The Crucial Differences Between Archiving and Backup and How to Use the Two Concepts Profitably
Archiving and backup - Two terms that do not immediately trigger great emotions. At the same time, however, these are also two topics which are indispensable in the modern world of work and which consciously and unconsciously cause IT managers headaches.
Data security, limited IT budgets, compliance, business continuity, technologi-cal change - these terms are already more strongly associated with emotions and clear effects on business success. Ultimately, all these areas are very closely interwoven with archiving and backup.
Backup and archiving are often still regarded as a "necessary evil", a time and cost intensive duty without direct impact on the success of a company. The advantages often only become apparent at second glance, for example in risk minimization, compliance, IT security, or the digitalization of business processes. But, before we start to look at the use cases, let‘s first examine the question: What exactly is the difference between archiving and backup?
In a nutshell: When it comes to archiving, everything revolves around the topic of trace-ability and the long-term storage of company data. Backup, on the other hand, aims at business continuity and thus at the short-term storage and recovery of data.
Backup describes making a regular copy (duplication) of important data and applications in order to be able to restore them in an emergency. Such an emergency can be a natural disaster, an unexpected loss of data, a hard disk failure, or a ransomware attack. Thanks to the duplication, the data is not (completely) lost, but can be restored. This is intended to ensure the continuation of the business activities - keyword Disaster Recovery. During the backup, a copy of the data at time x is created and regularly overwritten.
Archiving always considers a longer time horizon. It is about the tamper-proof, immutable, and long-term storage of important data. These are usually not copied, but are perma-nently moved to an archive storage. The data thus migrates from the primary memory to a (cheaper) secondary memory, but can be reproduced or read at any time. The WORM storage (Write Once Read Many) represents a special case of archiving with which the immutability of the archive data is guaranteed. This is required by law in many countries for tax-relevant business documents or certain data in regulated industries (e.g. healthcare, pharmaceuticals, energy supply).
The aim of archiving is to minimize risk by fulfilling certain requirements, whether legal regulations, industry-specific regulations, or company-internal compliance requirements. Defined retention periods regulate how long the archive data must or should be stored. Archiving ensures that important company data is also available in the future - for example, when audits are due.
The documents in an archive must be stored in their original state, while access and change attempts must be logged exactly. This ensures not only the confidentiality, immutability, and integrity of the data, but also that it can be restored to its original state. In today‘s IT world, archiving no longer has anything to do with dusty filing cabinets, but has seen an enormous development in recent years.
|
Archiving |
Backup |
|
Time Horizon |
Long-term data storage |
Short/mid-term data storage |
|
What happens to the data |
Data is permanently moved in its original state with its metadata |
Data is copied and overwritten regularly |
|
Objectives |
- Compliance with legal requirements and reten-tion periods
- Implementation of company-internal and industry-specific regulations
- Recovery of certain data (deleted from the original location)
- Read access without changing the archive data
- Ensure data integrity, tamper resistance, manipulation security
- Risk minimization
|
- Restoring a backed-up state
- Continuation of business in case of emergency (natural disaster, theft, ransomware attack, ...)
- Avoidance/prevention of data loss
- Disaster recovery
- Business continuity
|
|
Applications & Industries |
- Regulated industries (e.g. healthcare, finance, automotive, aviation, pharmaceuticals, public administration, ...)
- Product liability
- Archiving is generally required in certain areas (e.g. archiving of tax-relevant documents)
- In part strongly country-dependent
|
- Depending on the risk and the structure of the IT infrastructure
- Important for nearly all organizations
|
|
Requirements |
- GDPR
- SEC 17a-4
- SOX
- GoBD (comparable regulations in other coun-tries, e.g. GeBüV in Switzerland)
- Basel III
- HIPAA
- Product liability
- Compliance
- Internal specifications
- Audits
|
- Based on the company‘s own risk assessment
|
|
Storage Types |
Onsite Tape Library, Hybrid, Object, Cloud |
Onsite Tape Library, Hybrid, Object, Cloud |
|
Archiving and backup have become indispensable in today‘s IT world. Both concepts help companies to manage and secure their data. Organizations are well advised to consider the difference between the two concepts when defining their objectives and expectations, and to take the right action: Over what time horizon should data be secured? For what purpose? Based on what specifications or assumptions? What could the requirements look like in 10 or 30 years?