A backup system with versioning allows the reconstruction of a given file or set of files at a particular point in time.

Say you have a file important_stuff.docx

and this file gets corrupted – by you, by accident or by ransomware

Without a versioning system, the backup will be corrupted along with the original. Obviously with many and large files, the problem is that storing multiple copies of the file starts to use up a lot of disk space.

Efficient backup systems will store either the original (O) and the changes so that the 3rd version can be created from O+1+2+3 or will store the most recent (C) and the reverse changes so that the third version of 4 can be created from C -1 .

Most ransomware will attempt to modify the file in place and then rename it. Backup software without versioning works most of the time (assuming the location is safe) by keeping the original and the corrupted version. However, some versions of ransomware do not rename the file and without versioning, the backups will also be corrupted.

The DR plan

Disaster recovery (DR) is a concept different to backup. Backup is obviously part of the DR plan but is not the only component.

Disasters can have many causes and can affect many services. The first step is to identify all of the key services. These will include for example

  • Domain controllers (usernames, passwords, computer names, DNS, DHCP etc etc)
  • Medical software servers
  • Imaging servers
  • Shared resources
  • Scanned documents
  • Router and switch configurations
  • Dictation audio files
  • Business emails
  • Business financial records

Some enumeration of the potential disasters

  • Hard Drive Failure
  • File corruption
  • Ransomware attack
  • Individual computer failure eg Power supply, motherboard, network card
  • Multiple computer failure eg fire, water damage (sprinklers), theft

Then some thought is required about the RTO and RPO time points.

Recovery point objective (RPO) is the point to which the system can be recovered. If the last backup was 10 days ago, then this is the RPO

Recovery time objective (RTO) is the time taken to restore the system from the disaster. If it takes 4 days to get a new server installed and configured then the RTO is 4 days. The time to diagnose the problem needs to be added to the RTO

The RTO increases in cost very quickly with reducing time. The RPO has an increasing system performance cost but not as much of a dollar cost with reducing time. Backups can be done 5 minutely but will slow the system appreciably.