Think your business is protected just because you have a backup? You need to think again.
Without backup there is no recovery. But not all backups are the same, and different organisations require different solutions.
In very simple terms, backups are there to recover your systems and data if something goes wrong. This could be as basic as the accidental deletion of a file to more impactful issues such as the corruption of a database or application or the ever more regular occurrence of attacks from virus or ransomware.
No business can ever totally avoid risk but having an effective backup strategy in place mitigates the risk of being without your systems and data.
Take the following real-life scenarios from organisations that approached ITPS for help.
The simplest of examples. The company had moved all their systems to the cloud (Microsoft 365 to be exact). When we asked about how the backup was configured to establish whether it was suitable for the company needs, we were told that the backups ‘happen’ as part of the subscription. This was an assumption; the reality was that this customer had no backups at all. The solution thankfully was equally simple, we implemented a cloud-based backup as part of our managed service provision.
Company B managed its own full backup, which took four hours to complete so when required took the same time to restore. When a virus hit the business, it was discovered that the most recent five backups contained the virus. This meant going back six backups to get to the first clean version. This solution also had to be restored to the ITPS virtual estate as the organisation did not have enough computing capacity to do more than one restore. Doing this meant we were able to restore four systems simultaneously and full recovery took just under eight hours rather than the 30 hours it could have required, but the company was still six days behind. We had to also provide extensive virus clean up across the estate to disinfect the system before it could be returned to the users. There were no disaster recovery arrangements in place, so all the extra work and resource utilised was chargeable. This client backup was not fit for purpose.
The choice of backup solutions can be bewildering. Ideally you should be working with an expert business continuity and disaster recovery partner. They will carry out a full backup needs analysis, guiding you through choosing the right solution.
You could opt for a full, differential, incremental or reverse incremental backup, or mirroring. And you need to decide where that backup should be stored – on premise, on a data centre model, or in a public, private or hybrid cloud environment.
To create your strategy you need to understand the impact, and establish two milestones. The first is your recovery point objective (RPO) – the physical point in time that you want to reach back to. The second is your recovery time objective (RTO) – the amount of time you are prepared to wait for your backup to be reinstated.
One organisation might be able to live without data for a day or even a week, while another might only be able to survive for an hour without serious financial and operational consequences.
You will need to make sure you have enough computing power to cope with running a backup and restore, especially if you cannot identify a point in the day when user requirements are low or the server can be shut down.
You should put arrangements in place to carry out regular testing. Unless you test it in a live environment, you will not know whether it works, and you do not want to find the answer out on the morning you have a disaster.
All too often, organisations only think about backups after the event. By then, the business has suffered the loss of the file, data or systems. Having a clear appreciation and understanding that your backup is fit for purpose is fundamental to mitigating risk.
Backup is the cornerstone of a successful disaster recovery strategy and there is no room for error.
Register for our spring series of Security Webinars and hear our own experts and industry speakers give advice on how to protect your business from accidental or malicious threats.