CHAPTER 25

Backup and Restoration

When all else fails, the only option available may be to rely on backups. Unfortunately, organizations discover poor management of backups, and untested restoration processes lead to failure. Backups range from enterprise records preserved for legal hold or due diligence to personal files on a personal device with little value. Organizations must use information gleaned from the business impact analysis and risk assessment to determine which information and assets have a requirement for the integrity and availability services that backup solutions provide.

Backup and restoration are important data protection strategies. Backup, as the name suggests, consists of making copies of data for restoration after a disaster. Based on the experience of many organizations, obtaining a reliable backup requires careful planning and consideration. This chapter describes the importance of making backups, alternative solutions available for backup, and best practices one should observe for backup implementation.

Importance of Backup

Why do systems require backup? Backup is protection against data loss and corruption. Organizations without a backup strategy may suffer operational or financial damage after an incident. Losing data means losing business. Backups protect not only critical information but also money, reputation, time, and effort. Information and databases are growing rapidly, and rebuilding them rapidly is not a simple task. Having a reliable backup solution addresses the issues of information loss. Successful data-centric organizations invest significant resources in backup management.

Backup Considerations

Technology advancement provides backup solutions for timely recovery. Choosing the right method or technology is crucial to ensure that the recovery of services is smooth, simple, and cost effective. Consider the following factors to determine the right solution for the organization:

      • Criticality of data Backing up all data can be costly. Organizations should consider the criticality of data for backup. A selected range should be determined by considering the allowable downtime for specific services. The maximum allowable downtime is also known as the recovery time objective (RTO). The RTO is based on the business impact analysis (BIA) conducted as part of business continuity management. (See Chapter 24 for more information about BIA and business continuity management.) Organizations must prioritize mission-critical information because this information can cause serious financial and reputation damage. When determining requirements for backup, do not ignore less critical services; in these cases, consider a less expensive, and perhaps slower, backup approach.

      • Data size An organization should consider the volume of data to be backed up. This requirement should include the total data growth projection for the next three to five years. These requirements will ensure that the implemented solutions will remain adequate. Services with a high volume of data should be categorized appropriately. Such services may require special attention and methods for backups.

      • Databases Databases require special attention since they may require high data volume equipment. Selecting the correct backup for such services is critical; maintaining integrity requires high accuracy database backup system. Insufficient data backup capacity may cause loss of extremely valuable information. Determine whether the database requires online backup solutions, which provide real-time backup, especially for mission-critical information.

      • Operating systems Determining the operating system is an important task. Backup solutions may support multiple platforms, but some do not. Defining operating systems helps an organization choose a solution that can cater to specific needs. Such consideration should also apply to implementation of new services in the future.

      • Timeframe Organizations should determine the allowable timeframe to perform backups. Some organizations, which provide 24/7/365 services, will have low tolerance for performance impact. During the backup process, an organization should anticipate a certain level of service degradation. Services not tolerant of degradation use different methods of backup. They may consider high availability (HA) redundancy solutions and perform offline backup.

Table 25-1 provides examples on how to derive the backup requirements.

Table 25-1 Data Categorization Table

Organizations must consider acceptable downtime as part of the BIA process and as part of backup and recovery strategies. As noted, RTO is the time taken to recover the services and data to their original operating status. The data restoration process should not exceed the RTO. Closely linked with RTO is recovery point objective (RPO), which is the amount of data (in a transaction system that is measured in time) that is allowed to be lost at the point of data recovery.

An RTO can be derived from SLAs if a BIA is not available; however, RPO must be based on the criticality of services. For instance, a database server that contains financial information is deemed highly critical and has an RPO of an hour. Losing an hour of data from this server may cost $1.5 million. The RPO must reflect accurate impact to the mission or business of the organization.

Thus, if the management determines it is not feasible to incur this monetary loss, it needs to shorten the RPO by providing support and resources. Identifying the RTO and RPO are crucial since they indicate the backup strategy required by the organization. A short RPO demands a more comprehensive (and likely more costly) backup strategy. In some circumstances, the requirement is compounded by a requirement for high availability or short RTO.

Backup Solutions

The following sections describe available technologies and techniques, which can help organizations achieve a good backup and restoration solution.

Media

Some commonly used media are as follows:

      • Blu-ray/CD-RW/DVD-RW These types of backup media are good for simple data backup. Data backup using this media normally reduces cost because an organization may spend only a few hundred dollars to write all necessary data onto it. The disks have a finite life span that is reduced because of physical damage, exposure to light, and harsh storage conditions.

      • Hard drives Allocating additional hard drives for backup purposes can be considered another method of backup strategy. Such media can be either external drives or internal drives attached to equipment as an alternative storage media. Use of hard drives with external storage is considered an expensive solution and mostly applicable to network-attached storage (NAS) and storage area network (SAN).

