Put an end to backup myths

Eperi GmbH, which specializes in data protection, dispels misconceptions about data backup. Six backup myths:

1. data only needs to be backed up so that it can be restored in the event of a disaster

This myth is disproved every day. Data loss is now part of everyday life for companies, and it by no means has to be a catastrophe, such as a flood, fire or ransomware attack, for data to be lost. Much more often, data is damaged or deleted due to carelessness or technical problems. And such a data loss does not necessarily only affect the server, but often also the end devices of the employees. In principle, however, the cause of the data loss is of secondary importance. The only important thing is to have an up-to-date backup copy of all data so that it can be restored and work can continue without interruption.

2. the cloud provider is responsible for the security of the data in the cloud backup

This misconception is also widespread and ensures that cybercriminals often have an easy time of it. The fact is that the responsibility for the security and protection of data lies exclusively with the cloud user, i.e. the company. In many cases, there is a lack of knowledge about which protective measures are actually provided by cloud providers. Most cloud users assume that data security and data protection are the exclusive responsibility of the cloud provider, which leads to a false sense of security. In fact, it is solely the user's duty to ensure that their data is adequately protected. Alarmingly, a survey of German executives found that 58 percent assume that the cloud provider protects the infrastructure, applications and data in the cloud environment.

3. there is no difference between data backup and data restore 

This assessment is wrong, because both - data backup and its recovery - are important for business continuity. Nevertheless, there are differences: data backup focuses on protecting data and keeping it safe. In contrast, data recovery is about retrieving backed-up data as quickly as possible and restoring it to systems. Consequently, both reliable data backup and fast data recovery are critical to a company's business continuity.

4. a weekly backup rhythm is sufficient

Such a rhythm can be followed, but then the data security is not far off. The fact is that a lot can happen in the time between the last backup and the loss of the data. Therefore, the shorter the intervals between backups, the lower the potential data loss in an emergency. The shortest backup interval is the immediate backup for every data change, no matter how small - the "continuous backup". Only through permanent and consistent data backup at short intervals can long production downtimes, major image damage and much more be avoided. Fortunately, a large proportion of companies already seem to be aware of this danger. According to a survey of 3,000 IT decision-makers, 57 percent are planning concrete measures to ensure modern data backup by the end of the year.

5. backup-as-a-service is more insecure than on-premise data protection in the data center

The opposite is true: with the cloud as a target for distributed data storage, the risk of data loss is lower than with exclusive on-premise backup. That's why it's important to integrate the cloud into a scalable and agile backup strategy. In a data-driven world, growing data volumes also bring new demands on data protection, and backup-as-a-service is the leading model for the future. With geo-redundancy, backup is geographically located in a different place, which automatically reduces the risk of data being lost due to unforeseen events such as natural disasters, technical defects or human error. In addition, back-up-as-a-service solutions feature advanced encryption technologies, so data is protected even if a backup should fall into the wrong hands.

6. the native encryption of a cloud backup provider is sufficient

No, data is only really secure with strong encryption that takes effect before transfer to the cloud. Otherwise, the backup provider has access to plain text data and that should be avoided. At this point, it is important to clarify under which circumstances public authorities from third countries may access personal data from EU companies. To avoid this conflict, many US cloud providers rely on EU subsidiaries, which then store the data in the EU. But even with this construct, it is not possible to prevent a subsidiary from also releasing EU data to U.S. authorities under pressure from an American parent company. Another problem is that EU citizens do not have the right to object to data processing - i.e., no data subject rights can be exercised, as is the case with the GDPR. Sensitive data should therefore be encrypted before being transferred to the cloud, and personal data should remain so during processing and storage across national borders.

As it turns out, modern backup options are not only better than their reputation, but their use is long overdue. This makes it all the more important to get rid of old notions - not to say prejudices - and boldly embrace modern technologies.

Press release Eperi Ltd