Think your business is protected just because you have a backup? You need to think again.
Without backup there is no recovery. But not all backups are the same, and different organisations require different solutions.
No business can ever totally avoid risk, but having an effective backup strategy in place mitigates the risk of being without your systems and data. Take the following real life scenarios from organisations that approached ITPS for help.
Company A – running a full system backup every day, but on its own premises, and on the same domain. This offered traditional protection against low risks but not against modern threats such as ransom attacks. When hackers struck and the system and its backup was encrypted, the business had to pay a £75k ransom. This is not a quick or easy process. Working with the organisation’s in-house team it took three weeks of effort negotiating with the hackers to get its systems and data back.
Company B – ran its own full backup, which took four hours to restore. When a virus hit the business it was discovered that the most recent five backups contained the virus. This meant going back six backups to get to the first clean version. This solution also had to be restored to the ITPS virtual estate as the organisation did not have enough computing capacity to do more than one restore. Doing this meant we were able to restore four systems simultaneously and full recovery took just under eight hours rather than the 30 hours it could have required, but the company was still six days behind. We had to also provide extensive virus clean up across the estate to disinfect the system before it could be returned to the users. There were no disaster recovery arrangements in place, so all the extra work and resource utilised was chargeable. This client backup was not fit for purpose.
The choice of backup solutions can be bewildering. Ideally you should be working with an expert business continuity and disaster recovery partner. They will carry out a full backup needs analysis, guiding you through choosing the right solution. For instance you could opt for a full, differential, incremental or reverse incremental backup, or mirroring. And you need to decide where that backup should be stored – on premise, on a data centre model, or in a public, private or hybrid cloud environment.
To create your strategy you need to understand the impact, and establish two milestones. The first is your recovery point objective (RPO) – the physical point in time that you want to reach back to. The second is your recovery time objective (RTO) – the amount of time you are prepared to wait for your backup to be reinstated.
One organisation might be able to live without data for a day or even a week, while another might only be able to survive for an hour without serious financial and operational consequences.
You will need to make sure you have enough computing power to cope with running a backup and restore, especially if you cannot identify a point in the day when user requirements are low or the server can be shut down.
You should put arrangements in place to carry out regular testing. Unless you test it in a live environment, you will not know whether it works, and you do not want to find the answer out on the morning you have a disaster.
Backup is the cornerstone of a successful disaster recovery strategy and there is no room for error. If you have not made it to one of our disaster recovery and business continuity planning briefings lately you’ve missed out.
Register for one of our regular events and hear our own experts and industry speakers give advice on how to protect your business from accidental or malicious threats.