Backing up your data is the most important thing you can do. It’s probably the least glamorous part of any IT administrators’ job, but making sure that the precious data assets of your business are appropriately backed up, and that they can be reinstated with the minimum of data loss, delay and disruption is without question the cornerstone of all good IT practice.
It never ceases to amaze us how many new clients we take on board that have little or no backup provision whatsoever, some of whom even had to put up with occasional data loss over the years as ‘that’s just life’ or ‘because implementing backups is very expensive and difficult’ or even worse ‘not having them isn’t that big a deal…’ It certainly is and depending on your industry or regulatory requirements and duties, it’s also the law.
Backups and compliance
Any planning or thinking on your backups must include your duties under compliance - one of the key technical aspects of any compliance policy concerns data retention and how to access records over time. As a rule of thumb most business need to keep their records - emails, files, databases etc. - for at least seven years before they can be expunged from the business completely.
Nearly every single organisation we start working with didn’t have any plans or provisions in place for this long-term archival strategy, or equally as worryingly weren’t aware of the seriousness of non-compliance or the consequences of the inability to produce records on demand.
Ensure that your backup plans include keeping permanent, read-only copies of your data stored outside the regular rotation of backup media for the express purposes of having archival copies of periodic backups. You should also plan your backup media rotation and retirement and backup schedules so that you maintain appropriate backup coverage of your data over time.
More generally, in order to comply with the GDPR, ensure you retain a schedule of data deleted from your systems so that in the event of data being recovered from backups you know what to re-delete, so it stays gone. Also ensure you have a written backup policy in place, with details of what is backed up, when and who is responsible for checking backups complete successfully.
For a solid disaster recovery platform make sure that as far as possible you have a copy of everything you need in another location to restore your backup software and hardware, then your catalogue, and that you can have the securely stored backup media redirected to the off-site location. This will all entail extra cost, but you will quickly see that it is a trade-off between additional investment in redundancy and a willingness to accept downtime while new hardware is procured, replacement systems are configured, and wheels are put in motion to get your systems back up and running.
Don’t forget the various reasons why you want to ensure you have as comprehensive and resilient backup systems as possible:
- To restore data accidentally deleted or lost through data corruption
- Deliberate or malicious data destruction
- Archival and compliance reasons
- Business continuity and disaster recovery
- Capacity management: if you cannot maintain all your organisations data “live” on your systems simultaneously, though as systems get bigger and cheaper this is becoming less and less of a consideration
- Mitigating against any system’s downtime.
The relentless march of cloud technologies pays dividends when it comes to backup strategies. Backing up to the cloud tends to be relatively inexpensive, secure and highly scalable – but it’s not without caveats. See below for a link to a recent article we published on the topic, "Backing up to the Cloud".
Protecting your data is the most important thing you can do and should be considered your key responsibility and you would be well advised to acquaint yourself well with the issues, technologies and best practices surrounding it.