Data Backups Are Key To Disaster Recovery
Editor’s note: This article was originally posted in 2017 with the title How to Make Sure You Have Disaster-Ready Data Backups, but has been updated to reflect more comprehensive and current information.
Backing up your data is a necessity. Unfortunately, people don’t always understand the value of data backups until disaster strikes.
In today’s world, organizations rely on their data and infrastructure to keep things running smoothly. But data can be lost, compromised, or encrypted and held for ransom. Information can also get deleted - by accident or on purpose. Or, your system or network could fail. A natural disaster like a hurricane or tornado can strike.
To ensure a quick recovery from whatever strikes, it’s critical to keep a duplicate copy (or backup) of your data in a safe place where you can easily access it.
Even then, all backup systems are not the same. Some systems lack the measures necessary to ensure your data is restored completely and accurately. That’s why it’s essential to have a backup plan in place, test it regularly and update it.
As a Manager of Information Security and Compliance at Kelser Corporation, I’ve seen how good backup systems make a difficult situation easier and how bad ones needlessly add risk and headache.
In this article, I’ll explain what you need to know about backups: what they are, how they should work, how to verify their effectiveness, and why they are a cornerstone for a solid disaster recovery plan.
I’ll highlight best practices and explain how to avoid common problems as well as offer tips you can use to improve your backup processes.
What Is A Data Backup?
A data backup is essentially a copy of the data on your system that can be stored at a separate location.
Why Are Data Backups Important?
Data backups can be used to restore the data when the original data is lost or corrupted. The better tailored and more easily accessible to your organization, the quicker and more effectively the data can be restored yielding minimal downtime.
The last thing you want to find out in the middle of a crisis is that the backups you thought would get you out of a jam aren’t up to the task.
What Kinds Of Data Backups Are There?
The four most common types of backups are:
This procedure backs up everything, every time.
A full initial backup is followed by backups of only the data that has changed since the latest backup.
All the data that has changed since the last full backup is copied, following a full initial backup.
A full initial backup with successive backups that upload only the current changes and modify (overwrite) files accordingly.
While these are the most common types of backups, they aren’t the only ones.
What Data Should Be Backed Up And How Often?
Choosing what data to back up is just as important as when and how it is performed. While you may not need to back up all of your data every time, it’s important that you follow a rotating schedule.
A good way to decide when and how often you should back up your data is to identify your recovery point objective (RPO). The RPO is different for every organization and is defined as the maximum amount of time that can pass before the amount of data lost exceeds the maximum allowable threshold as defined by the organization.
Your business requirements also will help you determine the maximum amount of time that you can afford to have a computer, system, network, or application out of service as the result of a failure or disaster. Known as the recovery time objective (RTO), this should be one of the first things you calculate when planning your backup procedures.
Does your business have all the tools you need to keep your data protected? Not sure? Click the button below and download the free cybersecurity eBook to learn 10 steps to take today and put in place all of the tools you need to help secure your data.
What Should Your Data Backup And Disaster Recovery Policies & Procedures Include?
Backup policies and procedures vary according to the needs and capabilities of your business. As with virtually every other component of organizational IT, data backups and their processes should be tailored to you.
Related article: 10 Steps To Include In Your IT Disaster Recovery Plan
They should take into account your RPO and RTO as well as the types of threats your organization faces including cybersecurity incidents, espionage, natural disasters, power outages, and equipment failures.
Having said that, there are certain elements that all data backup and disaster recovery policies and procedures should include:
Your technology and business environment will change over time. Make sure you systematically review your organization’s backup and restore procedures for gaps and areas that need improvement. Comprehensive reviews are essential to ensure that your data is secure and recoverable. Like with most IT and cybersecurity policies and plans, you should review this at least annually.
Who creates your backup policies? Who signs off on them? Who decides what information needs to be copied, and how frequently? Who actually monitors the backup process? If you need to restore your data, who do you call first?
Someone at your organization must own this process. This person may not perform the backup but will be accountable for it and interact with your chosen platform. If your organization chooses to work with a managed IT support provider for backups, the person at your organization would coordinate directly with the provider.
One note: Make sure you have a plan in place that indicates what happens if your organization’s process owner is unavailable. Disasters won’t wait for everyone to be in the office, so make sure you are prepared.
Testing your backup and disaster recovery plan gives you accurate timing expectations. Performing periodic tests to verify that you can restore individual files from backups is good but insufficient.
Run an annual test of your data restoration procedures and aim to hit your RTO. If you fall short, evaluate to see how you can adjust your procedures to hit it the next time.
A good plan ensures effective and efficient recovery of lost data.
Even if your software shows that your data is regularly backed up, performing a restoration can identify potential hardware malfunctions, corruption in the data, or maintenance issues.
Run through a complete trial restoration of your items (before a crisis hits!) Did everything restore properly?
Simulate potential problems to see how your system reacts. Some backup systems do this periodically and automatically, but not all of them. Make sure you know which type you have (or are looking for).
One note: Making changes to your operating system (OS) can interfere with your backups. Make sure to test your backups after installing patches or other OS updates.
4. Regulatory or Compliance Concerns
Does your organization handle information that is subject to regulatory or compliance standards? If so, make sure your backup procedures and policies adhere to the appropriate requirements.
For example, HIPAA (the Health Insurance Portability and Accountability Act of 1996) identifies specific backup and recovery requirements for healthcare entities, and NIST 800-171 outlines required protections government contractors and subcontractors must have in place for backups containing controlled unclassified information (CUI).
Understand what your contracts require, and if you are unsure, ask for clarification.
After reading this article, you understand why data backups are important. You understand the different kinds of backups and what your backup procedures and policies should include.
There is no cookie-cutter approach to backing up critical data. In the event of a disaster, you need a recovery plan that aligns with your business recovery requirements and budget.
With proper planning and testing, you can ensure the security of your data with safe backups.
You may have the talent you need in-house to verify your backups. If not you might want to consider working with an outside IT provider.
At Kelser, we provide a full slate of managed IT support, including managed backups and recovery. We know that managed IT isn’t the right solution for every business, so we are committed to writing articles like this that provide the information business leaders like you need to make the best IT decision for their organization.
If you find yourself wondering about managed IT support, check out this article: What Is Managed IT? What’s Included? What Does It Cost?
Want to know the difference between traditional break/fix and managed IT support? Read this article: Break/Fix Vs. Managed IT: Cost, Reliability, Security, Productivity.
If you’ve already decided to pursue managed IT support, we encourage you to check out several providers to find the one that is right for you. This article can help: How Do I Choose The Right IT Provider? (Criteria You Can Use).