All modern organizations rely on data, which must be securely backed up at regular intervals.
The criticality of their data may vary greatly, but the procedures for a successful backup strategy remain relatively constant across organizations. Over the last several years there have been many examples in the media of companies who have neglected their backup strategy who have ended up losing a lot of money and their reputation. Below are some key points to assist with your backup strategy:
The environmental elements of a backup strategy include an examination of your information systems, especially with respect to data storage. The physical location for your backups is a key aspect. Consider where your data is now and where you want it to be to keep it safe. What happens if there is a fire? For this reason most people choose to keep their data backups offsite from the location of the production data. The amount of data and its volatility will also help determine the optimum backup procedure.
The use of mobile devices is also an important security consideration in the environmental analysis since they can be easily lost or stolen. No system should ever have only one copy of a data set, especially if that data set is stored on a mobile device (such as a laptop). Your organization’s IT department should already have well-established security guidelines for backing up data. If not, you’ll also need to research and apply the best practices for your industry.
A comprehensive backup plan includes the following phases:
- Data selection
- Restoration testing
- Service-level agreements
Determine the data components that need to be backed up, and note their locations. This would include sets such as: databases, email, documents and configuration files. You should also rate the criticality of each component on a scale that at least contains low, medium and high ratings. Inform the IT administrators of this information so they can ensure the data is backed up.
This process may also identify data that doesn’t need to be backed up because it can be synchronized with the data on other systems. For example, you may be able to map drives with a Windows batch file that uses robocopy or xcopy. You can also use a cron job in Linux to rsync data. Synchronization is most often used to copy data with a low priority whose loss won’t be critical to an organization. The primary risk of this technique is that corrupt data can be synchronized just as easily as clean data and can just as easily be deleted. Any data that is synchronised also needs to be backed up, but perhaps less frequently.
These principles also apply to directory data. For example, Windows’ Active Directory data needs to be backed up to protect a system from a failure of the entire site, but the use of multiple domain controllers will allow the system to recover from the loss of a single server. Furthermore, it may not be necessary to backup a server’s operating system (OS) data since you can rebuild servers relatively quickly in a virtualized environment. If your environment includes a Terminal Server this is a very important point as you may not even realise that you have an Active Directory server and you will need to protect that setup.
You should typically perform a complete backup after the end of each business week to minimize conflicts with other processes. Differential backups that only backup modified files are often performed after the end of each day’s processing. Most modern backups systems will also complete one full backup and then only backup the deltas that have changed saving space in your backup media. This is particularly advantageous in that you don’t have to restore from 2 sets of media to get back to a particular point in time.
Backups of database data can be performed every few hours, depending on its volatility. The length of time that each backup should be retained is also an important aspect of scheduling backups of both databases and data. Do you have legal obligations to store it for a certain period of time? How long until you notice something isn’t right? How long do you realistically need to go back for? All of these (and more) are important questions as once a backup is overwritten, you are almost guaranteed to have lost the data forever.
Backup management usually includes automating backups as much as possible. However, you should also use appropriate tools to monitor this process so that your IT Administrator is alerted whenever a backup fails. Failed backups should be checked, resolved and a fresh backup taken as swiftly as possible. Obsolete data should be deleted or archived from systems to reduce the time needed to perform backup tasks. Some means of validating data without performing a restore should also be used to ensure the backups are clean and the data in the system is intact.
Your IT Administrator must develop a detailed strategy for testing the restore procedure for each type of backup media, which historically would include disk and tape. Modern backups may also include cloud data or USB disks. This process usually includes restoring the backups to a test system to go through the data and compare it to the live data set. Validation of a database backup often consists of refreshing a non-production database from a production backup.
Service-level agreements (SLAs) often cover details of an organization’s recovery procedure such as the timeline and the client organization’s expectations. Management should, therefore, review and approve an organization’s SLAs to ensure they accurately reflect the actual recovery procedure. How quickly do you want to be able to restore data? Do your end customers expect you to be able to restore within a certain timeframe? Do you need to be keeping data for a certain period of time?
All of the above (and more) go into how your organization develops a backup strategy to safeguard against data loss. This may seem like a daunting task but taking the time now to define this can save your entire business down the track. If you would like assistance with your backup plan, feel free to discuss this with a member of our solutions team who will be able to assist you in forming your personalised backup plan.