In the first of a series of articles on backing up your data we discuss the most important task of any IT professional – that of making sure, in the event of disaster or error, that your organisation’s data is secure. In this article we discuss the very basics of backup.
Backups are the most important IT Support task you’ll encounter
Backing up your data is one of the most important things you can do for your IT. It’s probably the least glamorous part of any IT administrator’s job but making sure that the precious data assets of your business are appropriately backed up, and that they can be reinstated with the minimum of data loss, delay and disruption is without question the cornerstone of all good IT practice.
It never ceases to amaze us how many new clients we take on board that have little or no backup provision whatsoever, some of whom even had put up with occasional data loss over the years as ‘that’s just a part of business life’ or ‘because implementing backups is very expensive and difficult’ or even worse ‘not having them isn’t that big a deal…’. It certainly is and depending on your industry or regulatory requirements and duties, it is also the law.
What is a backup?
Often overlooked, or looked at once and forgotten, backups are simply ensuring that an independent and easily reinstate-able copy of your data is made and most importantly kept separate and safe away from the original data. There’s little point in having a backup of your files stored on the same server as the originals - if the file server breaks/is stolen/burns down with the office... then your backup is lost as well.
The key components of any good backup system are:
- The data identified as needing to be backed up
- A software package to carry out the backup
- to remember your selection of data
- how often to make a backup
- what kind of backup you require
- to where/to what to make the backup onto
- A destination device for your backed-up data, which could be one or all of
- a removable high capacity tape
- a portable hard drive
- another server on your network
- a NAS drive
- the Cloud.
- A documented and clearly communicated process for managing your backups:
- Who is responsible for ensuring each backup completes correctly
- What to do and who to inform if a backup fails
- When and how to carry out audits of the data you wish to back up to ensure new data sources aren’t missed, and redundant ones aren’t still included
- How often and how to go about carrying out testing out the process of restoring sample data to ensure your backups are working and that, should you need to, the data can be easily and reliably retrieved
What is NOT a backup?
There are several other data protection strategies, but they’re not really backups and shouldn’t be confused with having a ‘proper’ backup solution:
- Redundant data – having multiple copies of your data on you network in case a server fails and the data really, really needs to be kept available
- Resilient systems – servers which are designed to failover to other servers when they break
- Volume Shadow Copy (VSS) – a very useful feature of Microsoft’s File servers that allows you to see prior versions of a file and revert to a previous version if required.
These are very useful features of a well-designed network, however none address big questions like ‘what if the whole office burns down?!!?’ or ‘what do we do if a malicious employee or process has been deliberately deleting or damaging our data over time?’. In order to be a good backup solution, it must meet a certain number of important criteria which we will detail later.
Another problem we see are businesses that use the ‘all-in-one’ NAS drives, that seem to do so much for so little cost, resting on their laurels after taking advantage of the built in ‘snapshot’ facilities these devices offer whereby they keep a point-in-time copy of the data on the box itself.
Just like the VSS point-in-time versioning of files mentioned above, this is next to useless when it is actually needed; if the box breaks, if you move your data to a new device, if your office becomes unavailable, or if there is a problem with the backups which breaks the chain of backed up data over time, your backups will be gone. They are fragile at best and offer a false sense of security.
Often the software and management interface of these backup systems are also clunky and unintuitive - making their use for the non-technical user daunting and error prone, and often the level of protection and granularity are not fit for business.
What is the best backup system?
There are several tried and tested backup software packages available, and the major Cloud backup providers all have their own software suites available to run on your network and servers and ensure that your critical data is backed up.
Packages that all function perfectly well are Veritas, Acronis and NetApp however your circumstances, individual backup requirements and budget will dictate the most appropriate solution. Also, if you have ‘virtualised’ systems on your network or use several cloud-based systems that you need to maintain independent backups of this will also influence your choice; VEEAM, VMware and Cloudberry are all good choices.
What hardware or destination you choose for your backed-up data depends on your budget, how much time you can dedicate to managing your backups, how quickly you need to be able to restore your data and your individual security and compliance requirements.
As long as the following criteria are met, then the best backup system is the one you will use and manage day to day.
