10 guidelines to secure your data backup backup
Definition

off-site backup

What is off-site backup?

Off-site backup is a method of backing up data to a remote server or to media that's transported off site. The two most common forms of off-site backup are cloud backup and tape backup. During cloud backup, also referred to as online backup, a copy of the data is sent over a network to an off-site server. A third-party cloud service provider typically hosts that server, but an enterprise can also own it.

How does off-site backup work?

The main goal of off-site data backup is to ensure data recovery and redundancy, similar to local on-site device or server backups, but on a larger scale.

There are a variety of methods for creating off-site backups, each with its pros and cons.

  • Cloud backup. This method involves backing up data directly to a public cloud, such as Amazon Web Services (AWS), Google Cloud or Microsoft Azure. This method is easy to implement and tends to be more cost-effective than more elaborate backup architectures, but it doesn't enable the creation of a local backup copy. To start the cloud backup process, an organization can either send its data over a network or use cloud seeding -- the process of pre-loading data into a cloud storage environment -- to send a disk drive or tape drive with data to a cloud service provider. The organization then schedules and runs regular backups, typically through a web browser.
  • Private cloud backup. A similar method involves backing up data to a service provider's private cloud with online backup services in a managed data center. The advantage of using this method is that the service provider is typically a backup vendor that specializes in data recovery. The vendor usually has a dedicated backup facility that has been specifically designed to meet its customers' backup needs.
  • Cloud-to-cloud backup. Cloud-to-cloud backup uses one cloud to back up data that's stored in another cloud. The advantage of using this method is that because backups reside in a different location from the primary copy of the data, they're insulated against cloud-level data loss events or data security issues.
  • Tape backup. This method involves simply transporting physical media off site. Tape is the most common option, but disk drives can be used as well. During the tape backup process, data is copied from primary storage to a tape cartridge. For off-site data protection, an organization transports the tape cartridges to another location.
  • Disk backup. Disk is a preferred medium for backup because of its faster speed and access compared with tape. But tapes are used more often for long-term archiving or disaster recovery (DR). Although disk is an option for off-site backup, it's much less durable than tape and prone to damage in the transport process.

The historical 3-2-1 rule of backup states that an organization should have three copies of data on two different media, with one copy of the media placed off site. Off-site backup is important in the event of a disaster, malware, ransomware attack or other incident at the main data center. When such an incident occurs, an organization can recover by retrieving the backed-up data from the cloud or tape cartridges. Although local storage offers quicker access, off-site backup serves as a critical safety net.

Seven steps to an effective backup strategy.
These seven critical backup strategy best practices can help an organization keep its data safe.

The cloud is a prime target for small and medium-sized businesses (SMBs) to back up data in an easier, more cost-effective way. An SMB might also use an external hard disk drive (HDD) for its off-site backup. Although it's easier to back up data to an HDD, it's not as portable or durable as tape. Tape is usually more of a target for enterprises and industries such as media, entertainment and life sciences, which must store large amounts of data. In addition, an SMB usually has fewer resources than an enterprise to move tapes off site.

Keys to implementing off-site backup

Off-site backup deployment ensures business continuity, data security and uninterrupted operations in the event of outages and natural disasters.

Organizations should keep the following critical backup strategy steps in mind when implementing off-site backup:

