In the dark ages of computing, there were paper records that were keyed
into the computer for processing to generate reports. If the data was
lost, then the paper records were retrieved and keyed back in.
Today, paper records aren’t so common, as paperless offices grow in
popularity. As a result, the need for timely reliable system backups has
become critical as they serve as a safety net. If the data relating to
these all-digital records is lost or corrupted, then all records are
gone.
In order to have timely and reliable data backups, there must be a
careful blending of people, technology and processes using a systemic
perspective to ensure that goals are met.
For any data backup project, it is important to have a defined scope of
what data and servers/hosts will be included. For each type of data, IT
should work with stakeholders to identify what hosts need to be backed
up, how often, the level of security and the available service window for
doing so.
In addition, an estimate of how often data needs to be retrieved from the
archival system is needed to better understand the possible technology,
people and processes that will be required. An understanding of the risks
confronting the organization and each data set for backup will serve to
guide additional factors that need to be considered.
These requirements should drive not only the identification of a solution
but also be documented in the organization’s formal backup policies and
procedures.
People
As a foundation element for the initial implementation project and
ongoing backup and restoration processes to be successful, the people
involved must have sufficient training and understanding to grasp what
must be done. Management must support the people and the processes by
ensuring that the correct people are hired, training is provided and that
policies and procedures are adhered to. The ”tone from the top” is
vital to this, and any other, project.
Avoid Techno Babble
As a tip, when dealing with a non-IT stakeholder, including senior
management, be sure to frame communications in language that the others
can understand. Don’t leave them dazed and confused with a slew of techno
babble. Focus on the services they need, risks to those services,
regulatory requirements and business needs. And make sure to quantify
things in terms of time-frame, dollars and risk whenever possible.
The goal is to put in a solution for the business. To do this, business
execs must be able to understand and be involved.
Technology
There are a variety of types of backup systems, ranging from tape drives
to full host redundancy with real-time fail over. The solution that is
put in place and its corresponding level of investment must be driven by
a combination of risks confronting strategic, operational, reporting and
compliance objectives. One group may need a $5 million hot spare data
center with real-time fiber optic feeds and another may just need
redundant $2,000 tape drives with $1,000 worth of software.
Compatibility
One recommendation given to organizations of any size is to be very aware
of the backup technologies in use relative to the data in storage.
It is vital to ensure that any restoration process will be able to handle
the vintage of media created in the backup process. Tape drives provide a
clear case in point. It is common to walk into an organization with
several models of tape drives of varying vintages. The groups religiously
back up. However, if there is a fire or other disaster, they are in a
bind. Why? Because the needed combination of tape drives and software may
not be readily available after a disaster.
Having all the needed tapes but no way to read them defeats the purpose.
Carefully consider how the correct model of tape drive, version of
software and corresponding backup data can be stored offsite and made
available when needed.
Ultimately, whether the redundancy is simple or complex, the solutions
put in place must be driven by risk.
To be explicit, the probability of negative events and their impact to
strategic, operational, reporting and compliance objectives must be
understood. By using a risk driven approach, investing in systems that
either provide too little protection or investing too much in extremely
elaborate systems can be avoided. Some people may find it odd to be
warned against buying too much redundancy, but it is because redundancy
increases systemic complexity.
This increase in systemic complexity comes at a cost in terms of
resources. And it’s not always obvious. Initial purchase cost, additional
training and more avenues for failure must all be considered.
In looking at the confidentiality, integrity and availability of data
backups, we must look carefully at the supporting processes. The best
technology in the world can be negated by ill-conceived processes.
Different technologies may require specialization but the following bear
consideration:
management is willing to accept and how to mitigate those risks are vital
to not only implementing a backup solution, but also for keeping it
aligned with the needs of the organization;
understand when backups can happen and how long the system can be
unavailable;
to understand how long data should be retained. In some cases, backup
data may only be needed for several months and in other cases the
duration may be in years;
reviewed to check for errors, duration of the backup job and so on. Try
to identify problems and take corrective action to reduce any risks
associated with failed backups. From a compliance perspective, be sure to
date and sign reviewed logs in a method that mirrors your policies and
procedures. Auditors need to see proof that reviews are happening due to
the critical nature of the data;
stored;
can be re-used at some point in time. To be cost effective, it makes
sense in some cases to re-use media when possible versus constantly
buying new media. But it, in turn, means that organizations need to track
media to understand when it can be put back into the available media
pool, and when it has reached its end-of-life and needs to be properly
disposed of;
so it can not be read by an unintended party;
where she finds out her data restoration is flawed. It is far better to
find out the causes and take corrective action in the safe confines of
monthly or quarterly testing than it is in the heat of battle.
Data is increasing critical these days as timeframes compress, risks
increase and businesses run on information that increasingly exists only
in digital form. Data loss can result not just in financial losses to the
company, but can also impact the strategic, operations, reporting and
compliance objectives of the organization. Each group must collectively
identify, understand and manage the risks associated with its data to
safeguard the overall organization.