Backups need You
Aka: Data and the necessity of strategy
So, a lot of people work in offices. Whether it’s in blue collar roles cleaning up stuff or helping out with materials and construction, or white collar working in offices and staring at Excel spreadsheets and emails on the computer screen; a lot goes on in offices. Every minute of every day there’s activity going on, projects to get done, and more quotas and meetings to meet. It can be a panic inducing setting, as is, with just the bare minimum going on the day-to-day.
What happens when there’s issues that aren’t so readily apparent, when servers and networks mess up, or when important data is lost or altered?
Well, that’s where cybersecurity comes into play. In this post, I want to take a quick look over the ideas of backups, and why they are so necessary, especially now in this more cloud-based, and Generative-AI driven, digital world. But first, let’s understand what we mean when we use the term “backups.”
“Backups” in this case do not just mean copies of files or folders on a Google Drive or on a personal USB, or even folders copied and pasted over into a new folder on the same computer or someone else’s laptop. “Backups” mean the strategic and organized replication and storage of important data, whether hard-copy(physical) or on the computer(digital).
I’ll speak a little from personal and professional experience on the importance of having backups and a clear strategy for them, but primarily, let’s address the elephant in the room: we are not as secure as we like to imagine that we are. It’s a bit like popping a balloon hours after a party ends; it’s jarring and not as joyful or fun and easy going as the party before, but it is a necessary thing to deal with, and to jar one’s self back into reality.
Organizations both at home and abroad, from small start-ups to the biggest tech and financial and health sectors in the globe, deal with data. Namely, your data, my data, endless waves upon waves upon waves of Data. So much data is being processed at any given moment, it would probably fill up billions of metal cabinets the world over. It’s tough to quantify, but it is important, especially in cybersecurity, to make sure of one thing: keep data secure and make sure there are backups.
There’s Governance, Policy, and Compliance, or GRC, to help make sure organizations and businesses keep their data governance and backup policies consistent and available to the ones whose data is being processed and saved. That’s the whole foundation of the CIA triad: Confidentiality, Integrity, and Availability. Confidentiality, which means only the people that need to see the data or information can see it; Integrity, which means data and information is not altered and is kept clean; and Availability, which means people that need access to their data can access it, no downtime or interruptions.
To have backups means to be able to facilitate, or help process quicker, recovery. With this need for backups and for keeping track of data to help with recovery efforts, there are also some policies and standards that help with maintaining best practices and standards. The one I tend to subscribe to the most is the NIST Cybersecurity Framework.
NIST, an acronym for the National Institute of Science and Technology, funded by various foundations and projects, and founded by Congress officially in 1901, continues to maintain and streamline cybersecurity practices for tech and government agencies here. Their big pillars are the following: Identify, Protect, Detect, Respond, and Recover. They have tons of documentation detailing the practices and standards going on in the industry, and how organizations both large and small can help maintain and upgrade their cybersecurity practices. Within this framework, there’s even a subcategory for backups of data, of information: “NIST Cybersecurity Framework Subcategory PR.IP-4: Backups of information are conducted, maintained, and tested. An organization does not need to adopt all of the recommendations, only those applicable to its unique needs.”
The international standard in cybersecurity for organizations, ISO27001, helps organizations manage the security of their information. I feel like this standard can also expand upon the importance of backups for your data. ISO27001’s point regarding backups is as follows: “According to ISO 27001, data and backups are addressed primarily through "Annex A 8.13 Information Backup," which mandates that organizations implement robust backup procedures to ensure the protection and availability of critical data and systems by regularly creating, testing, and securely storing backups to enable timely recovery from data loss or system disruptions; this includes defining backup strategies based on data sensitivity and business needs.”
I can see moments, in both my personal and professional life, that these policies and frameworks would have helped out a ton.
As a writer, and guy who likes reading online books and saving old video games, I tend to have a lot of data at any one time on my PC and my laptop. But the more you have on your digital devices, the more data you have, the higher the chances are that you’ll run out of space and need to do backups. So, the more I would upload and have on my computer, the less and less storage I would have. Even as a high schooler and then a college student, this lesson took a while for me to notice. That is, until one day my PC ran into a driver error, the BSOD or Blue Screen of Death. And I lost gigabytes of data, games and stories and poems and old photos. Stuff that, without proper storage and backups, was gone. I swore I would do my best to keep things neat and organized, to have a plan.
