With the increased frequency of breaches and outages, it's more important than ever to have a solid data backup strategy. And with the coronavirus pandemic leading to a massive increase in employees working from home, it's critical to be able to protect remote data in many different locations.
This data backup guide includes links to a variety of other in-depth articles. It covers everything from the ways in which your data is at risk; to data storage methods, locations and costs; to recommended backup frequency and employee training, roles and responsibilities. The package also details top vendors, products and market trends. With this guide, you'll be able to develop and execute a successful data backup strategy that meets your specific business needs. And if you need a template for your backup planning, you'll find it here as well.
Why is data backup important for business?
Backup protects data from several risks, including hardware failures, human error, cyber attacks, data corruption and natural disasters. It's important to protect data from any potential issue so that an organization isn't blindsided when something happens. A proper data backup platform will enable the user to return to the last known good point in time before the problem hit. In a best-case scenario, your backup should lead to a quick recovery of at least mission-critical data.
The 3-2-1 rule of backup is a solid strategy to follow. In this concept, an organization has three copies of data, stored on at least two different types of media, with one copy sent off site. In a remote work environment, cloud backup is a valuable off-site resource. Remote work is especially risky from a data protection point of view, because cybersecurity likely isn't as strong on the home network and users might be working on less secure personal devices. The organization can centrally back up remote users' data to the cloud. Off-site backup, which might go on tape cartridges, is also important to protect against a natural disaster or cyber attack that takes down a data center.
What should be included in a backup plan?
It's first important to make sure you have a data backup plan, as many organizations don't have one. The plan provides a starting point for backup and recovery activities.
One of the first places to begin in creating a backup plan is to conduct a risk assessment and business impact analysis. The risk assessment identifies the issues that could negatively affect an organization's ability to conduct business. The business impact analysis determines the potential effects of a disruption to the organization's operations. These assessments are key for disaster recovery plans, but they can provide valuable input for the backup plan in terms of what to back up and how often.
The scope of the backup plan identifies those metrics: the data the organization must back up and the frequency of backups. Some data might not need backup, while mission-critical data might require continuous data protection. It's important to document that information because, without it, the organization risks having large and unwieldy backup sets. The organization should strive to make backup management as easy as possible so that recovery is a reliable process.
The plan details the organization's process of performing data backup; for example, who is involved, which programs and products they use and the location of the backups. It includes the procedure for testing, reviewing and updating the process. The plan should also provide the cost of the data backup strategy, but make sure to update this section frequently, as prices and workload volumes change often.
Evaluate options: Hardware vs. software vs. cloud
The data backup market is large and continuously evolving. As a result, organizations have a wide variety of choices. To start, your organization must decide if it will use hardware, software, the cloud or a combination.
Some data protection vendors only manufacture software. For example, Veeam sells backup and replication software and has partnerships with several hardware vendors, plus it offers cloud-based products.
Backup hardware typically refers to a disk-based appliance. In a common setup, that storage device will have integrated software that manages the backup data. The hardware is a storage target for copies of data. Hardware lives in a data center, whether it be the organization's main office, a remote site or both.
Software and the cloud don't require the use of a data center. As a result, it's easier to troubleshoot from home, which is especially helpful when employees must work remotely. Cloud backup is simpler to start running and maintain than on-premises backup. In fact, organizations that want to remain hands off can choose cloud backup that leaves management to the provider.
Backup storage options include disk, tape and the cloud. Each have their advantages and disadvantages. As the 3-2-1 rule of backup shows, using a combination of media types is smart.
Disk-based backup is typically among the most expensive options, but it's also fast. Because it physically lives in an office, it's susceptible to damage in the event of a natural disaster.
Cloud backup runs cheaper, but only to a point, as it depends how much data your organization is protecting. The cloud gets expensive over time and as volumes grow. It can also take a long time, compared with an on-site option like disk, to pull data out of the cloud, depending on bandwidth and volume. It's off site, so safe from a disaster at the data center, but it's also online, so it's still vulnerable to a cyber attack.
Though tape is more commonly used for archival purposes now, it's still a backup option. Its advantages include security, as it's inherently offline, so it's safe from cyber attacks. The latest tapes store a high volume of data -- 30 TB of compressed capacity in LTO-8. They require maintenance and management to ensure they are safe and secure -- for example, having them transported to an Iron Mountain facility. Tape speed has improved over the years, but on-site disk is typically faster for recovery purposes.
Choose a vendor/platform
The backup market has a wide range of vendors, from companies that have been in the field for decades to startups specializing in cloud backup. The market also includes vendors that provide a variety of other products, not just backup-focused offerings.
Commvault and Veritas are two of the more veteran players in the market, and both have adapted to provide more data management capabilities in addition to backup and recovery. Dell and IBM are two of the companies that have been around for a long time and provide other IT services. These legacy vendors typically provide both hardware and software.
Backup vendors that made their mark in the last five to 15 years include Veeam, Rubrik and Cohesity. Veeam was originally a pioneer in backup for virtual workloads but has since expanded to physical and cloud protection and become an overall market leader. Rubrik and Cohesity led a movement in converged secondary storage, which combines several data protection and reuse elements into one platform.
