Putting an end to the backup myths

Pfungstadt, May 2023 - The relevance and value of data is increasingly becoming the focus of economic and social activity. As a result, reliable data backup and recovery is also becoming more important. Just the right time to debunk a few widespread backup myths.

1. Data only needs to be backed up so that it can be restored in the event of a disaster
   This myth is disproved on a daily basis. Data loss is now part of everyday life for companies and it doesn't necessarily have to be a disaster such as a flood, fire or ransomware attack for data to be lost. It is much more common for data to be damaged or deleted due to carelessness or technical problems. And such data loss does not necessarily only affect the server, but often also the employees' end devices. In principle, however, the cause of the data loss is of secondary importance. The only important thing is that an up-to-date backup copy of all data is available so that it can be restored and work can continue with as little interruption as possible.
2. The cloud provider is responsible for the security of the data in the cloud backup
   This misconception is also widespread and often gives cyber criminals an easy ride. The fact is that the responsibility for the security and protection of data lies exclusively with the cloud user, i.e. the company. In many cases, there is a lack of knowledge about which protective measures are actually provided by cloud providers. In most cases, cloud users assume that data security and data protection are the sole responsibility of the cloud provider, which leads to a false sense of security. In fact, it is the sole responsibility of the user to ensure that their data is adequately protected. It is alarming that a survey of German managers revealed that 58% assume that the cloud provider protects the infrastructure, applications and data in the cloud environment.
3. There is no difference between data backup and recovery
   This assessment is wrong, because both data backup and recovery are important for business continuity. Nevertheless, there are differences: data backup focuses on the protection and secure storage of data. In contrast, data recovery is about being able to retrieve backed-up data as quickly as possible and restore it to systems. Consequently, both reliable data backup and fast data recovery are crucial for a company's business continuity.
4. A weekly backup cycle is sufficient
   Such a cycle can be followed, but then data security is not very good. The fact is that a lot can happen in the time between the last backup being created and the data being lost. Therefore, the shorter the intervals between backups, the lower the potential loss of data in an emergency. The shortest backup interval is an immediate backup every time data changes, no matter how small - the "continuous backup". Only by permanently and consistently backing up data at short intervals can long production downtimes, major damage to image and much more be avoided. Fortunately, the majority of companies already seem to be aware of this danger. According to a survey of 3,000 IT decision-makers, 57% are planning specific measures to ensure modern data backup by the end of the year.
5. Backup-as-a-Service is less secure than an on-premise data backup in the data center
   The opposite is true: with the cloud as the destination for distributed data storage, the risk of data loss is lower than with an exclusive on-premise backup. It is therefore important to integrate the cloud into a scalable and agile backup strategy. In a data-driven world, growing data volumes also bring new requirements for data backup and Backup-as-a-Service is the leading model for the future. Geo-redundancy means that the backup is geographically located elsewhere, which automatically reduces the risk of data being lost due to unforeseen events such as natural disasters, technical faults or human error. Back-up-as-a-Service solutions also feature modern encryption technologies, so that data is protected even if a backup falls into the wrong hands.
6. The native encryption of a cloud backup provider is sufficient
   No, data is only really secure with strong encryption that takes effect before it is transferred to the cloud. Otherwise, the backup provider has access to plain text data and this should be avoided. At this point, it is important to clarify the circumstances under which public authorities from third countries may access personal data from EU companies. To avoid this conflict, many US cloud providers rely on EU subsidiaries, which then store the data in the EU. But even with this construct, it is not possible to prevent a subsidiary from releasing EU data to US authorities under pressure from an American parent company. Another problem is that EU citizens do not have the right to object to data processing - in other words, they cannot exercise their rights as data subjects, as is the case with the GDPR. Sensitive data should therefore be encrypted before being transferred to the cloud and personal data should remain so during processing and storage across national borders.

As it turns out, modern backup options are not only better than their reputation, but their use is long overdue. This makes it all the more important to get rid of old ideas - not to say prejudices - and to make a bold move towards modern technologies.