Offsite Backup copy to Bank Locker suggestions.



  • Hello all,

    In process of setting up Offsite Backup, I am thinking of doing to full backups twice in a month (lets say) to External hard drives and moving them to bank locker. How's the idea ?

    Following are the reasons I am thinking of above process :

    1. I want to make sure that offsite copy is not touchable in any case. If I chose to set it up on remote location and use VPN to connect over Internet and do offsite backups on schedule, still it may vulnerable to Ransomware kind of virus if something missed security thing or new vector of attack, right ? so don't want to take chance.

    2. Chosen external hard drive, because it's cheap and don't need much equipment, maintenance like Tape one, on the top of that offsite backup is not for longer duration, so it will be okay with external drives, right ? may use 3 external drives to rotate, so at least two versions of backup will in hand (may be older but at least :) )

    3. Now I want to discuss how to backup ? one thing is I need to full backup, which could be around 5TB.

    • Now need to chose the method, and I don't want to copy and paste the data, because, there will be some errors like long path name which could miss the files, so may be third party software or in-built Windows Backup software will be fine ?
    • Secondly, password or encryption for the backup, because it's going to out of office premises.
    1. Why this location : We don't have any offsite location or branch near reachable and may not able to choose Authorized person's home. So bank locker comes to my mind.

    Really appreciate your suggestions !!


  • Service Provider

    @openit said in Offsite Backup copy to Bank Locker suggestions.:

    1. I want to make sure that offsite copy is not touchable in any case. If I chose to set it up on remote location and use VPN to connect over Internet and do offsite backups on schedule, still it may vulnerable to Ransomware kind of virus if something missed security thing or new vector of attack, right ? so don't want to take chance.

    That's why you don't use a VPN. You use a "reach in" rather than a "reach out" approach and have the backup "taken" by the remote site, not pushed to it. You can effectively isolate the remote site from an on-premises breach. Is that as good as a tape in a vault, no. Is it close, yes.

    VPNs are nearly always a kludge and in today's threat environment, a risk. Not because the VPN itself is a risk, but because the reasons that we use them are risky - because we use them to establish network based trust which is the actual risk.

    Youtube Video


  • Service Provider

    @openit said in Offsite Backup copy to Bank Locker suggestions.:

    1. Chosen external hard drive, because it's cheap and don't need much equipment, maintenance like Tape one, on the top of that offsite backup is not for longer duration, so it will be okay with external drives, right ? may use 3 external drives to rotate, so at least two versions of backup will in hand (may be older but at least :) )

    That's an option. I prefer tape whenever possible, but tape can be a bit more expensive in small batches. But if you go with tape, you could leverage it for more than just this one piece of your backup.


  • Service Provider

    @openit said in Offsite Backup copy to Bank Locker suggestions.:

    1. Now I want to discuss how to backup ? one thing is I need to full backup, which could be around 5TB.
    • Now need to chose the method, and I don't want to copy and paste the data, because, there will be some errors like long path name which could miss the files, so may be third party software or in-built Windows Backup software will be fine ?

    I would almost never use Windows Backup today. Not that it is bad, but Veeam's Agent for Windows is free and the best in the business. So why not use that if you are using Windows?

    Really this would depend mostly on what tools you are already using for your normal backups.



  • @scottalanmiller said in Offsite Backup copy to Bank Locker suggestions.:

    @openit said in Offsite Backup copy to Bank Locker suggestions.:

    1. Chosen external hard drive, because it's cheap and don't need much equipment, maintenance like Tape one, on the top of that offsite backup is not for longer duration, so it will be okay with external drives, right ? may use 3 external drives to rotate, so at least two versions of backup will in hand (may be older but at least :) )

    That's an option. I prefer tape whenever possible, but tape can be a bit more expensive in small batches. But if you go with tape, you could leverage it for more than just this one piece of your backup.

    Thank you for your replies !!

    Could you please elaborate "you could leverage it for more than just this one piece of your backup" ?


  • Service Provider

    @openit said in Offsite Backup copy to Bank Locker suggestions.:

    @scottalanmiller said in Offsite Backup copy to Bank Locker suggestions.:

    @openit said in Offsite Backup copy to Bank Locker suggestions.:

    1. Chosen external hard drive, because it's cheap and don't need much equipment, maintenance like Tape one, on the top of that offsite backup is not for longer duration, so it will be okay with external drives, right ? may use 3 external drives to rotate, so at least two versions of backup will in hand (may be older but at least :) )

    That's an option. I prefer tape whenever possible, but tape can be a bit more expensive in small batches. But if you go with tape, you could leverage it for more than just this one piece of your backup.

    Thank you for your replies !!

    Could you please elaborate "you could leverage it for more than just this one piece of your backup" ?

    That was in reference to tape. I meant that you could be using tape for your daily backups onsite, in addition to your occasional offsite backups.