      • Redundant mirror Hard drives can be configured to mirror one another. Thus, should a single drive fail, the other drive will still be operational and continue to function. When a new drive replaces the failed drive, the drives will sync. The obvious drawback to this solution is the cost. This solution may also prove ineffective if both drives suffer a shared power supply failure or controller failure that damages both drives concurrently.

      • Tape media Tape media is a highly used backup method. Such media came into use in the 1960s. Today, tape media is the single most widely used media, although it is becoming less popular because of the availability of NAS and SAN. Its primary advantage is the flexibility of storing the backup in remote sites. This can eliminate information being lost because of major risks such as flood, fire, and earthquake.

      • Virtual tape library (VTL) A VTL is a device comprised of a disk or array of disks that mimic a tape library. Data backed up to a VTL can be replicated to other VTLs at remote locations or staged for real tape offloading. The VTL allows organizations to leverage existing backup infrastructure and procedures while employing cheaper and faster technology.

      • Cloud backup Cloud backup solutions can be tailored to a specific application such as database backup or can be simply Cloud IaaS storage that is utilized to store information. Regardless of application, the cloud provider’s information assurance posture must be assessed. Organizations must consider the need for strong encryption when backing up information to a cloud-based backup provider.

Backup Infrastructure

There is a wide range of backup infrastructure ranging from inexpensive to expensive solutions. Normally, an organization opts for a mixture of solutions. Budget is a major constraint in choosing a solution. As noted earlier, prioritization and understanding the criticality of information are key factors in obtaining a backup that works for any organization.

The following list explains some of the more common backup infrastructures available:

      • LAN-based tape backup This is a classic approach, which is set up by attaching tape media to the central backup and allowing backups via a LAN. This type of backup slows down the network during a backup window; however, it is one of the most frequently used methods. It can be enhanced by implementing iSCSI and Fibre Channel for dedicated servers and critical resources. A robotic external tape loader can be attached to the master backup server so that multiple tapes can be written concurrently.

      • NAS-based backup Network-attached storage is a collection of hard drives attached to the network. The hardware may range from SATA to iSCSI and may provide several hundred terabytes (TB) of storage. It uses the LAN as the transmission medium; however, unlike LAN-based tape backup, NAS generally provides faster read and write speed compared to tape media.

      • SAN-based backup SANs are capable of providing high data storage with a full range of data transmission capabilities. SAN is similar to NAS in network connectivity; however, SAN-based backup uses Fibre Channel and high-throughput technologies to transmit data from servers, which is appropriate for high-volume servers such as databases and file storage systems. It is also reliable and durable because of its technology, which supports RAID configurations. Failure of hard drives attached to SAN is largely mitigated because of the RAID configuration and management reporting capabilities.

      • Cloud-based backup Cloud backup providers offer a variety of methods to back up information including application programing interfaces and private VLANs for fast WAN transmissions. Organizations need to plan for redundant connectivity to the cloud provider and possible long RTO times depending on the plan selected. Additionally, cloud providers may charge by the month for data storage and also for bandwidth consumed for backups and restoration.

Implementing these solutions can result in highly efficient data storage and backup that is almost unbreakable. However, the cost is expensive. SAN also supports WAN synchronization, which helps in replicating data from primary to secondary locations, which instantly provides backup options. The type used is entirely an organization’s choice because it can provide offline or online backup options depending on the amount it is willing to spend.

Backup Software

Backup solutions can be developed in-house or bought off-the-shelf. In evaluating a backup solution, here are some criteria that should be considered:

      • Automatic backup schedules The software should also be capable of running unattended schedules and report failures. Such logs can later be retrieved for troubleshooting purposes. Integration into the information assurance management system (IAMS) assists in evaluating overall risk for the organization.

      • Error reporting The solution should provide a detailed error report so that troubleshooting will be easier. The clear definition of error makes it easier to identify the actual cause of problems. This will reduce time in troubleshooting and avoid losing valuable data.

      • Multiple device support The software should support any media devices regardless of whether they are tape media, NAS, or SAN. Such requirements will be beneficial for an organization, which intends to have mixed backup methods.

      • Multiple level of restoration In most cases, restoration should be both full and selective. This is applicable when there is a large amount of information available but an organization requires only certain information to be restored. Examples include restoration of individual mailboxes in an e-mail server.

      • Multiple platform support The solution should support multiple operating systems. Generally, backup software is OS dependent. Organizations should analyze the need for multiple platforms. This can also be a contributing factor toward future expansion.

