Olivier Le Moal - Fotolia
Creating a data backup strategy is essential to ensure business continuity and eliminate downtime, especially for small and medium-sized businesses.
When it comes to the importance of having a plan in place, the numbers tell the story. According to a survey conducted by data backup service provider Carbonite, data loss is a significant concern for organizations today.
"A whopping 64% of IT pros at SMBs say a data loss event is a life-or-death situation, while 71% of SMB IT departments say recovery is the top priority and must be accomplished within 24 hours or less," said Larry Friedman, chief information security officer at Carbonite.
Enterprises that lack a comprehensive backup strategy are playing with fire, warned Felix Carballo, infrastructure practice director for digital advisory services firm Sparkhound.
"Without an effective data backup strategy in place, events such as natural disasters, hardware failures, data corruption and cyberthreats, such as ransomware, can cost companies millions due to lost data and unplanned outages," Carballo said.
Getting started with a data backup strategy
Organizations must be proactive about data backup and recovery.
"Smart IT teams know to leverage flexible and powerful strategies and technologies that not only protect an organization's critical apps and data and accelerate recovery, but that also help to proactively avoid outages and data loss in the first place," said Adrian Moir, technology evangelist in Quest Software's data protection business unit.
IT administrators who employ predictive business continuity strategies facilitate minimal downtime and greater productivity.
"It's a critical stance for an organization to evolve its IT from a basic cost center to a business enabler and strategic asset," Moir said.
There's no one-size-fits-all plan for organizations seeking to develop a data backup strategy.
"When selecting a data protection solution that fits their organizations' needs, IT decision-makers should take a hard look at the existing IT environment to understand what needs to be protected and to what level," Friedman said.
Felix CarballoInfrastructure practice director, Sparkhound
The first step in building an effective data backup strategy is simple: Identify the data that's critical to the organization and its operations.
"You must be able to identify what business value the data provides, and why you're protecting it," said Girish Dadge, director of product management for disaster recovery firm Sungard Availability Services.
Organizations must next decide if they would like to manage their own backups or work with a vendor that will oversee data management.
"They also need to consider whether backups will be stored on-site or off-site ... using traditional methods like tape, disk or cloud services," said Megan Headley, vice president of research at TrustRadius, a software advisory firm.
Organizations should set service-level objectives that closely match the organization's unique data backup business needs and legal requirements, advised Jared Moore, a platform engineer at N4Stack, an enterprise consulting and managed services provider.
He said that IT managers should also evaluate the potential financial effect of losing important data. This will lead to setting an achievable recovery time objective (RTO) and recovery point objective (RPO), he said.
"This is key, as it will dictate the methods you will use to back up your data, whether to the cloud, to hardware in your data center or a mixture of both on-site and off-site," he adds.
A backup plan should also include regularly scheduled data restores, which are essential for ensuring backup validity.
"A company can have a great data backup strategy, but if they can't successfully restore the data, the plan is useless," Carballo said. "The more important the data, the more often a company should test the backup/restore process."
Avoiding common backup mistakes
When an organization embarks on a fresh data backup and protection strategy, IT pros run the risk of paying too much attention to the technology while neglecting to fully address business requirements.
"Keeping a focus on business data protection requirements and aligning the technology or service to meet that requirement is important," Dadge said.
Many organizations also make the mistake of not aligning their data backup strategy with business objectives. As a result, they do not sufficiently define critical data and RTO/RPO guidelines.
"This can place companies at serious risk and potentially result in major losses in revenue, customers and reputation," Carballo said.
Perhaps the biggest mistake an organization can make is underestimating the complexity of backup management.
"Given its nature, backup is a multistep, multilayered process," Headley explained, noting that backup can no longer be considered in isolation.
The backup process is now just a single step in an overall data protection strategy that also includes recovery, archiving, replication, deduplication, security, compression and encryption.
"All of these data protection components must be considered together when building an effective strategy to keep your company's data safe," she said.
Data backup and data protection has existed for decades, but end users now expect constant and consistent access to their data and applications.
"This has necessitated new deployment models that reinforce the need for constant reevaluation of backup and disaster recovery plans," Moir said. "When you don't have the right backup and recovery plans in place, the consequences can be catastrophic."