Two key activities in the pantheon of business continuity and disaster recovery are backup and recovery strategies....
Both are essential for business resilience: If you cannot back things up, there will be nothing to recover, and if you can't recover, then what good is having backups?
You could say each is the inverse of the other, and without both, the notion of BC/DR vanishes. The good news is that both have been steadily improving over the past decade -- to the point where businesses that want to survive and remain competitive must have both in good operating order. We can safely say that the two are totally essential to business survival, and advances in technology make them even more affordable and easy to use.
The advent of cloud-based BC/DR services makes it much easier to adopt backup and recovery strategies that are not only affordable, but also highly efficient and reliable. And despite these important developments, we must remind you that there are still issues to consider when moving to an advanced backup and recovery arrangement. Let's examine them.
Multiple vendors handling different activities. It's possible you may have different vendors handling backup and recovery activities. This could be a legacy situation where you've been using the same backup vendor for many years. Ideally, the same vendor should do both. But if you have multiple vendors, be sure they are in contact with each other so their activities can be coordinated.
Cloud versus brick and mortar. You may have evolved to cloud-based backup and recovery strategies, but what about the few remaining legacy servers in your data center that haven't yet been virtualized?
Testing. When conducting tests of data and system backup services, try and test the recovery pieces for those assets as well. Be sure to document the test and prepare an after-action report summarizing the results.
Frequency of backups. Your backup schedule may already be set, but keep an eye on those activities to make sure no scheduled backups are missed or delayed. If you are using advanced backup techniques, such as replication or mirroring, make sure the correct data has been successfully backed up.
Nonelectronic backups. We are so acclimated to everything being in electronic form that we may forget that some documents, such as corporate records and HR documents, must be in hard copy format. Ensure that these are scanned and backed up, but also make sure the originals are stored in a fire-resistant enclosure or off-site at a secure storage facility.
Backup technologies, such as mirroring, replication, disk, cloud and tape. While speed is often of the essence with data backups today, some situations may not require the speed of technologies such as data replication or mirroring. Keep track of your data and system backup requirements, as they may change over time. Modify the backup approach as needed.
Speed of backup. In line with the above consideration, your business requirements as identified using business impact analyses (BIAs) may also dictate the speed of backup. Virtualized systems and data may be needed immediately in an emergency, thus underscoring the need for fast data backups.
Speed of recovery. In an emergency, access to mission-essential systems and data may mean the difference between business success and failure. Be sure that your recovery services vendor can have critical systems and databases operational within your required time frames.
What needs to be backed up? While this may be an obvious question pertaining to backup and recovery strategies, be sure that what you back up is essential to the business and its continued operations. Note that these requirements can change as your organization changes.
What needs to be recovered? Likewise, your recovery strategy should focus on those mission-essential systems, databases and data assets. Be ready to adjust your recovery requirements as the business changes.
RTOs and RPOs. These two important metrics are typically determined during a BIA and are not static. As your business changes, recovery time objectives (RTOs) and recovery point objectives (RPOs) may also change. If your organization is going through a major change -- for example, a merger or acquisition -- conduct a BIA as soon as things stabilize to see if RPOs and RTOs have changed.
Business changes. Most organizations undergo changes during their lifecycle, and yours may be no different. Remember that any changes to your organization may also impact your backup and recovery strategies and requirements.
Data security. Finally, and perhaps most importantly, ensure that your data and systems are secure during backup and recovery activities. Data encryption is a widely used technique to protect data at rest and in motion.
As you have seen, backup and recovery are hardly static activities. Both are essential for keeping your organization operating smoothly. And they are absolutely essential during any kind of business disruption, ensuring that the critical systems and data you need are readily available.