Five Hidden Security Risks You May Find with Traditional Backup Mechanisms

It’s always been important for managed services providers (MSPs) to exercise backup best practices but the ongoing COVID-19 pandemic has made backup even more essential. According to a recent MIT survey of 25,000 workers in the United States, 34% of respondents said they had shifted to working from home in response to the pandemic. Combined with the roughly 15% of people already working from home prior to COVID-19, nearly half of the U.S. workforce is currently composed of remote workers.

This sudden shift to remote work has, understandably, placed a lot of pressure on entities like IT support, internet service providers, and video chat applications that enable remote communication. MSPs also help keep remote workers afloat during this time of uncertainty by helping to ensure their customers’ data is safely stored and protected. With unprecedented numbers of people working from home and exposing themselves to additional risk via personal computers, unsecured home networks, or potentially unstable internet connections, it’s more important than ever for MSPs and their customers to have a backup and recovery system in place to guard against data loss.

Your customers might think how you back up their data is less important than the fact that you back it up at all, but that’s not true. Your backup method matters because not all backup methods are created equal, and some pose more security risks than others. In fact, using traditional on-prem-only backup mechanisms instead of cloud-based backups can make your customers (and your own business) vulnerable by way of hidden security risks. Here’s what you need to know.

How do traditional backup mechanisms work?

our customers might wonder, “What’s the difference between traditional backups and backups to the cloud? Why does it even matter?” Traditional backup or local backup refers to the process of copying data and storing it on an onsite device, typically disk or tape. The disk or tape is usually plugged directly into the computer being backed up, or it’s connected to the computer using a local area network. Common examples include internal or external hard drives, USB drives, and magnetic tape drives.

Traditional backup mechanisms are easily accessible and data transfer costs can be low but they also come with a host of other issues. For example, IT staff has to manage and monitor traditional backup mechanisms, meaning MSPs must set aside money to fund these staff members and keep them on call. For smaller MSPs with fewer resources, less time, and less money than their larger counterparts, this is a significant disadvantage. Also, traditional backup mechanisms don’t scale very well. Adding more space to your local backup is time-consuming and labor-intensive because it requires installing more physical hardware and doing so drives up operating costs.

Cloud-based backup eliminates many of these pain points and provides totally new opportunities for data protection. With cloud backups, changed data bytes are identified for backup. The data is then compressed, encrypted, and sent to a cloud server offsite to be easily accessed and recovered in the case of an emergency. The cloud provider takes care of managing the storage so you can devote more time and resources to value-added customer services.

Cloud backups take the storage management burden off of you, helping make costs more predictable and manageable. Data can be accessed at any time and from anywhere as long as there is an Internet connection, and security isn’t much of a concern thanks to the end-to-end encryption present in today’s top solutions. With direct-to-cloud backup, you’re better equipped to adapt to a rapidly changing landscape and to secure your customers who are dealing with a newly distributed and remote workforce.

Five hidden security risks with traditional backup mechanisms

Cybersecurity is an MSP’s chief concern when it comes to traditional backup mechanisms. Although having the backup onsite might offer you more direct control over data than what you’d get with a cloud provider, the tradeoffs simply aren’t worth it. Here are the top five cybersecurity risks of using traditional local-only backup mechanisms to protect customer data, and how SolarWinds® Backup helps mitigate or eliminate these risks altogether.

1. RISK #1: NOT HAVING A COPY OF BACKUPS OFFSITE

Traditional local backups use disks or tapes to store backup data—meaning data is entrusted to physical media at the customer location that are vulnerable to damage. Small businesses may not fully appreciate proper storage hardware management. For example, if your onsite backup storage happens to be under a water pipe, and that pipe bursts, that data could be lost forever and your local backups rendered useless.

Similarly, there is the threat of natural disaster. If all your backups are stored in the same location as your production data, and fire or floor takes out the facility, you have nothing to fall back on. The results can be catastrophic for a business owner, and for their MSP.

