The short answer is… sometimes.
We ran into an issue recently with a client right here in Miramichi, who has their own technical team. They had been doing backups faithfully. Unfortunately, their server had crashed. It wasn’t booting at all. Once we were able to get it back up and running, we discovered that the RAID drive for their data had failed (Redundant Array of Independent Disks). 3 of the 4 drives were completely empty. Impossible? Unfortunately, and sadly, no.
REMEMBER THIS: A RAID is still a single device and because of that, also a single point of failure. (More on this soon.)
There was NO data on any of them; nothing from the last three months was stored for any of their users, their clients, or their organization.
While troubleshooting an issue for the server we tested the server backups for them and discovered the backups were not working.The drives were not actually backing up any data. Their team was simply taking the “full” drives out and marking the date and time that they removed the backup drives. They would then replace them. Then they would move the “full” ones off-site (which we also recommend).
After that – the team replaced the entire set of portable hard drives. Which was great. But they did not check to see if the new drives were backing up. Our team corrected the issue.
Fortunately, we had our own hard drive in the back of the server (that their IT team wasn’t aware of) for redundancy and that’s where their backups were found. All three months of data that they NEVER would have recovered was on the hard drive that Adaptive installed as a precautionary measure… knowing the risks they were taking by not inspecting their own hard drives.
If they had lost everything… Can you imagine the moment that a considerable amount of people would be told that their last backup was 3 months ago? All that work, data, photos, contracts, gone!
That would have been a defining moment in the organization’s history. One that they may never have recovered from.
In excerpts from a scathing article (about RAIDs), Pete Marovich wrote, “A RAID IS NOT A BACKUP. Yes it can be used as a backup destination, but the redundancy is not a backup in itself. One of the first things to remember is that an archive and a backup are NOT the same.
The concept of a RAID is to combine multiple, less-expensive drives into a single, higher-capacity and/or faster volume. It is designed for redundancy so that the array and its data remain usable WHEN (NOT IF) a drive fails.
The problem with considering a RAID as your backup is that it doesn’t help you with file deletion, corruption by applications, the operating system or viruses.
So if you accidentally delete a file, it will instantly be removed from both mirrored copies. If your disk is corrupted by a software bug or virus, the corruption will be done to both mirrored copies simultaneously.
Having all the drives in one box that is being served by one power supply and controller has its problems too. A bad enough power surge can fry all disks in the RAID. If your house burns down… well, you get the point.
A RAID is still a single device. And because of that, also a single point of failure.
A BACKUP needs to be a complete and recoverable copy of your data that resides on a separate hard drive. Proper backup software will perform a full backup and hourly or daily backups of changed files. This gives you the opportunity to go back and recover something that may have been accidentally deleted.”
Thanks Pete! Okay… now that the cautionary tale portion of the article is complete, let’s take a step back and talk about why you need to do backups, and where you should store them. We suggest you get a cup of coffee before moving on. While this is an in-depth topic, you don’t want to miss a word of this entire article.
In excerpts from an article by 2BrightSparks, they wrote…
Backup Your Files: Your Vital Task
If you use a computer for storing any sort of information, it’s vital to ensure that your data is being backed up. An unexpected event like hard drive failure, file corruption or even a virus, could wipe out all your important files when you least expect it.
So data backup should be an essential part of your computer usage routine, but not everyone does it correctly. Some may be intimidated by the apparent scale of what’s required, not knowing where to start, what files to backup, where to store their backups or even which backup software to use. This article answers all of these questions and more.
Why is backing up your files so important?
Computers use drives to store your data. The constant reading and writing of data will eventually lead to drive failure, due to mechanical failure or drive degradation, usually without warning. There are also other situations which may result in data loss, such as power failures, system or file corruption, viruses, ransomware, or malware attacks. It is therefore important to store a copy of your data somewhere else – as a safety net or form of redundancy.
Where should you back up your data?
The choice of media may depend on several factors, including the size of the backups, setup complexity, portability and security requirements, budget, on-site or offsite backup.
External hard drives – One of the most common storage mediums, external drives, are easy to set up, relatively cheap, provide multiple storage size options, are portable and are usually large enough to store a lot of data. However, like the hard drives in your computer, they are prone to failure over time, risk being misplaced (lost) or damaged (when dropped), and may eventually run out of storage space as their size is fixed. External drives may also risk being stolen or destroyed in a disaster (power-surge, fire, flood, etc).
[At Adaptive, we recommend encrypted hard drives like https://www.ironkey.com/en-US/encrypted-storage-drives/ in case the hard drives were ever stolen.]
