Podcast: Data Backup & Recovery with Kevin McDaniel
Kevin McDaniel is the founder, president, and principal architect of IT Strategies Group in Madison, Wisconsin. Founded in 2012, IT Strategies Group consults some of the world's largest corporations on IT strategy, infrastructure, and data backup and recovery. They also offer data recovery services, helping organizations recover their data after a cyber attack or natural disaster.
The Importance of Data Backup & Recovery
Data has become a critical asset to every business.
Kevin began our conversation talking about data from the Small Business Association presented to congress. Here are some staggering statistics to think about:
42% of all small businesses reported being the victim of a cyber attack.
The average costs of these attacks is $32,000 (and growing).
60% of small companies go out of business within 6 months after a cyber attack.
While businesses are not schools, the fact remains: cyber attacks are common, expensive, and can have dire consequences for any organization. Consider the following two examples of school district hacks:
In 2020 the Baltimore School District was hacked and estimates put the total cost at almost $10 million.
Hackers released 500GB of Los Angeles Unified School District data when the district refused to pay the ransom.
While it’s certainly important to have backups to protect against physical destruction of data (for example, in the event of a natural disaster), malicious actors and cyber attacks are more dangerous and much more common.
Since the beginning of the Covid-19 pandemic, cyber activity has increased by over 4,000%, and Kevin noted that he receives between 5-10 phishing attempts a day. (Phishing attempts are malicious emails where someone tries to trick a user into providing sensitive data, like login information and passwords, or infecting their device with malware, trojanware, or ransomware.)
Design for Recovery not Backup
One really important philosophy Kevin emphasized was that IT administrators need to optimize their systems for data recovery - not data backup. This might sound like semantics but there is a critical mindset to consider here. For example, if you design your system for data backup then you may take some shortcuts that speed up that backup process (Kevin gave an example of one organization that skipped backing up system data because it took to long but noted that trying to recover systems after a failure without the system data would be almost impossible). Instead, make sure you're designing your system so that recovery (not backup) will be fast, complete, and as painless as possible. Given the level of data breaches in recent years - and the fact that it's increasing - everyone should assume they will need to do a recovery at some time.
Kevin defined three common methods for data backup: disk, tape, and the cloud. Each has distinct advantages and disadvantages, but organizations should never rely on solely on a single type of backup. Using multiple types of backup media creates more robust and flexible recovery options, making it more likely you'll be able to save your data in the event of an attack.
Let's take a closer look at each of the data backup methods.
Disk backups are widely available and reasonably priced. They’re also typically the fastest way to create a backup since everything can be done locally using high-speed transfer cables or local network speeds. The major drawback to disk backup is that they are susceptible to failure and physical damage. They also are more vulnerable to malicious attacks because many viruses can easily propagate themselves across any disk storage devices if they’re not configured correctly.
Devices are widely available and reasonably priced.
Fast transfer speeds.
Vulnerable to malicious attacks as viruses can infect backup disks if not configured properly.
Some might consider tape to be obsolete and outdated, but it remains one of the most secure, reliable, and resilient ways to protect data. Because tapes are not persistently connected and constantly backing up, they’re much less likely to be infected by viruses. And tape has a much longer life expectancy, making them a great solution for archival purposes. The big drawback is that tape and tape systems are significantly more expensive, meaning that only larger organizations can afford it as part of their backup and recovery process.
More secure option over disk since they’re not persistently connected
Much faster than cloud backup when recovering data
Better for long-term archival
Cloud backup is a more contemporary method of backing up data, and it can be an extremely convenient and accessible way for organizations of all sizes to protect their data. However, while backing up to the cloud can be simple and automated, recovery is much more difficult and significantly slower than disk or tape since you’re limited by network transfer speeds. Companies with any meaningful amount of data (usually in the terabytes) might face recovery times of days, weeks, or even months.
Quick and easy backup solutions
Extremely slow recovery times compared to tape and disk
During our conversation, Kevin told several stories of organizations that he's worked with to recover their data and the systems and processes they had in place to make it possible. IT Strategies Group helped recover the data of the second largest school district in California after they were hit with a ransomware attack. The school's IT staff knew that they had been hit, but the virus spread before they had time to react. The virus encrypted their data and then propagated itself throughout all of the other machines and backup devices. Fortunately, the school had maintained tape backups in addition to their local disk backups and cloud backups. Kevin and his team were able to recover about 90% of school's data from tape, and then pull the remaining 10% from the cloud. By having such a versatile and robust backup system in place, they saved countless hours and dollars during the recovery process.
The Reality of Backup & Recovery
As Kevin noted at the start, it's more important than ever that an organization have smart and reliable solutions to both backup and recover their data. Kevin noted that C-Level executives of federally-traded companies can be criminally liable in the event of a cyber attack if they don't have thorough systems in place to protect their data. And many companies don't take cyber security seriously enough, opting to choose backup and recovery solutions simply because they're inexpensive or because they don't interfere with normal day-to-day operations. The reality is if you want your school or organization to survive a cyber attack or loss of data event, investing in a robust backup and recovery solution is absolutely essential.