According to corporate backup best practices, if you have a configuration where all company machines back up files to a NAS within the corporate network, can this be considered a secure strategy?
Backing up your files to a Network Attached Storage (NAS) within your company network is a good place to start, but it shouldn’t be the only backup strategy you implement. This is because there are various risks associated with this strategy:
- Risk of hardware failure : All hardware devices, including NAS, can fail. If your NAS fails, you may lose all your backups.
- Risk of human error : Users can accidentally delete important files or backups.
- Risk of malware or ransomware : If the corporate network is compromised, the backups on the NAS could also be infected or encrypted by ransomware (to avoid this eventuality, a restrictive policy on access permissions to shared folders is always recommended, or, an even more safe, you could go to use the NAS only as an FTP destination, therefore not accessible by ransomware).
- Risk of natural disasters : In the event of a fire, flood or other natural disaster affecting the company building, the backups on the NAS may be destroyed.
To mitigate these risks, it is recommended that you follow the 3-2-1 rule for backups:
- 3 copies of data : This includes the original data plus two backups.
- 2 types of storage media : For example, you may have a backup to NAS and a backup to external hard drive or LTO tape, which can be taken outside the company.
- 1 off-site copy : This is a backup that is physically located somewhere other than the company building. It could be a cloud backup or a hard drive kept in a safe place.
Also, it’s important to test your backups regularly to make sure that your data can actually be recovered. Finally, you should have a disaster recovery plan that details how to restore data and resume normal operations after a crash.
With Iperius Backup you can perform all the types of backup required to have the maximum level of security. In fact, Iperius allows not only to make backups on NAS via network shares using specific permissions to be sure that only the backup software can modify the data in the destinations (and not a ransomware virus or a user, for example), but to use the NAS also as an FTP, FTPS or SFTP destination, thus ensuring ultra-secure data isolation.
Iperius also allows you to make copies of the data on external disks or LTO tapes , in order to therefore be able to keep the backups in a place other than the company headquarter. You can create different types of backups, not just individual files. In fact, Iperius can make images of the entire disk (drive image and disaster recovery), backup of databases such as SQL Server, backup of VMware vSphere and Hyper-V virtual machines, backup of Exchange mail servers and Microsoft 365.
Finally, Iperius supports all types of Cloud destinations , from Google Drive to Amazon S3, from OneDrive to Wasabi, Backblaze and any other compatible S3 storage.
It is therefore possible to configure different backup strategies, with different schedules (for example, monthly, daily or weekly), to have the absolute certainty that, even in the event of serious disasters, that there will always be a perfectly safe copy of the data.