If you don’t test your backups for recoverability, you really don’t have backups at all.
This statement is not intended to be controversial, or even confrontational. Instead, we’re using it to point out a common misconception. Today, many IT professionals may believe that standard data backup processes are protecting them from the effects of ransomware and other cyberattacks, but they’re missing a critical step: verifying that their backup works correctly if or when it is needed.
Unfortunately, there have been many examples of companies that were backing up their data — and thought they were safe from ransomware attacks — only to find out the backups weren’t working properly. This is exactly what happened in the high-profile case of the Colonial Pipeline ransomware attack and resulted in the company paying a reported $4.4 million to cybercriminals behind the attack.
It is also worth noting that the Colonial Pipeline attack was national news at the time and caused major turmoil, even consumer panic during its service disruption. For Colonial, this resulted in damages to its reputation and an additional fine of nearly $1 million from the Pipeline and Hazardous Materials Safety Administration (PHMSA) for failing to meet safety checks and other cybersecurity deficiencies that made the attack possible. All of this could have been avoided if the company had a backup validation policy in place.
Why do companies need to verify their backups?
There are many different things that can go wrong, even with backup processes that seem to be working correctly. Consider the following examples:
· Backups running out of space or failing unexpectedly
· Backups affected by bugs or other issues that lead to them to not working correctly
· Backups becoming corrupted
· Users misconfiguring backup processes or even turning them off by accident
Unfortunately, all of these cases can lead to unpleasant surprises down the road, especially if the company has no idea its backup software hasn’t been working as expected for long periods of time.
Backup validation best practices
Today, there are three widely accepted approaches to backup validation, yet each model still has limitations that could lead to issues down the road. These include:
1. The checksum method: This approach is designed to ensure that the archive file is consistent. Using this method, all the data required to restore systems from backup are read and checked for consistency. Specifically, the checksums of the blocks recorded during the creation of the initial backup must match the checksums calculated during the validation process.
Yet this approach has drawbacks. First, it is slow process, although it is slow by design. This method reads through all data, not just the incremental backup. It also doesn’t actually answer the question if the system will successfully boot after recovery. To put it another way, all that it guarantees is that whatever was written in a past backup remained the same in the backup today.
2. Manual backup inspection: Another validation approach is to perform full recovery of the backup and then manually check whether the system will boot successfully. This approach — while it still provides the best confidence in the backups — still results in the same problems as described above: the fact that it is very slow since it still requires entire machine recovery.
There are ways to overcome some of the issues caused by the above methods. For example, certain advanced techniques favored by many vendors (including Acronis) use instant recovery capabilities, where backup is mounted as a virtual machine, without the need for full recovery. In this example, the virtual machine can be used to start the operating system and run recoverability tests against it, such as taking a screen shot of the boot screen and presenting it to the user as proof of the successful backup recovery.
Acronis provides common validation functions — such as checksum verification of backup files’ consistencies — and also enables advanced techniques. One example is where a virtual machine is started directly from backup (Acronis Instant Restore) in order to start the OS boot process, capture the screenshot of the boot screen, automatically analyze it with an ML-powered engine and present the results to the user (sent by email with the boot screenshot included). All of these operations are performed without the need for full recovery.
A better approach to backup
To protect business-critical data, backup is not enough — you need the integrated approach of cyber protection. The Advanced Backup pack for Acronis Cyber Protect Cloud enables you to extend the cloud backup capabilities you need to require to proactively protect your data. Acronis leverages a unique approach by combining cloud backup with cyber protection features to truly keep your data secure.
About Acronis
A Swiss company founded in Singapore in 2003, Acronis has 15 offices worldwide and employees in 50+ countries. Acronis Cyber Protect Cloud is available in 26 languages in 150 countries and is used by over 20,000 service providers to protect over 750,000 businesses.