The above train wreck scenario actually happened to a business some time ago. They did not include data loss mitigation in their contingency plans. While the nature of the error in this example was unusual, the reality is that data loss is a very common experience for computer users . Failure will inevitably occur in any IT environment. Smart business operators reduce the likelihood of data loss with planning and implementing good disaster recovery strategies.
This article is a basic introduction to data protection strategies, intended to inform freelancers, contractors and small to medium sized business operators. If you are business manager, and if this topic is a grey area to you, contact your IT staff and start asking questions about their contingency plans. Has anyone devised and tested a disaster recovery plan? If so, did it actually work? If not, why not? What can they do about it? If you are a freelancer and manage your own equipment, hiring an IT contractor should be considered. Ask them for advice about this topic.
Protecting Your Data
Plan for Disaster Recovery
Good planning is always the first step towards protecting your intellectual property assets:
- First, identify what information, data and assets are important in a business.
- Draft an IT contingency plan that best suits the business and its intellectual property.
- Implement the backup systems, then test the disaster mitigation procedures.
- Review the contingency plan regularly and update disaster mitigation procedures.
Start implementing the plan by investing in reliable computer equipment.
Server Redundancy and Fault Tolerance
Specialist server hardware are built with fault tolerance in mind and sometimes come equipped with redundant systems to improve reliability. Redundancy should not be confused with backups. Redundancy implies making a computer system resilient to faults, interruptions and down-time. For example, RAID systems are used to build a redundant array of independent disks, which reduces the chance of immediate data loss if one of the disks ends up failing. Of course, many other strategies can be employed for implementing fault tolerance, including:
- Making sure there is no single point of failure in a server.
- Being able to isolate failing components without interruption.
- Implement fault containment to prevent propagation of the failure.
- Plan service outages if necessary to minimise impact on business operations.
Redundancy and fault tolerance strategies only offer a first line of defence against data loss. It does not protect you against failures, such as human error, security breaches, files getting overwritten, systematic file corruption caused by malware and software bugs. You will need an independent backup system to mitigate such failures.
On-site Backup Systems
On-site backup facilities are usually located on the same premises were the business operates. For example, one might run a local server that keeps a repository of file assets. The server also performs nightly backups by maintaining different versions of important files on a separate network attached storage. If something goes wrong, older versions of the files can be immediately accessed and restored. Of course, backups can be performed in many different ways, but that usually depends on the nature of data that is being handled. Few examples:
- Version control systems that track incremental changes to data and allows changes to be reverted.
- Network attached storage (NAS) devices for on-line data archiving.
- Imaging systems that clone and backup entire disks periodically.
- Tape archival systems, typically used for storing very large amounts of data off-line.
The downside of on-site backups is that data can be still at risk from facility-wide disasters, such as fire, flooding, theft, or sabotage. As an extra precaution, one should keep additional copies of backups off-site, or at least in a different building.
Cloud Based Backup Systems
Remote backup services offer a means to store copies of your data off-site. Cloud backups are completely independent of your business IT infrastructure, and they are usually managed by third party companies specialising in cloud computing services. Features and benefits of remote backups include:
- Data is synchronised to trusted cloud storage systems offered by Amazon, DropBox, and so forth.
- Customers don't need to manage the back-end storage repositories in order to recover backup data.
- Very reliable, third party services usually offer greater than 99% uptime guarantees.
- Suitable for long term archival of legal records accessed infrequently.
Backups alone should not be considered as a complete disaster recovery plan, because backup systems may not be able to restore the complex configuration state of a computer system. Here is a few examples of additional complications that you need take into account:
- Be aware of servers that need reconfiguring, such as active directories, computer clusters, or database servers.
- Make sure the data is secured with adequate cryptographic measures and housed at a safe physical location.
- Observe legal obligations in terms of handling data, which may include security obligations and restrictions to data retention.
- Consider what additional software or operating systems needs reinstalling.
- Make sure software license details (keys, serials, etc.) are accessible and ready to use when reinstalling software.
- Gauge how much delays and recovery time your business can afford.
- Understand the performance impact of maintaining a backup system.
- Account for the labour costs associated with a particular backup strategy.
Of course, this is just a small generic list. Your business will have very specific requirements.
Always test: The advantages of maintaining backups will be negatively impacted if the restoration process itself is flawed. Perform dry runs and make sure your data recovery strategy actually works.
Data integrity: Make sure the data at the backup site is complete, well formed, and is not systematically altered in some way by the backup process. Backups are pointless if nobody bothers to check whether the data copied has all the required components.
Data security: Don't pipe data over unsecured networks. Don't dump data to an unsecured storage device, especially if it's managed by third parties. And if data is encrypted, make sure you can actually decrypt it. Test your decryption keys and make sure you have the correct keys on file.
Be adaptable: Make sure your backup strategies can keep up with your business growth and structural changes. As mentioned earlier, review your contingency plan regularly and update disaster mitigation procedures if appropriate.
Insurance: Financial and other practical constraints might limit your ability to protect data. Insurance could be your last line of defence legally and financially. Contact your insurance broker and make sure your business is adequately covered for data loss.
Kabooza Global Backup Survey, Kabooza, 2008, Date Retrieved 18 December 2017