“I’m SO SORRY!! I clicked the link!! :-(“ You read that line a second time, and now calls are already coming into the help desk. The main file share, aka “dumping ground” has been encrypted with a message that for 10 bitcoin you can get your files back. At least you have backups! You do have backups, right?
Whether it be business data or personal data, the value of backing up that data can be incalculable. As important, if not more important, than backing up data, is the ability to recover that data if or when necessary. This blog addresses the generally accepted best practices in data backup.
Have a system in place to perform backups.
There are many on-premise and hosted backup solutions, and a comparison of them is beyond the scope of this blog. However, the general premise is the same: a backup solution is chosen, a determination is made as to what data must be backed up, and the software is configured to back up the selected items. Don’t assume that just because you have a backup solution that it is backing up all your important data! Confirm that each storage location is being backed up. Several times I have come across environments where the backup solution was reporting successful backups, but upon further inspection, the backup was configured improperly, and not backing up the actual important folders and data. Usually this has been in an environment where one might assume each server was storing important information in the same folders and paths, only to find out that each server was not at all configured the same. Time wasn’t taken to verify the data locations when the backup was configured, or the backup administrator had not followed up with the responsible admins to get the correct locations. So, even though the backup was successful, the important files weren’t being backed up!
Have your backed-up data moved to a secure off-site location.
In the event of a disaster, restores are impossible when your backups are inaccessible due to power loss, fire, earthquake, or other natural or manmade disasters. Is your off-site location far enough away that it won’t be impacted by the same natural disaster that takes out your primary location?
The choice of off-site location can depend on the nature of your business and data, what your recovery point objective (the maximum time period of which data may be permanently lost) is, and what your recovery time objective (how quickly does service or data need to be restored in relation to business continuity) is . The backup frequency also impacts the choice of off-site location. For instance, if your backup solution creates one backup of your data after business hours each day, is your business prepared to lose up to 24 hours of work and important data? Would your data be better served with several backups a day? Or constant off-site replication (which is another topic entirely, and NOT a backup)?
Here are a couple simple scenarios to illustrate the point.
- Your people have been working diligently all day, creating and saving documents to the local file store, but at 2:39PM the file server unexpectedly dies, and cannot be resuscitated. A new file server is built, and you have the backup from the previous night to restore. But everything that was created and saved from start of business that day until that server died is lost, as it hadn’t been backed up yet. Can your business survive that? Some can, most can’t.
- What if this single daily backup is written to tape which is then sent off site. And now you need to restore a file that was accidentally deleted maybe last week, or maybe even earlier than that, and no one noticed, until today, that the file is missing, and that file is critical. How long will it take to retrieve that backup tape from off-site, and then restore that lost file? Do you know exactly when it was deleted, so you’ll exactly which backup tape to recall?
Decide how long do you need to keep backed up data.
Another item to consider is retention. This can vary by industry and should be researched properly in order to meet industry standards and regulations. Most backup solutions over a variety of retention schedules or allow you to build your own. Generally, you would need to consider how long you’d like to keep daily (or more frequent) backups, weekly backups, monthly backups and possibly yearly backups. Yearly and monthly backups will likely be kept longer than daily backups. Part of this consideration should include the amount of space you have for storage, both at your primary location and the secondary site. Will it need to be increased to accommodate your retention span and data growth?
Test your backup restore process.
The final, and one might say most important thing, is recovery. Have you tested your restore process? Have you verified that you can restore a file, a database, whatever your important data is, and get business back up and running? How long will the restore take? Is the process documented? If you’re using tapes as part of your backup strategy, do you still have a device that can read that media if a restore is necessary? If you’re using a cloud solution for your backups, are the restores limited by the throughput of your internet connection? You can have all the successful backups in the world, but if you haven’t tested and verified restore and recovery for your business, it’s not much use. Depending on the nature of your business and your data, you might want to perform a test restore yearly, twice a year, or possibly quarterly.
When following these best practices, not only will you be verifying that your backup and recovery methods are working, but you’re also building confidence with the decision makers in your company, knowing that the data is safe and secure.
Let us know if we can help you with this process.