Backing up your organizations data sounds like a
simple thing to do. However, it’s often not until something can’t be retrieved
that it’s discovered that the backup strategy was badly designed to the
organizations goals, or has been poorly implemented. The ten components below
should be kept in mind and approached proactively to ensure that you can
restore that file you need when you need it.
Classify your data – When considering a backup strategy, remember that not all data has the same value to you or your company. Losing the company picnic photos or an employee’s music collection versus a database powering your main ERP system are completely different things and would have equally different impacts on your business and clients if the data was lost. To have the most efficient back-up, classify the data into different groups, and treat them differently from a backup standpoint. One classification may even mean that the data is not backed up at all.
Understand your data – Once your data has been classified, it is time to establish a recovery point objective (RPO) and recovery time objective (RTO) for each data class. This will determine the frequency of which backups are conducted along with the extent and method of backup required. The answers to other questions such as what level of security needs to protect the data, how often a restore is likely to be conducted and how long the data needs to be retained for, will also impact the selection of the solution to be put in place.
Don’t forget about mobile devices – with more and more enterprise users utilizing mobile devices as their main device for conducting business, protecting the data held on those devices is critical to business operations. No longer does the loss or failure of a device simply mean that only a couple of phone numbers have to be reentered into the new phone; critical data can be lost!
Choose the backup strategy and method – different data sets may require different solutions in order to optimally meet the goals of the business and its data sets. Tiered recovery known as Backup Lifecycle Management (BLM) is the most cost effective approach to storing data today. In most companies, more than 50% of data is older, of less value, and should cost less to protect. By setting up the correct strategy, you can align the age of your data to the cost of protecting it.
Assign a responsible party for ensuring successful backups – just because a backup strategy has been implemented, doesn’t mean it’s going to run successfully every time. Contentions, lack of storage media and timing issues can occur and need to be dealt with in a timely fashion to make sure the data is protected. To ensure this happens it’s recommended that responsibility is clearly assigned with making this happen.
Secure your data – The backup data whether that’s held on onsite or in the cloud, should be protected both physically and logically from those who do not need access to it. Even for those that are actively managing the backup process, it is often not necessary for them to work with the data in its raw form, but rather they can manage the process with the data encrypted, adding another level of security and privacy. Although the best practice is to encrypt the data while it is in flight and at rest on the backup media, it is often not put in place due to the extra time required to encrypt the data during the backup process and as such increasing the backup window required.
Conduct test restores – it’s always more preferable to find an issue proactively than reactively when there is no hope of restoration of data or time constraints are in place. So conduct periodic test restores of data to ensure that the process is working as planned.
Keep track of your backups and document – documentation is key for control of the process and security around your data. Ensure that the backup process, methods, goals and ongoing operational status are documented both for internal purposes as well as to comply with any 3rd party audit requirements such as FDIC, HIPAA or PCI.
Destroy backup media appropriately – whether you are handling HIPAA, Credit Card or “regular’ corporate data, it is a best practice to ensure that you are sufficiently keeping track of the backup media through it’s useful life all the way through to physical destruction. As common practice and to minimize any data leakage, this life cycle should be documented both from a process perspective and an actual traceable activity standpoint.
Things change, review your strategy and implementation on a regular – if there is one thing in business and technology that holds true, it is that change is constant. With this in mind, a regular review of what is being backed up (or not) and verification that the business requirements around the data are consistent should be conducted.
In a world where the volume of data to be backed
up is increasing substantially year over year and the complexity of the IT
systems is not decreasing, proactive planning, management and execution is
becoming ever more important.