Having a backup of important data is crucial for any individual or organization. Backups provide a way to restore lost or corrupted files in the event of a disaster. However, best practices recommend keeping backup copies in a different physical location than the original data. There are several key reasons why separating backup locations from original data is so important.
Protects Against Site Disasters
One of the main reasons to keep backups in another place is to protect against physical disasters affecting the site where the original data is stored. Events like fires, floods, tornadoes, earthquakes, or other natural disasters could damage or destroy equipment at the primary site. If the backups are stored at the same site, they could be rendered useless when disaster strikes. Storing backups offsite ensures they remain intact if something catastrophic happens to the original location.
Example Scenario
Imagine a small business has all its servers and equipment at its headquarters. This includes the live database server as well as an onsite backup server. One day, an electrical fire breaks out and ravages through the building. While safety is the top concern, once the fire is contained, the business will find that all its data and equipment is completely lost in the blaze. Had they kept an offsite backup at another location, they could have restored data after the fire.
Protection Against Malicious Acts
In addition to natural disasters, keeping backups separate from original data also provides protection if the primary site suffers from human-caused damage. Theft, hacking, data deletion or corruption, equipment destruction, or other malicious acts could all put your original data at risk. If backups are kept onsite, they could be compromised or destroyed just as easily as the live data. Storing backups at a different physical location makes them less vulnerable to intentional attacks.
Example Scenario
A disgruntled employee decides to delete important data from a company’s database right before leaving the organization. Because the live data and onsite backups are both stored on the company network, everything is erased. The ex-employee’s malicious act results in months of lost data that cannot be recovered. If the company had an offsite backup, they could have restored the deleted information.
Distance for Geographic Redundancy
In addition to different sites, geographic distance between original data and backups provides redundancy against regional outages or disasters. If backups are kept in the same city, they could be affected by large-scale power outages, telecoms failures, or other geography-based disruptions. Storing backups a safe distance away offers protection if a metro area loses utilities or experiences a regional disaster.
Example Scenario
A data center experiences a large-scale failure of its electrical systems due to an overloaded power grid, and the entire city including suburbs suffers a blackout. Any other data centers in the same metro only have backup power for a few hours before going offline. However, a company that keeps its backup servers a few states away will remain unaffected by the regional outage.
Safeguard Against Human Error
Having an offsite backup can also help recover from major human mistakes that affect data at the primary site. Accidental mass deletions or data corruption, incorrect configurations that damage systems, and other big user errors are much easier to remedy when reliable backups are stored in another location.
Example Scenario
A system administrator accidentally deletes an important directory of files from the primary file server. If the backups are kept onsite, the deleted files are missing from the backups as well. Without an offsite copy, the files may be unrecoverable. Proper offsite backups make it easy to restore the missing data.
Compliance with Data Regulations
Many government regulatory standards, such as HIPAA for healthcare data or PCI-DSS for credit card information, require keeping backups separate from original data. Storing backups offsite provides compliance with data protection regulations in the jurisdiction. Violating compliance could result in heavy fines.
Example Scenario
A hospital keeps protected health information in its primary electronic medical record system. However, the daily backups are kept on an additional server at the same site. When audited, the hospital is found to be out of compliance with offsite backup regulations and is fined.
Better Option than Only Onsite Redundancy
While having redundant onsite backups provides some data protection, offsite backups are still a much safer option. Copying data to separate servers in the same building is vulnerable to site-wide problems. And the rapid proliferation of ransomware makes purely onsite redundancy less viable, as malicious encryption can spread rapidly on a LAN.
Example Scenario
A company stores backup copies of data on multiple servers at their headquarters. A ransomware infection manages to propagate throughout the network from a single point of entry. With all the onsite backups connected to the same network, soon everything is encrypted. Restoration is only possible via offsite media.
Supports Business Continuity Needs
Having offsite backups makes it possible to continue business operations even after a disaster or outage at the primary site. With onsite-only redundancy, an event could take down both the production systems and backups. But offsite backups mean IT infrastructure and data can be restored at an alternate location if needed for the business to resume operating.
Example Scenario
A storm causes flooding at a company’s primary office, making it unusable. With offsite backups at another data center, the business can shift its IT infrastructure to the secondary location. This allows operations to continue with minimal downtime while repairs are made.
Improved RTO and RPO
Offsite backups are critical for achieving low Recovery Time Objective (RTO) and Recovery Point Objective (RPO) for a business continuity plan. RTO represents the time to restore operations after an outage. RPO reflects how much data could be lost. Having backups nearby makes restoration faster and data loss minimized.
Example Scenario
A company suffers a ransomware attack that cripples its primary servers. With offsite backups at a facility just 20 miles away, the RTO to get back online is under 8 hours. And the RPO is only 10 minutes of data loss prior to the attack. This business continuity could not happen without offsite backups.
Extra Protection for Critical Data
For extremely business-critical data, some organizations choose to keep backups in yet another tertiary offsite location. This provides an extra level of protection in case both the primary and secondary sites suffer outages. It is the most cautious approach for irreplaceable or highly sensitive data.
Example Scenario
A financial firm keeps copies of crucial records and transactions at a primary site, offsite backup location, and separate out-of-state bunker. This ensures that no single disaster could destroy the critical customer data required to keep the business operating.
