For public sector employees who work in national security, emergency response or disease control, data access can literally mean life or death. In the event of data loss, the consequences can be substantial, even when the immediate implications seem less severe.

Fortunately, agencies can secure their information by having a backup in place, which can be accomplished quickly and with relative ease. Here are a few considerations for building and implementing an effective backup strategy.

Risk management     

How much data is actually required? Indiscriminately storing every email and file passing through an agency would be lunacy. Conversely, limiting the backup to only a few core components will inevitably leave out something important.

To find the sweet spot, calculate your risk tolerance level. Build a high-level list describing where data lives on the network — just a basic outline of where information such as payroll or consumer data  resides. With  that roadmap you’ll have a better idea about how data is sorted and be better positioned to assess risk.

The next step is assessing risk to applications and systems. Which are custom coded? Are they easy to replicate? Agencies working with a shared drive, for instance, don’t need to waste time or energy replicating that server. They can quickly establish a new one and transfer the data and applications to it. Ultimately, it’s all about finding your risk threshold and determining what you need to keep and what you can let go.

The right medium

Every school of thought, new or old, comes with its own set of biases. It’s critical to recognize those biases — and ideally set them aside — in order to develop a comprehensive, multitiered backup approach that accounts for multiple scenarios and priority levels:

  • Immediate: For mission-critical data that must instantly get back up and running, deploy an easily accessible backup, likely on a server housed in the agency or in the cloud.
  • Intermediate: For information that can wait a day or so to restore can be housed on network-attached storage that can be separated or replicated to another server.
  • Long-term: For data housed offline, either because it’s less important or because it’s so important it needs to be replicated separately from the network.

All federal agencies have restrictions around backups depending on the data’s importance and classification. Still, there are many possible routes requiring varying levels of effort.

Encryption has changed the way agencies can safely store data. For sensitive information with a limited lifespan, cloud storage is a perfectly viable option. Encryption takes years to break, after all. Even if the worst should happen, by the time it’s successfully (and maliciously) decrypted, that data will be long outdated.

By better understanding how data is classified — along with the risks of losing it or taking too long to restore it — agencies can make more informed decisions about how to store and manage it.

Testing and using your backups

If you’re not testing your backups, then you don’t truly have a backup. How can you know whether your backups are working unless you’re regularly testing them?

Don’t wait for a critical outage to learn your backups are faulty. It’s better to spend a little extra time verifying their functionality than to face the daunting task of rebuilding from scratch.

Your backup strategy, your chosen medium and your process for triaging information all becomes moot without regular testing.

So choose how to manage your risk, decide on a medium, have an offsite failsafe and then test the system on a regular basis. It may take effort, but it’s well worth the peace of mind.


This article was originally published in GCN. Greg Kushto is senior director of security and solutions engineering at Force 3.

Related Blog Posts

See All Blogs

GCN: Next Generation Data Centers

The norms around data access have shifted dramatically over the past few decades. Where accessing data in under a minute would have been miraculous in the late ‘90s, the new standard is measured in seconds. Even as the amount of…

NextGov: Security Doesn’t Have to Be a Sticking Point in Cloud Migration

Despite the innovations and efficiencies that come with cloud migration, only about 20 percent of federal agencies have migrated their applications and data to the cloud. Why such a low adoption rate? One reason is the challenge of securing data.…

Fifth Domain: How Agencies Can Protect Legacy IT As They Modernize

Cybersecurity threats grow more sophisticated every year. And while the federal government has pushed forward with efforts to modernize IT, some legacy systems pose unique challenges. Often, these systems remain static even as the landscape around them continues to change.…

GCN: What’s Next in Network Automation

In 2019, modernization will be a key driver for automation in federal agencies. Previous protocols, while often well understood, were fairly rigid. As agencies move to new technologies that are more malleable and adaptable to change, they must also become…

What You Need to Know about Data Privacy

Data privacy is the crossroads of confidentiality and integrity. When data is shared, either voluntarily or involuntarily, there’s an expectation that the collected information will be kept confidential. In general, data privacy is really about identity—social security numbers, credit card…

Cyberattacks and the DHS Directive – It’s Time for your Agency to Improve Your Authentication Protocols

By now CIOs across the federal government have seen Emergency Directive 19-1 issued by the Department of Homeland Security, which was issued in response to cyberattacks on DNS infrastructure for several executive branch agency domains. In these attacks, outsiders compromised…

NextGov: The Boldest Predictions for Federal Technology in 2019

Everyone is talking about artificial intelligence right now—it’s the buzz of the industry. But not many people fully understand what AI and machine learning can do. Jason Parry, our VP of Client Solutions, shares his prediction on the impact artificial…

Covering Your Blind Spots

Visibility and security are paramount to a network because you can’t have one without the other. As technology develops, and our reliance on internet connectivity grows, new road blocks appear that make visibility harder to achieve. How can CSOs adapt…

GCN: Protecting Critical Internet Infrastructure From IoT Device Risks

As the infiltration of internet-connected devices into nearly every aspect of daily life continues to expand, so do the vulnerabilities and security risks they create for their operational networks. That includes the devices and networks used by federal agencies that…

Keeping Your Agency Secure in the Cloud

Like it or not, no government is permanently safe from cyberthreats. The agencies that protect their citizen data the longest are the ones that best assess the risks facing them daily. It’s a situation that doesn’t change after organizations adopt…

