Barracuda - The Importance of Backing Up and Protecting Data

First, back up your identity and access management system. For example, if you use Microsoft Entra ID, imagine losing all the employee identities, rules, and policies you have set up in the cloud – not just for individuals, but functional groups, teams and more – defining the applications and resources they are each entitled to access once their identity is confirmed. 

Many organisations assume there’s a default backup of Entra ID data. However, this only retains data for a rolling 30 days. Some information, such as security groups, is not retained at all.

Entra ID data can be lost, corrupted, or encrypted, either by accident or maliciously, and if it is not properly backed up – and recoverable - your employees won’t be able to get to the applications and services they need to do their jobs. And you’ll have to start all over again to recreate the directory. The impact on the business will be significant. Rebuilding Entra ID content is costly and time-intensive and while they’re waiting for you to fix it, colleagues can’t do their work effectively.

Second, don’t restore blind. Data may sit in your backup systems for a while. You may have robust inbound security measures in place, but this longer term stored data could be harbouring malware that was not known to security systems when the content was first backed up. If you restore without first scanning for malware you could be inadvertently introducing the threat into your network. 

Third, test your backups. The worst time to discover that there is an error in your configuration, or that a setting is not right, is right after a ransomware event or when you really need to restore something and can’t. Even with easy-to-use systems, you and your staff need to be familiar with how your backup works and should be comfortable with restores – before the pressure is on.”