Enterprises often recognize the need to create a comprehensive and reliable data backup and recovery strategy, yet many decide to tempt fate by skimping on essential plan elements. However, with smart decision-making and careful planning, you can build a solid and cost-effective data backup plan without wasting money and drawing funds away from other essential projects.
Not all data has equal value, and not all backups have equal value. Good backup planning involves understanding the importance of different data sets and requirements.
Perhaps the best and easiest way to save money is to avoid backing up data that isn't necessary for business, compliance or legal needs, noted James Meadows, managing partner at national law firm Culhane Meadows.
"For example, if you're not storing or processing personally identifiable information, it's likely that it may not be necessary to comply with the multitude of standards and protections applicable to PII," Meadows said.
Vetting data for backup need and frequency should begin with identifying and defining each data type. All parties within the organization who know about the use and value of each data type should review them.
"As an attorney, I would strongly suggest that legal counsel be consulted for any contractual and/or regulatory standards that may need to be considered," Meadows said. Only when you address and resolve these issues can you begin actual work on the data backup plan.
Avoid wasting time and money on protecting relatively inconsequential data while leaving critical information vulnerable. Jamie Zajac, senior director of product management at data protection provider Carbonite, suggested splitting systems and their backup needs into three distinct tiers and then allocating resources accordingly.
Tier 1: Mission-critical. These resources, which support essential operations, must be backed up frequently and restored as quickly as possible in order to avoid business disruption. Examples include shipping and logistics applications, e-commerce and point-of-sale systems, and inventory databases.
Tier 2: Business-critical. Business disruption occurs when these systems fail, yet workarounds might allow access to some or all data for a limited amount of time. Business-critical systems can often limp along for periods ranging from a few minutes to several hours before the situation reaches a mission-critical level.
Tier 3: Non-critical. Non-critical systems contain data that cannot be lost or compromised, yet for which restoration urgency is relatively low. A typical example is a file server storing monthly financial updates or customer analytics. This data must be restored at some point, but a downtime of 24 hours or longer likely won't have any long-term effect on an organization's operations or finances. Adjust your data backup plan accordingly.
Use quality software
For maximum reliability and cost-efficiency, backup software should be flexible as well as reliable.
"The tool your organization uses should have the ability to replicate data -- whether you want that to be on site, off site or to a cloud is up to you," said Clayton Calvert, a security consultant at business management consulting firm Netlogx.
When evaluating software for your data backup plan, it's also important to consider the total cost of ownership.
"All too often ... organizations choose cheap software and then have to throw hardware, cloud and human resources at the solution to make it work," Zajac said.
Time is money
A cost-effective data backup plan should also address backup frequency and data quality testing.
"There would be nothing worse than paying for a backup solution only to need it and then find out that the data is corrupt or some other problem exists," Meadows said.
You should revise your backup plan at least annually, but more frequently when mission-critical or business-critical data is involved.
"In the event that a breach or situation occurs that's not covered in the plan, it should be revisited immediately," Calvert advised.