Why “We Back Up Every Night” is Not a Disaster Recovery Plan

Data backup is not the same as disaster recovery. Yet when we ask clients about their disaster recovery (DR) plan, too often the answer is: “we back up every night”.  On their own, routine backup operations are insufficient to safeguard your computing environment, much less restore your business operation after a compromising event. 

The key issue is not ‘can you restore your systems?’ but ‘how quickly can you restore your business?’   

Data backups are one element of a disaster recovery plan that includes the processes, people, tools, and environment for a speedy, stress-free recovery. Your business needs both a data backup plan and a DR plan. 

What to back up
Assess all your business data sets (files/database/etc.) and decide why or whether they need backing up. In case of a disaster, which data sets must be available ASAP and which ones are unlikely to be accessed for a while? Understanding how and when data sets are used helps you determine how often, how much, and where to back up. 

You can make full backups every time, but if you’re doing offsite storage, you need to balance size against data transfer time. Should you do full backups once a week and incremental backups daily? Can you reinstall system files and software, or maintain virtual servers in a cloud environment? 

For too many, the main goal with backups is speed because it’s a daily chore that takes time. Recovery time is what matters. Think in terms of the end result: recovery speed. 

Where backups live depends on when you need them
First of all, please do not put all your eggs in one basket. It’s fine to back up to another server in the same building; that’s great for quick file recovery. However, you also need offsite storage in case of fire or some other event that damages the site.  When that happens, offsite backups or cloud-based solutions are your only hope.

During your assessment, if your business absolutely needs immediate access to certain files and apps, you need to back up in a way that lets you restore those environments ASAP. If your business provides data entry services, for example, your backups should include the data entry server environment as well as client files. You may want an on-site backup server to recover from small-scale problems, plus cloud storage/virtual machines to bring back the data entry system after a major disaster. 

For data that’s essentially archived and used rarely, off-site storage is usually sufficient.

Who is going to restore the data? 
People are part of every process. Who are the contact points in your organization in case of trouble? Do they have the technical skills to initiate recovery procedures? If outside providers are part of the process, do you have the contact information? 

What about the recovery system?
Ideally, your recovery environment should mirror your production environment. This is harder than it sounds in practice because a production environment changes every day and busy staff can’t always capture those changes. Make a point of auditing your recovery systems periodically so that you maintain the right servers, storage, and operating systems for your recovery environment. 

Where is the documentation?
Staff come and go, and with each departure goes a bit of knowledge. Even the person who wrote the plan will be glad of documentation when disaster strikes and stress levels escalate. Insist on written procedures, contact points, and responsibilities. Remember to have up-to-date hardcopies on hand both on-site and offsite.

How do you back up?
More to the point, do you validate your backups? There are numerous reasons why backup files can fail and you don’t want to be in DR mode when you find out. Automated backup routines may not report problems or operators might not notice warning messages. Mishaps during backup can happen due to:

• Media failure: backup storage drives out of disk space or corrupted 
• Software failure: upgraded version of backup software proved faulty 
• Human error
• Hardware error: this is particularly an issue when it comes to tape drives. As hardware ages, the heads ‘drift’ and other tape drives can’t read the backup.
• Network failure

Data integrity is essential. Every network administrator follows a scheduled backup routine. However, not all of them validate the data. Without validation, it’s impossible to ensure that you can restore successfully after a disaster. 

What is your recovery plan?
There’s no point in developing a disaster recovery plan unless you’ve done a risk assessment first to identify which assets are critical and which ones nonessential. There’s simply no other way to make sure your procedures reflect the correct priorities.  Your plan also has to recognize that there’s more to recovery than just data. 

• Communications. How will you contact critical staff in case of failure? What is your incident response process? Not just for those who are responsible for managing the recovery, but those whose work will be affected. 
• Standby equipment. Where will you load the data you recover, how can people access it? You will need servers and networking equipment that are ready to go, either your own or brought in quickly from some other source.  
• Backup power. In the event of a power failure, how much short-term UPS capacity do you have? In case of widespread and longer outages, do you have a generator?
• Rehearsal. Is your recovery plan tested? What looks good on paper may not be so successful in real life. Do a fire drill and test run the process. Validate every documented step and identify shortcomings so that you can identify deficiencies and plan for contingencies before it’s too late.

What can SMBs do? 
For SMBs, redundant equipment and networks, power supplies, storage media, DR software solutions , and space add up to major capital and/or operational costs. At the same time, SMBs are the companies who can least afford to lose business because of an unexpected calamity.  The best way to cost-justify spending on DR is to include the business cost of downtime in your risk assessment.

For many SMBs, the answer to implementing disaster recovery without incurring disastrous costs is to outsource some or most of the elements of your plan. If you deal with an IT service provider, the odds are good that they can offer DR at their data centre. An IT service provider can help you with risk assessment, audit your back up and DR procedures, and determine the reliability of your current backup environment, and how quickly you could be back online after a catastrophe.

Prices for cloud computing are so competitive these days that businesses find they can get what they need quite affordably through a combination of cloud-based and on-premise backup, or cloud only. Again, an IT service provider can work with you to determine the most cost-effective options. 

The top benefits of outsourcing are:
• Cost: You only pay for the services and storage you need and the provider is responsible for maintaining a secure environment.
• Scalability: Data centres are set up to deal with scalability 
• Administration: Reduces burden on IT in terms of time and process. 
• Compliance: If you must meet compliance in your business, discuss this in advance with your provider

An IT service provider will provide the backup software, run backups on a schedule, validate for data integrity, and be available to assist or carry out DR procedures. They can also help you transfer your system from your recovery environment to a normal operating environment.

Outsourcing your back up services can simplify daily operations as well as provide assurance of help for fast, professional recovery. Contact Smartt’s IT consultants for help tailoring in a disaster recovery plan. We believe in a collaborative effort where both parties play a part in developing a plan that suits your budget and resources.