For public sector employees who work in national security, emergency response or disease control, data access can literally mean life or death. In the event of data loss, the consequences can be substantial, even when the immediate implications seem less severe.

Fortunately, agencies can secure their information by having a backup in place, which can be accomplished quickly and with relative ease. Here are a few considerations for building and implementing an effective backup strategy.

Risk management     

How much data is actually required? Indiscriminately storing every email and file passing through an agency would be lunacy. Conversely, limiting the backup to only a few core components will inevitably leave out something important.

To find the sweet spot, calculate your risk tolerance level. Build a high-level list describing where data lives on the network — just a basic outline of where information such as payroll or consumer data  resides. With  that roadmap you’ll have a better idea about how data is sorted and be better positioned to assess risk.

The next step is assessing risk to applications and systems. Which are custom coded? Are they easy to replicate? Agencies working with a shared drive, for instance, don’t need to waste time or energy replicating that server. They can quickly establish a new one and transfer the data and applications to it. Ultimately, it’s all about finding your risk threshold and determining what you need to keep and what you can let go.

The right medium

Every school of thought, new or old, comes with its own set of biases. It’s critical to recognize those biases — and ideally set them aside — in order to develop a comprehensive, multitiered backup approach that accounts for multiple scenarios and priority levels:

  • Immediate: For mission-critical data that must instantly get back up and running, deploy an easily accessible backup, likely on a server housed in the agency or in the cloud.
  • Intermediate: For information that can wait a day or so to restore can be housed on network-attached storage that can be separated or replicated to another server.
  • Long-term: For data housed offline, either because it’s less important or because it’s so important it needs to be replicated separately from the network.

All federal agencies have restrictions around backups depending on the data’s importance and classification. Still, there are many possible routes requiring varying levels of effort.

Encryption has changed the way agencies can safely store data. For sensitive information with a limited lifespan, cloud storage is a perfectly viable option. Encryption takes years to break, after all. Even if the worst should happen, by the time it’s successfully (and maliciously) decrypted, that data will be long outdated.

By better understanding how data is classified — along with the risks of losing it or taking too long to restore it — agencies can make more informed decisions about how to store and manage it.

Testing and using your backups

If you’re not testing your backups, then you don’t truly have a backup. How can you know whether your backups are working unless you’re regularly testing them?

Don’t wait for a critical outage to learn your backups are faulty. It’s better to spend a little extra time verifying their functionality than to face the daunting task of rebuilding from scratch.

Your backup strategy, your chosen medium and your process for triaging information all becomes moot without regular testing.

So choose how to manage your risk, decide on a medium, have an offsite failsafe and then test the system on a regular basis. It may take effort, but it’s well worth the peace of mind.


This article was originally published in GCN. Greg Kushto is senior director of security and solutions engineering at Force 3.

Related Blog Posts

See All Blogs

Keeping Your Agency Secure in the Cloud

Like it or not, no government is permanently safe from cyberthreats. The agencies that protect their citizen data the longest are the ones that best assess the risks facing them daily. It’s a situation that doesn’t change after organizations adopt…

GCN: Securing Data in the Cloud Requires Planning, Constant Vigilance

Government agencies know -- and have largely accepted the fact -- that moving to the cloud is inevitable. Where many start struggling is with the “how.”  How do they move legacy systems to the cloud? How do they choose the…

NextGov: It’s Time to Tackle the Problem of Unapproved Cloud Apps to Keep your Agency Secure

It’s a problem seen across all federal agencies: Employees are using cloud-based applications that aren’t approved or protected by IT teams. These apps range from sharing tools, such as cloud storage platforms, to social media sites or personal email accounts…

GCN: Why Blockchain Belongs in Government

Anyone with a finger on the pulse of the latest cybersecurity trends has probably noticed an increasing number of contributions to the blockchain conversation. The dialogue around blockchain, while loud, clear and growing, has been largely undirected for the past…

Federal Times: Can Industry Bridge the Government Cyber Skills Gap?

Federal agencies have until April 2019 to identify critical work roles and skill shortages in IT and cybersecurity as part of the Federal Cybersecurity Workforce Assessment Act. While this is a first step in determining a holistic approach to address…

CSO: Getting the Most out of Your Security Budget

There may be no more pressing need in today’s online world than quality cybersecurity, making it a top-line item for just about everyone. But even as the need builds, the salaries rise, and the expectations heighten, resources remain scarce. Security…

NextGov: The Time to Automate Security is Now

Cybersecurity threats are constantly evolving. Unfortunately, federal IT teams often find themselves low on resources, which means being proactive to combat them is a pipe dream. So how can leadership focus on strengthening their agency’s security posture when they spend…

TechTarget: Hyper-Converged Infrastructure Solutions Boost Channel

Enterprises are turning to hyper-converged infrastructure solutions because of their simple deployment model and high levels of automation. Some channel partners are cashing in on the technology shift, but traditional storage products still represent an enormous market. In this article…

CSO: Ways to Improve Your Security Team’s Response Time

When it comes to incident response, every second counts. The severity of breaches varies, but since damage done directly correlates to the time a malicious actor has access to your systems, it’s paramount that all threats are discovered and remediated…

