Mar 30 2016

To Back Up Data, Federal Agencies Need to Cover All Technology Bases

As data breaches and security become more of a concern, agencies need to use the cloud and various forms of data backup.

With data breaches like the two that hit the Office of Personnel Management (OPM) still fresh in the minds of many federal IT managers, backing up data and having the ability to restore it have never been more critical.

Federal agencies have multiple options at their disposal for data backup, including traditional on-premises backup as well as cloud tools. They should be keeping those in mind and employing them ahead of World Backup Day, which is Thursday. This event, first held in 2011, is aimed at getting agencies, businesses and individuals to back up their files, as well as highlighting common ways that data can be lost and options to back it up.

Increasing Security Threats and Amounts of Data

Adm. Mike Rogers, the director of the National Security Agency, in January warned that the U.S. government should expect more data breaches like those that hit OPM, in which the personal information of 22.1 million current, former and potential federal employees was stolen.

Accordingly, security remains the top priority for agencies and applies to data backup and recovery, Tyler Morris, director of product management for government services at Iron Mountain, a records-storage and information management technology firm, told FedTech. He said federal agencies are required to have formal data backup locations and continuity of operations plans (COOP).

Despite experiencing “tremendous growth in both the volume and variety of electronic data for the past several years,” agencies are having difficulty developing a cost-effective plan for managing and protecting this data “under constrained federal budgets,” Morris observed.

“As agencies create and store different types of data and technologies continues to change, there is a growing challenge of how to store and backup that data in compatible formats for recovery at later dates.”

Additionally, with increased scrutiny of cybersecurity and policies like the General Services Administration’s Cloud First policy, which pushes agencies to take full advantage of cloud computing, Morris said that “agencies are showing initiative to move more applications/processes to the cloud, including backup and disaster recovery.”

He noted that as different backup technologies become available, “it is common for agencies to often employ multiple redundant systems that use different types of storage mediums to maximize recovery speed,” protect more data and minimize costs, Morris says. This includes a combination of managing legacy tape backup systems and cloud backup options, he adds. Tape affords agencies a “total offline backup solution, while cloud enables quicker recovery times and redundant backup options.”

“By moving data off-site, in a properly managed environment in both of these scenarios, agencies can confidently access and effectively recover data when they need it most,” he added.

Usually, agencies use logistics and tape-management systems for the legacy IT systems and archives and newer data-replication software for cloud-based systems.

Best Practices for Backups

The hybrid data-backup environment that many agencies are operating in today “creates some key data-loss challenges,” according to Morris.

“The external threat of data breach is always prevalent and increases the need to employ access security as well as a COOP to recover quickly in the event of a disaster,” he said. “At the same time, as data volumes continue to grow and needed equipment is added, loss of information can occur internally through incorrect management or simple misplacement. In addition, as technology continues to evolve, old/outdated data formats pose a risk for loss if materials are damaged or in an incompatible/unrecoverable format.”

Morris recommends that agencies design “a tiered data management strategy that maximizes various technologies that meets their needs and budget availability.” This strategy has multiple components, including “utilizing cloud replication solutions for automated, hands-off protection,” as well as creating “disk-to-disk-to-cloud solutions for mass recovery capability.”

Further, agencies should create “off-site tapes for added security and the long-term retention of backup and archive data.”

The United States Computer Emergency Readiness Team lists six preventive measures to help protect systems against ransomware attacks; backups are at the top:

  1. Perform regular backups of all critical information to limit the impact of data or system loss and to help expedite the recovery process. Ideally, this data should be kept on a separate device, and backups should be stored offline.
  2. Maintain up-to-date anti-virus software.
  3. Keep your operating system and software up-to-date with the latest patches.
  4. Do not follow unsolicited web links in email. Refer to the Security Tip Avoiding Social Engineering and Phishing Attacks for more information on social engineering attacks.
  5. Use caution when opening email attachments. For information on safely handling email attachments, see Recognizing and Avoiding Email Scams.
  6. Follow safe practices when browsing the web. See Good Security Habits and Safeguarding Your Data for additional details.