Backups seem, at face value, very simple. You find a vendor, and they take your data offsite.
But, there are a few quick questions to ask when hunting for your ideal backup partner.
Is the service you are looking at a backup or synchronisation to the cloud?
The devil is in the details, and understanding the details is the 1st step.
The definitions of both options are below.
These explanations should give you some clarification as to what solution you are looking for:
Backup – A “snapshot” of your data taken at a particular time of the day; this can occur more than once a day. When this snapshot leaves your premises, it is encrypted with 2 stage encryption, and when it gets to the destination, your data is stored for that day. However, most backup solutions keep more than one copy. This is called retention. Information is retained anywhere from 5 days to 90 days. This means there are, in theory, 90 copies of the same file to protect from infections, and we can restore different versions if a file becomes corrupted. Services are, i.e. Redstor, Acronis, N Able etc.
Synchronisation – A “synchronisation” of your data is sent to an offsite location in real-time (as files change). This is a great solution when sharing files within a business – i.e. Microsoft OneDrive, Google Drive, Dropbox etc. These services state there are previous versions of files and redundancy, but there is no guaranteed. This service is best when paired with a backup, as mentioned above.
How often are my backups monitored, and who is responsible for this?
Usually, backup solutions are set up and forgotten and only checked when recovery is needed.
Ideally, you would like to look at a solution that comes with an agreement that the business backups are checked daily and a monthly “disaster recovery” occurs. This entails data being retrieved from the “cloud” and tested in your environment to ensure it works.
Alternative solutions will be set up and require you to check the backups. If this is the solution you go for, a follow-up question would be, “Will I receive an alert if there is an error with my backups?”, most of the solutions out there can do this. However, I would make extra sure.
How easy is it to restore my backups?
This question will differ depending on how much control you want over your businesses backups.
Most vendors with service agreements in place will assist you with the restoration as part of their commitments.
When you go for a self-managed solution, ensure it is a straightforward process to recover the data; during data loss. This is one stress you can do without. It should not take you more than a few minutes to start the recovery.
Does my backup provider comply with local laws?
Most solutions are internationally recognised, which mean they probably conform to GDPR, which is a lot like our POPIA act, but there are some discrepancies
Potential article to help case:
GDPR vs POPIA | Compare the GDPR with the POPI Act?
The final question is for the business and not so much the vendor: Do you have the correct process of storing passwords?
If you lose your encryption keys with an encrypted backup, that is the end of the road. As much as the vendor should keep these, I believe you should keep this as well. We live in times where even the biggest entities are being compromised, losing valuable customer information. Yes, this is their problem, but it does no justice to your business if they cannot retrieve that data.