Backup&DisasterRecovery

Next Article

IDAM–NewSecurityControls

How to backup data strategically and affordably. By James Francis

STAVING OFF DISASTER: WHAT TO KNOW ABOUT BACKUP AND DISASTER RECOVERY

File not found” – a message that sends chills down all our spines. Not being able to access digital assets, especially in a business context, represents a big problem – and it is getting worse.

Companies once only had to fear disasters such as broken hard drives or employee mistakes. Today, security concerns – particularly ransomware attacks (which encrypt your files and demand a ransom) – add more reasons to stay awake at night thinking about your company data. According to IBM’s Cost Of A Data Breach report, it can cost upwards of US$4 million (R60 million) to fix a security breach, much of which goes towards cleaning up the damage and recovering lost data. Yet many organisations still don't consider backup and disaster recovery as an investment, says Andrew Cruise, CEO of cloud infrastructure provider Routed. “Sadly, both disaster recovery and data loss prevention are seen as grudge purchases. Many organisations feel that the money spent does not drive top-line growth and reduces bottom-line profit. Unfortunately, when systems have been compromised, organisations realise how costly the full or partial loss of workloads and data is.”

Failing to secure company data could become the most expensive mistake you can make from a risk management perspective – and the risks have never been higher in today’s connected hybrid workplaces. What should you know about backup and disaster recovery?

The tiers of business continuity Backing up files was once seen as a primarily archival function, with some disaster recovery coverage. But it’s a more complicated picture today: companies rely on digital information to be competitive and create efficiencies, and they have to comply with data laws that require care and security. These concepts combine into a concept called business continuity.

Business continuity (also called business resilience) determines how well an organisation can withstand or rebuff disruptions. Such disruptions can manifest at different levels in the company. From a data perspective, we can split this concern into two primary groups: data needed in day-today activities and data that lingers in the background.

Disaster recovery (DR) focuses on the former: it backs up ‘hot’ data such as application workloads, system configurations and actively used files onto secondary environments. If something goes wrong, recovering such data and resuming operations should be relatively quick. Data loss prevention (DLP) focuses on securing primary data that isn't used as actively but mustn’t go missing. The significant difference is how quickly you’d need the data restored: right now (DR) or later (DLP).

“There is a mindset shift that needs to take place where businesses ensure they are protected on all levels of their company data, be it production or secondary data,” explains Lourens Sanders, solution architect at data storage provider Infinidat. “Data protection, backup and recovery is therefore not an aspect of only ticking insurance boxes, but rather forms an integral part of a cyberresilience strategy.”

Data in the cloud Business continuity (BC) has two critical dimensions. First, it requires a robust strategy fitted to the business’s needs. Data is a living component of a business, and strategy must consider what data you have and how it is used. You cannot put everything in a DR backup – that would cost too much. Yet you can’t put everything in a DLP backup – it would take too long to recover time-sensitive information. Strategy is about striking that balance between cost and utility.

Such a strategy also lays out how you’d recover from a disaster: what are your priorities? Knowing these processes can save a lot of time and money. For this reason, the second dimension is to create and test recovery plans. Doing so can be complicated, which is why many companies skip testing. Collaborating with a business continuity service provider can significantly reduce the complexity of developing and testing BC strategies.

“Data protection – backup and recovery – needs to be prioritised the same way that primary production data is treated. It needs to provide company-wide peace of mind that if a disaster hits, that protected data can be used not only to recover from the disaster, but also for verification before recovery,” says Sanders.

The cloud is a major advantage for companies wanting proper data resilience. Backup specialists subscribe to the 3-2-1 rule: one primary and two backups (3); save backups on two different types of media (2); and keep one backup off-site (1). Applying this approach is much more expensive if you rely purely on your own backup systems. Cloud services provide additional choice and cost management avenues, and enable smaller businesses to access high-grade storage products.

“Traditionally, each business has implemented disaster recovery in isolation, and building and maintaining secondary environments can be very costly,” says Cruise. “Multi-tenancy (sharing a large infrastructure stack securely between multiple businesses) offered by the cloud presents organisations with a 'slice' of this kind of enterprise environment, opening the door to smaller organisations to use enterprise-grade DR solutions. Combined with the usage principle of the cloud (pay for what you use), the DR ‘insurance policy’ becomes more cost-effective and accessible to virtually any organisation,” he concludes.