Is Your Backup Strategy Putting Data at Risk? 13 Essential Questions to Ask


Despite how critical data backup is to business continuity, many businesses have no formal backup strategy or follow an incomplete one at best. The more comprehensive you keep your data backup plan, the faster it is to resume operations in case of a system breach or failure. Start right away, using this article as a checklist, to fix any deficiencies that may be prevalent in your existing backup plan. 

1. Are you backing up all the data you need?

You need to back up all your critical data wherever it exists: files, databases, operating systems, applications, configurations, and even all your devices, including mobile devices and user desktops. In case you are using virtualization, simply backing up your virtual machines won’t be sufficient; your hosts and management console will also be required to be backed up. Besides designating what data should be backed up, your strategy needs to provide for adjusting your backup plan to accommodate any changes in services, software, or devices, as they occur. You also need to include cloud service data in your backup strategy (e.g., data kept in MS 365 and Dropbox) programs. Ensure the backup software that will allow you to back up all such data; otherwise, multiple, disparate backup solutions will be required for the same. 

2. Does your backup strategy follow the 3-2-1 rule?

Simply having one backup copy is not enough, especially if the data is stored on-premise with the original data and on the same type of media. The more backup copies you have, the less chance of you losing your data. This conforms with the widely recommended 3-2-1 rule: have at least 3 copies of your data, back up data to 2 different storage devices, and locate at least 1 copy offsite. To protect your data against natural and man-made disasters, offsite storage should be at a remote location as far away as possible, in another city, state, or even some other country. A backup strategy that incorporates the 3-2-1 rule ensures that there is no one single point of failure.

3. Does your recovery strategy rely on backups stored locally or on a single device?

Onsite backups are faster to restore than cloud and tape backups, but that doesn’t preclude the need for offsite backups. A faster and more convenient way would be to have local and USB disk backups, which will not require a network. These are ideal for quickly backing up a small number of systems and need to be fallen back upon to recover individual files or systems in case of software failure. Similarly, if you take a backup on a centralized NAS (Network Attached Storage), SAN (Storage Area Network), or a simple network that is onsite, recovering that data in case of a natural disaster that majorly affects your facility may not be possible, and, at such times, having an offsite backup will come in handy. Solely backing up data on a network hardware appliance, which has the chance of failing, can result in you losing all your data. 

4. Do you know what your RPO is?

Recovery Point Objective (RPO) is the time period between the last backup to the point of failure, or in other words, the maximum period for which you are willing to lose data in the event of a system failure or due to uncontrollable external factors. The more the gap between backups, the higher will be the risk of data loss. As such, even though a longer RPO would entail reduced costs, keeping a shorter RPO would risk losing less data. Still, this requires frequent backups, extra storage capacity, and increasing computing and network resources. To put it in perspective, data that changes every few days may require to be backed up only weekly or monthly, while frequently changing data may need daily or even hourly backups. Consider implementing an RPO as short as a few minutes, or even a tiered RPO — shorter RPOs for systems that are critical and longer RPOs for those that are non-critical. The key here is to determine how often your data changes and gauge your optimal backup schedule accordingly.

If your recovery strategy requires that you restore all the data backed up at once, even a minor outage can cause a significant business disruption. To prevent such an occurrence, consider going in for a more flexible recovery strategy that can restore the minimal data required to resume operations.  

Learn More: Why are Data Backup Operations Often the Source of Performance Problems? 

5. Does your cloud BaaS meet your organization’s regulatory requirements?

Using a cloud-based backup-as-a-service (BaaS), no systems would need to be provisioned for, and no operating system would require to be configured. However, BaaS solutions may not be ideal for backing up sensitive data that is optimal or subject to regulatory requirements. In such cases, you should opt for offsite, secure storage, or a hybrid backup solution. A hybrid solution would allow you to install the backup software onsite using your own systems for some types of data and a cloud service for non-sensitive data. Keep in mind that, compared to onsite backup, it takes much longer to back up and restore data from the cloud, depending on the available bandwidth and volume in question.

If your recovery strategy requires that you restore all the data backed up at once, even a minor outage can cause a significant business disruption. To prevent such an occurrence, consider going in for a more flexible recovery strategy that can restore the minimal data required to resume operations.  

