The 3-2-1 backup standard has been with us for some time. Organizations were urged to keep three copies of their data. The smart thing to do was to keep an original plus two backup copies and store those copies in different locations. For example, the original copy might be on-premises on a server with one set of backup tapes on site and another stored externally. If a disaster happened, you could either use the onsite backup tapes for an IT problem, or the offsite tapes in the event of a natural disaster. Either way, the organization was protected.
But Chris Cummings, Vice President of Marketing at FalconStor, explains that this time-honored 3-2-1 pattern has been under an ongoing attack. Innovations such as disk-based backup, disk-based staging of backups, Virtual Tape Library (VTL), deduplication, virtualization, and the cloud brought about a dramatic shift away from tape. Organizations began backing up only to disk or throwing a copy of their data onto the cloud.
Does 3-2-1 still hold true? Should it be abandoned as a protection philosophy? Or has it merely evolved to fit the era of the cloud?
Ransomware Scrambles the Backup Market
The backup market has gotten scrambled over the past decade. Some ditched their onsite tape backup systems in favor of deduplication appliances. But a lot more decided to move their backups onto the cloud. Some even minimize the amount of data retained on site, driven by the allure of cheap cloud storage. To avoid a single point of failure, multiple clouds are sometimes used for redundancy.
However, the ongoing epidemic of ransomware has led to a new wave of backup disruption. Malware can infiltrate online backup systems and render cloud or on site backups useless. In the event of a ransomware attack, companies attempting a restore found they were locked out of their backups, or that the backups had been corrupted.
“Recovering from a cyberattack rather than a natural disaster can be quite challenging,” said Michi Schniebel, Principal Product Manager at Sungard Availability Services (Sungard AS). “It requires special features such as immutable data, recovery from long-term retention, or multiple recoveries to determine a clean retention point.”
The emergence of ransomware as a real threat to backup integrity has led to another resurgence in tape. After a few tough years in the wake of disk-based duplication, tape found its feet as the most cost-effective place to archive vast amounts of rarely used or inactive data. Now the ransomware scourge is giving tape another lease of life.
“The problem with backups is that as they are generally always online, they are subject to infection, and anything connected to the network is potentially within reach of a ransomware breach,” said Rich Gadomski, Head of Tape Evangelism at FujiFilm Recording Media U.S.A.
He recommends that backup be air-gapped (i.e., placing a physical gap between the network and storage media). Tape fits the bill as the cartridges can either be manually removed from an online tape system, or stored within a tape automation system that is maintained offline unless data on a specific tape cartridge is requested by IT. But unlike the systems of old, it no longer takes days to retrieve a tape. Data can be accessed in a few minutes.
Also read: Best Storage Management Software
Cummings notes that technological changes are causing organizations to review and refresh their aging backup systems and approaches. Gartner numbers suggest that 40% of organizations will replace their backup applications by 2022.
The days of backup systems being a low priority within IT budgets, then, appear to be over. According to ReportLinker, the global data backup and recovery market is predicted to be worth as much as $15.2 billion by 2027. That’s up from an estimated $8.4 billion in 2020. The U.S. market alone is worth about $2.3 billion currently.
High on the list for replacement are systems that are tape-only, all-cloud, or all-disk. As more ransomware attacks succeed and as more backups are found to have been faulty, infected, or corrupted, organizations are losing their complacency about tired old backup strategies inherited from predecessors. IT managers are rethinking backup practices and systems. They realize that over-reliance on the cloud or disk can leave them exposed.
“Modern backup systems must be able to seamlessly and rapidly transition from tape to disk to cloud,” said Cummings.
Instead of replacing the 3-2-1 concept, he believes it is evolving to fit the realities of the cloud. For some, this might mean using different clouds — one for hot operational data, one as a backup and a third cloud for redundancy. That might work for some, but if all these services are provided by one vendor, it remains a single point of failure. Multiple cloud providers for various information tiers is one way to get around this, but the network itself becomes a single point of failure.
Thus, backup architectures probably should utilize some form of 3-2-1 that takes advantage of tape, disk, and the cloud. Interestingly, even the big cloud providers quietly use tape for their lowest tiers.
FBI Backup Recommendations
The FBI has become active in issuing ransomware warnings, advising non-payment of ransom demands, and tracking down the perpetrators. It recommends policies such as regularly backing up data, testing those backups, and keeping a backup copy offline. In addition, it recommends the utilization of multi-factor authentication, installing all security patches, and developing an incident response plan.
“Companies should review and test their disaster recovery plan as well as their backup and restore capabilities in a cyberattack scenario,” said Schniebel.