Direct-to-cloud backups like SolarWinds Backup help eliminate the security risk inherent in relying solely on storage media at the customer location. With SolarWinds, private cloud storage is included in your price. Your customers’ data is safely stored in one of 30 professionally managed ISO-certified data centers around the world. If you still want to store an optional local copy of your files for faster recovery, you can do so using the storage hardware of your choice and the LocalSpeedVault feature. If a local disaster strikes, SolarWinds Backup helps ensure your customers will be covered.

2. RISK #2: HAVING A POTENTIAL SINGLE POINT OF FAILURE

Speaking of hardware risks, there are issues that can come with proprietary appliance backup mechanisms. They can introduce a single point of failure into the data protection process. If you use a local appliance that aggregates the backups and sends them in one huge chunk to the cloud, any device failure will bring scheduled backups to a halt. If the appliance suffers a hardware failure, or simply reaches its capacity, there is a risk of not discovering the issue until several backup cycles have passed. This can adversely affect your RPO, introducing an unnecessary risk.

SolarWinds Backup is not an appliance, and it’s not an aggregator—it’s a direct-to-cloud solution with the option for a local copy of backups that also reside in the cloud. The backup process is not dependent on an appliance, so use of the LocalSpeedVault is optional.

3. RISK #3: BREAKING A LINK IN THE BACKUP CHAIN

Another issue with many traditional backup mechanisms is that they establish chain dependencies. Chains are one method of saving and managing incremental backups, and they can be risky. If recovery of later backups is dependent upon every incremental that came before, a break in the chain can spell data loss. Even if the chain works correctly, the recovery process can be slow and tedious, requiring the system to rebuild every link in the chain from the last full backup.

SolarWinds Backup helps eliminate the inherent risk of chain dependencies by using a journal-based method. This approach is less error-prone and aids in efficient and effective recovery. Restoring data from last night’s backup or last year’s archive is equally fast, making recovery readily accessible any time.

4. RISK #4: INABILITY TO TEST

Many traditional backup products do not provide an automated way to test and verify the recoverability of backups. Regular backup testing is the only way to make sure your backups are recoverable, but older systems require manual work and effort to test backups, including dedicated servers or virtual machines. Busy MSPs rarely have time to do this as often as they know they should.

The new Recovery Testing feature in SolarWinds Backup helps you easily and automatically test recoveries for business-critical servers. Enroll your servers in the recovery testing plan just once, and Backup will automatically test the most recent backup every 14 or 30 days, capturing a screenshot of the booted VM and creating reports with no further manual effort. We provide the test environment and VM, capture the results of the successful test, and delete the VM—all without the need for any manual effort from your MSP. This feature helps MSPs ensure their customers’ data is not only safely backed up, but also verified recoverable; demonstrating an even higher level of service.

5. RISK #5: LACK OF ACCOUNTABILITY

If you partner with multiple vendors, accountability can be a concern with traditional backup mechanisms. Old-school methods require three vendors: a backup software provider, a local data storage provider, and a cloud service provider to store a secure offsite copy. If a recovery fails, it can be difficult to determine who’s to blame. Vendors may point fingers, blaming one another, and you may be forced to deal with two or three different support organizations at a stressful time. SolarWinds combines backup software and cloud storage into one robust solution with end-to-end accountability. If issues arise, you’ll have one vendor partner and one support team at your service. This way, your staff can spend less time hunting down the source of the issue—and spend more time providing a high-quality experience to your customers.

This short list only scratches the surface. If you use traditional backup methods, you may increase your risk of running into many more avoidable security issues. You can see what a difference using a cloud-based backup solution can make first-hand by trying SolarWinds Backup free for 30 days here. To learn more about backup strategy, cybersecurity, and what you can do to improve both, check out these related blog articles.

Want to stay up to date?

Get the latest MSP tips, tricks, and ideas sent to your inbox each week.

Loading form....

If the form does not load in a few seconds, it is probably because your browser is using Tracking Protection. This is either an Ad Blocker plug-in or your browser is in private mode. Please allow tracking on this page to request a trial.

Note: Firefox users may see a shield icon to the left of the URL in the address bar. Click on this to disable tracking protection for this session/site