As the cloud has taken off in recent years, cloud-based backup providers have seized the opportunity. Those vendors include Acronis, Arcserve, Asigra, Druva and Spanning.
In just the last few years, several new backup vendors have launched to provide general services or target specific areas, such as cloud-based data. Cloud Daddy focuses on backup of AWS data, Clumio provides backup as a service, HYCU offers multi-cloud data protection, Kasten specializes in Kubernetes backup and OwnBackup targets backup of Salesforce.
Other vendors are making a conscious effort to combine backup and cybersecurity. For example, Acronis started out focused on backup but now offers what it calls "cyber protection," while cloud backup pioneer Carbonite acquired cybersecurity vendor Webroot before getting acquired by OpenText.
Once you have your plan and products in place, it's time to implement your data backup strategy.
Follow your data backup policy -- a key piece of the backup plan -- for guidance. The policy lays out the method for planning, executing and authenticating backups. It includes specific activities to ensure that your data backs up to safe and secure storage.
There are several types of backup, and you should choose according to your backup schedule. Here are some of the most popular options:
- A full backup is just that -- a copy of your entire system.
- An incremental backup copies all the files that changed since the previous backup.
- A differential backup copies all the files that changed since the last full backup.
Read more on how to back up data and keep files safe.
Backup scheduling is key to having the right amount of backed up data for your organization. One example of a schedule has a full backup every week or every other week, and incremental backups every day in between. It's likely unnecessary to do a full backup every day, as not all data is mission-critical, and the space and cost of that data backup strategy would get hefty.
Build a recovery plan
A backup is only as good as its ability to restore. As a result, your organization also needs a recovery plan. A good recovery plan should do several things:
- Outline how an organization plans to restore its backed up data. Data restoration techniques include instant recovery, replication, continuous data protection and restoring from traditional backups.
- Describe how quickly and how much data an organization must recover to function. These metrics are the recovery time objective and recovery point objective. It's important to be honest about these parameters -- organizations must take a close look at what data they need in a recovery situation and how fast they can get it. As such, it's probably not feasible to say your organization needs all its data recovered immediately. A tiered recovery plan is more practical.
- Backup and recovery planning should align with your organization's overall disaster recovery (DR) plan. The aim of DR is to get a business back up and running following a disaster. The DR plan incorporates results of a risk assessment and business impact analysis.
Employee training is essential to helping staff understand the data backup strategy and what to expect in a recovery situation.
The coronavirus pandemic resulted in many layoffs and furloughs. As a result, some general IT administrators might be tasked with backup work they haven't done before. One way to get up to speed on an organization's backup process is to read the appropriate documentation, if that's available. This further shows the importance of having a documented and continuously updated data backup plan, as it helps an employee new to the job start with more than just a blank slate. To get out in front of potential issues, your organization should designate other staff that can take on backup management if the primary backup administrator is unavailable.
IT staff managing backups have to fulfill a tall order these days. Data sets are growing exponentially; therefore, so are backup data sets. It can appear overwhelming to keep a handle on it all, but there are ways to mitigate this issue. Administrators should verify the organization's backup retention requirements, review the backup architecture and how well it's working, and create data lifecycle management policies for backups.
Testing and review
You've probably heard it before: Test, test, test. How do you know if your backups are good without testing them?
Testing doesn't need to be overwhelming, but it must be consistent. With this guide to backup testing, explore why it's important plus key steps, such as documenting a test plan, using automation and ensuring accuracy. Backups can fail, but it's better to have them fail in a test than in a live recovery situation.
Your backup test frequency should align with how frequently you back up data. Mission-critical data, for example, will get backed up the most, thus those backups should receive the most frequent testing. You might have done it in another piece of your data backup process, but make sure you assign a criticality value, which will help determine testing frequency, to each backup set.
A test is an important step, but it's not the only one in the review process. It's critical to analyze the results of testing and see where your organization must make changes. You might also find that bringing in an outside agency for backup auditing will further detail the effectiveness of your backups.
After all of the review, update your plan. The data backup plan should not just sit on a shelf or idle on a computer -- it is a living document that requires continuous updating. Make sure your backups are secure; you should feel confident that they can handle any recovery situation.
If you find that you need a documented outline for your data backup plan, check out this free template and guide. You can download it and plug in the necessary information, from your scope to the backup policy to contact information.
Creating the data backup plan should be a team effort. Although one person might document it, it's important to share it with other key stakeholders -- such as executives -- for their review and input. Data backup planning is an essential business activity. With so many threats and risks, your organization must have a ready copy of its critical data in the event of an unplanned incident so that it can continue operations. In addition to loss of revenue, downtime is costly to company reputation and employee morale.
If you're starting the data backup strategy process or looking to update a current plan, don't put it off. Data volumes will continue to grow and potentially get more complex as workloads spread around several different architectures. The backup future will likely be more cloud-based, so plan for that evolution.
It's a great time to work on your backup planning.