Pull Rather than Push Your Offsite Backups

 Keeping backup copies of your data in a location separate from the primary data storage is highly advised.  I prefer to store one backup copy locally and a second one in a different location.   A few decades ago, most data backups were stored on magnetic tapes.  At the time, tapes were relatively inexpensive.  But the problem with tapes is they must be physically moved from one location to another.  

I once worked in a large data processing center; numerous backup tapes were created every night after processing.  The tapes were immediately stored in a vault.  The most current backup tapes were pulled, placed in portable carrying cases, and picked up by an offsite vaulting company every morning.  We agreed with the offsite company to keep a fixed number of backups offsite and return the older tapes to the data center.   This very effective process protects the data from multiple losses, including fires and events that might destroy the primary location. 

The problem with rotating backup tapes, or any kind of media offsite, by physically moving the media is the element of human intervention that can break down.  For example, suppose the driver for the offsite vaulting service had an accident and could not deliver the media.  The unreliability factor for small businesses that don't use a professional service is through the roof.   People forget, people get busy, and people procrastinate;... I do not know if those offsite vaulting services that pick up and move media still exist because there are much better ways to get data to a different location now.

The modern way to move data offsite is to copy the data over a network to a secondary location.  This protects the data from fires and other events that may physically destroy the data at the primary location.   However, a few decades forward, the biggest threats are mostly cybersecurity-related.  

In particular, ransomware is a much bigger threat than any kind of physical loss of media.  Ransomware has ramped up its sophistication to where it not only encrypts your data but will also encrypt or destroy your backups.  The motivation is to deny you the opportunity to restore your data and make it your only option to pay the ransom to get it back.

Moving your data electronically from location to location is common, and ransomware developers know it.  Suppose your secondary backup location is accessible by a network from your primary location. In that case, the ransomware may use the same connection to delete, encrypt, or destroy the data at your secondary site.  

Solution:  Pull, Don't Push!

Let's say location A is where your primary data is located.  And you run a backup every day, then copy the backup from location A to location B.  Configure your systems so that neither location has any write or delete access to the other.  This way, any ransomware infection in one location cannot destroy data at the other location.  When data needs to be moved from location A to location B, use a process on location B with read-only access to read and PULL the data from A to B.   Under no circumstances should you allow one server to write, or PUSH, a backup to the other.   

If you follow this simple principle, you can thwart many ways ransomware will destroy your backup data.  Hopefully, your other security measures prevent the ransomware attack before it happens.  If you are hit by a ransomware attack, your primary recovery will be restoring the data and denying the bad actors their reward.


J Flowers said...

I recommend using an intermediate location. Copy your backup to the intermediate location, and then copy from the intermediate location to the final location. That way the original location and the final location never have any access to each other.

jazar said...

Thanks for your comment J Flowers. I've done the same thing in several situations. You inspired me to write this https://blog.backupinfo.org/2023/08/using-bastion-backup-server-to-protect.html