USB flash drives – Thumb drives, or USB flash drives, are plug n’ play, ultra-portable, inexpensive, and durable. They are good for transporting data between locations efficiently. However, they are also prone to being lost or stolen, have a low storage capacity, and certain higher-end models are more expensive. There is also the issue of durability to consider.
Disc media (CD-/DVD-Rom & Blu-Ray) – Burnable disc media is a dying storage medium, although there are still some people who use them. They are cheap, portable, and can be used for offsite storage. However, they have limited storage capacity, a short shelf life and are considerably slower than hard/flash drives.
Network Attached Storage (NAS) – A NAS device utilizes an array of storage drives to create redundancy and a larger combined storage. A NAS device is connected to the network for shared access. The storage drives used in NAS are usually sold separately so it may be costly to set up. However, NAS devices offer better data redundancy, drive failure protection in real time and performance using RAID configurations. It should be noted that some NAS manufacturers may also provide inferior software that may be buggy, which may cause issues during backup (like storing files with the wrong modification date/time stamp, for example). Some NAS are located onsite, making it vulnerable to disasters like theft, power-surge, fire and flood.
[Adaptive Pro-Tip: You can’t rely on this alone. Even the NAS needs to be backed up. Some people put a NAS in the office and think they are safe. What if the NAS was stolen? Or a Cyberattack? Or Fire?]
Cloud Backup – Storing your data in the cloud is the latest trend in backup technology. Data stored on cloud services are always accessible from any internet-connected device. Cloud storage is offsite, so it keeps your data safe from disasters. There are several cloud services available, and most cloud services provide a limited amount of online storage for free. Users can pay a recurring fee to buy more storage, but note that charges may get expensive over time. Online backup tends to be slower, especially if you have a lot of data to backup. [We] support the following cloud services – Amazon S3™, Google Storage™, Google Drive™, Google Photos™, Microsoft Azure™, Microsoft OneDrive™, OneDrive for Business (Office 365), SharePoint™ (Office 365), Dropbox™, Box, SugarSync™, OpenStack, Backblaze™ B2, OVH™, Egnyte™, hubiC™, Citrix ShareFile™, pCloud™ and WebDAV.
FTP/FTPS/SFTP – Like cloud storage, FTP is an offsite storage solution and may be a solid and reliable option to consider if available. While most people are moving towards cloud services, FTP remains a viable option for some. SFTP and FTPS servers offer an additional layer of security.
It is recommended to keep at least 2 or more backup copies of your data and that these should be updated on a regular basis. Storing these backups in different physical locations will help ensure you have at least a backup copy elsewhere should disaster strike one of your locations.
Which files should you back up?
With a backup and synchronization program, you can use it to back up a list of files and folders specified by you. This will allow you to backup just the important files that you need. So how to identify which files are important and where do we find them? As a rule of thumb, files created by you are the type of files you should backup. System files, Windows operating system folder, installed programs, and temporary files are files that are not required for backup.
Below is a checklist of the most common data files recommended for backup.
Disclaimer – Bear in mind this list is non-exhaustive. Every computer setup is different, so the type and amount of data to backup will vary from user to user. The locations of the data mentioned in this list are their default locations, but it may be stored in a different location in your computer if you have previously customized their storage location. Only you will know where all your files are stored. You may also have data for special programs that are not mentioned in this list so you may need to locate and include them as part of your backup routine.
1. Your User folder containing your documents, music, pictures, etc (C:\Users\Username\)
On a modern Windows PC, most of your personal files are located under C:\Users\USERNAME\, where USERNAME is your Windows user account name. This is the default directory that stores your user account’s data folders. These include your Documents, Pictures, Downloads, Desktop, Music, and Video folders. Other important subfolders include OneDrive, Dropbox, Google Drive folders, if you use these cloud services.
A hidden subfolder, AppData, is also stored here. This folder stores program settings and data specific to your user account.
2. Internet browser bookmarks or favorites
Depending on which Internet browser you are using, the location where your bookmarks (or favorites) are stored may vary. For example, Internet Explorer may save your bookmarks under the Favourites folder in your user account folder, whereas Google’s Chrome browser may save them as a bookmark file buried under \AppData\Local\Google\Chrome\User Data\Default\ directory. Other browsers like Chrome, Firefox, etc also offer the Sync feature which lets you synchronize your browser’s settings (including bookmarks) across multiple devices. Please check your browser’s Help file to find out the optimum way to back up your favorites.