Minimizing Risk of Physical Media Failure
Storing backups on physical media like external hard drives, tapes, or mini-disks gives greater portability for offsite transit. But keeping the media nearby long-term does not isolate their physical failure risk. Geographically separating media backups protects against site disasters affecting the media.
Example Scenario
A law firm rotates backup tapes between onsite servers and a tape safe at the same location. A fire destroys the building and all its contents. Both the live data and tape backups are lost. An offsite vault would have protected the tapes.
Cost Savings from Better Security
Maintaining a secondary physical site for offsite backups certainly incurs technology and logistics expenses for an organization. However, the enhanced data protection and improved recovery capabilities typically offset the costs many times over when considering how much downtime or data loss is avoided.
Example Scenario
A hospital spends $100,000 annually to lease and operate an offsite data center for backups and business continuity needs. When ransomware strikes their main servers, it takes over a week and $250,000 to recover without the offsite facility. So the upfront expense resulted in a net savings.
Integration with Cloud Backups
Offsite backups to the cloud provide geographic diversity but can have drawbacks like slower recovery. Maintaining both local offsite backups plus cloud-based redundancy provides both rapid restore and geographic distribution for optimal data protection.
Example Scenario
A company uses cloud storage for some backup needs but also mirrors data to a remote data center. When the cloud provider has an outage, backups can be restored quickly from the local offsite facility until stability returns.
Supplements Multi-Cloud Approach
Adopting a multi-cloud backup strategy with diverse vendors helps avoid dependency on any single provider. But even large cloud platforms can suffer outages. So offsite backups at a secondary facility add redundancy if cloud services experience degradation.
Example Scenario
An online retailer replicates data across multiple public cloud environments. When two cloud services have simultaneous downtime, the company temporarily shifts operations to its own offsite center until redundancy is re-established.
Offsite Data Replication Options
There are various methods for replicating data to an offsite backup location. Mirroring to a secondary data center provides continuously updated redundancy. Tape rotation is more manual but offers air-gapped protection.
| Replication Method | Benefits | Drawbacks |
|---|---|---|
| Mirrored Data Center | – Continuous real-time updating – Fast RTO/RPO |
– Higher cost – Dependent on WAN link |
| SAN/NAS Disk Replication | – Scheduled incremental updates – Provides versioning |
– Storage space requirements |
| Secure FTP Transfer | – Simple to implement | – Only batch updating – Bandwidth impact |
| External Drive Rotation | – Air-gapped protection – Unlimited capacity |
– Manual labor – Slow recovery |
Comparing Backup Storage Media Options
Several physical media types are available for storing offsite backups. Each has pros and cons to consider when selecting the right option depending on backup infrastructure.
| Media Type | Benefits | Drawbacks |
|---|---|---|
| Tape Cartridges | – Mature tech – High capacity – Long lifespan – Portable |
– Sequential access – Slow transfer speeds – Data integrity risks |
| External HDDs | – Fast access – Simple USB interface |
– Individual drive failure risk – Capacity limits |
| Removable Disks | – High capacity – Random access |
– Higher cost – Bulkier than tapes |
| Cloud Storage | – Highly scalable – Managed service |
– Monthly costs – Limited control |
Security Best Practices
Proper security measures must be implemented for offsite backup locations and media to ensure protection. Some best practices include:
- Encrypting backup data whether at rest or in transit
- Using dedicated backup systems isolated from network
- Storing media in a secure, climate-controlled facility
- Managing keys and passwords separately from backup site
- Restricting physical and logical access to backups
- Using barcodes, labels, logs for media tracking
- Enabling monitoring, alerts, auditing on backup systems
Testing Restore Procedures
While having offsite backups provides assurance of recoverability, the protection is only theoretical until tested. Companies should regularly verify backup integrity by restoring sample data. Test restores should cover:
- Backup infrastructure components like networking, utilities
- Core server configurations and domain services
- sample data from storage volumes, databases, and applications
- User access and client connectivity to restored systems
Periodically exercising restore capabilities verifies backups are viable and identifies any issues to address before an actual crisis scenario.
Developing a Comprehensive BCP
Offsite backups are a crucial part of business continuity planning but not the only component. A complete BCP will also address items such as:
- Emergency communications procedures
- Defined roles and responsibilities
- Alternate work locations for staff
- Critical application and data recovery steps
- Failover infrastructure and procedures
- Vendor and supply chain contingency plans
Having a documented plan makes responding to a disruption more effective. BCP should be periodically reviewed, tested in simulations, and updated to match evolving business needs.
Personnel Considerations
The human side of backup and BC planning includes:
- Cross-training – Multiple staff members should know how to correctly perform restores and DR tasks.
- Remote access – Employees may need to activate offsite backups remotely in a crisis event.
- 24/7 contacts – Vendors, equipment suppliers, and other critical partners should be reachable at any hour.
- Team coordination – Hold exercises to sharpen responses and communications.
Having procedures dependent on a single person’s expertise represents a potential single point of failure. Ensure broad backup know-how across both IT staff and management.
Conclusion
Backing up data is among the most crucial IT disciplines for any organization. While seemingly simple in concept, history shows that many learn the hard way when disaster strikes. Carefully planning backup infrastructure, processes, and policies to keep copies offsite from original data can mean the difference between smooth recovery or permanent loss. Strategically locating backup systems, and testing restoration, gives organizations confidence their information can persist through catastrophic events.