Wednesday, October 27, 2021

Backup Best Practices Save Critical Data

In the dark ages of computing, there were paper records that were keyed

into the computer for processing to generate reports. If the data was

lost, then the paper records were retrieved and keyed back in.

Today, paper records aren’t so common, as paperless offices grow in

popularity. As a result, the need for timely reliable system backups has

become critical as they serve as a safety net. If the data relating to

these all-digital records is lost or corrupted, then all records are

gone.

In order to have timely and reliable data backups, there must be a

careful blending of people, technology and processes using a systemic

perspective to ensure that goals are met.

For any data backup project, it is important to have a defined scope of

what data and servers/hosts will be included. For each type of data, IT

should work with stakeholders to identify what hosts need to be backed

up, how often, the level of security and the available service window for

doing so.

In addition, an estimate of how often data needs to be retrieved from the

archival system is needed to better understand the possible technology,

people and processes that will be required. An understanding of the risks

confronting the organization and each data set for backup will serve to

guide additional factors that need to be considered.

These requirements should drive not only the identification of a solution

but also be documented in the organization’s formal backup policies and

procedures.

People

As a foundation element for the initial implementation project and

ongoing backup and restoration processes to be successful, the people

involved must have sufficient training and understanding to grasp what

must be done. Management must support the people and the processes by

ensuring that the correct people are hired, training is provided and that

policies and procedures are adhered to. The ”tone from the top” is

vital to this, and any other, project.

Avoid Techno Babble

As a tip, when dealing with a non-IT stakeholder, including senior

management, be sure to frame communications in language that the others

can understand. Don’t leave them dazed and confused with a slew of techno

babble. Focus on the services they need, risks to those services,

regulatory requirements and business needs. And make sure to quantify

things in terms of time-frame, dollars and risk whenever possible.

The goal is to put in a solution for the business. To do this, business

execs must be able to understand and be involved.

Technology

There are a variety of types of backup systems, ranging from tape drives

to full host redundancy with real-time fail over. The solution that is

put in place and its corresponding level of investment must be driven by

a combination of risks confronting strategic, operational, reporting and

compliance objectives. One group may need a $5 million hot spare data

center with real-time fiber optic feeds and another may just need

redundant $2,000 tape drives with $1,000 worth of software.

Compatibility

One recommendation given to organizations of any size is to be very aware

of the backup technologies in use relative to the data in storage.

It is vital to ensure that any restoration process will be able to handle

the vintage of media created in the backup process. Tape drives provide a

clear case in point. It is common to walk into an organization with

several models of tape drives of varying vintages. The groups religiously

back up. However, if there is a fire or other disaster, they are in a

bind. Why? Because the needed combination of tape drives and software may

not be readily available after a disaster.

Having all the needed tapes but no way to read them defeats the purpose.

Carefully consider how the correct model of tape drive, version of

software and corresponding backup data can be stored offsite and made

available when needed.

Ultimately, whether the redundancy is simple or complex, the solutions

put in place must be driven by risk.

To be explicit, the probability of negative events and their impact to

strategic, operational, reporting and compliance objectives must be

understood. By using a risk driven approach, investing in systems that

either provide too little protection or investing too much in extremely

elaborate systems can be avoided. Some people may find it odd to be

warned against buying too much redundancy, but it is because redundancy

increases systemic complexity.

This increase in systemic complexity comes at a cost in terms of

resources. And it’s not always obvious. Initial purchase cost, additional

training and more avenues for failure must all be considered.

In looking at the confidentiality, integrity and availability of data

backups, we must look carefully at the supporting processes. The best

technology in the world can be negated by ill-conceived processes.

Different technologies may require specialization but the following bear

consideration:

  • Ongoing Risk Analysis — An understanding of threats, what

    management is willing to accept and how to mitigate those risks are vital

    to not only implementing a backup solution, but also for keeping it

    aligned with the needs of the organization;

  • Scheduling — Work with system and business stakeholders to

    understand when backups can happen and how long the system can be

    unavailable;

  • Data retention — Work with system, business and legal stakeholders

    to understand how long data should be retained. In some cases, backup

    data may only be needed for several months and in other cases the

    duration may be in years;

  • Review of Logs — Log files generated from each backup job should be

    reviewed to check for errors, duration of the backup job and so on. Try

    to identify problems and take corrective action to reduce any risks

    associated with failed backups. From a compliance perspective, be sure to

    date and sign reviewed logs in a method that mirrors your policies and

    procedures. Auditors need to see proof that reviews are happening due to

    the critical nature of the data;

  • Library — Be sure to clearly label media and note where it is

    stored;

  • Rotation and Expiration — Depending on the model used, backup media

    can be re-used at some point in time. To be cost effective, it makes

    sense in some cases to re-use media when possible versus constantly

    buying new media. But it, in turn, means that organizations need to track

    media to understand when it can be put back into the available media

    pool, and when it has reached its end-of-life and needs to be properly

    disposed of;

  • Disposal — Do NOT throw media in the trash. Physically destroy it

    so it can not be read by an unintended party;

  • Testing — More than one IT administrator has had an awful moment

    where she finds out her data restoration is flawed. It is far better to

    find out the causes and take corrective action in the safe confines of

    monthly or quarterly testing than it is in the heat of battle.

    Data is increasing critical these days as timeframes compress, risks

    increase and businesses run on information that increasingly exists only

    in digital form. Data loss can result not just in financial losses to the

    company, but can also impact the strategic, operations, reporting and

    compliance objectives of the organization. Each group must collectively

    identify, understand and manage the risks associated with its data to

    safeguard the overall organization.

  • Similar articles

    Latest Articles