In previous blogs, we’ve talked about Backup Best Practices, RTO & RPO, and Business Continuity. We briefly talked about recovery in the Backup Best Practices blog; here we’re going to expound on that process.
As important as it is to back up your data and systems, that is just the beginning. Whatever business you’re in, your data is important, and the ability to access and store it safely is a necessity. Your customers and employees rely on you for that. If they can’t get what they’re looking for from you, they will start to look elsewhere. You must consider backup verification, recovery testing and documentation as part of the process.
"Backup and Recovery is not just for systems that store data; it’s also for those that pass and secure data. Remember to ensure your critical network and security technology is well maintained, backed up and validated, and well documented to avoid an unnecessary crisis", says Technium's Michael Joseph. I couldn't agree more, so let's take a deeper dive into the Backup and Recovery process.
Backup verification can mean different things, for different backup products. It can be as simple as verifying that the proper files, folders, or entire systems are actually being backed up; the backup system may have some verification process to indicate they are successful, or you may need to manually verify that they are backing up the necessary locations. Or, it can include restoring that backed up computer in an isolated network and verifying everything - all the applications - work properly on that computer restored from a backup. In addition, it’s not necessarily a one and done procedure. Any time any changes are made in that file system or computer, be it patching and updates or application upgrades, you should verify that everything that needs to be backed up, is still being backed up. The upgrade could have added a new folder location that should be backed up, and that folder hasn’t been included in the backups.
That leads us into recovery testing. After verifying that the proper things are scheduled to back up and are successfully being backed up, you need to test and verify that you can recover the necessary things, anything from a single file to an entire system, if that’s required for business, and how long that recovery will take. Testing of this nature should be frequent and may be dependent on various regulations or guidance related to your line of business. Compliance audits may require quarterly proof of recovery testing, or the nature of your business may require that recovery testing should be performed after certain events, such as software or hardware upgrades. SLAs may require availability of a system, file, application or database within a certain time frame. Are you still able to recover backups that are stored on tape with your new hardware? Or is your recovery hardware now too different from your production hardware, and the recovery fails because of these differences. Regular recovery testing can ensure that recovery is possible within the SLA, as you test you will see how long the process takes and can make any necessary changes to the policy or procedure as needed.
Finally, we come to documentation. Are your procedures for backups, verification, and recovery/recovery testing up to date and complete? Your documentation should be thorough and complete, and updated often. As one of my managers used to say, your documentation should be good enough that someone not particularly familiar with the process can look at it and complete the process successfully, in the event you, or the whole team, get run over by a beer truck. The documentation should include who is responsible for each step, and how to reach them; who to contact in the event of success or failure, and how to reach them; relevant system names, IP addresses, file locations; backup logs, and where to find them; and the actual steps of the process or procedure. I don’t know that there’s such thing as too much information to include in your documentation.
Having strategies such as these in place can help you become the hero your employer wants on their team!
If you have more questions on how to develop or implement a successful backup and recovery testing plan as part of your overall business continuity plan, please contact us.