In addition to guest posting on the UpCity blog, Sanapptx is featured as one of our Top Cybersecurity Consultants in the United States. Check out their profile here.
Losing company data is a catastrophic experience that has large financial implications, oftentimes for an unspecified amount of time. Losing data results in loss of revenue, inability to operate a business at normal capacity, diminished reputation, and operational issues that can plague a company for a long time (if they are able to recover).
Company data can be compromised in many ways from hardware failure to hacked infrastructure, malware infiltration, a rogue employee, corrupted backups, or even something as simple as user error. In order to maintain business continuity (no interruption), it is important to have a highly reliable solution as well as a robust disaster recovery plan in the event information is compromised.
The best backup solution for a business is dependent on many factors from scalability to budget, compliance standards (i.e. HIPAA, FINRA, CJIS, etc.), and encryption protection. Regardless of whether your company data is virtual, physical, or cloud, it is necessary to create and store copies of that data offsite and also have a recovery plan in place.
1. How Do Backups Work?
A backup software is used to backup data from a device (server, phone, laptop, etc) and stores it offsite. If data is compromised, the most recent backup is used to restore all the data.
2. What Types of Backups Are Available?
There are 3 types of backups: full backups, incremental and differential. A full backup comes first and copies all the data. Then incremental backups only copy over data that has changed since the last backup. Differential backups initially only copy over data that has changed since the last backup but then continue to copy all the data changed since the most recent backup.
3. How Do You Test Your Backups and How Often Should This Be Performed?
Backups tests can be done often simply by utilizing the file recovery process on a schedule. Testing incremental saves is a matter of recovering files from a specific date, and can also be done very often. However, testing virtualizations can be complex, so you probably want to schedule virtualization tests from your backups at least once or twice a year to make sure the recovery and replication system is in working order. Note that when dealing with incremental and differential backups, it is good to start an entirely new backup every month or so to limit the number of files necessary for a full restore. Full restores with a ton of backup files sometimes aren’t very reliable.
4. What Recommendations Are Out There for Backup Software?
There are many factors you want to take into account, cost of disk space, location of local and offsite backups, replication reliability, virtualization, and ease of redeployment. By the time you have researched these functions in a backup application, you will know if it is viable or if you should continue researching other solutions. Carbonite, Veeam, and Acronis seem to be the best values out there that are all inclusive with regards to the reliability of data. Most backup services have similar functionality, the cost usually is a measure on ease of use or perceived reliability.
5. What Goes into Creating a Disaster Recovery Plan?
Assume the worst-case scenario, then plan for it on paper. Start with an outline like below, as you start to fill in information for items, you will start to see other gaps of information that need to be filled.
- Inventory all hardware/software/applications.
- What is the replacement time on these assets if they are lost?
- Who are your hardware vendors and what is their contact information?
- Document all vendor technical support information.
- Ask your vendors about their plan of action in case of Disaster and document it in your DR policy to provide context in case someone else has to read from your playbook.
- Tech support for all your services, who are they? Point of contacts?
- Understand business-critical solutions and the cost of downtime.
- Each division/department head should help in articulating all steps necessary to redeploy operations in another location.
- Ask division heads what they need if they had to operate from another office. This can easily get you a hit list of items that need to be planned out.
- Identify RPO (recovery point objective) and RTO (recovery time objective) for each application based on priority. Cloud services are usually the least affected, but sometimes spinning up from another location means a lot of reconfiguration. Test this process of relocation with your recovery process at least once a year to make sure the systems work.
- Document personnel roles and contact information for DR (disaster recovery).
- Document a communication chain to alert everyone. Sometimes this is a catch-all mail, sometimes it’s a planned document to be communicated via phone to all employees. The point is to make sure everyone involved is reached, confirmed as okay, and available for the recovery/relocation process.
- Document SLAs in place for any services used, with the goal of maintaining that level of service throughout a recovery or relocation process.
- Document all auxiliary locations for your staff, WFH deployment (where planned and unplanned)
- Plan to have phone service redirected, or if your service supports it, VOIP can have the entire organization’s calls redirected.
- Utility and Resources reallocation, where will you store or acquire resources for your company in the event of an unscheduled relocation?
- Plan it all. Utilities, personnel, resources, vendors…then put it to paper, then test it, rinse, and repeat.
In the end, backup and disaster recovery execution comes down to being fully prepared and making sure every potential scenario is reviewed and planned out. Detailed planning allows there to be as much business continuity as possible in the unfortunate event there is a disaster that impacts your company.