Jul 27 2021

As Agencies Back Up More Data and Threats Grow, Data Backups Are More Vital

Solutions from Veeam can help the federal government protect critical mission data from ransomware and other cyberattacks.

Agencies are likely going to be supporting more hybrid work setups than they did prior to the pandemic. With that will come an increased use of collaboration tools such as Microsoft Teams.

At the same time, ransomware attacks have grown so prominent and disruptive that they have risen to the level of a national security concern.

Agencies are backing up more data, and that data is under threat as never before. That puts the onus on federal agencies to strategically back up their data and plan for the eventuality that they might be compromised in a ransomware attack and have their data held hostage or deleted.

Data backup requirements are also evolving, says Salim Ruffin, manager for system engineering at Veeam Government Solutions. “Those requirements are being rewritten because of the threat and the day and age we live in,” he says.

Backup times are longer because agencies are backing up more data and increasingly more videos from tools such as Teams. Organizations want to back up their data not for 30 to 60 days anymore, Ruffin says, but for up to 30 to 60 years.

“You have to protect yourself against that acknowledged internal and external threat as it relates to deletion or data unavailability,” he says. “And, of course, what we have to do and what we provide here at Veeam is the ability to strategize.”

EXPLORE: How can Veeam solutions help your agency back up critical data?

The Changing Nature of Data Backups and Threats to Data

Ransomware poses a major threat to every organization, and may be an inevitability, Ruffin says. IT leaders and administrators in government need to be concerned with evolving data retention rules involving everything from short-term backups to meeting legal requirements for long-term data retention.

“The evolution in the threat is allowing administrators to update the requirements needed to protect their data centers and move their data into multiple locations to quickly and effectively mitigate that inevitability,” he says. “That is a threat.”

To prepare for ransomware threats, Ruffin says, IT leaders at agencies are taking steps to secure front-end platforms, authentication portals and authentication methodologies. They are also adopting more of an air-gapped methodology to enhance security and are focused on data immutability and getting data into a repository that no one — even the administrator — can manipulate.

“The stance is, ‘Hey, something is coming, this threat is growing and it’s becoming more sophisticated. So, it’s important to just get ahead of that,’” Ruffin says.

Both civilian and Defense Department agencies face similar threats, Ruffin notes, including inadvertent penetration via users accidentally — or purposefully — clicking on malicious links. Both sides of the government need to focus on user training to avoid those threats, he notes.

RELATED: What is Disaster Recovery as a Service, and how can it help agencies?

How Veaam Backup for Microsoft Office 365 Can Help Agencies

In the hybrid work world that many agencies are moving to, IT admins will need to protect and back up more data, both on-premises and in the cloud.

Tools such as Veeam’s Backup for Microsoft Office 365 give agencies the flexibility to protect all of their Microsoft data, no matter where it sits, even if that is in Teams in the cloud along with some level of on-premises Microsoft Exchange support.

“We want to make sure and collect that data to a central location,” Ruffin says. “Again, data collection is great. The data accessibility and data search are important as well when need arises. So, by combining those hybrid data streams, we allow our customers to easily search and recover even the most granular component of the Office 365 suite.”

Another way Veeam Backup for Office 365 helps agencies is in the realm of compliance. For example, an Army officer might be in a command at one base for two to three years and then switch commands and be at a new location for the next five years. The data that user has been working on is sensitive and classified and needs to be protected, Ruffin notes. Legal and compliance requirements around data retention still need to be met, no matter where that user works from. Data as granular as Teams conversations still needs to be retained and be recoverable. Veeam enables that recovery.

“No matter the distance from execution, whether it’s a week, a month or, in some cases, we see several months or a year even, recovery is mandatory as it relates to DOD data, census data and the like,” he says.

MORE FROM FEDTECH: Follow these best practices to keep agency data safe from loss or theft.

Best Practices for Data Backups and Retention in Government

Given the complexity of the IT environment, federal technology leaders not only need to understand the technology they are using but be able to provide users with a “clear and concise explanation of not only how it works but how it protects,” Ruffin says. “That’s a fundamental of adoption.”

Users may have an awareness of ransomware and the fact that data can become immutable when it is put in the cloud. “The main component there for me as an engineer and as an educator is to let me educate you on how the technology works specifically, how it protects you, how that inevitability of someone accidentally clicking on an email or a thread, how that data on the back end is protected,” he says. “Even though on the front end, we may have made a mistake.”

Agencies and users should continue following the “3-2-1” strategy for data backups, where three copies of data should be kept on at least two different media, with one copy stored offsite.

No matter what tool is used for data backups, Ruffin says, “it needs to be very simple.” That ease of use will make it easier for administrators and users to back up data and retrieve it or restore it if necessary, Ruffin says.

“You want to be able to use something that you’re comfortable with, or that’s easy on the eyes and obviously pretty intuitive,” he says.

Brought to you by:

NicoElNino/Getty Images

Zero Trust–Ready?

Answer 3 questions on how your organization is implementing zero trust.