Copy does not mean save

The evolution of devices generates new practices, that go until the redefinition of data backup. What is the difference between copy and save? How to reconcile continuity and data security? So many stakes concerning the application of insurance contracts guarantees.

The Larousse dictionary defines data saving as the “Procedure that consists in protecting information contained in an IT system, by copying it on a disk or on a magnetic strip”. If this definition has the virtue of existing, it is hard to find a source that gets everyone to agree on what must be a backup from a technical point of view.

Historically, there was nothing complicated: it consisted in copying data on an external device (zip disk, Digital Auto Tape…) that was physically carried outside a company or stored in a fireproof safe.

Since the apparition of new devices as Cloud computing and NAS[1] (Network Attached Storage), practices in this field have developed. Let’s analyze the case of NAS, hard disks which are visible on one network by its users, today very popular in terms of backup systems. For a company, copying data on a NAS, means to have a backup in case a server crashes.

This resource is ineffective in case of attack by a ransomware, a virus that scans the entire network of a company and encrypts all the files it meets. The files stored on a NAS can be reached by a ransomware and will be encrypted as well. It is legitimate to ask oneself if this solution is a backup or a simple data copy, because it does not offer the needed security of inalterability according to the type of loss.

Insurance contracts, on their side, usually have an exclusion clause in case of lack of data saving. However, they do not tackle technical ways of implementation of this backup.

What is more, some contracts are more flexible than others and consider that an “acceptable” backup is a complete data set of less than a given number of days. Even if this flexibility can appear as acceptable in certain cases, it could be questioned basing on the activity of the insured. The loss of two days data does not have the same consequences for a logistics specialist or a chartered accountant.

To summarize, we are experiencing the advent of new risks (cybercrime), coupled with the evolution of backup technologies. It is then necessary to think about the definition of backup, keeping in mind the concepts of continuity and inalterability.

 

Olivier GEVAUDAN expert NTIC – Group GM Consultant