  • Have a cost projection. In implementing off-site backup, an organization must be aware of the cost. Cloud-based backup costs -- which typically involve capacity, frequency, bandwidth and the number of users -- can escalate quickly. But tape backup costs can increase over time as well due to the price of additional media and off-site storage.
  • Create a retention plan. A retention plan to delete backup data that's no longer needed should also be implemented. For example, pricing for Amazon Glacier Instant Retrieval, one of the least expensive cloud-based options and a common archiving platform, starts at $0.004 per gigabyte (GB), per month. Although that might sound inexpensive, it costs nearly $5,000 per year to store 100 terabytes (TB) of data off site. Other costs associated with cloud backup, including data retrieval from the cloud, can also be high.
  • Assess the data transfer costs. The cost to transfer data out of storage archives such as Glacier varies by region, data volume and where the data is being transferred. It generally costs less, for example, to transfer data to an Amazon cloud service than to the internet. Regardless, the data transfer costs can be substantial. As part of its free usage tier, Amazon allows 10 GB per month of free data transfers from Glacier to the internet. After that, the cost is $0.09 per GB for up to 10 TB of data; additional data transfers are billed at a reduced rate. But this means it would cost more than $900 to transfer 10 TB of data from Glacier storage to the internet.
  • Take security into account. For a cloud off-site backup, data moving across the public internet to a cloud provider's server should be encrypted at the original location, in transit and at rest on the provider's server. Users must then verify that the data is the same as it was previously, isn't corrupted and is available for DR.
  • Ensure physical tape security. Tape security is mainly referred to in terms of the physical. To limit the chance of tapes being stolen, an organization should ship tapes off site as soon as writing to them is complete and ensure the off-site storage location is secure. A service-level agreement (SLA) states who has access to the tapes and how long the recovery time should take. As with the cloud, encryption is important with tape backups. Many LTO-9 -- Linear Tape-Open 9, the standard released in 2021 -- offerings include capabilities such as write once, read many functionality and hardware-based encryption that supports multilayer security.
  • Ensure consistent maintenance. Unlike with the cloud, drive maintenance is a challenge with tapes. An organization using tape for off-site backup must ensure the equipment undergoes proper, consistent maintenance or risk performance issues.
  • Consider a disk-to-disk-to-tape backup. One common approach to off-site backup is disk-to-disk-to-tape, which writes a backup to disk, copies it to tape and then ships the backup off site. This process ensures a local backup with a quick restore time in the disk, plus a less expensive off-site backup copy on tape.
  • Evaluate distance. The distance from the primary data center to the off-site backup data center can vary by region. If an organization is in an area where hurricanes often hit, for example, the off-site storage -- on tape or in the cloud -- should reside outside the hurricane zone. If an organization isn't in an area where natural disasters often occur, the off-site backup location can be closer -- but still far enough away that any incident at the primary location won't affect the secondary site.

It's worth noting that the charges mentioned above aren't unique to Amazon. Although the rates vary from one cloud provider to the next, most cloud providers charge similar prices.

The importance of off-site backup

On-site backup won't work for recovery in all scenarios. For example, a natural disaster that destroys a primary data center would likely also destroy the on-site backup. Similarly, a ransomware attack that spreads across a network might render local backups useless. Ransomware threat actors are increasingly targeting backups to force their victims to pay a ransom. In those cases, off-site backup becomes critical to an organization's recovery. However, in the case of a ransomware infection, the business must verify that the backups are clean.

Backup software vendors are also increasingly integrating immutable backup capabilities into their software as a way of protecting against ransomware. This immutability ensures a ransomware attack won't be able to encrypt the data stored within the on-site backup. Off-site tape backups are the most secure retrieval option following a ransomware attack because they are offline and therefore aren't infected. Some organizations also write backup copies to an external drive rather than using tape; external drives can be detached and stored similarly to tape.

There are also differences in the durability of the various backup mediums. Tape is more durable than disk and generally lasts longer than disk-based backups as long as the tape is properly stored. The cloud can last the longest of the three, as long as the service provider remains in business and doesn't suffer an outage during the recovery time.

Common features of off-site backup

There are many cloud backup providers in the market. Feature sets vary, so it's important to carefully analyze products, set up a comprehensive SLA and understand the cost structure.

Features that are commonly offered include the following:

  • Hybrid cloud backup, which includes cloud-based backup and local backup.
  • Disaster recovery as a service, which enables an organization to fail over into the cloud.
  • Data lifecycle management, which can help to reduce backup storage costs by automatically expiring outdated backups.
  • File sync and share.
  • Cybersecurity measures, which can help counter a potential data breach and enhance the security of online backup copies.
  • Data auditing, cleanup and preparatory backup services, which streamline the migration of company data to an off-site platform.
  • Replication of backup copies to other regions or other clouds.
  • Snapshots.