- It must allow easy management of the backups
- identifying, accessing and copying the target data
- easy review of the previous backups taken to allow selection of any data to restore
- simple backup media management and rotation
- the ability to catalogue and use backups that have been created but the information about the backup has been lost, e.g. in the case where the backup server itself has been destroyed and reinstalled, and the database of prior backups has not been able to be restored for whatever reason
- It must allow the media the backups are stored on to be stored offsite, away from the data it has backed up
- It must provide clearly visible alerts either by email, notifications or both about the status of each backup job so that the nominated manager of the backup system can tell when things are going ok or when things have gone wrong
- It must allow you to go back in time and reinstate any piece of data it is protecting since you began using the system
- It should provide a broad compatibility with a range of backup devices; tape drives, removable disk drives, cloud backup providers as well as to other servers (preferably not on the same physical network as the data to be backed up).
Why do I need a backup anyway?
Don’t forget the many reasons why you want to ensure you have a comprehensive and robust backup system. Its primary use is to get data (emails, files, database records etc) back in case of a serious problem:
- Accidental data deletion by a user
- Data corruption
- Deliberate or malicious data destruction
- Archiving older data
- As part of business continuity and disaster recovery plans
- Capacity management; if you cannot maintain all your organisation’s data ‘live’ on your systems simultaneously you can archive the older data, though as systems get bigger and cheaper this is becoming less and less of a consideration
- Mitigating against any systems downtime
- Compliance obligations.
Remain compliant – plan long term archival storage
One of the most important reasons to implement a considered backup system is to fulfil your legal obligations. Any planning for or thinking about your backups must include some general, and your industry specific, duties under compliance – and one of the key technical aspects of any compliance policy concerns data retention and how to access records over time.
As a rule of thumb, most business need to keep their records - emails, files, databases etc. - for at least seven years before they can be expunged from the business completely. Most organisations we start working with didn’t have any plans or provisions in place for this long term archival strategy or weren’t aware of the seriousness of non-compliance or the consequences of the inability to produce certain records, for example financial or accounting records, on demand.
Ensure that your backup plans include keeping permanent, read-only copies of your data stored outside the regular rotation of backup media for the express purposes of having archival copies of backups. You should also plan your backup media rotation and backup schedules so that you maintain appropriate backup coverage of your data.
How often do I need to back up my data?
The time window between backups should only be as big as how much data you think you can lose without running into serious problems or outright catastrophe. Modern cloud-based systems can run continuously, backing up all data as it changes, but for most this can lead to an expensive solution with a lot of configuration, expensive software and high setup and management costs.
An alternate approach would be to periodically back up all your data to ensure nothing is missed and that you have a complete snapshot of your organisation’s resources, and then ‘top up’ this backup with additional runs that copy all the data that has been added or changed since this full backup.
This allow the backups to complete quicker (as backup jobs need to finish before a new one can begin and depending on the amount of data you must back up this might not be practical). This also reduces the amount of external media required, as a full back up each time – while desirable if your data isn’t too big as it simplifies restoration – takes the most tapes, disk drives etc to complete.
When restoring data, the most recent full backup and the most recent top-up backup are used together to build the complete picture of your data for restoration. Your IT Support service provider will be able to explore further options to maximise your coverage while sensibly managing your backup system running costs, but always factor in how expensive it would be to your business should any or all of your data suddenly become unavailable. An opportunity cost analysis always sobers peoples thinking and should pave the way for sensible investment in an appropriate backup solution.
What backup system do we recommend?
We are moving more and more to recommending cloud-based backup systems (as long as some caveats are understood. See a later article on the do’s and don’ts of cloud backups for these) as the technology and service providers mature, however for our larger clients with more demanding data and compliance regulations we still recommend a more traditional tape-drive based solution.
It offers high capacity and very reliable backups, however the initial cost of setting up such a system puts some people off. It also allows secure offsite storage and rotation of the tapes to a secure location, whether a 3rd party service provider or another company office. The data also remains completely under your control – no worries about a 3rd party cloud provider going bust and disappearing with all of your backed up and archived data, just when you need it.
It’s difficult to recommend a removable hard-disk based system unless you are really stuck. Hard drives, no matter what the sales hype, are fragile and do not offer a reliable long-term storage medium designed to last many years as tapes are.
When it comes to backing up your data the good news is that the best practices are clear and staying on top of your backups doesn't need to be a chore. The downside is that if you don’t already have a good backup system and regime in place then it will require some investment of time and money to get it up and running and most importantly will require ongoing stewardship.
Contact us to discuss how we can help with either an on-premises physical backup system, an off-the-shelf cloud backup solution or a hybrid or bespoke cloud-based backup designed in partnership with our best of breed backup partners - Amazon, Microsoft and Cloudberry.