Technology

A Bad Day At The Office

Issue 66

Think your business is protected just because you are told you have a backup? You need to think again.

Businesses understand that without backup there may be no recovery. However, not all backups are the same, and different organisations require different solutions and a backup must be fit for purpose. In very simple terms, backups are there to recover your systems and data if something goes wrong. This could be as basic as the accidental deletion of a file to more impactful issues such as the corruption of a database or application or the ever more regular occurrence of attacks from virus or ransomware. No business can ever totally avoid risk but having an effective backup strategy in place mitigates the risk of being without your systems and data.

Take the following real-life scenarios from organisations that approached ITPS for help. Company A The simplest of examples. The company had moved all their systems to the cloud (Microsoft 365 to be exact). When we asked about how the backup was configured to establish whether it was suitable for the company needs, we were told that the backups ‘happen’ as part of the subscription. This was an assumption; the reality was that this customer had no backups at all. This is an all too common scenario. The solution thankfully was equally simple, we implemented a cloud-based backup as part of our managed service provision. Company B Company B managed its own full backup, which took four hours to complete so when required, took the same time to restore. When a virus hit the business, the client needed the backup. However, you cannot just restore a backup, you first need to check that the backup itself does not have a virus.

In this case it was discovered that the most recent (and the five previous) backups contained the virus. This meant going back six backups to get to the first clean version. This was a major issue for the client as the data would need to be restored and virus checked a total of six individual times, before discovering a clean version and take an estimated 30 hours. ITPS was able to assist by enabling the six individual backup files to be restored to the ITPS virtual estate simultaneously meaning a full recovery took just under eight hours rather than the 30 hours it could have required. However, the company data was still six days behind. We also provided extensive virus clean up across the estate to disinfect the system before it was returned to the users. This client did have a backup, but they did not understand how to manage the virus and the implications of the virus compromising previous backups. The choice of backup solutions can be bewildering. Ideally, you should be working with an expert business continuity and disaster recovery partner. They will carry out a full backup needs analysis, guiding you through choosing the right solution. You could opt for a full, differential, incremental or reverse incremental backup, or mirroring. In addition, you need to decide where that backup should be stored – on premise, on a data centre model, or in a public, private or hybrid cloud environment. To create your strategy you need to understand the impact, and establish two milestones. The first is your recovery point objective (RPO) – the physical point in time that you want to reach back to. The second is your recovery time objective (RTO) – the amount of time you are prepared to wait for your backup to be reinstated. One organisation might be able to live without data for a day or even a week, while another might only be able to survive for an hour without serious financial and operational consequences. You will need to make sure you have enough computing power to cope with running a backup and restore, especially if you cannot identify a point in the day when user requirements are low or the server can be shut down. You should put arrangements in place to carry out regular testing. Unless you test it in a live environment, you will not know whether it works, and you do not want to find the answer out on the morning you have a disaster. All too often, organisations only think about backups after the event. By then, the business has suffered the loss of the file, data or systems. Having a clear appreciation and understanding that your backup is fit for purpose is fundamental to mitigating risk. Backup is the cornerstone of a successful disaster recovery strategy and there is no room for error.

Register for our spring series of Security Webinars at webinars@itps.co.uk and hear our own experts and industry speakers give advice on how to protect your business from accidental or malicious threats.

Sign-up to our newsletter

  • This field is for validation purposes and should be left unchanged.