Automated Backups - At Scale

Best practices for data protection include periodic backups, done automatically, tested regularly, and stored remotely. But applying these practices is a trade off between security and convenience.

Keeping your data securely backed up is vitally important, but there are a number of ways in which it can go wrong.

Frequently, backups are stored locally, sometimes even on the device that is being backed up. This leaves them vulnerable to hardware failures, data corruption, and ransomware attacks.

Incorrectly configured backups can also introduce new vulnerabilities. If you experience an attack, your servers may automatically ship the malicious code to your backup server, corrupting your previous protection.

Setting up a complete end-to-end system requires a particular set of technical skills which are distinct from the usual skills involved in system administration.

BackUpScale is a security & privacy-focused SaaS solution for companies, organizations and individuals with a high need for data protection and archiving. The data is encrypted at all points in the system and is never readable without the keys.

It provides protection against data loss, including the ability to back out of ransomware attacks without paying off malicious actors.

Protection against data loss

Data backup is fundamentally a risk management strategy. Using the swiss cheese analogy, individual flaws act like the holes in a slice of swiss cheese. As you stack them on top of each other, holes in one slice are covered by the adjacent slices.

As long as there isn’t a continuous hole from the top to the bottom, systems continue to perform as expected.

Backup systems were historically designed to prevent accidental loss of data or progress. Security was not generally a big concern and backups were given low priority.

Recently the risk equation has started to change. Malicious actors are deliberately trying to line up the holes in the cheese and cause damage. Security incidents are more common and are increasingly catastrophic to an organization’s ability to operate.

BackUpScale is designed to provide enterprise-grade backups to support legal, regulatory, and strategic needs for data integrity, archiving, and privacy, including protection against data loss due to attack.

Backed up files are:

• isolated from the servers they are protecting,
• encrypted, and
• append-only, preventing either corruption or deletion of archives (whether malicious or accidental).

The entire system is maintained using client software on the protected servers, which retain control of all communications.

Server side management

The software which manages the backups is resident on the servers to be backed up so that all interactions are initiated on a “push” basis. This prevents attacks from being initiated on the remote end (one possible vector of attack in backup systems).

The client software provides an integrated solution for scheduling, encryption, and configuration.

All connections are made using dedicated security credentials.

Files are:

• selected
• snapshotted
• deduplicated
• compressed
• encrypted

Backups using this system can also include scheduled dumps of databases.

The entire process is run periodically so that there is no need for manual intervention, except when restoring from backups.

Minimization of size

Deduplication of data minimizes the size of the backups, reducing the cost of storage while maintaining long-term persistence of older data.

As part of the integrity of the system, older backups cannot normally be deleted (to prevent their loss in the event of an attack on the customer servers). Deduplication is a particularly useful feature, since it prevents the size of the backups from scaling unnecessarily with multiple copies of the same (unchanged) files.

To further minimize backup size, the data is also compressed. This reduces the size of backed-up files, saving storage space and optimizing bandwidth during backup and restore operations. Even large datasets are stored compactly, enhancing efficiency and cost-effectiveness while maintaining data integrity.

Protection against ransomware

If you experience a ransomware attack, the last thing in the world you want them to tamper with is your backups.

The architecture for BackUpScale is designed to prevent backup tampering. Even if the servers to be backed up are entirely compromised with malicious software, BackUpScale’s default configuration prevents any modification of existing backups. They can be counted on to securely restore your servers to the state they were in before the attack.

Because snapshots are saved in append-only mode, they cannot even be altered by compromised customer servers if this were to happen. While these devices can certainly continue pushing new versions of the backup data, they cannot modify existing ones.

Data Sovereignty and Local Compliance

As a globally-focused company, we are keenly aware of the need to provide data solutions that comply with local data sovereignty laws. For Enterprise clients, we include the option of using servers located in specific countries for both the BackUpScale server and the remote storage of backed-up files.

See the technical details, and/or get ready for our launch!