Is this a sensible backup procedure?

  SDJ 18:45 02 Oct 2004

Didnt think this warranted a post in the helproom.
I am in the process of preparing a report to my employer on our IT contingency plans, and I am currently evaluating our backup procedure.

All is ok with the exception of the fact that each day a designated member of staff takes the latest successful backup tape home with them so it is not left on-site.

This has been done for many years although I dont see why it isnt left in the fire-proof safe with the other daily backups.

Just wondered what other people do with their backups, surely removing it from site makes the security even more vunerable?

Your thoughts please.

  justme 18:59 02 Oct 2004

It all depends on what you want from your backup and security.

If the information is highly confidential then removing it does indeed increase the risk of it falling into the wrong hands.

On the other hand, if your information is absolutely vital to the running of your company then having backup copies in several different locations is sensible as the chances of all the backups being lost at the same time due to theft or fire or some other disaster is significantly reduced.

As long as you can trust the people who hold the backups not to divulge or sell the information then I would continue as your company does at present. This system means that you have multiple backups and the amount of data lost will be relatively small in the event of your main computer going bust.

  SDJ 19:12 02 Oct 2004

Thanks for your input. I actually found a very interesting article on the MS Tech Net site on backup strategy.

My organisation is a firm of accountants, whilst the data is sensitive it could really be read without the various accounting software installed which I guess many people would want to bother obtaining should they have obtained the backup.
My concern and I think I am probably right in saying this is that the primary tape being removed from site could cause us a problem if we needed to restore and for some reason we couldnt obtain said backup, be it through illness or loss.

I am know thinking, having read another article, that the most recent backup be retained on-site in the fire proof safe and the second most recent be taken off site. I am reading alot about off-site storage facilities but would imagine they are expensive.

Thanks again

  justme 19:35 02 Oct 2004

If the information is sensitive and can be read without the specialist software being installed should you not be thinking along the lines of encrypting the data somehow? It could then be backed up as at present but be unreadable by anyone who does not have the encryption program and does not know the password.

Storing your latest backup in a fireproof safe will only help in a relatively small fire. In the case if a major fire the fireproof safe will only protect it for so long. Backups stored elsewhere will enable the company to recover and continue working in new premises should the worst happen.

Also, storing unencrypted earlier backups with members of staff still leaves the data open to being accessed by unwanted eyes

  It's Me 19:55 02 Oct 2004

I have to assume that Accountants are at least as honest as anyone else, and, I trust a damned sight better, being one myself, at least to their employer. However I would let there be a rota of partners, who have a vested interest in the matter, to take backups home, the more the merrier. Illness is not a problem in an emergency. just go and collect it. Back up media is not expensive in relation to its importance. The size of the business, in this case, is irrelevent.

My son, whose business is wholly computer related, has tape back ups scattered in all his relations homes, where he leaves them just in case!

And yes, surely they should be encrypted in some way.

  SDJ 22:09 02 Oct 2004

I take the point about encryption, and will look into the possiblities further. However I spotted my mistake in that I meant to say couldnt not could be read without the software.

As for the trust issue, this wasnt quite what I was getting at.
My concerns for a staff member taking the most recent backup home with them is that that the route the backup must take before becoming secure (ie in the home), lets face it a womens handbag probably doesnt offer the most secure environment for a backup disk to travel.

Microsoft state that for a backup strategy to be effective the data to be restored should be easy to find and the restoration process should be as quick as possible. I share those thoughts and that is the reason for my initial concern of the location of the backup tapes.

  Forum Editor 01:03 03 Oct 2004

send a backup home with a nominated person at night, it's common practice.

I recommend that some of my clients send their data down the line to a secure location at the close of business each day, and although this isn't cheap it can mean the difference between no business and business as usual, should disaster strike.

In my own office we ensure that a copy of all data is kept off-site, and a daily backup is sent online to another trusted location - I don't allow anyone to travel with the backup in their pocket. Unless you have a huge amount of data this is a fast, reliable way of doing it. We retain a copy in the office, and I have another copy at home. It sounds clunky but it isn't really, and it would pay dividends if the worst happened. I don't bother with encryption, and although there's always an element of risk I minimise it by making a member of my own family the recipient of the off-site copy.

  joseph k. 12:39 03 Oct 2004

When I worked for Britain's largest insurance broker's in the late 1970s we always used to put our latest back up tape in a safe in the cellar.

Along with this we also swopped the previous day's backup with an international bank where they put that in their safe and we put theirs in ours. This was literally said to be in case of nuclear war!

Only a couple of us had all the necessary 'pins', and we were also always accompanied by a member of the security staff.

To say that today's attitudes seem lax is an understatement to people like myself.

  Forum Editor 13:01 03 Oct 2004

I remember doing much the same thing myself way back then.

Today's computing environment is very different of course, and there are several options when it comes to backing up data. Big financial institutions invariably have their own secure data centres, and all branch office stuff gets sent down a dedicated line to those locations. An alternative is a third-party data centre, and many companies use those.

Small businesses can't often justify the expense, and in any case their data is usually theirs - not other peoples' as in the case of say, a bank. In my experience very small businesses often don't back up at all, let alone send data off-site. Sending important information to a remote location via the internet is a good way for some people - even if the location is a folder on a hosted web server. Such servers are generally pretty secure, and they are well-maintained.

  joseph k. 14:38 03 Oct 2004

I see what you mean about 'small business'. What we used to do was basically free. The security staff were needed anyway and the reciprocal arrangement with the bank was obviously for mutual benefit; therefore once again free. Plainly, as you say, things have moved on just a little bit.

It still amazes me that small businesses often don't bother to even backup. Coming from the background that I have described, I wouldn't sleep at night.

Everything of any importance that I do has at least two copies, usually on Cd. Though I intend to get an external drive. As long as these don't malfunction, I think they are an excellent idea. Then of course if they do - there are always my disks - which I will continue to use.

Some may think this obsessive, but with the stories of Cds corrupting after a couple of years etc. etc. I believe it is just common sence.

  justme 21:26 03 Oct 2004

I also like to back up to several different places. I use my networked computers at home to keep copies of valuable (to me) data. I also use cds.

I can remember being told many years ago that if your computer goes down then you no longer have a backup but instead you only have one version of the data and that is in the wrong place. If anything is wrong with that copy then your data is lost.

It pays to keep several copies. Hard disks and even cds can and sometimes do go wrong. As you may guess, I'm a belt and braces sort of person.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

WPA2 hack: How secure is your Wi-Fi?

Add Depth Of Field to a photo using Tilt Shift Blur in Photoshop

iPhone tips & tricks

Les meilleures tablettes 2017