Data is the new oil. This simple statement has been used by IT experts worldwide to highlight just how much businesses and organizations depend on digitalization. This phrase may have become a buzzword, but that does not mean it is wrong.

Everything we interact with is data-based. From the coffee shops, where you buy coffee, to the traffic lights on your way to work to our phones and all the devices around us, everything is based on data. While this brings a lot of benefits and enables great, never-before-seen, customer experiences, this also creates a unique caveat. If the underlying IT infrastructure fails, then that business stops and consequently starts losing money.

Cybercriminals understand this and have your data in their sights. That said, some best practices have been around for years and always stay current. As new attack vectors appear, new means to protect IT infrastructure emerge. However, some best practices have been around for years and always stay current.

The 3-2-1 rule of storing your data states that you should keep three copies of your data—one original and at least two copies—on two different types of media (network-attached storage, tape, or a local drive, for example)—with one copy stored offsite in the cloud or secure storage. That has since been updated to the 3-2-1-1 rule. The addition of the extra digit is for an immutable backup repository, meaning the data can’t be changed or deleted.

A typical example of a well-built infrastructure according to best practices that offers a high degree of protection from cyberthreats would be a highly available shared storage cluster with a cloud backup instance and an immutable backup appliance.

Why isn’t this best practice the golden standard used by every company? People tend to underestimate the chance that they will face a cyberattack and think that best practices are needed to protect the data IF something happens. Unfortunately, the problem is that you need to be prepared WHEN something happens.

According to cybercecurity and backup vendors' reports, in 2023 93% of ransomware attacks attempted to destroy backup data. And only 13% of companies managed to recover their data without paying a ransom. You may think this means that paying a ransom is a painful but surefire way to save your business. However, there is still 20% of companies that pay the ransom and still don’t get their data back.

Are these numbers a reason to panic? Definitely not. Are these numbers a reason to be responsible when building out your IT infrastructure and preparing your backup strategy? For sure!

According to research, only 24% of users have well-matured backup plans that are getting regularly tested. Meaning that they don’t even know if they can recover in case of disaster/ransomware event.

That said, what are the best approaches to forming a mature DR strategy?

• Match your backup frequency to your Recovery Point Objectives
• Match the speed of your backup repositories to your service-level demands
• Always follow the 3-2-1-1 role
• Automate your disaster recovery runbooks
• Do not use backups for long-term data retention

A lot of these points can be easily performed if you focus on them and make them a priority for the company. The 2 difficult parts are picking the right backup solutions that meet your business needs and getting immutability right.

Immutability has become a relatively new but crucial element of protecting backup infrastructures. On a basic level, it means that once the data has been written to your backup repository it can’t be overwritten or edited in any way. Configuring immutability can be complex unless your backup solution comes with it as a default option that is preconfigured.

Another thing is picking the right solution for you based on RTO and RPO requirements. Balancing the cost of the backup infrastructure with the recovery performance can be a tricky challenge. As an example, StarWind uses high-performance NVMe-based backup storage to completely change the way people think about RTPO. You can back up as often as you want and recover as fast as you need, while still balancing the cost of the infrastructure due to some clever engineering.

Navigating the tricky seas of building a mature backup strategy can be tricky, but sticking to best practices and vetting your option when it comes to backup software and backup storage will take your business a long way in terms of protecting your data.