Gajus - Fotolia
A well-structured and organized data backup process ensures an organization can move systems and data to an alternate repository and recover safely and securely. Effective management of this process is critical.
Most organizations -- from small businesses to multinational firms -- use an automated tool to facilitate the data backup process. Many products and managed services, such as backup as a service, are available, ranging from inexpensive or free software to powerful and costly server-based systems.
For a complete data backup process, identify what the organization must back up, schedule the backups, set up backup parameters, and identify and secure the storage media involved. Then confirm the transmission media to move data between source and repository, authenticate that the systems and data backed up completely, and report on backup and recovery activities.
To go more in depth, consider these tips to manage a data backup process.
- Understand the business requirements for backup. The IT department must know who needs to have data backed up, how much data it will back up and the criticality of that data to the organization. Address these same activities for system and data recovery.
- Understand the backup and recovery policy. This policy sets forth the primary activities and parameters governing the backup and recovery processes. The data backup process should conform to the components in the policy.
- Properly use the backup and recovery procedures. Even with automated data backup and recovery systems, an organization needs documented backup procedures. They ensure the organization performs backup and recovery processes correctly and can monitor and report on them for continuous improvement and audit activities.
- Authenticate the backed-up systems and data. Backup systems typically include this capability. Ensure data is complete and unaltered during the backup process because of the many types of external and internal threats to information systems and data.
- Periodically perform unscheduled live and automated tests of system and data backups. This activity is an extension of the authentication process and confirms that backups performed correctly. If the organization detects data anomalies, it can correct them, notify the data owners and examine the backup system for any possible malfunctions.
- Review data backup time frames. Identify any issues in the backup continuum, specifically from source to transmission media to data repository. Examine times from the backup systems to ensure speeds are consistent with company policy.
- Ensure recovery times and points. Recovery time objectives (RTOs) and recovery point objectives (RPO) are important metrics in the backup process. From a system and data recovery perspective, an organization must periodically compare RTO values to backup system performance. Likewise, RPO values translate to the speed and frequency of the data backup process to ensure systems and data are the most current available.
- Review disaster recovery and business continuity plans regarding backup and recovery. Ensure backup and recovery activities described in business continuity and disaster recovery (BCDR) plans are fully operational and conform to the organization's backup and recovery policies.
- Periodically test backup and recovery processes. In an emergency, data recovery quickly becomes an essential tool for business recovery. Organize a test process, document the test process, execute the test, identify lessons learned, fix any issues, report on the test to management and update BCDR plans as needed.
- Report on backup and recovery activities. Using data provided by backup and recovery systems, prepare and distribute reports to IT and senior management that outline backup and recovery activities. These documents may include overall summary-level reports, deviations from performance metrics, system patches and updates performed, updates to storage media, and updates to transmission media.
Challenges to backup and recovery processes
Support for data protection is perhaps the most significant challenge for backup and recovery. This covers the entire lifecycle of data: creation, delivery, usage, storage and destruction. A data protection policy and overall program depends greatly on secure backup and recovery to prevent data loss or corruption from situations like accidental damage to or deletion of data, modification of data, damage or malfunction of hardware, viruses, and other malware attacks such as ransomware.
Technology options such as cloud backup have greatly automated the data backup process and, thereby, improved its overall management.