Feb 22 2024

Why Agencies Aren’t Efficiently Implementing Backup as a Service

Planning in advance where storage tiers will be backed up is key.

Agencies must prioritize implementing Backup as a Service more efficiently in order to realize the full data storage and access benefits.

While many BaaS providers offer to securely back up agencies’ data and apps in the cloud and let them pay for storage, agencies must be mindful of their budgets as well.

Some agencies take advantage of BaaS, but all need to do so with taxpayer dollars in mind. To do so requires understanding capacity needs and historical usage.

But that’s still not enough. Agencies also need to consider where their BaaS providers are backing up their data.

Click the banner below to begin developing a comprehensive cyber resilience strategy.


Understanding Storage Tiers and Where to Back Them Up

While different BaaS providers use different tiered storage models, it’s helpful for agencies to think in terms of four tiers, 0-3. Which tiers an agency uses will depend on how expensive storage is and how often the data being stored is accessed.

For instance, operational data is used daily and thus needs to be in the readily available Tier 0, where recovery access is immediate. Such data likely won’t be stored in the cloud.

Contrast that with Tier 3 archival data, which some agencies legally must maintain for 30 to 50 years and requires the least expensive, possibly offsite storage.

LEARN MORE: Choosing the best data storage for your agency.

Agencies must look at where it makes sense to use cloud storage for BaaS because for every dollar of storage, it takes about $20 to retrieve that data. The more frequently data is used, the less worthwhile it is to store it in the cloud. Recent economic data for commodities won’t be stored in the cloud.

While BaaS isn’t for every agency, those embarking on their cloud journeys need it from the outset because most data and apps used in the cloud involve storage and backups. Those that fail to plan where they will back up their storage tiers will flounder. Those agencies moving to the cloud still need to plan to back up their data. Migrating to the cloud does not replace the need to back up data.

Take a deeper dive into cyber resilience.


Don’t Neglect COOP and DR Plans

The other aspects of BaaS that agencies often fail to consider are their continuity of operations plans and disaster recovery. COOPs cover how the agency will keep functioning in the event of any interruption, including cyberattacks, while disaster recovery plans address how data and apps are being stored and how they can be quickly recovered following such an interruption.

Agencies must think about what needs to be restored and in what order, and about who is responsible for ensuring that this occurs. Having a tiered storage model helps, but agencies also must regularly test their COOP once in place.

A COOP goes out of date quickly, sometimes because the person who designed it departs from the agency. A COOP that hasn’t been tested in two or three years is likely invalid because of the set of system changes made during that time.

At a minimum, agencies should review their COOP and DR plans to ensure that all parts of BaaS are in place and that employees know their roles in the event of a cyber incident or other disruption. Agencies that significantly change their operations — such as conducting a complete system refresh — should test their plans more frequently.

This article is part of FedTech’s CapITal blog series.

CapITal blog logo

olm26250/Getty Images

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.