The Changing Nature of Data Backups and Threats to Data
Ransomware poses a major threat to every organization, and may be an inevitability, Ruffin says. IT leaders and administrators in government need to be concerned with evolving data retention rules involving everything from short-term backups to meeting legal requirements for long-term data retention.
“The evolution in the threat is allowing administrators to update the requirements needed to protect their data centers and move their data into multiple locations to quickly and effectively mitigate that inevitability,” he says. “That is a threat.”
To prepare for ransomware threats, Ruffin says, IT leaders at agencies are taking steps to secure front-end platforms, authentication portals and authentication methodologies. They are also adopting more of an air-gapped methodology to enhance security and are focused on data immutability and getting data into a repository that no one — even the administrator — can manipulate.
“The stance is, ‘Hey, something is coming, this threat is growing and it’s becoming more sophisticated. So, it’s important to just get ahead of that,’” Ruffin says.
Both civilian and Defense Department agencies face similar threats, Ruffin notes, including inadvertent penetration via users accidentally — or purposefully — clicking on malicious links. Both sides of the government need to focus on user training to avoid those threats, he notes.
How Veaam Backup for Microsoft Office 365 Can Help Agencies
In the hybrid work world that many agencies are moving to, IT admins will need to protect and back up more data, both on-premises and in the cloud.
Tools such as Veeam’s Backup for Microsoft Office 365 give agencies the flexibility to protect all of their Microsoft data, no matter where it sits, even if that is in Teams in the cloud along with some level of on-premises Microsoft Exchange support.
“We want to make sure and collect that data to a central location,” Ruffin says. “Again, data collection is great. The data accessibility and data search are important as well when need arises. So, by combining those hybrid data streams, we allow our customers to easily search and recover even the most granular component of the Office 365 suite.”
Another way Veeam Backup for Office 365 helps agencies is in the realm of compliance. For example, an Army officer might be in a command at one base for two to three years and then switch commands and be at a new location for the next five years. The data that user has been working on is sensitive and classified and needs to be protected, Ruffin notes. Legal and compliance requirements around data retention still need to be met, no matter where that user works from. Data as granular as Teams conversations still needs to be retained and be recoverable. Veeam enables that recovery.
“No matter the distance from execution, whether it’s a week, a month or, in some cases, we see several months or a year even, recovery is mandatory as it relates to DOD data, census data and the like,” he says.
Best Practices for Data Backups and Retention in Government
Given the complexity of the IT environment, federal technology leaders not only need to understand the technology they are using but be able to provide users with a “clear and concise explanation of not only how it works but how it protects,” Ruffin says. “That’s a fundamental of adoption.”
Users may have an awareness of ransomware and the fact that data can become immutable when it is put in the cloud. “The main component there for me as an engineer and as an educator is to let me educate you on how the technology works specifically, how it protects you, how that inevitability of someone accidentally clicking on an email or a thread, how that data on the back end is protected,” he says. “Even though on the front end, we may have made a mistake.”
Agencies and users should continue following the “3-2-1” strategy for data backups, where three copies of data should be kept on at least two different media, with one copy stored offsite.
No matter what tool is used for data backups, Ruffin says, “it needs to be very simple.” That ease of use will make it easier for administrators and users to back up data and retrieve it or restore it if necessary, Ruffin says.
“You want to be able to use something that you’re comfortable with, or that’s easy on the eyes and obviously pretty intuitive,” he says.
Brought to you by: