An often overlooked part of your overall IT strategy, even to this day, involves protecting yourself from system failure, viruses or malware. In this article, we take a look at how and why you should be backing up your data. In using the term "data" we are following what is becoming a commonly acceptable usage in many style guides in that it can be singular or plural. This article, like all of our articles is not an exhaustive treatment of the subject but it perhaps highlights why you need to consider working with an experienced provider to ensure that your backup and recovery strategies fully match your business needs.
Introduction
With businesses being increasingly reliant upon their IT systems, and with the possibility of their data being spread over multiple locations, ensuring both the security and recoverability of this data is paramount. Often it is left as a last thought, or as something they will do when time allows. If you haven't a backup and recovery plan in place already, take the time to do it now. Businesses that suffer data loss often do not recover and you will often see statistics that state that over 60% of businesses that lose critical business data close within six months. Whilst it is always possible to argue the nature of cause and effect and that of statistics, take the time to consider for a moment what would happen to your business if your sales ledger became unavailable for an extended period of time and what would happen if you lost a week or two's worth of orders. Whilst it may not destroy your business, the cost to recover that data and the damage to your reputation could prove irreversibly damaging.
Causes of data loss
These can be varied. The most common is user error. With some file sharing systems, more than one user can open a file at the same time (a well-designed system will prevent this) and it is quite possible for the first user to save their changes in a document and the second user to overwrite the first user's changes. Users can delete the wrong files, rename files or move them to locations that may be temporary storage areas that are automatically cleared down by their systems. In some of these situations, it may be possible to recover the situation by searching for a file that has been misplaced but often it is just not possible. Users may store documents on their computer desktop and if the hard drive fails in their computer, there is a risk that they lose that data.
A malicious person (perhaps a soon to-be ex employee) could potentially delete files "by accident", or overwrite key documents with inaccurate or invalid data. It may be some time before this kind of damage is identified.
Computers, particularly storage devices, can suffer from data corruption issues for a number of different reasons. Sometimes even the most minor corruption can make a document unreadable. Whilst rare, power spikes and environmental conditions can cause computers to store invalid information and overwrite good information. Power cuts can cause irrecoverable data damage in certain computer configurations. Sometimes storage systems suffer from something called "bit rot", which basically means that as stored data ages, the chances of reading it successfully diminish. A faulty component in the computer could cause random data to be written to storage devices, destroying data.
Malicious software could be installed on one computer and through a security hole in your systems it could propagate its activity to more than one computer and to your central storage areas. Sometimes this kind of damage is immediate but some more nefarious software slowly damages data and only when it reaches a point where the damage is extreme enough does the problem manifest.
The above is by no means an exhaustive list, but it does demonstrate that no matter how secure you think your data is, the number of threats in today's computing environments does mean that reviewing your back up and recovery strategy needs close attention and regular review.
Availability versus recoverability
Whilst not strictly backup related, it is worth mentioning the difference between availability and recoverability. We occasionally come across people (and perhaps shamefully IT providers) who confuse the two. Availability is specifically related to making sure that your data can be accessed when you need it. A common way to achieve this is through controlled duplication of data. You may have read about the ability to put one more more extra hard drives in your computer and have the computer automatically write the same information to each of the hard drives. This way, if one drive fails, the data is still available on another drive. Incidentally, there are other reasons for spreading data over more than one disc and we will cover this in another blog post. Writing data to more than one hard drive in this way is often referred to as RAID (which stands for Redundant Array of Inexpensive Disks - sometimes the I is said to stand for "Independent".)
It is a misconception for some people that RAID is backup. They are not the same thing. In the majority of data loss situations, except a failing disk drive, a RAID system will happily duplicate the damage from one disk to all others. It is for this reason that relying upon RAID (or similar configurations) as a protection from data loss is something that you should never do. If your current provider has put this kind of solution in place for you and told you that you are backing up your data, find a new provider immediately.
