The Importance of Backing Up Data in a School Environment
With our documents, pictures, and emails always readily available, and in some instances, wherever we log in from – our phones, our work desktops, or home laptops – it’s easy to forget that just because something is stored in the cloud, doesn’t mean it doesn’t need backing up.
Introducing cloud-based services like Microsoft 365 not only eliminates the necessity for physical servers but also enhances various professional aspects, including scalability, collaboration, and data security; nonetheless, the need to safeguard critical data has become more crucial than ever. The recent surge in digital transformation, especially with cloud services, brings about its own set of risks, making data backup an essential component of any school’s digital strategy.
For instance, the rumour mill has been suggesting for some time that Microsoft 365 does not provide a basic backup for any 365 data. While this is somewhat untrue, because Microsoft does have some native retention and recovery capabilities – many of which you should be taking advantage of – Microsoft does not provide complete and robust backup and recovery services. As they say right in their documentation, data integrity and retention is your responsibility.
Wherever it is your data is primarily being stored, be it Microsoft or Google, it’s worth taking a look at any native data protection services and the potential gaps they can create in your retention policies and backup plans.
Opting for a backup solution can quickly recover lost data and maintain business continuity. Native data retention policies can be complex to understand and easy to implement incorrectly, leaving your data at risk of loss after the retention period expires.
Understanding the Risks:
One of the most common risks schools face is the potential loss of data due to accidental or intentional deletion by end users. While cloud providers typically have robust systems in place, data loss, though rare, is still a possibility. Additionally, any local data still being stored on physical hardware faces threats such as physical damage from incidents like flooding or fire, cyber-attacks, and human error through poor management practices.
Mitigating Risks with Backups:
To counter these risks, schools must implement a comprehensive backup strategy aligned with effective Business Continuity and Disaster Recovery (BCDR) plans. These plans ensure that data and services can be efficiently restored and maintained, even in the face of unforeseen challenges.
Compliance and Best Practices:
Backing up data is not a one-size-fits-all solution. Educational institutions must adhere to specific requirements and standards. For instance, any backup solution should automatically back up data regularly, following the retention periods recommended by the Information and Records Management Society.
Furthermore, the backup data, whether stored offsite or onsite, must meet the stringent security and encryption standards outlined by ISO 27001 and comply with data protection regulations like the DPA/GDPR. Secure transport protocols, such as TLS 1.3 or better, should be employed when transmitting data over the internet to prevent interception during transit.
Key Conditions for an Effective Backup Solution:
- Security Standards: All backup data, whether stored offsite or onsite, must adhere to ISO 27001 standards for security and encryption and comply with DPA/GDPR.
- Secure Transmission: When data is transmitted over the internet, secure transport protocols (e.g., TLS 1.3) must be used to prevent interception.
- Comprehensive Restoration: The backup solution should be capable of restoring all levels of data, from individual files to entire systems, in the event of complete failure or disaster.
- Regular Backups: Current user data should be automatically backed up regularly, with historical data archived at agreed-upon frequencies.
- User Permissions: Users should have the ability to restore recently deleted files without requiring technical staff assistance.
- Encryption for Off-Site Backup: The off-site backup should be encrypted and recoverable in case of on-site failure, disaster, or ransomware attacks, with appropriate encryption key management.
- Documentation and Compliance: Backups and associated documentation should clearly indicate the presence of personal data, aligning with DPA/GDPR best practices.
- Contribution to BCDR Plan: The supplier should actively contribute to the Buyer’s BCDR plan, ensuring compliance with ISO 22301 standards and retention as Call-Off Schedule 10 (Business Continuity and Disaster Recovery).
In conclusion, a robust data backup strategy is not just a precaution but a necessity for schools. It ensures the integrity, availability, and security of critical data, providing a safety net against the unexpected and allowing educational institutions to focus on what truly matters—providing quality education.
Learn more about cloud solutions and data backup from the DfE and what standards are now expected of schools and colleges.