Often times small and medium businesses use backup systems that are inadequate and adopt Disaster Recovery strategies that are just sketched out or inefficient in preventing and facing disastrous situations like fires, floods, earthquackes or thieves.
There are some crucial elements to keep in mind when planning a good backup, such as:
- An automatic, scalable and secure software;
- Saving open files, databases and other specific applications;
- Fast and accessible restores, and data retention to have more versions of the same file;
- Fast execution and data compression;
- Criptography to enhance the security levels of backups;
- Daily backup report to monitor the results.
How can you plan a backup that is completely automated, easily monitorable, based on a reliable system from a hardware perspective, not subject to theft, natural disaster, wear and damage? Moreover, how to achieve all of that without undermining the ever-low budgets?
Offsite backup offsite: a necessity for everybody
Like a bolt from the blu: on a Saturday morning or maybe in the evening during the week. A client calls and says that a disk of a server has failed and can't retrieve data. You've repeated a thousand times to that client that his habit of *not* doing a backup was a problem for sure, but he always dismissed the argument with a grin and told that listening to the same song of yours was just a hassle.
And now, what will you reply? What can you say in front of phrases like "What we do now? I've lost the whole data of my company! I need to retrieve everything right now, I can't wait. I really depend upon that data." The first instinct would be to have him go and get.. you know it.
The reply that might seem the most appropriate perhaps is "There is little left to do. Regardless of my numerous advice on the need of having a precise backup strategy, nothing has been done." This reply is politically correct, but it hides a touch of powerlessness and, up to a certain degree, it can be an admission of guilty or a way to leave all the responsibilities on the client himself. Saying to a client that is already tense for the loss of data that "it's your fault" is no way a winning strategy.
Perhaps you might give a little bit of a chance and suppose an optimistic scenario where data is retrieved, but if the outcome is negative or requires an expensive intervention, then you'll just shift of a couple of hours the final moment of disappointment and anger.
All in all, whatever you reply the client - unless you have a "Back to the Future" DeLorean - you'll get him mad.
A frequent reason that makes a client to change the IT partner is about losing data of a data server, of a NAS or of an email server.
Small and medium companies often use backup systems that are not appropriate and adopt Disaster Recovery strategies that are just sketched out or completely useless.
Let's see which systems are often adopted.
Obsolete but still widespread: tape backup
Even though the technology is quite obsolete, many companies still use tape backup; however, tape backups have several problems: data restore takes a lot of time, sometimes there is no option for a partial restore and tapes themselves get degraded as time passes by.
It's quite common to discover that a backup is not consistent because of the damaged tapes (which aren't 'rotated' with the proper frequency, but the same ones are used). Tapes can be efficient if part of wider and complex backup strategy.
One of the main worries about this technology is the need of human intervention: tapes -in general- must be changed every day and often times this is a secretary's duty, who assign a low priority for this job. There is no proper absence management in several cases: if the secretary, or the responsible for this job, is ill or not present, it must be clear who is in charge of changing tapes. Experience however teaches that a backup system that relies only on the responsibility of a person cannot be considered adequate.
Cheap, more modern, yet still limited: USB disks
One of the most common alternatives to tape backups is USB disks for sure.
These devices are cheap, offer a good level of reliability and duration in time, access times are food and they can be easily moved from a computer or server to another.
Still, they bear some pitfalls within themselves. For instance, they are subject to failures, therefore you must consider to use at least a couple of disks to use every other day. As disks must be switched daily, we fall back in the argumentation of the problem found with tape backups: a backup that lies upon a person's responsibility cannot be considered flawless.
We must also consider the fragility of USB disks: a fall of a couple of inches can compromise their functioning. Also, their ease of access poses them at risk as whoever gets into possess, even for a few hours, can exploits them: while tapes can be read only with expensive units installed on servers, USB diss can be read and manipulated by every computer. The use of a ciphering system is a solution, although it can turn into an even bigger problem once keys and passwords get unfortunately lost. In some instances USB disks are used as an alternative to a real off-site backup system: a single disk is brought at home by the business' owner, or by a responsible, and this practice is considered as a guarantee in case of data loss. But are you sure that said disk has all the data to be archived and a decent reliability?
Crucial elements for a good backup
Then, you must take into account those elements that are important for the proper result of a backup.
You a specific software to do this job that is automated and scalable!
Copy and paste or a simple synchronization are not the ideal solution.
Data retention, and therefore having several versions of the very same file for some days, is an essential element. Data compression is important too because it helps to save space. Cryptography enhances the security level of savings.
A daily report of the result of backups is fundamental to the proper monitoring: a small damage or the end of available space can compromise the entire backup strategy, and often times you realize of it when it's too late. Statistics of backups must be available and easily accessible in any given time, and the same applies for error logs or warnings of backup results. Proofs of data retrieves must be accessible and quick so that you can verify periodically that data can be restored. A backup whose restore hasn't been tested is no way a guarantee of a proper behaviour!
Backup system must be able to save open files as well as databases, and to "talk" directly to specific applications. For instance, a backup of the whole company email archive (tens, if not even hundreds of GBs) that can't restore a single email is actually unuseful.
The solution is simple: online backup
So, how can you implement a backup system that is completely automated, easily monitorable, based on a reliable hardware, not subject to theft, damage and wear? Of course, all of that without wearing off the ever-limited budgets of small and medium companies that doesn't have a branch office, a datacenter or dedicated staff?
