Kwartik's Blog

November 28, 2009

Designing a safe and practical long-term backup solution

Filed under: SysAdmin — Tags: , , , — kwartik @ 10:26 pm

1. The paradox

A worrying tendency has been growing exponentially in the last two decades, worrying because it can give a totally false impression of security to its adepts. This tendency has several denominations like digitization or de-materialization.

All the knowledge that has been archived on traditional support (stone, paper) by our ancestors since the invention of writing, approximately 5300 years ago, is being migrated onto this new so-called “numerical” support, fundamentally different. Functionally fundamentally different because it gives data a new dimension which can be defined as the intersection of ubiquity and instantaneousness and which literally revolutionizes sharing capabilities. But also fundamentally different by essence. Data becomes virtual, its physical representations and locations obscure for most of the humanity, the knowledge of the machinery of this new technology is shared only by a relatively small community of skilled technicians. A characteristic of this new support is its dependency to energy. Depending of the numerical support, absence of electrical power, means at least impossibility to read the data, and at most total loss of the data. We know that energy management is going to be a key challenge in this millennium. What would be the consequences if energy resources were to be one day insufficient to keep alive this gigantic amount of virtual data which is growing at such an incredible speed ?

Data destruction sinistrality takes also a new dimension with this technology revolution. History has been marked by several acts of intentional or accidental data destruction (acts often materialized as book burnings) and such regrettable events continue and will for sure continue to happen in this new numerical era. The two main differences that can be noticed in the new destruction events are their magnitude and instantaneousness. Who has not experimented a data loss or corruption due to a virus (criminal event) or hard disk failure (accidental event) ? How much data was present on this hard disk that just failed ? Today, 1 Tera bytes disks are common, they can easily host the equivalent of a million of books ! The next generation saving units will  be more and more capacitive, probably in the order of the Peta bytes in 2025 if we consider that Moore’s Law also applies to hard disks!  Risks take definitely a new magnitude. The reasoning can also be pushed at organization level. Consequences for an organization that would lost its data after an electromagnetic attack are disastrous. Electromagnetic weapons do exist and have already been successfully tested on real companies ! It is not an hazard if companies that are totally dependent on their information systems choose, if they can afford it, to bury their electronic equipments in bunkers !

I have the feeling to observe a paradox in my daily life. On the one hand we are (or can be if we decide to) aware of the dimension of these new risks, on the other hand we blindly archive under this new format every single event of our daily life ! The next part of this article tries to define the security measures that should be taken to limit the risk of personal data lost and proposes a practical technical implementation.

2. Risks Analysis

Data loss causes are either accidental or criminal.

Accidental causes are events such as :

  • hardware failures (electronic or mechanicals components)
  • human error
  • software bugs

Criminal causes are events such as :

  • hardware thefts
  • hacking (viruses, system compromising ..)
  • Electromagnetic attack

3. Requirements for a safe backup policy

Backup (or more generally redundancy) is certainly the best and only parade to data loss but it has to be done carefully as it can give a real false impression of security if not done properly. Indeed, defining and implementing a back-up policy is quite challenging as all the different risks should be taken into consideration. We will focus here on the use case concerning individuals willing to deploy a practical solution to secure their personal data. The case of data backup management within an organization is more complex to address as there are real-time security requirements, also because of its important size and the fact that it is usually spread on many physical locations, but the general principles exposed here are still valid.

A crucial parameter to take into consideration in the backup policy is the fact that damages after any of the previous causes are not necessarily immediately visible – part of the data may be in a incoherent state while the other isn’t. If the concerned incoherent files are diagnosed as corrupted too late, restoring the back-up may not help if this back-up has been done after the compromising. This is why it is fundamental to have a data backup technology allowing to restore the state of a file at different points in time. The earlier state it is possible to restore, the safer the backup is.

An other crucial principle is that the backup should be performed on a non-rewritable medium. It is indeed very easy to imagine a nasty virus capable of deleting in a few seconds all the data present on a rewritable backup medium like a external hard drive as soon as it is plugged into the system.

Backup (or more generally redundancy ) is certainly the best and only parade to data loss but it has to be done carefully as it can give a real false impression of security if not done properly. Indeed, defining and implementing a back-up policy is quite challenging as all the different risks should be taken into consideration.


Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Create a free website or blog at

%d bloggers like this: