What would it be like for your organization if there was an IT disaster such as an office fire, systems failure, or ransomware attack? If all your data was lost, how long would it take for your organization to be functional again? Minutes, hours, days, or weeks? How would this affect your customers and your employees? These are the types of data resiliency questions business leaders should ask when thinking about their data backup solutions and recovery needs.
To find the answers to these questions, it’s critical to determine how long you can afford to be down (Recovery Time Objective-RTO), and how much data can you afford to lose (Recovery Point Objective-RPO). Once you have this information, it’s then a matter of selecting the right mix of data backup solutions, recovery options, and replication alternatives to satisfy your IT, recovery, and business continuity requirements.
Data loss affects all organizations at some point. Your disaster recovery (DR) plan outlines the steps used to rebuild your systems and recover data when disaster strikes, while your business continuity (BC) plan outlines how you conduct business through a disaster.
The type of industry you are in can dictate certain requirements of your backup, recovery, and replication strategy. For example, financial industries must comply with requirements imposed by the Federal Reserve and SEC, whereas Healthcare has the requirement to protect Electronic Health Records (EHRs) according to HIPAA standards. In addition, your data, apps, and systems are not weighted equally. It’s important to determine which are mission-critical and the backup solution that meets your business continuity needs. For example, your DNS servers and web filters likely need high availability since the internet is mission-critical (short RTO of 15min.-1hr.), but your file servers may not be as critical and can handle more latency (longer RTO of 12-24hrs.).
Data Backup Solutions and Recovery Types
The best way to think about a backup is as a “point-in-time” copy of your data. You could recognize this method as an 8:00 PM nightly backup, Monday – Friday. Your workers have gone home for the evening and the majority will not be working until 8:00 AM the next day. This is a common 24hr offsite data backup scenario, often chosen as a low-cost option. You are billed only when a snapshot of your data is taken and transferred to your data backup system. This scenario highlights the importance of understanding your recovery point objectives (RPO), and what is the most data that can be inaccessible/unavailable in one period.
Consider the following example. It is a payroll period and your HR & tax management software suddenly becomes compromised, leaving you unable to make payroll. Using the point-in-time backup scenario above, your data would have last saved at 8:00 PM the night before. The recovery point is the previous evening, before the compromise, essentially losing a day of recordkeeping and productivity. When thinking about RPO, determine if the cost of lost data and productivity is more than the increased cost of backing up your data at a higher frequency or using multiple methods.
Common Data Backup Solutions / Methods
- Tapes: Cost-effective but inefficient recovery in large quantities.
- Direct-to-cloud: Backups are copied directly from your server to a cloud server giving scalable storage capacity. Cost increases over tape solutions due to offsite storage and internet bandwidth needs.
- Cloud-to-cloud: When using the cloud in place of physical servers, backups go from one cloud to another. Costs are at a premium due to exclusive cloud storage, high scalability, and no need for physical infrastructure.
- Software-as-a-Service backup: It’s best practice to supplement data living within a SaaS application, like Microsoft 365 or Google G Suite. These applications have no obligation to backup and protect data to meet your internal or regulatory requirements.
No matter what data backup solution you choose, it is highly recommended to augment your strategy with an off-line (or air-gapped) solution. This additional backup is especially important to combat the increasing ransomware threats all businesses face. The benefit of adding an offsite air-gapped solution is the physical and logical separation of your backup data from any threats to your production environment. Essentially your backup data is protected from cyberattacks or other disasters (fire, lightning strikes, etc.).
While backups copy data over to another location, data replication is ongoing data transfer. With replication, a redundant server is housed within a separate data center creating a real-time replica of your virtual environment and its corresponding data. Returning to the payroll scenario above, suppose this time you were working on payroll when your central server fails. With replication in place, you can switch over to your redundant (or replicated) server and continue business operations. Payroll would go out as scheduled while IT works on getting your central server back online. This is the quickest solution for companies with the need for high availability, but this does come with a cost.
Replication requires the availability of servers (physical, cloud, or combo), replication software, and connectivity (VPN, bandwidth, private connection). As you can imagine, each part of this combination is attached to a dollar figure. Knowing your recovery time objective (RTO), and how long you can afford to be down is key to optimizing costs with replication.
Why Backup is Needed With Replication
Point-in-time data backup, no matter what method you choose, is an absolute must for disaster recovery, but it does not address business continuity. Replication, on the other hand, addresses business continuity, but cannot accomplish disaster recovery on its own. Say your payroll data gets corrupted and you do not have a viable backup solution in place (no DR solution), the corrupted data is essentially replicated to your redundant server (BC solution). You are still unable to make payroll since you have no point-in-time backup to recover.
At Systems Engineering, we recommend clients map their data and applications to appropriate levels of protection (keep in mind it might take more than one solution to fit the needs and budget of the business). For example, organizations could justify the replication and rapid recovery of one or two critical applications, like your payroll software, yet leave the remainder of systems protected by a less costly solution with higher RPO and RTO. We also recommend that all data and applications are protected by fault-tolerant systems that are backed up at the file level.
Although there are many options and solutions for backup and replication of your company's important data, one thing is clear, backup is a necessity. No business can afford downtime or the loss of confidential data.
Are you worried about your organization's data backup solutions should there be a disaster? Select the link above to be directed to our specialized backup and recovery contact form. Customers please reach out to your account manager or connect with us at firstname.lastname@example.org or call 888.624.6737.