SPOILER ALERT!!! If you have not seen Rogue One: A Star Wars Story, and don’t want me to ruin the most crucial part of the climax, and you are craving a blog on archiving then go read this blog. You’ve already learned it has something to do with an archive. Stop now if you don’t want to know more!
In Rogue One we learned the reason the rebels in Episode IV (the first Star Wars movie that was released in 1977) had the plans for the Death Star is that Galen Erso, one of its designers, built a weakness into the Death Star. The weakness was in the plans that were stored in the archives on the planet Scarif, which were retrieved by a coordinated attack by a team of rebels. Two of them broke into the archive, physically breached its tape library and stole the appropriate tape. They plugged it into a broadcast system and transmitted it to the rebels after they destroyed the system designed to prevent them doing that.
Rogue employee activities can be in your archives
Maybe you have an employee building a secret backdoor into your Death Star (a.k.a. your data center), or maybe you have an employee harassing another employee. Consider anything that someone at your company can do that can get your company in trouble, and just accept that it could happen. If your company can be sued because of it or get in trouble from the government because of it, then the archives and backups of your IT systems is a source of information plaintiffs or the government can use against you. The point here is: if you don’t have a reason to store data for long periods of time, don’t do it. Because if your company has backups or archives from ten years ago (assuming you aren’t required to have them), discovery laws will require you to turn that data over – even if it costs your company a ton of money. Archives are used for electronic discovery. My colleague George Crump has a different viewpoint on this, see his blog “Don’t Delete Data from Your Archive”.
You use backups to restore your server, file, or database to the way it was yesterday. You use archives for a number of things, and one of them is electronic discovery. You see this in the scene when Director Krennic arrives on Scarif. He suspects that Galen Erso has been doing something wrong, so he asks for all records of any transmissions to or from from Erso. That’s a textbook example of an electronic discovery request. And if you’re using your backup system as an archive (which you shouldn’t be doing), you will find it hard pressed to satisfy such a request.
Your archive needs to be offsite, like maybe a remote planet
The Empire’s archive was stored way offsite, on another planet. Just like your backups, your archive should not be stored in the same place as the rest of your data. It should be stored somewhere else – the farther away the better.
There shouldn’t be only one copy of your archive
Sometimes a Death Star shows up unexpectedly and blows up your offsite storage location. So hopefully you have more than one copy of your archive and hopefully those copies are stored in multiple locations. It should be protected in the same way your regular data is protected. One way to ensure your archive is stored in multiple places is to use a cloud storage system that does that for you.
Your archive needs intrusion detection and prevention
It was really easy for rebels to impersonate an Imperial officer, stormtroopers, and whatever Jen Erso was supposed to be. Some guy saw Imperial uniforms and just let them in. No passcode, nothing. Looks like our guys, so go ahead and let them in. It was also a little too easy to let a bunch of rebels out so they could wreak havoc. There was apparently no electronic surveillance of the landing pads. If the bad guys get physical access to your archives, that’s not going to be a good day. So watch for it and protect against it. You need an intrusion detection and prevention (IDP) system. There are people that specialize in that sort of thing. Hire them to show you what your vulnerabilities are before they become a liability.
If you use an offsite vaulting company, try to break into it. In a previous job, we tried to breach our vault all the time. We were never successful, but that didn’t stop us from trying.
Your IDP system might not work, so tapes should be encrypted no matter how good your IDP system is, it’s possible to breach it. Protect yourself from that eventuality by making sure your tapes are worthless if someone steals them. Implement tape-level encryption that is supported in every modern tape drive.
Only store archives if you need to. If you do need to store data for many years, use an actual archive system, not your backup system. Encrypt it, create multiple copies and make sure they’re in multiple places. Then make sure you watch for intrusions and protect against them. Then, and only then, will you get to keep your Death Star.