Offsite backup

An offsite backup is an ideal complement to onsite backups. Onsite backups offer backup and recovery speed while offsite backups offer redundancy and lower storage costs. The combination provides a strong foundation for your enterprise’s backup and disaster recovery strategy.

This article examines important aspects of offsite backups and key ways to blend it with onsite backups. Backup administrators and IT managers will come away with a more detailed picture of how offsite backups fit into their overall disaster recovery scheme.

What are offsite backups and why are they needed?

Offsite backups are a method of data protection where copies of data are stored in a different geographical location than where the original data is stored. The primary reason for utilizing offsite backups is to increase redundancy.

If your enterprise has both onsite and offsite storage, there are often three main backup options:

  1. You may back up your data on site; for example, in your own data center, where your applications run. In such proximity to the data source, onsite backup – also known as local backup – runs quickly, and that is important for taking advantage of your backup window. Then, after the onsite backup is complete, you replicate (move a copy of) your backups off site: to a remote office, a remote data center, to the cloud, or to a managed service provider. That enables you to comply with the 3-2-1 backup rule. That is the approach favored by most IT departments.
  2. You may back up straight from your application servers and data stores to cloud storage. That removes the interim step of onsite backup but with two disadvantages: Backup to the cloud is slow by comparison, and you miss out on the 3-2-1 backup approach for disaster recovery.
  3. If you are deeply invested in offsite computing, with software-as-a-service (SaaS) like Microsoft 365, where applications and data are stored in the cloud, then you may back up from the cloud to the cloud. That could be with the same cloud service provider or with different ones. But again, there’s no 3-2-1 backup strategy here.

The main reason for performing offsite backups, of course, is disaster recovery. Traditionally, that has referred to recovering from disasters such as fire, flood, loss, theft or other severe damage. More recently, backup has come to play a role in recovering from criminal activity such as cyberattacks induced by malware and ransomware. Having multiple copies of your backup, with at least one copy off site, makes it harder for criminals to cripple your company by leaving you without the option of restoring data.

Note that it’s more useful to think of offsite backup as a complement to onsite backup than as an alternative to onsite backup. Why? Because each method has a unique role to play in your disaster recovery planning.

Onsite backup – Pros

Speed

The main advantage of onsite backup is speed – faster backup and faster recovery – since the source and target are in the same building. Most organizations favor onsite backups because it keeps backup and recovery windows shorter.

Physical security

For companies concerned about the security angle of storing data in the cloud there is also the advantage of having your backups under your physical control.

Note that you are responsible for security measures like access control, door locks, badging and mantraps. For that reason, onsite backup can be more reassuring than backing up off site.

Onsite backup – Cons

The biggest disadvantage of onsite backup applies only if you rely on it exclusively. That violates the 3-2-1 backup rule and makes you susceptible to data loss from a disaster.

Offsite backup – Pros

Redundant data copy offsite

The essence of offsite backup is that, in case of an onsite disaster or extended outage, you’ll have a backup stored out of harm’s way. You’ll have access to a redundant copy of your data saved at a distant site. That distance also gives you a measure of physical security from any attack or mishap that may befall your onsite data.

Financial advantages

Offsite backup can have financial advantages. If you back up or replicate to the public cloud or to a managed service provider (MSP), then you’ll have no need to purchase, own and maintain the additional infrastructure. You’ll effectively rent it from a company that specializes in maintaining it and keeping it safe. Cloud storage providers offer cloud tiering and object storage priced according to how frequently you need to access the data, which can help you control storage costs.

Offsite backup – Cons

Time to recovery

The main disadvantage is the time to recover from an offsite backup. Whether you’re trying to transfer hundreds of gigabytes of data across an internet link or ordering an emergency hard drive from your storage provider, you’re in for a wait. Still, it’s better to have to wait to recover than not to be able to recover at all.

Potential recovery costs

There are costs to consider. Cloud providers will charge you not only for the storage used but also for the processing time spent recovering your data.

Security

Doubts about the physical security arrangement of a backup provider can discourage some organizations from storing their data off site. Despite the argument that companies in that business probably have more stringent security than most enterprises, no provider or site is guaranteed unassailable.

Storage options for backing up offsite

When evaluating offsite backups, most organizations consider two options.

Public or private cloud providers

Using a public or private cloud provider allows organizations to, in effect, outsource the storage of their offsite backups with scalable, cost-effective and maintenance-free options.

