Today is the day IT honours an unsung hero: The data backup.
This is World Backup Day, a day for sitting back and reflecting on all the hours your IT team spends on honing their backup strategy, testing backup procedures and perfecting data restoration skills.
In truth, for many IT leaders, this should be a day to think about honing your backup strategy and how to regularly test backup procedures and data restoration.
Why? For one thing, according to a 2022 report by backup specialist Veeam Software, on average, respondents to a survey said their organization was able to recover only 64 per cent of their data following the most recent cyber event.
“Most organizations backup their data in some way, shape, or form — or they try to,” said Andy Stone, CTO of Pure Storage. “The reality is the processes they undertake, the technologies they use, aren’t effective. Is it going to help them meet the recovery goal should they need to use it? It’s one thing to have a backup, but it’s an entirely different thing to know that it works and will be able to recover quickly when an event occurs.”
Implementing an architectural outcome is vital, he said. “It’s not just implementing a backup tool. It’s not just buying a piece of software and expecting it’s going to work. It’s more about architectural resiliency.”
That means having backup tiers, he said: A first level that takes snapshots of data, a middle tier for longer-term retention of snapshots and a backup tier, which is more for long-term data retention and compliance — unless there is a big disaster.
Related content: Tips for backing up data from the Canadian Centre for Cyber Security
“Nowadays what C-levels are looking for when it comes to this is recoverability. They don’t care what the backup tool is. They don’t care what the storage is. They only care about one core thing: Is the business back up and running yet? And if not, why, and when will it be.”
“You have to invest in resiliency, you have to invest in recoverability. You can’t just buy into a software tool or a backup platform.”
One of the biggest mistakes IT leaders make is not understanding the needs of business application owners, Stone said. “Application owners think because there’s a backup you can have them up and running in five, 10 minutes if something bad happens. But it could take hours, or days.”
The IT leader, he said, has to say to the business side, “If you want the ability to recover in this amount of time it will cost X. If not, it will cost Y.”
Curtis Preston, the chief technical evangelist for Druva, said very few of the firms he’s consulted for had a completely functional backup system.
Why? “It’s a difficult job nobody seems to want to do … It’s not the sexiest part of IT. It is a situation where you are often invisible or in trouble. No one remembers all the backups that you did well. They only remember the one you did wrong.”
It doesn’t help, he added, that the IT environment has become more complicated with the advent of cloud-based applications adopted by organizations, which makes backup and recovery more challenging.
A good backup program starts, Preston said, with the traditional rule of 3-2-1 data storage (have three copies of production data on two different media, with one copy off-site), with the processes fully documented and — crucially — with recovery tested repeatedly.
“Unfortunately, many people are testing their backup and DR (data recovery) for their first time when something major happens,” he said.
IT leaders also have to ensure backups are secure and separate from the rest of the IT environment, because they are a target of ransomware gangs, Preston added. So backup systems should get security patches first, not last.
Preston’s message to IT leaders for World Backup Day isn’t about IT: “See if you can find somebody in the organization who thinks about backup and recovery more than others and ask them how do they think the system is doing? What do they think the organization needs? If the answer is, ‘it doesn’t measure up at all’, perhaps now is the time to see what you can do to change that.”
Best Practices for data backup and recovery (adapted from Amazon):
— create a backup strategy;
— automate backup operations;
— implement access control mechanisms;
— encrypt backup data and vault;
— safeguard backups using immutable storage;
— implement backup monitoring and alerting;
— audit backup configuration;
— test data recovery capabilities;
— incorporate backup in your incident response, disaster recovery and business continuity plans.
Identifying the vital data that requires protection should be the first step in creating any data recovery strategy, said Carl D’Halluin, chief technology officer at Datadobi. “But even if you know and can ‘describe’ what data must be protected, finding it has always been another matter – and you cannot backup what you cannot find. To effectively address this enormous and complicated undertaking, users should look for a data management solution that is agnostic to specific vendors and can manage a variety of unstructured data types, such as file and object data, regardless of whether they are stored on-premises, remotely, or in the cloud. The solution should be capable of evaluating and interpreting various data characteristics such as data size, format, creation date, type, level of complexity, access frequency, and other specific factors that are relevant to your organization.
“Subsequently, the solution should allow the user to organize the data into a structure that is most suitable for the organization’s particular needs and empower the user to take action based on the analyzed data. In this case, backup the necessary data to the appropriate environment(s). And, if necessary, the solution should enable the user to identify data that should be organized into a ‘golden copy’ and move that to a confidential, often air-gapped environment.”
“On World Backup Day — and all year long — it is critical to remember that businesses that invest in data protection are better equipped to navigate unexpected data loss events, maintain regulatory compliance, and protect their critical assets and reputation,” said Don Boxley, CEO of DH2i. “Bottom-line, investing in data protection is not just smart, it’s essential for business success.”