3. Email backup
If you are using a desktop email client setup with the IMAP protocol, chances are you won’t need to back up your emails as the original copies of your emails are stored on the email server. This means if your computer crashes, you only need to reinstall Windows and the email client, then set up your email configuration to have access to your emails again. However, if you are using the POP3 protocol to download your emails to your desktop client, then it’s important to back them up.
The location where your downloaded emails are stored will vary depending on which email application you use. Popular clients like Outlook store downloaded emails as .PST files and they are stored in the user account’s AppData folder. However, it is recommended that you check your program Help for exact steps to locate them.
4. Backup the backup application and the backup tasks
If your computer crashes, it would be important to reinstall the backup application and import the backup task to run a Restore job as soon as possible. Thus, it would be a good idea to keep a copy of the backup application and the backup tasks files. You will also need to save the serial number (if your program is licensed) for easy retrieval.
5. Keep a list of all installed programs
You may also want to keep a copy of all the programs you use. This makes reinstallation easier during a disaster recovery. It would therefore be advisable to copy any new programs you download and install from the Internet to a special folder that gets backed up as part of your backup routine.
6. If you store important data in other locations besides the user account folder, those should be marked for back up as well.
Which files should not be backed up?
Folders that are not required for backup include your Windows, Program Files and Program Files (x86) (for 64-bit Window OSes) folders. Windows system files cannot be transferred to a different PC hardware and these files will be automatically set up when a new Windows OS is installed, so it’s unnecessary to make a copy of them. This applies to the Program Files folder as well, since you will need to reinstall most of your applications on a new OS.
Is cloning or disk imaging necessary?
To make an exact copy of your drive, including your Windows operating system, you must use disk imaging software. Disk imaging copies the entire disk (the parts that are used) bit-by-bit. This results in a copy that will take up a lot of disk space, and take a long time to copy. Disk imaging isn’t generally the best answer to backing up for a few reasons.
Your Windows operating environment is constantly changing. Programs are installed, updated, uninstalled, and settings are changed. Many important security specific applications are also regularly and automatically updated. Anyone, for example, who uses their computer to connect to the Internet should have in place Anti-Virus, Firewall, and Anti-Spyware programs that often update many times a week.
Another significant reason creating a disk image of your drive is not an advisable routine backup procedure is that all misconfigurations of your system, dormant security threats, and the vast amount of junk or temporary data that are created and stored on your system, will also be copied. Much of this junk data cannot be deleted as it is generated behind the scenes in your system. This results in a decrease in performance and speed, and can also lead to system instability. And when you restore from an image, you may even be restoring infected versions of your files.
Lastly, if you change your computer then it’s almost guaranteed that you won’t be able to restore from a disk image as that disk image contains all the drivers and settings for your previous computer’s hardware, which is probably different.
These issues, combined with the much longer, costlier, and less convenient disk imaging process inevitably means that for the average user, disk imaging is carried out far less frequently than the kind of backup that only copies your personal data. It’s important to remember that making regular backups to a different location is the key to an effective backup strategy.
People who use disk imaging often use file backup programs as well. For example, they take a snapshot of their hard disk using the disk imaging software, e. g. every week, month, or at ad-hoc times, but use the file backup program to make regular backups of their important files, e.g. scheduled every day or even hourly. When doing a restore they first restore the disk image then restore their files using the file backup program. This requires more setup and it only works if you are restoring your OS on the same PC.
How often you should backup your files may depend on how often you make changes to your files. If you change and save your documents daily, it is recommended to make a backup at least once a day. In some instances, some files (like data logs) may be updated multiple times per day, in which case a backup task configured to back up in real time is more appropriate. Some users may also use Incremental or Differential backups to capture file changes over a week, etc. Others may use Versioning to capture various file versions as their draft document is reworked throughout the day.
It’s very easy (and important) to have your vital files backed up without you having to remember to do so. The backup can be done automatically, every day, while you sleep. It can be done while you’re on holiday or out of the office. Computers are designed to help automate tasks, so let your computer and software automate your backups.”
Okay… now that the backup suggestions have been covered, let’s move on to the topic of verifying that your backups are working.
In an article by Intego, they wrote, “Every one of us has some type of data we can’t afford to lose. Pictures, spreadsheets, emails, financial data or the draft of that novel you’ve been writing—you name it. I’m referring to the data you think of when, for instance, I ask, ‘What would you hate to lose most if your computer crashed, right now?’
If you’ve been an avid reader of our blog, you know to have at least one backup of all your important data at all times (three is better), and luckily these days more people are indeed backing up their data. Yet something most people rarely do, if ever, is verify that your backups are working properly.
