It’s common knowledge that taking backups is good practice.
But a backup alone is only part of the overall Business Continuity and Disaster Recovery (BCDR) process. In the last few years I’ve come across an alarming number of people who just take backups, and by that, I mean just file level backups. Even fewer people are taking whole system backups including the OS (Operating System) and configurations. More worryingly a large percentage of all these backups are not regularly tested!
Business Continuity Disaster Resilience Myth busting
We take regular snapshots so we’re covered
Quite frequently I hear “We take regular snapshots so we’re covered.” This is another point I’d love to get straight, snapshots are NOT backups. Your snapshots are not backups because they depend on these other blocks of data to make any sense. If the underlying template is corrupt, your snapshot is useless. You need a separate backup to make sure you have your data after some unforeseen event, ideally on a different device from the hypervisor.
Technology is the only factor we need to consider
It’s also quite easy to fall into the mind trap of only focusing on the technology, as in which product will give you the best solution, and you’ll no doubt end up comparing apples with oranges as all the vendors use a different terminology and different key metrics.
The truth of it is the technology is only one element, albeit a very important element. You should also account for People and Process, as these will be just as important in a recovery situation.
Considering People and Process in BCDR
If we look at the people element to begin with, you need to ensure your personnel know both how the technology works and the associated processes. It’s important to look at who would be available in the worst possible scenario at the worst possible time, and then find a balance of planning and risk. It’s unlikely that you’ll be in the utopian situation of having highly skilled technical staff available 24/7, 365 days a year.
What this means in real world terms is that your processes need to be readily available and locatable, and by this, I mean consider a situation where all your file and webservers are inaccessible, where would someone find a printed copy of these procedures? Additionally, the steps in the process should be comprehensive, detailed and simple to follow.
So what about the technology then?
This then leads on to the technology, arguably for some the most important, as the right technology can make the process easier, and reduce the impact on people too. There are many factors to consider when choosing a technology, and it's important to understand whether you need a backup technology, or a BCDR system.
The main point of backup is to have a copy of the data or system to recover in the event of file damage or system failure. The assumption here is that you can use the existing hardware to recover to, or that you have a suitable spare machine to use should it be required. BCDR is designed to allow your organisation to continue operation should a system fail. In utilising BCDR technology an organisation can drastically reduce the steps required to recover a failed system, as well as possibly removing the requirement to hold spare hardware. The ability to use a BCDR system in a Disaster Recovery scenario can drastically reduce the time to recovery, meaning your systems are brought back into production faster, and downtime is kept to a minimum.
A good BCDR system should also take backup points at a high frequency to keep any potential data loss to an acceptable minimum, and ideally have options to replicate the protected systems to a secondary location. Ideally the secondary location would be in a separate geographic location where possible and secure cloud replication is an ideal way to address this, should it be feasible within your security strategy.
BCDR solutions should really be a consideration for anyone who is responsible for any sort of system with a high cost of downtime, or where being down for extended periods simply isn’t an option.
SolutionsPT developed a solution which provides BCDR to control system environments, with high frequency data capture, automated daily testing, super-fast recovery times and delivered as a managed service with 24 hour support. Find out more about Cyber Security Recovery.
Chris Whitehead is Recovery and Network product manager at SolutionsPT, he has many years of technical experience with various backup technologies covering SME through to enterprise level solutions.