10 things business leaders need to know about data backups
November 21st, 2012
I was recently asked by a journalist to give some pointers on backing up data for business leaders and IT professionals in small and mid-market companies. It’s obviously a huge area with a different slant dependent on the reader and the environment. I jotted down 10 key areas that need focus when considering backup systems for businesses of virtually any size.
1. Design your lifecycle operations calendar
To be effective, a backup operation requires a calendar of tasks that need to be completed every day. There are also weekly, monthly, quarterly and annual tasks that are just as critical, and also strategic. The full lifecycle should be mapped out as a documented policy and performed on schedule.
2. Review backup logs daily
You can’t just shut your eyes and assume that your backups will work without any intervention. You should be analysing your backup reports daily, either manually or via a monitoring and alerting system. It’s also important to ensure that you address any backup issues daily, as what may seem a small issue can soon escalate into a disaster scenario.
3. Ensure you verify backups
Most backup systems will verify a backup after it completes, but this isn’t a guarantee of recovery. You should schedule and undertake restore tests on a regular basis to ensure you can recover files and complete systems if the need arises.
4. Have a DR plan
It’s one thing having backups that are completing successfully every night, but you need to understand that running backups doesn’t constitute a disaster recovery plan. Any business of any size needs to identify and assess business risks. They also need to document and communicate what they will do if any sort of disaster occurs in their environment. It’s also important to think beyond IT when writing a disaster recovery or business continuity plan. What happens if a key supplier can’t get critical components to your manufacturing plant? What happens if key personnel come down with a long-term illness? Assess all risks, accept those risks, or put in suitable controls to mitigate them.
5. Test your recovery speed
You need to ensure that you know how long it will take to restore key systems, as well as your total environment. How long can your business function without access to a certain system or data? Is this balanced against the time it will take you to get a system back online?
6. It’s not just backup
Backup is just one component of a data protection strategy; others include replication, snapshots and high-availability solutions. Generally backup is the last resort option for data recovery, typically due to the amount of time it can take to get operations up and running again from a backup. The best solution is to use something like Disaster Recovery as a Service (DRaaS) or a similar high-availability solution for business continuity to protect yourself in a disaster scenario, i.e. perhaps replicate your key systems to a second office or into the cloud. This would potentially allow you to get operational within seconds or minutes, rather than days.
7. Encrypt backups
If you send your backups offsite in any way, then you should ensure that you encrypt them. If you don’t, a third-party could recover all of your systems and data with relative ease if they were to come across your backup media or access an online system.
8. Ensure your system is scalable
Generally, most of the main vendors will allow you to scale and move between different setups and technology. You may also need to consider what the scaling costs will be: don’t forget that data growth is fast and backup storage technologies and media types can be expensive. Make sure you understand what your ongoing costs are going to be. You may need to spend money now to save money in the mid to long term.
9. Know where your data is
You need to consider where all of your data is. If your staff store data on their laptops and other mobile devices, how will you back up that data? Is it secure and controlled? Can you get it back within an acceptable time frame?
10. Consider where you store data backups
You will typically store data backups on tape, disk, or a remote location (typically cloud-based). It’s all very well storing all of your data in the cloud or at a remote site, but how long is it going to take you to get all of that backup data back to the site when the time comes to restore it? Typically a hybrid model works well, i.e. locally duplicates a certain amount of recent backup data to allow for fast restoration if required.
Beyond these points, I’d always say that it’s important to understand the costs to your business if you lose data or system access for a prolonged period. Could you lose a day’s worth of data? Could you lose a week’s worth? What if you couldn’t get access to a system or systems for an hour, a day or a week? If you can calculate the costs of different loss scenarios then you’ll be able to balance risk against a budget.
How does the cloud and SaaS affect business continuity planning?
I regularly receive questions in relation to cloud and Software as a Service (SaaS), and how it affects Business Continuity plans. So I have compiled these into a blog article. The areas covered are a good starting point if you’re looking into your disaster recovery/business continuity plans in relation to cloud or SaaS. How can […]
Are cloud and hosted desktop services trivialising IT?
As we are now all on the cusp of the new marketing wave that is Cloud Computing and Hosted Services. I’m seeing fairly worrying trends that are going to impact the end-user of these services, particularly in the SME market. Don’t get me wrong I fully appreciate the benefits of hosted and cloud-based services – […]
In the press: Businesses must prepare for IT upgrade
As we approach Christmas and business planners cast their thoughts ahead, it can be easy to overlook the IT hurdles that many managers will face after the break. In fact, for many in the technology industry, 2014 should be the focus. In April, businesses will face a serious threat to their IT security and functionality […]