When was the last time you tested your backups to verify they are actually working?
Backing up your data is great, but it doesn’t mean a thing if your backup is corrupted or if the drive or disc that holds the backup is damaged. If the original data is damaged or corrupted, the backup will likely be as well.
Hard drives (and even solid state drives) go bad eventually. Sometimes this can happen in a few months, other times it can take years before an issue manifests. Sudden loss of power, improper shutdowns or botched installations or updates can also damage a drive’s formatting. This is not a hardware type of damage, but it can affect your data.”
Now that we’ve covered these backup tips, let’s get back to the pesky topic of RAIDs…
In an article by StorageCraft, they explain, “Backups, as we know, create copies of your original data so that you can recover the data in the event of a disaster. Redundancy, the driving force behind RAID, aims to provide continuity no matter the weather. Be it at the network or data level, redundancy makes it so no single point of failure can bring your operation to a halt. While redundancy enables it to contribute to business continuity, disaster recovery is where RAID falls short.
1. RAID Can’t Stop Malware
Malware has many faces, but none is causing ruckus quite like ransomware. The classic virus overwrites your files and brings your system to a crawl until you remove the infection. Ransomware essentially holds your system hostage until you pay to regain access. Unfortunately, this sort of infection strikes so fast that it renders anti-virus software powerless. RAID can prevent disruptions, but it cannot keep your system up and running when ransomware takes hold. Next to prevention, a good backup strategy is the only way around paying the ransom and avoiding significant downtime.
2. RAID Can’t Eliminate Human Error
RAID is a proven effective way to mitigate downtime caused by hardware failure. However, it is ineffective when human error comes into play. According to a recent study championed in tandem by Ponemon Institute and Emerson Network Power, human error is responsible for 22 percent of data center outages. This percentage has not changed since the 2013 version of this study, suggesting that something is still amiss when it comes to employee education. If an employee accidentally deletes company data [which will also be deleted from the RADI], backup copies kept on or offsite are the only option for recovery.
3. RAID Can’t Mitigate Onsite Disasters
Disaster in the data center is something we’d prefer not to think about. The mere thought is depressing. Dreadfulness aside, every organization should plan to combat unplanned downtime. A flood, hurricane, or fire can sweep through without warning and literally destroy everything in the data center – RAID controllers and backups included. The most reliable way to mitigate disaster in your facility is to not only backup, but commit to an offsite backup strategy that allows you to recover in a worst case scenario.
4. RAID Can’t (usually) Prevent File Corruption
Most RAID configurations have built-in safeguards that prevent data loss in the event of hardware failure. RAID has well documented data protection capabilities, but it is not a fail-safe solution for data corruption. As we discussed in a previous post, RAID can actually make matters worse by replicating the damage throughout the array. Even a good backup plan may be challenged if copies of the corrupt files are made. The one saving grace is that conducting regular backups increases the likelihood of being able to restore your files to a point before corruption occurred.
5. RAID Redundancy Has Its Limitations
While the entire RAID concept is based on redundancy, there are scenarios in which a backup can do a better job of it. In fact, the ideal backup plan is redundant by nature. It’s strongly recommended to keep copies of mission-critical data in at least two separate locations. For example, you can protect against fires and other onsite disasters by storing copies of your files in a different data center and another copy in the cloud. Spreading those copies across different regions would protect against even bigger issues. This redundant approach to backup is the best possible way to ensure business continuity.
If you’ve been thinking of depending on RAID as your one and only data protection solution, remember this: RAID will help mitigate most system failures. Backup will allow you to roll back time when failure can’t be prevented. Instead of going the do or die route of choosing one or the other, you can get even better results by doubling down with both and giving yourself an added peace of mind.”
So, we encourage you, as part of your backup plan, your disaster recovery plan, your cyber plan, to make sure that part of your process is to test and verify that the backups are working.
One of the great things about Adaptives comprehensive Cyber Security Plan is that we back up our clients data in a secure and verified Canadian data center, in addition to other, redundant backup solutions.
At Adaptive Office Solutions, cyber security is our specialty. When you know your technology is being looked after, you can forget about struggling with IT issues and concentrate on running your business. By making an upfront investment in your cybersecurity, you can lower your costs through systems that are running at their prime; creating greater efficiency and preventing data loss and costly downtime.
To schedule your Cyber Security Risk Review, call the Adaptive Office Solution service hotline at 506-624-9480 or email us at firstname.lastname@example.org