I have a backup for my systems – now what?

For many organizations, the necessity of establishing an archive and backup for their critical systems has become self-evident. The rise of cyberattacks targeting larger organizations and the corresponding severity of the same has prompted a greater focus on establishing safety nets to backstop preventative cybersecurity measures. At the same time, gaps remain – largely in how organizations apply the solutions they’ve acquired.

While having an archive and backup provides an excellent safety net in case of anything going wrong in your live environments, the fact of the matter is you need to take additional steps to ensure the backup itself remains safe and secure. If improperly set up or not adequately protected, the backup itself may become a target for cybercriminals looking to extort your business. Therefore, let’s look at a few different ways you should be using your disaster recovery options most efficiently:

Airgapping – the first step to achieving security

Air-gapping is an advanced data protection feature used to isolate your storage and database from unsecure networks, production environments, or live systems. In this way, penetration by hostile software does not affect the archive and backup, leaving the storage and database intact for reference and an eventual full or granular restore depending on your needs.

Airgaps can be divided into two categories: physical airgapping, and logical airgapping. A physical airgap is a conceptually simple one – it’s a complete disconnect of your live system from the backup. There is a number of ways to achieve this, ranging from the more archaic physical-medium disk or tape based backups to physically switching the backup system off when it is not in progress of performing a backup or restore job. However, both of these options are clumsy and restrict access to stored files, harming productivity.

The latter option, logical airgapping, is a more balanced approach where the archive or backup remains physically connected to the live system and switched on, but remains isolated via various logical processes such as role-based access controls or software-defined networking. By restricting access to the archive and backup, segregating it to certain partitions within the network or beyond mount points, and otherwise isolating it you can achieve a greater degree of security while maintain flexibility. This is especially useful if you want consistent read access to archived files to be available.

Access control is key to maintaining security

As touched on above, one of the next – and unfortunately also most often disregarded – steps is to ensure that access to systems is restricted based on roles and responsibilities within an organization. This means that access to the archive and backup should be restricted to certain people, ensuring that a compromise of a company account does not necessarily lead to a compromise of all systems.

This is, of course, a balancing act. As mentioned previously, one of the major advantages of an archive is maintaining constant access to files and allowing archived files to be worked with, as well as opening the possibility of offloading the live system for better performance and lower maintenance or storage overflow costs. A good way to achieve this balance is by granting read-only access to role-relevant sections of the archive – if your archive and storage software allows for this option.

Authentication and accountability

No less important than access control is the ability to track user actions in your archive. While previous points primarily focused on prevention aimed at exterior threat, this is a key aspect of maintaining security against interior threats (both deliberate malicious action and accidental data mishandling).

One of the ways this can be achieved is by issuing managers and users unique passwords and access credentials. Not only is this the first step to achieving access control, which we covered above, but it allows for administrators to build an audit trail of unique individual user actions.

In conjunction with limiting access to archives to read-only (a step you should also be taking in order to keep your organization in compliance with data retention and handling regulations), establishing good authentication policies and procedures will keep your critical information backstopped against mishandling, accidental deletion, or deliberate manipulation and provide still more layers of safety net for your organization.

Redundancy – a byword for success

Maintaining data redundancy is another approach that can insulate your organization against potential disaster. It is also one of the most difficult, since it requires compromises to be made in terms of efficient data structures and storage volumes. Navigating the possibilities offered by your archive and backup software as well as your storage or storage provider (if on the Cloud) should give you a clear picture of what you can achieve.

It is recommended where possible to maintain two layers of data storage redundancy to maintain business continuity if one system fails. In other words, we’re talking about keeping duplicate storage in two physically separate locations. For organizations making use of the Cloud, this is already usually a default.

Beyond mere duplicates, an important question to look into is also if your system allows for document versioning. Versioning of documents provides an important layer of possibilities beyond what typical backups can provide, allowing you to roll back unwanted changes to key files – whether they be deliberate or accidental.

Ensure your archive and backup offers the maximum possibilities

Knowing how to best set up your archive and backup is one thing, but the prerequisite remains being certain that your chosen solution can provide you with the needed features and settings to achieve success. Older archives and backups lack many of the updates that are needed to keep your internal data safe, present you with the desired quality of life and control options to meet your personal needs, and maintain employee productivity.

TECH-ARROW’s contentACCESS unitary archive and backup by design intends to meet as many needs as possible in a single solution. We have a proven cybersecurity track record for our solution, and can have it configured in such a way as to maximize your organization’s data safety.

At the same time, contentACCESS was designed from the ground up to be an accessible system that can maximize your productivity without compromising on safety. Employees can access their archive in read-only mode and continue working with documents that have been offloaded from your live system, easily browsing through this historical data thanks to our powerful full-text search system covering everything from emails and attachments to archived files and documents – all in a single interface. Added to the function as a backup and to the data retention compliance possibilities, contentACCESS can stand alone and cover the full spectrum of archiving or backup needs.

Why choose TECH-ARROW

TECH-ARROW was founded with the goal to create a unified and modern archive and backup solution meeting all the future needs of the rapidly changing world of data security and retention. We have been continuously growing over the last ten years to meet our vision of technological evolution in the world of secure data archiving and intelligent backups. During this time, we have also worked on expanding our wide range of products to best represent the needs of our clients and reflect developments in a rapidly evolving market.

Operating globally, with over a thousand current and former clients representing a variety of industries, TECH-ARROW stands ready and waiting to help your organization tackle your data migration, archiving or data backup needs. If you are prepared to take the next step, contact us for a cost-free consultation where we can help you discover which solution is best suited to your organization.


Take the best steps to protect your data – with TECH-ARROW.

Archive all your O365 data with contentACCESS

by Matúš Koronthály