3 Ways to Unleash the Power of Your Next-Generation Firewall

We more or less abandoned pagers more than 15 years ago. Fax machines have gone from ubiquity to near obsolescence. And floppy disks? Many of the most recent generation of tech users have never even held—let alone inserted—one. And yet,…

Cisco Live 2018: Vendor Opens Management Console to Partners

In this article for TechTarget, Force 3's VP of Client Solutions Jason Parry weighs in on the new opportunities arising from Cisco DNA Center. In Cisco's latest nod to software, the company has opened its Cisco DNA Center to developers,…

NextGov: How to Integrate TIC Security with the Federal Cloud-First Mandate

When the Trusted Internet Connections (TIC) initiative was first introduced more than a decade ago, the goal was to improve security in government IT systems by limiting the number of individual external network connections to the internet. Before implementing TIC security…

CSO: Security Metrics You Need for the Board

No one wants to show up to an important meeting empty-handed. But with so many analytics right at their fingertips, how can CSOs pick the right numbers to reflect their work? Here are three imperative security metrics to have in…

GCN: Building a Better Agency Through Software Orchestration

In federal IT, there is sometimes fear that software orchestration will render the technology professional’s role obsolete. This mindset, however, is misguided. In reality, the exact opposite is true: Orchestration has the potential to not only make federal IT workers’…

Preventing Ransomware Attacks the Right Way

Ransomware attacks continue to be a major threat with no sign of slowing down. Here are some lessons organizations can learn from federal agencies to better prevent them. While ransomware is hardly a new threat, it’s far from being obsolete.…

Anomaly Detection: Stop Threats Before They Hit Your Network

In today’s IT environment, endpoint monitoring is fairly standard procedure. Most organizations have at least some sort of system in place allowing them to collect network monitor firewalls and collect network usage data to for network anomaly detection. But, by…

5 Reasons Why Vulnerability Management Is No Longer Optional

For agencies determined to create the most effective network security strategy possible, vulnerability management is no longer optional—it’s a necessity.  If there’s anything we’ve learned in recent years, it’s that cyber threats just keep coming. Thwart one and a new…

3 Use Cases for Harnessing Next-Gen HCI

These days, between budgeting shortfalls and the unending data explosion, federal IT organizations face significant pressure to do more with less. This decline affected all areas of IT including software, hardware, networks and outsourced IT services. But even as funding…

NextGov: No Better Time for Software Orchestration

As agencies look to modernize, software orchestration offers an opportunity to make sure all their software is working together. It makes sense: All of your software should work together. And, once implemented, software automation and orchestration can help IT systems…

Best Practices for Thwarting Insider Threats

Testing the excerpt override field.

Hyper-Converged Infrastructure (HCI): Scalability and QoS

For federal agencies, hyper-converged infrastructure (HCI) offers scalability, quality of service. Federal agencies today face extensive pressure to move faster. Nowhere is this truer than in the IT realm, where teams are expected not only drive operational efficiency and reduce…

Dark Reading: 3 Tips to Keep Cybersecurity Front & Center

In today’s environment, a focus on cybersecurity isn’t a luxury. It’s a necessity, and making sure that focus is achieved starts with the company’s culture. For IT departments — especially in large organizations — daily operations are complex, multifaceted, and…

IoT & The Intelligent Edge: Defending Outside The Firewall

The Internet of Things, though still evolving, has pushed its way into the workplace. The result? CSOs are working overtime to keep up. What’s the protocol for these connected devices, and how do they fit into the existing security infrastructure?…

GCN: The Hidden Challenges of Federal IT Modernization

In the next three years, an estimated $3 billion worth of federal IT equipment will reach end-of-life status, according to former U.S. Federal CIO Tony Scott. It’s an intimidating number, and one that indicates just how far-reaching the need is…

IoT in Federal: From Concept to Reality and Risk

The way we reconcile our security concerns with IoT’s inevitable integration will determine whether the revolution upgrades our lives or creates chaos.  Remember when the Internet of Things was more concept than reality? Those days are long gone. Demand for…

Stealthwatch vs. Insider Threats

In an evermore threatening cybersecurity landscape, how can organizations protect themselves from one of the greatest security risks of all: The Insider Threat. Did you know? 66% of cyber attacks in 2015 were carried out by insiders. 74% of organizations…

NextGov: How Can Agencies Prepare for a Software Future?

For federal agencies and their IT teams, change is inevitable. After all, it’s the nature of IT to change and grow alongside rapid innovation. Today, agencies must adapt as we shift from a hardware-centric model to an increasingly software-defined world.…

Insider threats: 4 vulnerabilities you’re missing

Here are four insider threat vulnerabilities that are undervalued and what we can do about them.

NextGov: How Endpoint Security Helps Secure Humans

Humans: We’re impulsive, we’re fallible, we make bad decisions, and sometimes we do so on purpose. And yet, when it comes to cybersecurity, we too often focus on securing the network, without fully considering the role of the actual network…

Beyond Prevention: Cisco’s Next-Generation Endpoint Security

When it comes to endpoint security, Advanced Malware Protection is critical. The only way to defeat today’s security threats is to address them holistically across the full attack continuum—before, during and after an attack. The Cisco approach of continuous endpoint…

How can we help your agency achieve its mission?

Maximize your IT investments. Learn more about solutions and services from Force 3.