Those options can be a double-edged sword. Saving backup data to cloud tiers makes long-term storage inexpensive – as long as you leave the data untouched. If you need access to the data for, say, disaster recovery, you’ll find that access relatively expensive and generally slow.

Other disadvantages can include the need to rely on the cloud provider to ensure that data is available when needed for recovery. Providers set service-level agreements (SLAs), and if you use a cloud provider, you should be sure you know their SLA and you should be prepared to hold them to it. Also, most providers charge to access the backup data – whether for disaster recovery or not – and may also charge when the access requires compute power or time.

Tape

Tape backups are a longstanding, trusted option for offsite backups. Many companies continue to back up to tape for its reliability, east of use and low cost per byte saved. Storing backup tapes off site in a vault facility or other remote site is consistent with the 3-2-1 backup rule.

However, tape is an unsteady medium for long-term storage, mostly because tape drives change over time. Moreover, physically transporting tapes offsite is risky, and recovery from tape takes a long time.

Best practices for using offsite backups

Automation

Whichever method you may choose for backing up, the very best practice is to automate your backup procedures. The less often you have to touch—or even think about—backing up data, the more time you can spend on higher-value tasks. Automation applies to offsite and onsite backup, and it includes policies, scripting and routines designed to protect your data regularly without the need for human intervention.

Local backup first

As outlined above, smart organizations follow the practice of backing up locally, to gain the advantage of speed and optimize the use of their backup window. Then, outside of the backup window, they replicate or move the backed-up data offsite. That replication requires a certain amount of architecture: you must define it as part of your backup policy, then put in place the target hardware and software for offsite backup. The hard part is not so much the act of replicating your backup as the work of configuring (and automating) everything to do it. Of course, you eliminate that cost and management effort when you choose a public cloud or MSP as your offsite backup target.

Encryption

You encrypt data by replacing readable content with content that can be deciphered and read only with a key. Encryption ensures that, even if attackers manage to access your backed-up data, they will find it useless. It’s a good practice for protecting your backups – whether on premises, off site or in the cloud – especially as they age.

Deduplication

Data deduplication is a tried-and-true method of making backup more efficient by replacing redundant data with tokens. It allows you to perform replication to a remote site faster and use less storage at that remote site.

For example, when users create a document or a presentation, the application (like Microsoft Word or PowerPoint) generates metadata and stores it with the file. Much of the metadata is the same every time they create such a file, so data deduplication finds and replaces the redundant portions with tokens before backup. When you restore the file, the tokens are replaced with the original data so the file can be read normally again.

Of the different types of data deduplication, source-side deduplication has the advantage of transmitting up to 90% less data from the source across the network to the backup target. Data deduplication moves your backups off-site faster and makes them occupy less storage space. That means you’re spending less money.

Immutable backups

Immutable backups offer the huge advantage of helping to protect against ransomware attacks.

Protect all your systems, applications and data.

Protect all your systems, applications and data.

Gain continuous data protection, instant recovery and ransomware protection with our cloud-ready immutable backup solution.

Once you’ve written an immutable backup to storage (also known as object locking), your backup software configures the backed-up data so that it cannot be modified or deleted. It cannot be changed – not by you, not by anybody in your organization, not by the manufacturer of the backup system. In fact, not even ransomware can change it. Effectively, the status of the data is changed to read-only. That prevents malware and ransomware from altering or deleting the data. If you then encrypt your immutable backup, you ensure it will be useless even if attackers steal it.

Recovery testing

It would be a mistake to assume that recovering from your offsite backup will go smoothly simply because you want it to go smoothly. Smart backup administrators test not only the time it takes to move backup data off site but also the time it takes to recover that data. The aftermath of a crisis would be an inopportune time to learn that it takes a week or more to restore your data and get your business operating again. Far better to test and then, if necessary, change your offsite configuration for faster recovery.

Conclusion

Offsite backup complements onsite backup by ensuring your organization’s backup window suffices to protect your ever-growing data. Furthermore, it plays a prominent role in your data protection strategy by improving your chances of recovery after an outage or cyberattack.

Most of all, an offsite backup sharply mitigates your risk of data loss as an integral part of the 3-2-1 backup rule. Recovery from offsite backup will almost always take longer than from onsite, local backup. But if your data backed up on site is corrupted or inaccessible, slow recovery from off site is vastly better than having no option at all.

6 ransomware attack vectors where backups can help

Top analyst firm DCIG details the top ransomware attack vectors to know and the role a comprehensive backup and recovery strategy plays in combatting each of them.

View the Guide

Related Articles