Recoverability is what backup is all about. If a piece of information is changing every five minutes, how long is it before you consider that information to be out of date? If your web site is handling thousands of orders a minute, it could be that anything more than one minute's data loss is unacceptable. If you are updating payroll data once a month, it may be perfectly OK to rely upon a copy of the data taken two weeks ago. Part of creating a good recovery plan is to identify key data, how that data changes and how you need to ensure that you can always recover said data should it ever be lost or damaged for any reason.
Creating your backup strategy
You first need to define the scope of your data backup. What exactly will you be backing up? Do you copy the entire contents of all of the servers and workstations in your company? Do you do the same with home or laptop computers that may contain company data? Whilst this may seem like a good option, for anything other than a very small amount of data on very few machines, before long the time it takes to create the backup means that the backup itself does not complete in the allotted time, or that it does not back up frequently changing data often enough.
When you have decided upon the scope, you then need to identify what data changes and how often. It is then important to determine the maximum window of time that any data remains valid and how critical this data is to your business. Rapidly changing log files, for example, may be considered critical if they are access logs but non-critical if they are error logs (a determination that only you can make).
You must also consider the nature of the data. Databases, for example, often provide a variety of methods by which they can be accurately recovered to a specific point in history. Many backup tools are able to work with database systems to provide highly granular backups and therefore the option to restore your data with a high degree of accuracy and recency.
By determining what data is being backed up, how often it changes, how critical it is to your business, how long it will take to back up and where it is being backed up to, you can begin to formulate a strategy that works for your business.
Types of backup
By "type of backup" we are referring to three main classifications of backup. Firstly, there is a full backup. A full backup will contain all data within the scope of the backup. Creating nothing but full backups is potentially expensive in terms of storage and unworkable in terms of how long the backup takes to make, and copy to a remote location. One way of reducing the size of a backup is to take a single full backup and then take copies of only the data that changes between backups. This is commonly referred to as an incremental backup. Though many tools allow working with full and incremental backups quite straightforward, another plan is to take copies of data that have changed since the last full backup. This is referred to as a differential backup. A differential backup is often used to simplify the restoration process because restoring a full backup and then all incremental backups can be quite time consuming if you are not using a tool that hides the complexity. Fully restoring from a differential backup is a matter of restoring the full backup and then only the most recent differential backup.
Most backup strategies make use of a combination of the above and they also implement a backup rotation to allow recovery of data from a number of different points in time.
Where should a backup be stored
Without doubt, you should always have at least one recent copy of your most critical data stored off-site. Should something physically destroy your systems and backups (such as a fire), an off-site backup is vital to a successful data recovery. One of the reasons for maintaining key data in the cloud is to facilitate rapid off-site backups. Most creditable data centres will operate from more than one location and you are able to ensure that your primary data store is backed up to a different location.
Should your key data store be at your main office location, having an allocation of data in the cloud to allow critical data to be backed up often makes sense. Taking copies of data and holding those copies off-site also makes sense.
Ultimately, there are many options for structuring your data storage so that access is optimised and recovery, should it ever be necessary results in minimum downtime as defined by your business needs.
You do need to consider where your data is being stored if you are to remain GDPR compliant. Not having secure control of your backups really could be costly if there is a data breach as a result of not sufficiently protecting your backed up data from being accessed without your knowledge or permission. You may also find that storing it in non UK or non EU data centres is an issue. Expert technical and legal advice a wise investment if you are at all unsure.
This all sounds too time consuming
Taking good backups for some organisations may be as simple as using a system that creates versioned copies off-site. A number of cloud storage providers offer just this kind of service. Creating a more complex backup and recovery plan does require a significant time investment and even if you feel that you have it covered, bringing in a third party to review your processes may help you identify areas that need improvement. Backup is something that we often forget, or trust to hardware not failing. Our experience is that hardware does fail, people do make mistakes and having a trusted partner to help really does offer a positive benefit to your business.