I did not.
I went through that experience, tried my best for a few days to keep things organized, and then promptly ran right back into my old habits.
I’ve run into situations where, in trying to back up data, the easiest or most upfront option is not the best one to make. While writing my graduate thesis back in 2018 and 2019, I found myself faced with another data dilemma: my Google Drive. My Google Drive, repository of term papers, research, and PhD applications, was an unorganized mess of files and folders. For a long time, I kept adding onto it, uploading more things and working on more papers. Until, near graduation day, near the end of my thesis writing, I noticed that not only was I at the time running out of storage space. So, I had to start deleting a lot of files, a lot of data and application information, that I wish I could have saved. But, without having a strategy and plan in place for keeping backups of data at the helm, it was soon a lost cause. And a few years after that, again without a plan in place or the foresight to work on securing backups of old data, that edu email connected to the Google Drive account was cut off from all alumni, and all that data was soon lost into the digital abyss.
You would think I would, at least in my personal life, learn my lesson and keep backups of my important data saved properly, with a plan. But, unfortunately, the lessons quickly came and went, and I trudged onwards with even more data. Now, these data and backup-less problems followed me into the professional field, into Sharepoint synching (or lack thereof) and Microsoft OneDrive issues. As a tutor, and then many other roles in the academic and office realm, and losing access to accounts and emails, data and presentations I created and lead. All gone, again, when leaving the job and the OneDrive account disappeared.
So, after many years, I finally decided to come up with a strategy, a plan, for making backups of my data: not depending on a single possible point of failure for all my files and folders, for all of my data. Having multiple avenues, multiple areas to backup my data, and keeping them updated and organized. From my time in different software and Information Technology bootcamps, organizing all the information became supremely important. Whether in Google Drive or on email, organizing data in folders, and then having them saved on a USB drive as well, along with another external storage device, an external hard drive with a USB connection, helped me feel more sane and with more piece of mind.
I feel now that I can follow the NIST recommendation with this new strategy, in keeping the backups updated and secure: “Backups of information are conducted, maintained, and tested. An organization does not need to adopt all of the recommendations, only those applicable to its unique needs.” Any individual, working with their own data, is an organization in need of keeping proper backups moving. And any organization, small or startups or large enterprise, without backups in place for data, is playing a very dangerous game.
Organizations that fail to follow the ISO27001 recommendation, where “organizations implement robust backup procedures to ensure the protection and availability of critical data and systems by regularly creating, testing, and securely storing backups to enable timely recovery from data loss or system disruptions…”, are failing themselves and others in the field. We can also extend this to the Cloud, to cloud computing that’s instantaneous and has a lot of data to collect and backup.
The Cloud is a great thing to have, too, in terms of backups, S3 Storage Buckets ala AWS and Azure Backups in Microsoft Azure. However, misconfigurations abound, and data not properly backed up can lead to even more problems. In AWS, for example, adding data that you need for compliance into the wrong archival/backup tier, like the Glacier tier instead of a more immediate solution, means losing out on the ability to bring back data from the backups in a quick manner. With the other service, Azure Backup, again pops up the question of proper configuration and planning: you have to plan on how to handle the data, along with the backups of that data, and the policies and compliance and costs of keeping that data backup securely stored and ready for recovery.
All in all, I have wanted to point out the importance of Backups, of keeping your Data secure. When we speak on organizations and their need to keep data secure, it feels easy to forego the responsibility of the individual. But you, your data, your work, your information, that is important, too. It is better to stay prepared and to be ready, and to have a plan for making backups of important information. From important documents to the more mundane but still important documents and projects, it’s time to think strategically on the best way for you to backup your own data. Sometimes, it’s just about keeping things simple: don’t leave things to the last moment, avoid single points of failure, and always keep your data and backups updated and secure.
I hope you’ve enjoyed this piece, and I plan on making a short and fun tutorial on starting up with Linux and Linux commands next week!