      • Real-time backup The software should support backup of open files such as databases. In most cases in which services are provisioned on a 24/7 basis, the application needs to run uninterrupted. Thus, the backup solution should be able to back up as accurately as possible while the application is accessing the file in real time. This type of capability should always be considered for mission-critical systems.

      • Schedules of groups Scheduling of backup groups is a compulsory task. Server grouping should be balanced and distributed to avoid long backup windows.

      • Hashing and encryption Backup software must support strong encryption features for protecting the confidentiality of information. The software should integrate into an organization’s chosen encryption strategy and PKI if used. Key escrow options should be considered as part of software selection, and the strength and validation of encryption modules should be assessed. The software should incorporate hashing functions that ensure the integrity and nonrepudiation of the information being backed up and restored. Organizations should consider validated cryptography such as U.S. NIST FIPS 140-2 validated modules and algorithms.

It is important to recall that if you build backup software internally, it requires extensive test and support to ensure it works in high-stress environments.

Types of Backup

There are three types of commonly used backup solutions. It is important to implement the correct type to control versioning. System failure can occur in several forms because of careless planning, and costly restoration has to be done on the correct versions.

      • Full backup This involves copying of the entire system regardless of whether it is a file, system, or database. It is helpful when there is a need to restore the entire system to its original state. However, this technique is space-consuming and time-consuming since its size requires a longer backup window.

      • Incremental backup This involves copying only current changes to the system. As such, any files that have been modified since the last backup will be captured and copied to respective media. This technique will reduce time to back up because it concentrates only on changes to systems. Restoring a complete system will require installing the last full backup and then applying all subsequent incremental backups. If, on the other hand, one needs to restore a single file, it is trivial with incremental backup.

      • Differential backup This is a cumulative backup that copies files with all changes from the last full backup. The last full backup image is taken as a comparison table with all changes shown by incremental backup. This method keeps track of copied images of incremental backup that are compared against the last full backup. Ultimately, this method provides the most updated version of backup. However, it relies on full backup for complete restoration. The differential backup stores all cumulative chances from the last full backup in a single file. This makes restoration faster than the incremental backup and is less risky since only two files are used. However, backup time increases if there have been many changes since the last full backup.

Scheduling

Scheduling specifies how and when to back up the data. With proper techniques, an organization can optimize the backup window and reduce the risk of service degradation. Use a mixture of backup types to optimize the backup window.

      • Generation This technique is widely used. It uses three versions of the backup that resemble a generation: grandparent, parent, and child. The grandparent, as the name suggests, is the oldest version of the backup. This version may be required at some point of restoration because subtle system failures can be difficult to trace and restoration has to be backtracked to the grandparent’s version. It helps to provide a contingency plan in the event that the other two versions fail to provide accurate system restoration. The parent backup version is the second oldest, and the child version is the youngest.

      • Incremental This technique has only one version, which continues to append to the backup media all changes made by the system. It does not have any generation or version as a contingency plan. If the system fails and the restoration copy fails as well, the organization’s fallback plan fails. This method can cause an organization serious damage.

Retention

Retention refers to how long backup media should be kept before it is recycled. Retention is applicable only for the generation technique described earlier because it has three versions of the backup. The incremental technique does not require a retention period because only one version is involved at any one time.

Table 25-2 describes a typical schedule that an organization can adopt for a backup technique. Assume that the retention period of a tape is 14 days and the storage media that stores the information of week 1 is considered as the first-generation data. This is the grandparent’s generation. The cycle continues until week 3 when the latest generation is called a child. In week 4, the grandparent will be recycled. The total data retention period for the grandparent is 14 days.

Table 25-2 Generation Schedule

Table 25-3 describes a single set of media being used week after week, without any versioning.

Table 25-3 Incremental Schedule

Table 25-3 is an example of an incremental backup schedule. Each backup can stand alone as a full backup for either a full or partial recovery. This is done at the expense of backup time and media storage.

Remember the cost of media is inconsequential compared to the cost of backup failure.

Tape Media

Although more sophisticated media are available for consideration, organizations still use magnetic tape since it is the most convenient backup media and often the most cost effective. Tape media provides a convenient way to store media offsite. Although NAS and SAN hard drives come with plug and play as well as RAID capability, it is not practical to unplug the hard drive for offsite storage. This makes a tape drive a good medium for offsite backup storage while reducing the risk of natural disaster.

Tape media technology has improved tremendously. Tape media provides a storage capability of more than 7TB and yet is still small and lightweight. The organization can easily transport the media offsite.

Using tape as media encourages an organization to adopt the generation technique with tape retention and offsite storing. Assuming that the first generation leaves the tape loader in the second week to internal storage, it eventually reaches maturity as a grandparent and leaves the premises to a remote site. This shows that the presence of the tape at each location (tape loader, internal storage, and offsite) has a retention period of seven days at each location.

