10 things business leaders need to know about data backups

/ Security
November 21st, 2012

10 things you need to know about data backups

I was recently asked by a journalist to give some pointers on backing up data for business leaders and IT professionals in small and mid-market companies. It’s obviously a huge area with a different slant dependent on the reader and the environment. I jotted down 10 key areas that need focus when considering backup systems for businesses of virtually any size.

1. Design your lifecycle operations calendar

To be effective, a backup operation requires a calendar of tasks that need to be completed every day. There are also weekly, monthly, quarterly and annual tasks that are just as critical, and also strategic. The full lifecycle should be mapped out as a documented policy and performed on schedule.

2. Review backup logs daily

You can’t just shut your eyes and assume that your backups will work without any intervention. You should be analysing your backup reports daily, either manually or via a monitoring and alerting system. It’s also important to ensure that you address any backup issues daily, as what may seem a small issue can soon escalate into a disaster scenario.

3. Ensure you verify backups

Most backup systems will verify a backup after it completes, but this isn’t a guarantee of recovery. You should schedule and undertake restore tests on a regular basis to ensure you can recover files and complete systems if the need arises.

4. Have a DR plan

It’s one thing having backups that are completing successfully every night, but you need to understand that running backups doesn’t constitute a disaster recovery plan. Any business of any size needs to identify and assess business risks. They also need to document and communicate what they will do if any sort of disaster occurs in their environment. It’s also important to think beyond IT when writing a disaster recovery or business continuity plan. What happens if a key supplier can’t get critical components to your manufacturing plant? What happens if key personnel come down with a long-term illness? Assess all risks, accept those risks, or put in suitable controls to mitigate them.

5. Test your recovery speed

You need to ensure that you know how long it will take to restore key systems, as well as your total environment. How long can your business function without access to a certain system or data? Is this balanced against the time it will take you to get a system back online?

6. It’s not just backup

Backup is just one component of a data protection strategy; others include replication, snapshots and high-availability solutions. Generally backup is the last resort option for data recovery, typically due to the amount of time it can take to get operations up and running again from a backup. The best solution is to use something like Disaster Recovery as a Service (DRaaS) or a similar high-availability solution for business continuity to protect yourself in a disaster scenario, i.e. perhaps replicate your key systems to a second office or into the cloud. This would potentially allow you to get operational within seconds or minutes, rather than days.

7. Encrypt backups

If you send your backups offsite in any way, then you should ensure that you encrypt them. If you don’t, a third-party could recover all of your systems and data with relative ease if they were to come across your backup media or access an online system.

8. Ensure your system is scalable

Generally, most of the main vendors will allow you to scale and move between different setups and technology. You may also need to consider what the scaling costs will be: don’t forget that data growth is fast and backup storage technologies and media types can be expensive. Make sure you understand what your ongoing costs are going to be. You may need to spend money now to save money in the mid to long term.

9. Know where your data is

You need to consider where all of your data is. If your staff store data on their laptops and other mobile devices, how will you back up that data? Is it secure and controlled? Can you get it back within an acceptable time frame?

10. Consider where you store data backups

You will typically store data backups on tape, disk, or a remote location (typically cloud-based). It’s all very well storing all of your data in the cloud or at a remote site, but how long is it going to take you to get all of that backup data back to the site when the time comes to restore it? Typically a hybrid model works well, i.e. locally duplicates a certain amount of recent backup data to allow for fast restoration if required.

Additional considerations

Beyond these points, I’d always say that it’s important to understand the costs to your business if you lose data or system access for a prolonged period. Could you lose a day’s worth of data? Could you lose a week’s worth? What if you couldn’t get access to a system or systems for an hour, a day or a week? If you can calculate the costs of different loss scenarios then you’ll be able to balance risk against a budget.

Click here to download your 3 essential templates for managing risk