10 things business leaders need to know about data backups
Last updated on April 16th, 2020
I was recently asked by a journalist to give some pointers on backing up data for business leaders and IT professionals in small and mid-market companies. It’s obviously a huge area with a different slant dependent on the reader and the environment. I jotted down 10 key areas that need focus when considering backup systems for businesses of virtually any size.
1. Design your lifecycle operations calendar
To be effective, a backup operation requires a calendar of tasks that need to be completed every day. There are also weekly, monthly, quarterly and annual tasks that are just as critical, and also strategic. The full lifecycle should be mapped out as a documented policy and performed on schedule.
2. Review backup logs daily
You can’t just shut your eyes and assume that your backups will work without any intervention. You should be analysing your backup reports daily, either manually or via a monitoring and alerting system. It’s also important to ensure that you address any backup issues daily, as what may seem a small issue can soon escalate into a disaster scenario.
3. Ensure you verify backups
Most backup systems will verify a backup after it completes, but this isn’t a guarantee of recovery. You should schedule and undertake restore tests on a regular basis to ensure you can recover files and complete systems if the need arises.
4. Have a DR plan
It’s one thing having backups that are completing successfully every night, but you need to understand that running backups doesn’t constitute a disaster recovery plan. Any business of any size needs to identify and assess business risks. They also need to document and communicate what they will do if any sort of disaster occurs in their environment. It’s also important to think beyond IT when writing a disaster recovery or business continuity plan. What happens if a key supplier can’t get critical components to your manufacturing plant? What happens if key personnel come down with a long-term illness? Assess all risks, accept those risks, or put in suitable controls to mitigate them.
5. Test your recovery speed
You need to ensure that you know how long it will take to restore key systems, as well as your total environment. How long can your business function without access to a certain system or data? Is this balanced against the time it will take you to get a system back online?
6. It’s not just backup
Backup is just one component of a data protection strategy; others include replication, snapshots and high-availability solutions. Generally backup is the last resort option for data recovery, typically due to the amount of time it can take to get operations up and running again from a backup. The best solution is to use something like Disaster Recovery as a Service (DRaaS) or a similar high-availability solution for business continuity to protect yourself in a disaster scenario, i.e. perhaps replicate your key systems to a second office or into the cloud. This would potentially allow you to get operational within seconds or minutes, rather than days.
7. Encrypt backups
If you send your backups offsite in any way, then you should ensure that you encrypt them. If you don’t, a third-party could recover all of your systems and data with relative ease if they were to come across your backup media or access an online system.
8. Ensure your system is scalable
Generally, most of the main vendors will allow you to scale and move between different setups and technology. You may also need to consider what the scaling costs will be: don’t forget that data growth is fast and backup storage technologies and media types can be expensive. Make sure you understand what your on-going costs are going to be. You may need to spend money now to save money in the mid to long-term.
9. Know where your data is
You need to consider where all of your data is. If your staff store data on their laptops and other mobile devices, how will you back up that data? Is it secure and controlled? Can you get it back within an acceptable time-frame?
10. Consider where you store data backups
You will typically store data backups on tape, disk, or a remote location (typically cloud-based). It’s all very well storing all of your data in the cloud or at a remote site, but how long is it going to take you to get all of that backup data back to site when the time comes to restore it? Typically a hybrid model works well, i.e. locally duplicates a certain amount of recent backup data to allow for fast restoration if required.
Beyond these points, I’d always say that it’s important to understand the costs to your business if you lose data or system access for a prolonged period. Could you lose a day’s worth of data? Could you lose a week’s worth? What if you couldn’t get access to a system or systems for an hour, a day or a week? If you can calculate the costs of different loss scenarios then you’ll be able to balance risk against a budget.
In the press: Digitising the courtroom and the impact on law firms
Andrea Beech asks how digitising the courtroom could affect law firms. In the Autumn Statement last month, an increased focus on digital and technology was a common thread across all departments, from a £450m investment for the Government Digital Service to a £1bn investment in a 4G communications network for the emergency services. As part […]
How could the 2012 Olympics affect your network?
With the London Olympics quickly approaching; there are a couple of areas that businesses should be aware of in terms of their networks, particularly internet connectivity. UK-Wide demand for bandwidth The demand for internet access for streaming videos is likely to be very high during the Olympics, putting a marked increase on the UK ISPs through very […]
QuoStar adds new data centres to its network
QuoStar delivers cloud services from multiple, highly secure and compliant UK data centres. The latest additions are purpose-built, ex-Ministry of Defence facilities that are armoured, nuclear bomb proof, military specified fortresses. This unequalled level of security and redundancy is coupled with the ability to support high levels of power, cooling and stringent access control procedures. […]