Enterprise data backup strategies strengthen data governance
Having backups, or extra copies of your data, is much simpler now than in prior decades. When you create a document, Excel spreadsheet, or even a PowerPoint, there’s often an option to see or recover previous versions. It’s a beautiful thing. This is also true with many applications that contain data; creating a backup copy is much easier.
But, when it comes to a broader enterprise strategy, do you know how that backup process works? Who handles it? Have you tested it? Is it a core component of your data governance?
The following paragraphs will expand on the definition and importance of enterprise data backups, its relationship to data governance, what can happen if you don’t have backups, and steps to follow to create and/or improve your enterprise data backup strategy.
What is an enterprise data backup strategy, and why is it necessary?
In our everyday lives, we create backup copies of important documents, like our driver’s license, birth certificate, and car registration. In the event of a disaster or mishap, these backups are incredibly handy. This same practicality applies to organizations and enterprise data. It’s simply good common sense for local governments to prioritize having backup copies of vital documents and data—just in case. And if you are working towards solid data governance, then backups will be an integral piece of that.
In professional life, backups are essential for a variety of reasons including:
- To ensure continuity of operations, after all, the show must go on.
- To comply with applicable laws, such as your state’s museum or historical regulations, public records law, federal law like the Health Insurance Portability and Accountability Act (HIPAA), as well as certain grants.
- To preserve valuable information, such as personal or work files, like videos and documents lost years ago by a colleague when his work computer had to be reimaged.
- To avoid recreating critical work, such as reports or major academic papers—like my son’s senior-year college paper that was lost when his laptop crashed (and only an older backup existed).
- To protect personal and organizational photos and media, including the thousands of cell phone photos many of us store without confirming they are backed up to the cloud.
- To provide documentation for audits and grants, including the detailed proof behind aggregated data submissions.
- To comply with insurance requirements, which may also result in lower premiums or discounts.
- To enable rapid recovery from cyberattacks and ransomware incidents, minimizing downtime and operational impact.
- To prepare for non-cyber disasters, such as fire, tornadoes, or water damage. I once conducted an IT assessment where file servers were protected from water pipes above using a “waterproof tarp!”
What happens if you don’t have an enterprise data backup strategy
Unfortunately, sometimes we learn the hard way. I remember, early in my career, I was creating a complicated spreadsheet to use data for forecasting purposes. After about 3 hours, I still had not saved it.
Guess what happened? We experienced a network interruption, and I lost all that work. Not only did I have to recreate what I had developed, I had to remember how I did it, as well. Lesson learned. These types of mishaps occur all the time with commercial businesses and organizations in the public sector. Even with the automation of backups, there are still lessons that local government is learning.
In recent incidents, ransomware and malware attacks have severely disrupted public sector operations.1 Events range from public defender offices losing access to decades of critical case files, to Nevada state services going offline after an employee accidentally downloaded malicious software.2 This led to government agencies facing months of downtime and huge recovery bills. In the public defenders’ case, malware encrypted entire networks and even corrupted backups, leaving legal teams scrambling to rebuild data from scratch.3
These events occur against a broader backdrop in which ransomware attacks on government organizations have been rising steadily. This costs U.S. agencies over $1 billion in downtime and often leaves systems unusable for nearly a month or more after an incident.4
Robust enterprise data backup strategies, such as offline and immutable copies, regular testing of recovery plans, and layered defenses would have lessened the pain. These practices help to reduce the negative impacts and prevent prolonged outages while preserving critical data and continuity of services.
“A well planned and well executed backup strategy is the #1 guaranteed cure for any ransomware encryption attack. Period.”
How to create or improve a reliable enterprise data backup strategy
Implementing a reliable backup strategy is a critical component of data governance. To get started, or to review what you have in place, here are the top 3 steps to consider:
- Who is responsible (officially): This depends on a few factors. For enterprise applications or applications you are asked to support, the backup strategy may still be the manual creation of offsite and tamper-proof backups. But this can also be augmented by the cloud provider’s backup processes.
- Where to locate: While it really doesn’t matter, there are several factors to consider, including:
- Offsite (a safe in the house is ok if it’s a fireproof safe) and disconnected from the internet (air-gapped)
- Encrypted backups that “lock” the data so that only authorized people can see or read what’s in the backup (and remember where you put the encryption key)
- Immutable backups that cannot be changed, deleted, or overwritten once created
- Backups of who has access to the backups
- Testing your backups on a regular basis
- What to backup: Using your data asset inventory, identify the most important things to start with. The bulleted items below can be used as a helpful checklist.
- Determine and document if there is an automated backup system in place for a particular data source. This can vary depending on whether it is a financial system, case management, tax collection, etc.
- Look beyond the network drives to cloud storage, collaboration sites, local computer drives, cell phones, etc.
- Don’t overlook the software as a service vendor who includes backups in their contracts. Verify their practices and see if you can also store “your” data away from their systems.
- Depending on the department where the data resides, decide who oversees the backup creation, maintenance, and testing. It most likely will not be the same role; one could be internal staff person, and one could be the application provider.
- Create a backup schedule or review process and ensure there is documentation by creating a backup test log or verification log.
- Test your backups today. The key here is that you can get to the data; not necessarily using the application that the data is housed in. You most likely can procure the application in the event of a disaster—unless it is a legacy system.
- Don’t forget about configuration settings in your backups.
Keep in mind that your email system is not your backup. If your organization has a retention schedule, those emails and associated documents could disappear forever.
Protect your public agency with an airtight enterprise data backup strategy
Once you’ve figured out who is responsible for your enterprise data backups, where they’re saving things, and what exactly is being backed up, your overall data governance will be more effective. Having the backup strategy in place will allow you to adjust and iterate, as needed.
Be sure to share summaries of your data backup strategy and process with key leadership on a regular basis. When, not if, an event occurs, they can be confident that backups are there to keep the organization’s data available.
Remember, while you can’t complete your entire enterprise backup strategy in 15 minutes, you can use that short amount of time to start. Don’t be intimidated, just pick one set of data or department to begin with.
To learn more about how CAI helps local government agencies with their data governance, fill out the form below.
Series: Data Governance for Local Governments
Select one of the thought leadership articles below to read more in our 4-part series about the crucial aspects of data governance for local governments.
Endnotes
- Ann-Marie. “Government agencies face up to $96m recovery bills as ransomware hits record high.” Tech Informed. March 19, 2025. https://techinformed.com/gov-agencies-face-96m-bill-after-cyberattack/. ↩
- Chris Teale. “Report blames Nevada hack on employee downloading malware.” Route Fifty. November 12, 2025. https://www.route-fifty.com/cybersecurity/2025/11/report-blames-nevada-hack-employee-downloading-malware/409460/. ↩
- Jimmy Jenkins. “Recent Hacks Expose Public Defenders’ Cyber Vulnerabilities.” Government Technology. October 30, 2025. https://www.govtech.com/security/recent-hacks-expose-public-defenders-cyber-vulnerabilities. ↩
- Paul Bischoff. “Ransomware attack son US government organizations cost over $1.09 billion.” Comparitech. March 18, 2025. https://www.comparitech.com/blog/information-security/government-ransomware-attacks/. ↩