Administration

Organizations may have dedicated personnel to administer the backup job. A dedicated administrator focuses on the important needs of backup administration rather than being distracted by other supporting tasks.

In some circumstances, organizations cannot afford to have dedicated personnel, so hiring personnel with normal administration skills to administer backup software in addition is adequate. Backup software requires few specialized skills. Ultimately, a backup and restoration job falls under the system administrator’s responsibility.

Examples of tasks performed by a backup administrator include checking of success rates of scheduled daily tasks, checking any backup failure, troubleshooting, changing and rotating the tape schedule, and recycling tapes. Although this sounds simple, the administrator should possess enough skills, training, and understanding of the importance of backup and restoration.

Restoration of Data

Restoration is when the original objective of contingency planning comes into action. The result of this stage is crucial. All the efforts put into planning and implementation should provide an expected result at the restoration stage. There are generally three techniques involved in restoration.

      • Complete restoration In this technique, the entire system is restored to its original state. The restoration process may use intelligent agents (software) that are usually highly automated. The destination server should be identified and made accessible by the backup system. This technique reduces the time taken in the restoration process because it does not require rebuilding any server. This technique is usually used if the data on the damaged system is no longer functional. Thus, restoration can be directly targeted to the damaged system.

      • Data restoration Organizations employ this technique when data is the only backup that can be restored (that is, not including systems such as the OS). Execute this technique by rebuilding the system to an operating state and restoring the data from backup media. Clearly, this technique requires a longer time to restore the damaged system. However, this technique is preferable when there are not many configuration changes to the system except for an increase in data.

      • Selective restoration This technique is employed only if certain sections of the information need to be restored. Restoration should not be done directly onto the damaged system. In fact, a mock-up server should be available for restoration of selective information, and once verified as functional, the information will be transferred to the actual system. This technique is beneficial to organizations in the event of partial data corruption.

From time to time, system administrators must ensure that the backup files can actually be restored. This is a critical testing criterion for any recovery system.

BYOD and Cloud Backups

Understanding where information is stored and transmitted is as important as understanding the criticality of data. If an organization chooses to store information with a third-party cloud provider, it must also ensure appropriate backup strategies are considered as part of the cloud agreement. Many cloud infrastructure, software, and platform providers offer backup, restoration, and continuity options for a fee. The organization must balance the capability and cost of the cloud provider’s solutions with the recovery objectives of the organization.

Senior leadership must also set expectations regarding the use of personal devices and personal cloud storage solutions. Employees have an expectation that they can use the same devices, services, and technology in their daily work just like they do in their daily lives. This means they expect they can store sensitive organizational information on their smartphone or in their cloud “drop box” because it is good enough and they are accustomed to working with those tools. This can put the organization in a dangerous position should information need to be restored and the employee is unavailable or unwilling to provide the information. Senior leadership must set the direction of the organization and either accept the risk of not controlling the information or require employees to adhere to a policy of maintaining information on organizationally approved systems and services.

Further Reading

      • Little, D.B., and D.A. Chapa. Implementing Backup and Recovery: The Readiness Guide for the Enterprise. Wiley, 2003.

      • Marlin, S. “Customer Data Losses Blamed on Merchants and Software.” Information Week, 2005. www.informationweek.com/showArticle.jhtml?articleID=161601930.

      • Nichols, R., D. Ryan, and J. Ryan. Defending Your Digital Assets Against Hackers, Crackers, Spies, and Thieves. McGraw-Hill Education, 2000.

      • Preston, W.C. Backup & Recovery. O’Reilly Media, 2007.

      • Conklin, Wm. Arthur. Introduction to Principles of Computer Security: Security+ and Beyond. McGraw-Hill Education, 2004.

      • Schou, Corey D., and D.P. Shoemaker. Information Assurance for the Enterprise: A Roadmap to Information Security. McGraw-Hill Education, 2007.

      • Toigo, J.W. Holy Grail of Data Storage Management. Prentice Hall, 1999.

      • Tom, P. Data Protection and Information Lifecycle. Prentice Hall, 2006.

      • Tipton, Harold F., and S. Hernandez, ed. Official (ISC)² Guide to the CISSP CBK 3rd edition. ((ISC)²) Press, 2012.

Critical Thinking Exercises

        1. An organization has performed a BIA and discovered 90 percent of its services and data have an RTO of ten days and an RPO of one day. The remaining ten percent of its services and data have an RTO of 30 minutes and an RPO of zero. What is the best strategy for the organization to back up this information?

        2. How can organizations ensure their backup information is protected and the integrity of the backup is assured?