  • @scottalanmiller said in Offsite Backup copy to Bank Locker suggestions.:

    @openit said in Offsite Backup copy to Bank Locker suggestions.:

    1. Now I want to discuss how to backup ? one thing is I need to full backup, which could be around 5TB.
    • Now need to chose the method, and I don't want to copy and paste the data, because, there will be some errors like long path name which could miss the files, so may be third party software or in-built Windows Backup software will be fine ?

    I would almost never use Windows Backup today. Not that it is bad, but Veeam's Agent for Windows is free and the best in the business. So why not use that if you are using Windows?

    Really this would depend mostly on what tools you are already using for your normal backups.

    Yeah, for sure I will consider Veeam if require. Yes, Windows Server. And using EaseUS backup software.



  • @scottalanmiller said in Offsite Backup copy to Bank Locker suggestions.:

    @openit said in Offsite Backup copy to Bank Locker suggestions.:

    @scottalanmiller said in Offsite Backup copy to Bank Locker suggestions.:

    @openit said in Offsite Backup copy to Bank Locker suggestions.:

    1. Chosen external hard drive, because it's cheap and don't need much equipment, maintenance like Tape one, on the top of that offsite backup is not for longer duration, so it will be okay with external drives, right ? may use 3 external drives to rotate, so at least two versions of backup will in hand (may be older but at least :) )

    That's an option. I prefer tape whenever possible, but tape can be a bit more expensive in small batches. But if you go with tape, you could leverage it for more than just this one piece of your backup.

    Thank you for your replies !!

    Could you please elaborate "you could leverage it for more than just this one piece of your backup" ?

    That was in reference to tape. I meant that you could be using tape for your daily backups onsite, in addition to your occasional offsite backups.

    Ah okay, we are currently using NAS to store Onsite copy, still I will look if it's near to our budget with Tape option.


  • Service Provider

    @openit said in Offsite Backup copy to Bank Locker suggestions.:

    @scottalanmiller said in Offsite Backup copy to Bank Locker suggestions.:

    @openit said in Offsite Backup copy to Bank Locker suggestions.:

    @scottalanmiller said in Offsite Backup copy to Bank Locker suggestions.:

    @openit said in Offsite Backup copy to Bank Locker suggestions.:

    1. Chosen external hard drive, because it's cheap and don't need much equipment, maintenance like Tape one, on the top of that offsite backup is not for longer duration, so it will be okay with external drives, right ? may use 3 external drives to rotate, so at least two versions of backup will in hand (may be older but at least :) )

    That's an option. I prefer tape whenever possible, but tape can be a bit more expensive in small batches. But if you go with tape, you could leverage it for more than just this one piece of your backup.

    Thank you for your replies !!

    Could you please elaborate "you could leverage it for more than just this one piece of your backup" ?

    That was in reference to tape. I meant that you could be using tape for your daily backups onsite, in addition to your occasional offsite backups.

    Ah okay, we are currently using NAS to store Onsite copy, still I will look if it's near to our budget with Tape option.

    In the age of ransomware, tape is getting very popular again.



  • @openit said in Offsite Backup copy to Bank Locker suggestions.:

    Hello all,

    In process of setting up Offsite Backup, I am thinking of doing to full backups twice in a month (lets say) to External hard drives and moving them to bank locker. How's the idea ?

    Following are the reasons I am thinking of above process :

    1. I want to make sure that offsite copy is not touchable in any case. If I chose to set it up on remote location and use VPN to connect over Internet and do offsite backups on schedule, still it may vulnerable to Ransomware kind of virus if something missed security thing or new vector of attack, right ? so don't want to take chance.

    2. Chosen external hard drive, because it's cheap and don't need much equipment, maintenance like Tape one, on the top of that offsite backup is not for longer duration, so it will be okay with external drives, right ? may use 3 external drives to rotate, so at least two versions of backup will in hand (may be older but at least :) )

    3. Now I want to discuss how to backup ? one thing is I need to full backup, which could be around 5TB.

    • Now need to chose the method, and I don't want to copy and paste the data, because, there will be some errors like long path name which could miss the files, so may be third party software or in-built Windows Backup software will be fine ?
    • Secondly, password or encryption for the backup, because it's going to out of office premises.
    1. Why this location : We don't have any offsite location or branch near reachable and may not able to choose Authorized person's home. So bank locker comes to my mind.

    Really appreciate your suggestions !!

    My suggestion is a cloud, single-purpose instance that just "pull" the backup and throw it to S3/Glacier. You can apply a vault lock policy to the Glacier bucket so it's not deletable or changeable in any way, from your own super-admin account also
    I think it could be superior to redundant and vaulted tape copies, maybe just slower in case of disaster recovery.



