The data that we create every day is what we rely on to keep business moving forward. What if one day the data is no longer available? This may be due to ransomware, natural disaster, infrastructure failure or theft. How can your company recover from an incident like this? There are many different directions we can take this conversation but for right now let’s just focus how we are backing the data up.
Industry standard recommends we use a 3-2-1 rule. Keep 3 copies of the data, 1 copy is the primary production server and the other 2 are backup. Use 2 different disk types. This could be using the hard drive of a backup server and then backup up to a tape or cloud option. Lastly, you should always have 1 copy go off site.
How reputable is your backup solution? 93% of companies that lost their data center for 10 days or more during a disaster, filed for bankruptcy within one year of the disaster (National Archives & Records Administration in Washington). Of companies that suffer catastrophic data loss: 43% never reopen and 51% close within two years (University of Texas).
Your backup solution should not only back up files but should also back up and allow you to restore an entire server. There are many different hardware and cloud based solutions today that will allow you to access a copy of your server from your backup location simply by telling the network to route to an alternative location, significantly reducing downtime and loss of production.
Are users storing data on the corporate network or on their individual computers? This is a very common problem and some of the biggest data losses that occur are due to a single computer failure and the lack of employee training to direct staff to store data on the network. This raises the question of how much data loss a company is willing to accept? This will help you determine if you need to look at Disaster Recovery or High Availability. The difference is that disaster recovery data is typically a couple hours old. High Availability is a real time copy of your current data that is replicated to an off site location. In the event of failure at your primary site, networking will allow the company to point to the secondary site and keep production moving forward while eliminating the need to recreate the data. Regardless of your decision to incorporate off site Disaster Recovery or High Availability this will not eliminate the need to have a backup process at your production site.
After you have decided how corporate data is being backed up you need to create a retention policy that will dictate how long the data will be stored before it is destroyed. Whatever timeframe you indicate you must be able to provide that data in the event of litigation. If the data is stored on tape, do you have the technology that will read the tape? The best practice would be to get an attorney involved that can direct you on the proper laws that govern each state that your company performs business in.
Lastly, who is reviewing the backup jobs daily to make sure they are running properly? Are backup notifications setup to go to multiple people to ensure backups are passing successfully? How often is someone testing the ability to restore data? Do you have active support contracts on your backup software and hardware solutions?
You must continue to be very proactive when we are talking about what the backups policies are in place, how they are being applied and who is responsible for making sure they are functioning properly. Previously backups were implemented to protect from infrastructure failure and natural disaster. However, the dynamic has changed dramatically over the last couple of years due to ransomware epidemics and theft. The likelihood of companies needing and using their backups due to ransomware attack is more prevalent today. Please take the time to ask your IT department how your company data is being backed up and how far back in time you can restore a document from.