The only solution that easily answers this question is online backup. Unfortunately in Italy there is a widespread skepticism and mistrust towards the link between "cloud" and "business data", rather than towards the Cloud. That bears from a general ignorance on these topics. If it's good to send documents, quotes, contracts and projects in plain-text with email accounts that don't have even minimum security protocols (thin about TLS or its predecessor SSL) or to store private information on online and uncertain reliability sharing services, on the other hand a backup system that relies on a strong authentication system, a ciphered connection and that even offers encryption for at-rest data is not even considered just because that widespread feeling of mistrust wins on anything else.
Online backup allows to implement a data protection system with ease that satisfies the requirements we have dealt with. In addition to that, if using a well-known, reliable and experienced provider, it guarantees an excellent level of security and does the restore in a quick time even when the situation is critical, for instance after a fire or another catastrophic event.
If it then included into an articulated and well structured Disaster Recovery plan, then it allows to implement a protection level that is adequate even in the most critic circumstances.
Advice for use
The use of an online backup service is not a valid reason to give up some fundamental rules to offer a good service to the clients. Even if the system can be controlled and managed in an automatic manner, you shouldn't forget that a periodic notification mechanism must be configured in order to identify problems on the fly. Moreover, you need to verify periodically with the client that data to backup is actually the one needed and that the adoption of new softwares of services don't use folders or paths that are part of daily backups.
In the event of some connectivity problem, you must think of an alternative on-premises backup that allows continuity of service.
Another important challenge for online backups, in particular when the available connectivity is limited, for instance in the case of companies without optical fiber, is to guarantee that periodic backups are completed regardless the evident constraints of time and bandwidth. Therefore it's essential to use incremental backup techniques, limit the number of full backups and avoid to transfer folders that aren't modified by rationalizing tha choice of the path to include in a backup.
If clients have a limited budget, a cheap offer might be really appealing
Still, are you sure that purchasing a cheap and low quality service doesn't pose a real threat on data security, entailing bigger expenses in the future?
Price, unfortunately, is often a note out of tune of Cloud backup. Nobody wants to spend lots of money on something that hopes not to use someday. That is why the cheapest offer seems to be the most appropriate... all Cloud backup services are the same, aren't they?
Online Backup services are not all of the same akin
What are you paying for?
The following may appear as a strange question but it's fundamental to ask what you are actually paying for when you buy a backup solution. Do you need an online backup or and online storage? There are several differences..
An online storage is, by and large, and empty box where to put "things" you want to store in the Cloud. Obviously, one of the "things" to store could be a backup, but that backup doesn't appear magically into that box. We need to think about a separate solution that physically performs backups and then transfers them into the storage. That implies the purchase of a backup software and its subsequent configuration so that it can communicate properly with the storage. The result: more expenses and a more complex backup system.
A dedicated online backup is, on the other hand, what we can define as an integrated solution that performs data backup and transfers it off-site in a secure way, into the Cloud. Usually, this solution is slightly more expensive than a simple online storage.
But transferring data INTO the cloud is one side of the medal; the focal point is to transfer data FROM the Cloud when you need it..
What is the process to restore a piece of data? Is it as simple as logging into an interface and select files, or is it more complex? If the IT staff in charge of the backup is not available, can an inexperienced client intervene? Is there an additional cost to restore data?
Those questions need an answer BEFORE you choose to buy an online backup solution.
Will you receive help if needed? At a certain point, every company comes to the conclusion that a backup system is required -- whether it's for the restore of a single file that has been accidentally overwritten or to rebuild the entire infrastructure after a tornado.
If data recovery is compromised, what kind of support can you rely upon? Do your backup solution include a 24x7 support with skilled techs whom you can talk to, or will you be treated just as a forum user? If the problem is not included in the FAQ database, what is the Plan B to solve the emergence and continue with the recovery?
Be sure of taking into account every aspect before rushing headlong into the first cheap solution available!
The pillar of an optimal Disaster Recovery strategy is a reliable off-site backup solution.
Unfortunately, today only a handful of companies are prepared against data loss.
Maybe some like to ignore the problem and live on the razor's edge.. No matter how fascinating is risk, we prefer prudence and security: we have a deep respect for what can help to establish solid Disaster Recovery plans.
Perhaps you may be thinking that you already have a solution that, for instance, send your backup data into the Cloud. It's like the "cloud" work could your offsite backup a DR strategy, isn't it? Then, problem solved!
Unfortunately, it is not so.
Let's take into account appliances for instance. Appliances aren't designed with the main goal of transferring data through Internet and tend to be quite slow in doing so. If you have lots of data to backup (who doesn't?) and your appliance takes 3 days to do the backup and transfer into the cloud, then well, that data will be extremely vulnerable and at risk for 3 days, the duration of the whole process.
You need a software designed to do all of that, a software that compresses, ciphers and sends your data TO the cloud, with the least amount of time possible. Only then we can talk about a serious DR. A reliable Disaster Recovery strategy calls for your data to be always and anyway offsite. Because you need to retrieve it in it entirity in a few time and in whatever moment.
The more your data remains on-site, the more vulnerable it is.
Once we agree on this, you just have to choose your provider.
Cheap online backup solutions are appealing, how could we dare to say the contrary: after all, you just need a control panel for management, a customizable dashboard and it's all good to use. But when time passes and problems arises -problems will always arise, sooner or later!- you must be sure of counting on a team of skilled technicians that can help you both in critical moments and as a confirm that, for instance, you properly configured your backup jobs.