  • @Francesco-Provino said in Offsite Backup copy to Bank Locker suggestions.:

    @openit said in Offsite Backup copy to Bank Locker suggestions.:

    Hello all,

    In process of setting up Offsite Backup, I am thinking of doing to full backups twice in a month (lets say) to External hard drives and moving them to bank locker. How's the idea ?

    Following are the reasons I am thinking of above process :

    1. I want to make sure that offsite copy is not touchable in any case. If I chose to set it up on remote location and use VPN to connect over Internet and do offsite backups on schedule, still it may vulnerable to Ransomware kind of virus if something missed security thing or new vector of attack, right ? so don't want to take chance.

    2. Chosen external hard drive, because it's cheap and don't need much equipment, maintenance like Tape one, on the top of that offsite backup is not for longer duration, so it will be okay with external drives, right ? may use 3 external drives to rotate, so at least two versions of backup will in hand (may be older but at least :) )

    3. Now I want to discuss how to backup ? one thing is I need to full backup, which could be around 5TB.

    • Now need to chose the method, and I don't want to copy and paste the data, because, there will be some errors like long path name which could miss the files, so may be third party software or in-built Windows Backup software will be fine ?
    • Secondly, password or encryption for the backup, because it's going to out of office premises.
    1. Why this location : We don't have any offsite location or branch near reachable and may not able to choose Authorized person's home. So bank locker comes to my mind.

    Really appreciate your suggestions !!

    My suggestion is a cloud, single-purpose instance that just "pull" the backup and throw it to S3/Glacier. You can apply a vault lock policy to the Glacier bucket so it's not deletable or changeable in any way, from your own super-admin account also
    I think it could be superior to redundant and vaulted tape copies, maybe just slower in case of disaster recovery.

    I am not sure about how this cloud can be safe guarded from Ransomware if network got infected from where Cloud pulls the data, maybe some versioning or vault as you said above, I just wonder if it's blocking deletion/changes how it's going to allow to make backup ?

    I have thought of Cloud, but the Bandwidth (Upload = 10Mbps) with around 5TB data makes me to leave this option.



  • @openit said in Offsite Backup copy to Bank Locker suggestions.:

    @Francesco-Provino said in Offsite Backup copy to Bank Locker suggestions.:

    @openit said in Offsite Backup copy to Bank Locker suggestions.:

    Hello all,

    In process of setting up Offsite Backup, I am thinking of doing to full backups twice in a month (lets say) to External hard drives and moving them to bank locker. How's the idea ?

    Following are the reasons I am thinking of above process :

    1. I want to make sure that offsite copy is not touchable in any case. If I chose to set it up on remote location and use VPN to connect over Internet and do offsite backups on schedule, still it may vulnerable to Ransomware kind of virus if something missed security thing or new vector of attack, right ? so don't want to take chance.

    2. Chosen external hard drive, because it's cheap and don't need much equipment, maintenance like Tape one, on the top of that offsite backup is not for longer duration, so it will be okay with external drives, right ? may use 3 external drives to rotate, so at least two versions of backup will in hand (may be older but at least :) )

    3. Now I want to discuss how to backup ? one thing is I need to full backup, which could be around 5TB.

    • Now need to chose the method, and I don't want to copy and paste the data, because, there will be some errors like long path name which could miss the files, so may be third party software or in-built Windows Backup software will be fine ?
    • Secondly, password or encryption for the backup, because it's going to out of office premises.
    1. Why this location : We don't have any offsite location or branch near reachable and may not able to choose Authorized person's home. So bank locker comes to my mind.

    Really appreciate your suggestions !!

    My suggestion is a cloud, single-purpose instance that just "pull" the backup and throw it to S3/Glacier. You can apply a vault lock policy to the Glacier bucket so it's not deletable or changeable in any way, from your own super-admin account also
    I think it could be superior to redundant and vaulted tape copies, maybe just slower in case of disaster recovery.

    I am not sure about how this cloud can be safe guarded from Ransomware if network got infected from where Cloud pulls the data, maybe some versioning or vault as you said above, I just wonder if it's blocking deletion/changes how it's going to allow to make backup ?

    I have thought of Cloud, but the Bandwidth (Upload = 10Mbps) with around 5TB data makes me to leave this option.

    The private network of an instance in, say, EC2 is very unlikely to be "infected" because only you can put machines on it and of course the backup instance would only grab the backup, maybe compress it and send to S3. You can really lockdown this VM so it can just use the 2-3 commands it needs to do this job, and only use a certain IP range, with certain users, SELINUX etc.

    The vault policies are "write once read many", so of course you can backup your data to the bucket and after the first writing you can't modify the data in ANY way.

    We have ~2Tb of data and I've no problem in backup everything to the cloud with a 4Mbps link!


  • Service Provider

    If his WAN is strong enough.


Log in to reply
 

Looks like your connection to MangoLassi was lost, please wait while we try to reconnect.