6. Will tape backups allow your business to resume operations faster?

To safeguard against the loss of data from natural disasters, many organizations store copies of their data on tapes and go a step further to physically ship them to other locations. However, though this is a safe option, tape backups entail a longer RTO, and the tapes would be required to be shipped back if data recovery is needed, which could take time. Besides, some tape backup solutions do not allow you to recover a single file or folder by itself, which can be problematic in some instances. 

7. What to do if you lose the internet connection to your cloud storage?

In the case of data backup on the cloud, you wouldn’t require any hardware as backing up on tape needs, but you would require an Internet connection. If the cloud is your only backup solution and your Internet connection gets disrupted, your backup/restore operations will be affected as well. Thus, as dictated by the 3-2-1 rule, the cloud should not be your only backup solution.

8. Do you have a data retention policy that meets regulatory requirements?

A company’s data retention requirements are critical in maintaining a successful data backup strategy. If your organization’s data retention policy requires that you accumulate large volumes of data, more storage space would be required for the same. How much space would you ask? Well, that will depend upon how long the data needs to be kept. For some companies, regulatory policies require that data be readily available for weeks, months, or even years. Properly identifying which retention policies apply to your business can help avoid any potential lapses in data backups that may occur due to insufficient storage carried out. 

Learn More: Data Backup and Data Archiving. Why the Difference Matters? 

9. Do your employees know what to expect in a recovery situation?

Are you leaving it up to your employees to back up their data? Do they know how to access and restore their data backups quickly? Employees must be trained on your backup strategy for it to be successful. As far as recovery is concerned, you should have a step-by-step recovery plan for your employees to follow, such as a security incident response checklist.Opens a new window

The cost of training can be expensive. However, it would be best to weigh this cost against the various backup solutions you are considering. For example, you should weigh the monthly cost of BaaS against the cost of having someone in your organization take responsibility for backup management. 

10. Are you regularly testing your backup and recovery systems?

As far as backing up all business data successfully, the average failure rate is 75%Opens a new window . If you haven’t tested your backup solution, how do you know it will be successful when actually needed or that your restoration process will work when you most require it? You will not be assured that your employees would know what and when to do if you do not run a test. However, testing is not a one-and-done process. Once you know your backup and restore processes work according to plan, you need to set up a proper testing schedule. For example, it would be a good idea to run a complete test of your backup and restoration process at least on a weekly or monthly basis, depending upon your requirements. Also, a retest should be carried out when adding a new app or upgrade since new versions of software or security updates can lead to compatibility issues, resulting in backup failure.

11. Are you using the right type of backup for your needs?

The type of backup you choose should be tailored to how much data you have and need to store, the capabilities of your network, and what your goal for backing up actually is. There are many different types of backup strategies available. For example, full backups take a long time to complete and take up more storage space than incremental backups. Incremental backups have the quickest backup time, but recovering the data takes longer. Differential backups are also faster than full backups but are slower and less space-efficient than incremental backups. When deciding whether longer backup times are worth shorter recovery times and vice versa, carefully consider the downtime each backup type will have on your business operations.

Learn More: Importance of Data Backup and Recovery 

12. Are you protecting your backup files against ransomware and other cyberattacks?

Backups (including those on the cloud) are just as vulnerable to unauthorized access as original data. Not only must you protect your original data sources from hackers, ransomware, malware, spyware, and viruses, you also need to protect your backed-up data. Hackers have been known to attack backed-up data files first before attempting to access the original data. To avoid unauthorized access to backed-up data, all the data should be encrypted and under access control before it’s sent over the Internet to a storage data center. Also, encryption keys should be kept in an offline environment that is accessible to trusted personnel only. If your organization uses cloud-based applications such as Microsoft 365 or Dropbox, consider implementing cloud data security software to secure information stored within cloud-based applications. 

13. Do you have a recovery plan for disasters such as floods or fires?

Backup recovery is often seen as synonymous with disaster recovery. In case of a disaster recovery plan, you can continue your business operations from a different location while your primary systems are being repaired. Disaster Recovery as a Service (DRaaS) often works in tandem with a disaster recovery plan or business continuity plan (BCP). DRaaS goes beyond just simple data backup and recovery; it provides a cloud-based replica of your primary work environment, including access to IT equipment, Internet services, and any other asset that you would require to continue running your operations.  

How important is a data backup strategy for your organization? Tell us what you think on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you.