da-5 Critical priority Data Security / Data Security

Backups of critical data are maintained and tested

Ransomware and accidental deletion both lead to the same outcome: data loss that halts operations. Backups are the primary recovery mechanism for both scenarios. A backup that has never been tested is not a backup; it is a guess. Backups must be stored separately from production systems, ideally offline or in a separate cloud account, so that a ransomware infection cannot encrypt or delete them.

3h estimated effort

backups recovery business-continuity disaster-recovery

Complete first: da-1

Implementation steps

1

Identify critical data and configure automated backups

Using the data inventory from da-1, identify which systems and datasets are critical to operations. Configure automated, scheduled backups for all critical data. Define your recovery point objective (RPO) to determine backup frequency. Store backups in a separate environment, such as a different cloud account or an air-gapped storage system.

aws-backup azure-backup veeam backblaze-b2 acronis
2

Protect backups from ransomware with immutability and isolation

Enable immutable or object-locked storage so backups cannot be deleted or overwritten by ransomware that gains access to production credentials. Store at least one copy offline or in a separate cloud account with no standing access from production. Follow the 3-2-1 rule: three copies, two different media, one offsite.

aws-s3 azure-immutable-blob wasabi backblaze veeam
3

Test restores regularly and document recovery procedures

Run restore tests at least quarterly for critical systems. Measure how long restoration takes and compare against your recovery time objective (RTO). Document the restoration procedure step by step so that any team member can execute it under pressure. Track restore test results and fix failures promptly.

aws-backup veeam azure-backup runbooks confluence