Backup Strategies and Best Practices (Part 2) (Domain 3)
In the previous episode, we covered some of the most essential components of a resilient backup strategy, including the differences between onsite and offsite backups and how to choose the right backup frequency. In this episode, we continue our exploration of backup strategies by focusing on two additional but equally critical topics—backup encryption and snapshot backups. Both are frequently tested on the Security Plus exam, and both are practical tools for protecting data and improving recovery speed in real-world environments.
Let us begin with backup encryption. Encryption is the process of converting readable data into an unreadable format to prevent unauthorized access. When it comes to backups, encryption is especially important because backup data often contains the same sensitive information as live systems. If a backup is lost, stolen, or accessed by unauthorized individuals, the data it contains can be just as damaging as a direct breach of the primary system.
Imagine a scenario where an employee stores a backup on an unencrypted external drive and then leaves it in an airport lounge. If that drive falls into the wrong hands, it could expose customer records, financial documents, or intellectual property. Encrypting the backup would prevent unauthorized users from reading the data—even if they physically possess the device. This added layer of security is not optional. In many industries, encryption is required by regulation, especially when dealing with financial records, personal health information, or government data.
There are two primary times when backup data can be encrypted—during transmission and at rest. Encrypting during transmission ensures that data being copied to a backup location, such as a cloud service, cannot be intercepted and read while in transit. Encrypting at rest protects the data while it is stored on hard drives, tapes, or cloud servers. Ideally, both should be implemented. Modern backup solutions often include built-in encryption tools that make it easy to apply encryption policies without requiring separate software.
There are a few practical considerations to keep in mind. First, you need to securely manage the encryption keys. If the keys are lost or misconfigured, the backup becomes unreadable—even to authorized users. This has happened more than once in real-world cases, where well-meaning administrators encrypted critical data but failed to back up or properly secure the encryption keys. The result was unrecoverable data. Second, encryption can introduce a slight performance hit during the backup or restore process, so organizations must balance security with speed. However, the security benefits far outweigh the cost, especially when you consider the consequences of an unencrypted backup breach.
Let us look at an example. A mid-sized healthcare provider backs up its patient record system every night to both a local disk and a cloud repository. All backups are encrypted using a strong algorithm with a secure key management process. When the provider experiences a ransomware attack, their primary system is locked, but they are able to restore data from the encrypted backup. Because the ransomware did not spread to the cloud environment and the backup was properly secured, recovery was fast and data integrity was preserved. Encryption did not just protect the data—it preserved the organization’s reputation and compliance standing.
Now let us turn to snapshot backups. A snapshot is a point-in-time image of a system or volume that captures its exact state at a given moment. Snapshots are not full backups in the traditional sense. Instead, they record the metadata and block-level differences needed to recreate a system at that specific point. Snapshots are typically used for rapid recovery in case of a recent change, corruption, or failure.
One major advantage of snapshots is speed. Creating a snapshot can take just seconds, and restoring from a snapshot can be nearly instantaneous. This makes snapshots an ideal tool for protecting against short-term threats, such as failed software updates or accidental file deletion. Many organizations schedule automatic snapshots before applying patches or deploying new software, so that they can quickly roll back if something goes wrong.
Another benefit is storage efficiency. Because snapshots only record the changes made since the last snapshot, they consume much less space than full backups. This makes them ideal for environments where storage is limited or where frequent changes occur. For example, a development server might be configured to take hourly snapshots while engineers are working, giving them the ability to restore any lost or broken configuration without impacting the broader system.
However, snapshots are not a complete backup solution. They typically reside on the same system or volume as the primary data, which means they are vulnerable to the same threats—such as ransomware, disk failure, or natural disasters. If the storage array is compromised, snapshots alone will not provide full recovery. That is why snapshots should always be used in combination with regular backups, particularly offsite backups.
Let us consider a few real-world examples. An IT services company maintains a virtualized environment where each virtual machine is configured to take snapshots every two hours. One morning, a faulty script wipes out key configuration files on a virtual server. Rather than rebuilding the machine from scratch, the team restores the last snapshot from earlier that morning. The server is back up and running within minutes. Without the snapshot, recovery could have taken hours.
In another case, a web development firm uses snapshots as part of their continuous integration pipeline. Every time a major code update is deployed to a test server, a snapshot is taken. If the update introduces bugs or performance issues, the team can revert to the exact state before deployment. This streamlines the testing process and protects against unintended consequences. However, their disaster recovery plan also includes full daily backups stored in a remote data center—because they understand that snapshots alone cannot protect against hardware failure or data center-wide threats.
From a Security Plus exam standpoint, you should be ready to identify when and why to use encryption for backups, and what role snapshots play in a layered data protection strategy. If a question asks how to secure backup data against unauthorized access or theft, encryption is the correct answer. If the question describes a need for fast rollback or rapid recovery after a small failure, then snapshots are likely the focus. Remember, encryption protects confidentiality and compliance, while snapshots improve speed and agility.
Here is a tip to help you on the exam: If a scenario mentions compliance regulations, patient records, or cloud backups, think about backup encryption. If the scenario involves restoring a server to a previous configuration after a failed update, snapshots are the answer. If the question asks for a complete backup solution, snapshots alone are not sufficient—they should be combined with traditional backups.