GCN: Securing Data in the Cloud Requires Planning, Constant Vigilance

Government agencies know -- and have largely accepted the fact -- that moving to the cloud is inevitable. Where many start struggling is with the “how.”  How do they move legacy systems to the cloud? How do they choose the…

NextGov: It’s Time to Tackle the Problem of Unapproved Cloud Apps to Keep your Agency Secure

It’s a problem seen across all federal agencies: Employees are using cloud-based applications that aren’t approved or protected by IT teams. These apps range from sharing tools, such as cloud storage platforms, to social media sites or personal email accounts…

GCN: Why Blockchain Belongs in Government

Anyone with a finger on the pulse of the latest cybersecurity trends has probably noticed an increasing number of contributions to the blockchain conversation. The dialogue around blockchain, while loud, clear and growing, has been largely undirected for the past…

Federal Times: Can Industry Bridge the Government Cyber Skills Gap?

Federal agencies have until April 2019 to identify critical work roles and skill shortages in IT and cybersecurity as part of the Federal Cybersecurity Workforce Assessment Act. While this is a first step in determining a holistic approach to address…

CSO: Getting the Most out of Your Security Budget

There may be no more pressing need in today’s online world than quality cybersecurity, making it a top-line item for just about everyone. But even as the need builds, the salaries rise, and the expectations heighten, resources remain scarce. Security…

NextGov: The Time to Automate Security is Now

Cybersecurity threats are constantly evolving. Unfortunately, federal IT teams often find themselves low on resources, which means being proactive to combat them is a pipe dream. So how can leadership focus on strengthening their agency’s security posture when they spend…

TechTarget: Hyper-Converged Infrastructure Solutions Boost Channel

Enterprises are turning to hyper-converged infrastructure solutions because of their simple deployment model and high levels of automation. Some channel partners are cashing in on the technology shift, but traditional storage products still represent an enormous market. In this article…

CSO: Ways to Improve Your Security Team’s Response Time

When it comes to incident response, every second counts. The severity of breaches varies, but since damage done directly correlates to the time a malicious actor has access to your systems, it’s paramount that all threats are discovered and remediated…

3 Ways to Unleash the Power of Your Next-Generation Firewall

We more or less abandoned pagers more than 15 years ago. Fax machines have gone from ubiquity to near obsolescence. And floppy disks? Many of the most recent generation of tech users have never even held—let alone inserted—one. And yet,…

Cisco Live 2018: Vendor Opens Management Console to Partners

In this article for TechTarget, Force 3's VP of Client Solutions Jason Parry weighs in on the new opportunities arising from Cisco DNA Center. In Cisco's latest nod to software, the company has opened its Cisco DNA Center to developers,…

NextGov: How to Integrate TIC Security with the Federal Cloud-First Mandate

When the Trusted Internet Connections (TIC) initiative was first introduced more than a decade ago, the goal was to improve security in government IT systems by limiting the number of individual external network connections to the internet. Before implementing TIC security…

CSO: Security Metrics You Need for the Board

No one wants to show up to an important meeting empty-handed. But with so many analytics right at their fingertips, how can CSOs pick the right numbers to reflect their work? Here are three imperative security metrics to have in…

GCN: Building a Better Agency Through Software Orchestration

In federal IT, there is sometimes fear that software orchestration will render the technology professional’s role obsolete. This mindset, however, is misguided. In reality, the exact opposite is true: Orchestration has the potential to not only make federal IT workers’…

Preventing Ransomware Attacks the Right Way

Ransomware attacks continue to be a major threat with no sign of slowing down. Here are some lessons organizations can learn from federal agencies to better prevent them. While ransomware is hardly a new threat, it’s far from being obsolete.…

Anomaly Detection: Stop Threats Before They Hit Your Network

In today’s IT environment, endpoint monitoring is fairly standard procedure. Most organizations have at least some sort of system in place allowing them to collect network monitor firewalls and collect network usage data to for network anomaly detection. But, by…

5 Reasons Why Vulnerability Management Is No Longer Optional

For agencies determined to create the most effective network security strategy possible, vulnerability management is no longer optional—it’s a necessity.  If there’s anything we’ve learned in recent years, it’s that cyber threats just keep coming. Thwart one and a new…

3 Use Cases for Harnessing Next-Gen HCI

These days, between budgeting shortfalls and the unending data explosion, federal IT organizations face significant pressure to do more with less. This decline affected all areas of IT including software, hardware, networks and outsourced IT services. But even as funding…

NextGov: No Better Time for Software Orchestration

As agencies look to modernize, software orchestration offers an opportunity to make sure all their software is working together. It makes sense: All of your software should work together. And, once implemented, software automation and orchestration can help IT systems…

Best Practices for Thwarting Insider Threats

Testing the excerpt override field.

Hyper-Converged Infrastructure (HCI): Scalability and QoS

For federal agencies, hyper-converged infrastructure (HCI) offers scalability, quality of service. Federal agencies today face extensive pressure to move faster. Nowhere is this truer than in the IT realm, where teams are expected not only drive operational efficiency and reduce…

How can we help your agency achieve its mission?

Maximize your IT investments. Learn more about solutions and services from Force 3.