Advantages and disadvantages of off-site backup

Both on-site and off-site backup provide peace of mind in terms of data security, but neither option is perfect. The following are some pros and cons of on-site and off-site backup:

  • Off-site backups keep data securely out of harm's way, but restoring data across the internet can be a prohibitively slow process.
  • On-site backups are fast and convenient and provide quicker recovery times than off-site backups. For example, if an employee deletes important files, an organization can get them back in moments from a local disk backup. In addition to being on site, disk also offers random access for quicker recovery. However, if the primary data center is destroyed by a disaster such as a fire or flood, on-site backups are destroyed as well.
  • While off-site cloud backups can be affordable in the long run, vendor lock-in can be an issue, making it difficult for organizations to switch to a less expensive vendor option.
  • Most off-site backup options provide instant scalability, and storage can be increased as needed. However, end users have limited control over the physical infrastructure, which requires them to rely on off-site backup providers for various aspects.
  • Off-site backups provide remote backup access, which is ideal for remote workers, as data can be accessed from any location. However, relying on the internet for accessing, uploading and retrieving data can pose some issues, especially in areas where there's poor internet connectivity.
  • Retrieving data from cloud backups or getting tapes back from an off-site location usually takes a long time, and cloud recovery times can vary, depending on the organization's available internet bandwidth. In addition, if numerous organizations are trying to get data from the cloud during a regional disaster and bandwidth is limited, the process slows down dramatically.

What is hybrid backup?

A hybrid backup approach seeks to capitalize on the advantages of both options while maximizing data security and reducing risks. It works by creating an on-site backup and then replicating the backup to one or more off-site locations.

One of the most common ways of creating a hybrid backup is to use a disk-to-disk-to-cloud architecture. In this approach, backup data is written to an on-premises backup appliance. This appliance not only stores the backup data, but also acts as a cloud storage gateway and handles the task of replicating backup data to the cloud.

Off-site backup providers

There are numerous vendors that act as off-site backup providers. These backup storage services generally fall into one of three categories:

Hyperscalers

These are the large, general-purpose, public cloud providers such as AWS, Google Cloud and Microsoft Azure. They provide cloud-based backup storage, but offer many other services as well.

Traditional backup vendors

These vendors create their own private cloud environments that are solely dedicated to the task of accommodating backup data. Examples of traditional backup vendors include Dell EMC, Commvault, Veeam and Veritas.

Removable media

The third category of off-site backup providers includes those that are dedicated to securely storing removable media, such as backup tapes. These providers transport the media to and from a secure backup facility and ensure the tapes are stored under the proper conditions, while also guaranteeing data security. Besides the hyperscale providers mentioned above, the following are examples of off-site backup vendors and services:

  • Acronis Cyber Protect Home Office. This online backup service includes built-in antivirus and ransomware protection. Users can back up and recover files or entire systems from a preexisting backup archive that's generated through the Acronis software.
  • Backblaze. This backup service offers unlimited storage and versioning control. It archives deleted files and older versions for up to one year.
  • Carbonite Safe. This service is available for both Windows and Mac users. Carbonite can back up single PCs and is priced based on the number of PCs being backed up.
  • CrashPlan. CrashPlan exclusively caters to small businesses, providing various security and backup scheduling options as well as unlimited storage.
  • IDrive. This online backup service is available to Windows, Mac, Linux, iOS and Android users. When backing up data from multiple computers, IDrive lets users generate distinct folders for each device to prevent data overlap.
  • Livedrive. Livedrive features unlimited storage and applications compatible with both desktop and mobile platforms. Based in the U.K., Livedrive is compliant with European Union privacy laws.
  • SpiderOak. SpiderOak provides cloud-based backup for an unlimited number of devices while prioritizing security. It also offers sharing and syncing features, which let users share and sync files with other people and devices.

While the cloud backup market is flourishing, traditional backup providers still present valuable options for businesses. Evaluate the pros and cons of each backup approach to determine the best fit for your needs.

This was last updated in August 2023

Continue Reading About off-site backup

Dig Deeper on Data backup and recovery software

Disaster Recovery
Storage
ITChannel
Close