off-site storage. Today’s systems typically provide fully integrated support for archiving as a part of the overall backup process.
In fact, today’s hard drives are thought by most experts to be far better than burning DVDs as a backup medium. CDs and DVDs have well-documented problems with surface oxidation that can render them unreadable much more quickly than once thought. For many firms, removable disks are now the archive medium of choice since they have a small “form factor” and are highly stable.
Best practices involve keeping five successive weekly master backups off-site at all times, as well as end of month archives of the full system. Careful organizations keep bare metal images of all their critical servers off-site as well on similar rotation schedules.