LinkedInX (ex-Twitter)

Backups

Backups allow for a potentially quicker return to normal. Be careful, backup management is not a protection measure strictly speaking, on the other hand a faulty backup policy can lead to the end of your business.

Whether you're backing everything up internally, to the cloud, to tape, etc. it is crucial that each backup be encrypted and the keys available via a means external to your company's IT system.

Rule of 3-2-1

Basic rule and the minimum expected for an infrastructure, the 3-2-1 rule stipulates that you must:

  • have at least three copies of your data,

  • store on two different supports

  • including an outsourced off-site backup

Explanations

Three copies

The principle is to have your data on the server and two backups. This is to prevent a failure from rendering your backups inoperative.

Two supports

Here, two media should not be understood as necessarily two different physical formats (hard disk and LTO tape) but as having its backup on two different and unrelated points. Thus, it is possible to have two copies of the backup on hard disks if both are not stored in the same datacenter, not linked via the same software RAID, etc.

Offsite Backup

The idea behind this request is to have a backup stored outside your building which contains the main data in order to protect against risks such as fires (ex: OVH ).

Although not a recommended solution, a cloud backup, if you don't have a vault, is a solution.

Rule of 3-2-1-1-0

This rule is to be applied at least to your company's critical resources. Identical to the 3-2-1 rule, it adds two conditions:

  • 1 offline copy

  • 0 error while restoring

Explanations

One offline copy

This is about having a backup that is not tied to your network and any IT infrastructure.

The goal is to avoid that if an attacker has compromised your network, he can intervene on this backup.

0 error while restoring

This point seems logical, but it is advisable to regularly test the backups made and to verify that they are restorable without error.

It will be damaging if, once restored, it is discovered that a file on the database server is in fact damaged.

PreviousExpected from the Operational cellNextAlerts

Last updated