Understanding the role of backup
Security has two meanings. Throughout this book, we've focused almost exclusively on the definition that involves defending systems from malicious attacks. There's also a more generic definition that, in our context, just means keeping data and systems safe. For most installations, the most probable risks don't come from attackers. They come from accidents and system failures. The only meaningful defense you have against these risks are good and regular backups. As a side benefit, backups can also help you to recover from attacks that damage your data. Quite simply, backups are not something that any organization of any size can afford to be without.
Unfortunately, backups present a risk of their own. Numerous data breaches have occurred through theft of unencrypted backup tapes. No matter how well the live data is protected, it's meaningless if the backup data isn't equally well protected.
The first recommendation is to use encryption. Since backups aren't...