Get started Bring yourself up to speed with our introductory content.

Crafting a secure data backup strategy on a private cloud

Planning a data backup strategy on a private cloud requires certain factors to assure security. Expert Dejan Lukan gives some advice on what to take into consideration.

In this day and age it is vital for companies to have a proper, secure backup product or service in place to ensure...

data restoration in the case of hard drive failure, power outage, lightning strike or any other unforeseen circumstances. Backing up data is not something to be taken lightly, and a repercussion of data loss could be significant financial loss. Frequently, companies are unaware that they don't have a backup strategy in place, or that their backup product is not working properly. More often than not, this is because companies aren't devoting the necessary resources to create a proper backup strategy. Even if they do, they expect the backup product to work indefinitely. Unfortunately most things have an expiration date; the backup strategy is not any different. This is why it's so important for companies to check whether their backup products are actually working the way they expect by restoring data at least twice a year. Enterprises do not want to find out the hard way that data hasn't been properly backed up.

In this tip, we'll look at the best options for data backup and what to keep in mind when preparing a private cloud data backup strategy.

Getting started

The first step to implementing a backup strategy is determining which data needs to be backed up. A proper imaging tool that backs up both the operating system (OS) and data is recommended. Virtual machines (VMs) can also be backed up to enable easy distribution while still containing the OS and the data. This strategy is great when there is enough disk space available; otherwise it's better to back up only the data. To store only data, install a backup agent inside the OS to take care of data backup -- usually companies back up certain files, certain directories, databases, documents, pictures, etc. It's also a good idea to create a separate virtual LAN to send the backup data over, creating another security layer.

Companion article

See Infosec Institute's accompanying article on Secure Backup Concepts in a Private Cloud.

Backup practices

There are some basic practices to consider when implementing a backup strategy in a private cloud on an internal network, including:

Data: Installing an agent into an OS can be used to back up certain files and directories of special importance. It doesn't matter whether a physical server or a VM is used since the backup agent can be installed in the OS and used by the backup manager.

VM: A backup VM image can be used to restore a VM at any time. A stored VM contains the operating system and important data, so this option should be used only if there is sufficient available disk space and minimal necessary downtime.

Encrypting data when backing it up is a must-have feature for any backup strategy.

Configuration files: Backing up the configuration files is often necessary to minimize the downtime during a system restoration. It's imperative to keep a backup copy of configuration files to avoid reconfiguring some services, which can be time-consuming and labor-intensive to install and configure.

Hypervisor backup: In a virtualized environment, a hypervisor like ESX is used. It's imperative to back up the configuration of the hypervisor. This can be done manually since the configuration doesn't change frequently -- a specific command or program can be run after major upgrades. To restore the system, the hypervisor can be reinstalled and then the configuration files can be applied to it.

Allow file-level restore: This feature allows only certain files from a snapshot or image to be restored without needing a restoration of a whole image. It can be useful when backing up an entire VM where there is a need for only certain files from the image. Without this feature, the whole VM would have to be restored and started up to get the required files. Therefore, the feature saves a lot of time when a quick restoration is needed.

Status messages: A backup strategy should support different notification services to inform users on the status of a backup job, especially when it has failed for any reason. Usually these messages are sent via email using an internal SMTP server to an administrator email account.

Iterative backup schedule: An iterative backup should be done every x hours/days/weeks at a specific time, normally at night. The amount of time between backups depends on which data is being backed up. Smaller companies might be fine if they lose emails within the last 12 hours, but that's unacceptable in large organizations. Therefore, a backup job that runs every 12 hours in a small company is sufficient, but in large companies it should run every 30 minutes.

Full backup schedule: While an iterative backup will copy only changed files, the full backup copies all files currently on the system. It's a good idea to run a full backup monthly to keep everything updated and to avoid data loss.

Data retention period: The data retention period is the amount of time data is available in the backup copy after it has been deleted from the client. The retention period depends upon the data, the rate of data changes, the importance of data, etc. -- it could be days, weeks, months or even years. The data retention period also differs between companies, depending on the company's needs.

Encryption: Encrypting data when backing it up is among the must-have features for any backup strategy. Data encryption offers additional security, because only the client backing up the data can restore the data to its original form. When encrypting the data, remember the password, because it is required for restoration and the data is inaccessible without it.

Restoration/recovery: A backup strategy must support a restoration procedure, which depends on the backup method used. Files can be restored individually directly to the client or by first restoring the VM and then copying the files from the VM to the destination.


There are various aspects to consider when implementing a backup strategy. Having an effective backup strategy in place decides whether data restoration is possible in case of hard drive failure or any other kind of disaster. Losing an important piece of data can lead to a business going bankrupt or suffering immense financial loss.

Implementing a secure backup strategy in a private cloud takes time, money and resources, and most importantly needs to be available before data loss. Backups are often regarded as something that should have already been done, but the reality is often very different. Data backups need careful planning and execution, and should not be taken lightly.

About the author:
Dejan Lukan has an extensive knowledge of Linux/BSD system maintenance, as well as security-related concepts including system administration, network administration, security auditing, penetration testing, reverse engineering, malware analysis, fuzzing, debugging and antivirus evasion. He is also fluent in more than a dozen programming languages, and constantly writes security-related articles for
his own website.

Next Steps

Learn some best practices for planning a future data backup strategy

Dig Deeper on Hybrid and Private Cloud Computing Security

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

Seems like it would also be useful to talk about *where* this data should be backed up. Backing it up to the same private cloud isn't going to help if the hardware or software supporting the private cloud goes south. And you don't want the backup in the same building, or even the same geographic region, in case of some sort of regional disaster, such as Hurricane Sandy. So what are the alternatives?