You back up your data. You’re prepared to handle the next big disaster, right? Wrong. Disaster recovery requires much more than data backup.
The Difference Between Data Backup and Disaster Recovery
Let me begin this discussion with a personal revelation. I don’t have a disaster recovery plan for my personal data. I do back virtually all of it up, however, using cloud services.
If the unexpected happens – I lose my laptop, my hard disk suddenly gives up the ghost or my computer suffers a fatal coffee spill – I can use my data backups to recover from the event.
But recovering will take me a long time and a fair amount of effort. I’ll have to remember the password to my cloud backup service. I’ll have to download all my files and put them on my new computer, probably losing some of the original directory structure in the process. I’ll probably also have to reconfigure some of my applications manually because some of them depend on configuration files that are not part of my backup routine.
This is all fine because I’m just an individual. If it takes me a few days to recover from a disaster, no one’s going to go insane or get sued.
If I were a business, however, my current data backup strategy would fall far short of providing the complete disaster recovery solution that I’d need to ensure I could recover from an unexpected event quickly enough to prevent serious damage to the business or its customers. I might also be responsible for keeping pace with compliance regulations that require me to be able to back up and restore sensitive data within a specific time frame. (Related: Planned or Unplanned, All Downtime is Bad)
Building a Complete Disaster Recovery Plan
I mention my personal backup strategy to illustrate why backing up data is only the first step in a complete disaster recovery plan.
To prepare fully for a disaster, you should not only back up data somewhere, but also do the following:
1. Ensure that all relevant data is backed up.
You may not need to back up every bit of information on your file systems. Temporary files, for example, probably don’t need to be backed up. On the other hand, it can be easy to overlook certain types of files that you would want to back up (such as configuration files in the /etc. directory on a Linux operating system – which I’d back up from my personal system if I were more responsible).
2. Secure your data backups.
Backed-up data is no good if it is damaged or data quality errors are introduced into it. In addition, data backups can be a fertile source of information for attackers in search of sensitive data. For both reasons, it’s crucial to ensure that your data backups are secured against intrusions.
3. Determine how frequently backups should be performed.
Performing continuous real-time backups of all your data is the ideal, but it is usually not feasible. Instead, most organizations determine how frequently they should back up data by determining how much of a lag in data they can tolerate without a critical disruption to business operations.
If you could afford to lose a day’s worth of customer records (or recover those records manually in a reasonable period of time), then you can perform daily backups. If you can tolerate only an hour’s worth of lost data, then do a data backup every hour. (Also read: How to Calculate RPO and RTO)
4. Include your personnel in the plan.
Determine who will perform backups and who will be on call to restore data in the event of an emergency.
5. Have a process in place for recovering data.
Backing data up is one thing and restoring it is another. You should have a recovery plan in place for different scenarios: One in which your infrastructure remains intact but your data is lost (in which case you can recover from backups to your original infrastructure), and another for a situation where you need to stand up totally new infrastructure, then recover data to it. In both cases, your data recovery plan should include as much automation as possible so that you can get things back up and running quickly. However, you should also build in safeguards to ensure that important data is not overlooked during backups, or files corrupted.
6. Ensure the quality of data backups and recovered files.
The data you back up and recover is only useful if it is free of errors and inconsistencies. This is why data quality should be built into your recovery plan.
Again, if you’re an individual, you can get away with just backing up your data. But any business hoping to survive a major unexpected event that impacts its software or data needs a complete disaster recovery plan in place. Data backups are only one part of that plan.
The 2017 State of Resilience Report reviews the developments of a decade while summarizing this year’s research findings. This comprehensive report discusses that and all the pressing trends regarding high availability and disaster recovery, migrations, data sharing and the cloud.