How many of you have ever needed to recover something from backups? I’m sure most of us have, and we were grateful when our data was successfully restored. Have you ever been disappointed when something wasn’t able to be restored? I’m sure some of you have felt that pain — it’s not fun. Imagine, if you will, your organization is hit with ransomware, and your primary application is crippled. Then, imagine if the backups of that application had been failing for months. Not a pretty picture, is it?
The importance of local and cloud backups
As information security professionals, it may not be our job to manage system backups, but it is our job to realize the importance backups have in the realm of information security. We must plan for the worst, which includes a full system compromise and restoration from backups. Many healthcare organizations have been hit with ransomware and crippled in the last couple of years. It can happen to anyone, and once you accept that fact, you’ll be better off. So, now that we’ve established backups are a part of information security, what’s next?
Backups have come a long way since many of us started in the industry. We went from tapes to drives to the cloud. We also went from file and folder backups to image-based backups. A lot has changed in the technical capabilities of backup software solutions. What does this mean to us? It means we need to keep an eye out for new backup solutions and re-evaluate our backup strategies on a regular basis.
Identifying backup requirements
From a security standpoint, what should we consider when looking at backups? Well, first off, if we’re backing up any confidential data such as PII or PHI, we need to ensure the backed-up data is housed in a compliant environment. If we are sending backups offsite, we need to ensure this data is encrypted in transit. There are also data retention requirements for some types of data. HIPAA does not define a retention period for medical records, but in the U.S., individual states govern the requirements for medical record data retention. As security professionals, we should understand what types of data we’re backing up and the data-handling requirements for each of them.
Validating backup integrity with testing
The last thing we want is for a security incident to occur. However, if it does, we may need to rely on our backups to return to an operational state. I encourage you to review your backups and validate that everything that needs to be backed up is, in fact, being backed up. Set up notifications for failed backups and perform regular audits of backup jobs to ensure they are succeeding, as email alerting can fail. You’ll also want to perform regularly scheduled test restores of individual files/folders as well as complete server images. If you don’t manage your organization’s backups, work with your backup team to ensure the backup data is being handled properly according to any regulatory compliances you may be subject to. The Center for Internet Security (CIS) has included “Data Recovery Capability” as one of its annual top 20 security controls for good reason!
Hopefully, I was able to remind you how important backups are and the role they play in security. If you have any tips or some knowledge you’d like to share, please do. We’d love to hear your thoughts — the more we share, the more we know!
More On Securing Your Infrastructure: