This is a guest post by Dr. Jonathan Reichental, Founder of Human Future, Author, and Professor
Often when I am teaching or presenting on the topic of cybersecurity, I’ll start with asking the audience for a show of hands regarding how many people regularly backup their personal smartphones and laptops. The request is usually met with a round of nervous laughter. Few hands go up.
Most people recognize the importance of backing up their precious digital memories, but far fewer actually do it—at least not on a regular basis. Those who also verify their backups and create redundancy—storing multiple backups of the same data in different locations to avoid a single point of failure—are even fewer.
But losing data is no laughing matter. This applies whether it’s data on our personal devices or essential data that lives in data centers in enterprises, government agencies, and cloud providers.
I’ve seen people cry after losing their valued data, whatever the reason, and I’ve observed the professional embarrassment of technologists unable to restore data in the enterprise.
As someone who has been a technologist in the private and public sectors for over 30 years, I’ve observed and experienced the incredible value that quality backup strategies and investment have had on organizations. But it’s also been sobering to see the gap in where many businesses should be versus where they actually are in their backup maturity.
Effort now may eliminate regret later
Having spent many years working within the public sector and now on the outside serving government clients, I recognize there’s been a lot of improvement in the past few years. That said, backup implementations continue to require further investment and attention.
The urgency of a robust backup strategy for governments is amplified by a significant uptick in the frequency, scale, and complexity of cyberattacks on public agencies in the US.
The basics of a quality backup strategy include ensuring the right data is being backed up at an appropriate frequency, is easily restored on-demand (including regularly testing restores), and the backups are protected.
The reality is that even these basics are often not being addressed. This is sobering particularly as backup requirements become more complex in a world of cloud-solutions, remote workers, and a proliferation of personal and business devices.
So, why does a process as important as data backups in an increasingly digital public sector not get the attention it requires, and what can be done to change the game?
Four suggestions for stepping up your data backup game
- Elevate data backups as an organizational priority
Sure, data backups don’t sound like the most glamourous of functions, but neither does insurance. We easily recognize the value of the latter. The ability to recover from any data disruption is a function of organizational resilience. Just like other functions that are prioritized in order to bounce back and continue operations, data access must be placed into that top-priority category.
For non-technology leaders and staff, frictionless access to data is taken for granted. There’s almost always a surprise when the IT team informs them that either the data will take time to restore, or more upsetting, that there is no backup for the data they need.
Managing data is viewed as a technology function, but governing data—leveraging its value–is a cross-functional responsibility. This includes ensuring that the right data is available at the right time to the right people. Leaders across the organization are responsible for making data governance a priority.
Since we’re talking about public agencies here, it’s important to gain the support and overt approval of elected officials to make data backups a priority within broader resilience goals.
- Make backing up data a strategy, not a tactic
It’s easy to put piecemeal backup solutions in place. They’ll provide some comfort and hit a few checkboxes, but this is short-term thinking and doesn’t provide the necessary rigor that today’s public agencies require.
What’s really required is getting the support and funding from the agency to develop and implement a comprehensive backup strategy. This strategy will include a vision for backups. For example, is it the expectation that certain categories of data should be restorable in close to real-time?
A strategy means agreeing on a vision and identifying the practical steps to get there. At a minimum it will include investments in software, hardware, processes, and training. Depending on organizational size, it may also require dedicated and specialized talent.
- Recognize the extent and complexity of contemporary data backup needs
When I started my work in technology over 30 years ago, backing up data was a relatively simple proposition. It usually involved backing up a single device onto tape. In many business environments, technology architecture had a great deal of homogeneity. For example, both clients and servers may have used IBM PC-compatible hardware and run on a version of Microsoft Windows. Backing up within an environment like this was a breeze.
Today, even a modest public agency has anything but homogeneous architecture. In addition to mixed operating systems and varied hardware architectures, devices may be business or personally owned, connections might be local and remote, devices could be smartphones, tablets, laptops, desktops, and servers; and the data may reside in a multitude of locations, including on-premises, co-located, and in the cloud. Architectural complexity is a defining quality and the right back-up solutions must reflect this.
- Ensure cloud solutions are part of the data backup strategy
In the early days of cloud computing, an advantage often promised was that IT leaders would no longer need to worry about backups. The notion was that the vendor, who was now providing software as a service over the Internet, was fully responsible for ensuring that the software and data were regularly backed up. This advantage, though containing a modicum of truth, has been widely misconstrued.
It’s true that cloud providers back up software and data regularly. Afterall, they’re motivated to ensure that in the event of a major data disruption, they can quickly resume providing services to their paying customers. But for many providers, this is the extent of their backup and restore capability.
The most likely scenario for an organization that needs to restore data isn’t a catastrophe, although those do happen. More likely are staff requests to restore some recently deleted emails, or retrieve a file that has gone missing from a server, or identify and restore content for a public records request that may go back a few years. Technology staff may need to restore a configuration file or a particular system state.
Popular cloud products such as Microsoft Office 365, which includes email, their flagship productivity suite, and collaboration solutions such as Teams and SharePoint, don’t provide this granularity of backup management right out of the box. For this, a deliberate strategy is required, one that may involve third-party solutions.
The imperative of good backup strategy
Leadership isn’t necessarily demonstrated when everything is running smoothly. In fact, when everything works, few people notice. When things go wrong, that’s a whole different story. That’s when leadership is especially visible. This is when planning and preparation pay off.
In a world of uncertainty and complexity, resilience has been prioritized. Organizations want to be able to withstand the punches that come their way, and they want to defend themselves and bounce back quickly.
For public agencies, often at the forefront of resiliency management for incidents including natural disasters and cyberattacks demanding ransomware, government leaders will shine if they are well prepared. A quality tested backup strategy will serve them and our communities well.
Tego has the engineering expertise to help you implement an effective data protection solution. Contact us today to learn more about backing up your Office 365 data.