Best Practices for Data Backup and Quick Disaster Recovery
By Nikhil Korgaonkar
Business continuity is a serious concern for organizations, especially when there is a rising numbers of cyber threats each day, and due to the imbalance caused by the recent pandemic.
Be it human-initiated disasters or natural ones, the need to have a Business Continuity and Disaster Recovery (BCDR) solutions is critical for any organization. It is a preventive approach to assume that disasters, and pandemics, causing cyber damage may be actually inevitable. Ransomware attack, a prominent cyberattacks tool which most organizations are apprehensive about is actually increasing in numbers. What can be prevented is the stretch of the downtime, which the businesses may suffer as a consequence to any disaster.
Downtime is highly damaging for an organization. When data loss occurs, expenses go beyond basic recovery costs. According to Gartner, the average cost of IT downtime is $5,600 per minute. As there are many different businesses operating, downtime at the low end, can be as much as $140,000 per hour, $300,000 per hour on average, and as much as $540,000 per hour at the higher end. 98% of organizations say a single hour of downtime costs over $100,000. 81% of respondents indicated that 60 minutes of downtime costs their business over $300,000. 33% of those enterprises reported that one hour of downtime costs their firms $1-5 million.
Hence, downtime can be safely called an organizations’ nightmare. Here are some of the major pain-areas that results due to the downtime:
- Halts businesses processes that can lead to customer dissatisfaction, data loss and monetary loss, if in case of ransomware;
- Disaster for organization’s reputation; and,
- Failing to adhere to data protection regulations, like GDPR, there will be far more penalties that can completely cripple the business.
Invariably, the company experiences a loss in productivity and revenue as well. This kind of risk is important enough to get executive-level attention, and it has spurred IT leaders to go beyond traditional backup and recovery to seek out new methods that can, perhaps, enable them to avoid a “logical” disaster altogether.
Thus, it is vital for organizations to have clarity about BCDR and cybersecurity plans, which are two different concepts but intertwined together.
While talking data backup, it is about making a duplicate copy (or copies) of the data. This is something most of us have already experienced on our cell phones. Anyone using a smartphone today also uses different Instant Messenger (IM) applications. These IM apps usually have a data backup setting, where the app takes a backup of all the files and conversations, to an email account drive. This backup is usually taken, during the time when we are not using the app, like while we are asleep. Backup is taken in case we accidentally delete or uninstall the app, the device gets corrupt or damaged, and we can always restore the backup data in the future. This is a simple use-case scenario of disaster recovery.
Again, certain data is more critical than the rest. For example, in a phone, the contact numbers are usually the most critical data than most other data files. Hence, this data must be protected and stored in the cloud, in case the device gets damaged or lost. This is an individual case. In case of enterprises, there must be specific plans on a course of action for losing critical-data due to a man-made disaster, or an act of God. Organizations must prioritize or grade their data according to its criticality during any emergency. Key pieces of information that are commonly stored by businesses be that employee records, customer details, loyalty schemes, transactions, or data collection, needs to be protected.
Disaster recovery is a set of plans and strategies that are in place for swift re-establishing the access to applications, data, and IT resources post a mishap or an outage. Disaster recovery sites are the exact replica of data servers. In case a disaster of any nature strikes and the connection between the networks is lost, disaster recovery plan can switch over to a secondary set of servers and storage systems until the primary data center is functioning back.
While choosing for the best solutions for both data backup and disaster recovery, organizations can have the below factor considered:
On-premises or Cloud: It is important to evaluate the best back-up and recovery deployment plan. This is about either choosing between a cloud-based or a non-premise approach. This of course depends upon the nature of the business, the critical level and the investment and expenditure plan. Here, one must also consider the data access speed, while considering the deployment. Post-backup, the recovery of the data must be seamless between physical, virtual and cloud and, especially if it is a multi-cloud architecture, so it does not disrupt the work speed.
Technologies: There are several different technologies or solutions that can be applied in taking effective backups.
- Tapes: Tapes are making a comeback, as it is being proven as the best air-gap backup strategy in case of ransomware attacks, which are highly rampant these days. However this is again not a safe approach for other disaster recovery, as recovering data from tapes is highly time consuming. Tapes are inexpensive in regards to operations, ownership cost, capacity and speed. Magnetic tape storage has been a feature of the data center since the very earliest days of computing. Reel-to-reel tapes have evolved into high-capacity tape cartridges, and provide exceptional durability that continues to earn them a place in over half of today’s hybrid data centers.
- Snapshot-based backup: Snapshots capture the current state of an application or disk of any time. This writes only the changed data since the last snapshot, which not only helps protect data but also conserve storage space. Of course, your data is only as complete as your most recent snapshot. If the snapshots are taken in every hour, there will be a loss of an hour’s worth of data.
- Continuous replications: Organizations with 24×7 operations cannot afford downtime, for even minutes as it can cause irreparable damage to revenue and productivity. In addition to backing up, they’re continuously replicating – moving beyond application recovery times to application and system availability. Here, the solution is continuously replicating data at the file system level of files or folders and applications, and full physical or virtual systems, with heartbeat-powered automatic failover to ensure they remain operational.
Disaster recovery as a service (DRaaS): In the event of human led malicious attacks, negligence, unforeseen circumstances or natural disasters, a holistic unified DraaS helps enterprise customers and partners to continue accessing business-critical applications with minimal disruption. You can recover applications and databases with near-zero data loss and your servers are up and running in the cloud transparently. DraaS usually serves as insurance for companies that cannot afford to invest in a secondary site for disaster recovery, taking care from end-to-end, from deployment to failback.
It is understandable how critical both data backup and disaster recovery is for any organization today. Retrieving lost data should not be a time-consuming affair, as this would mean loss of business hours, and delay in delivering services. Similarly, disaster recovery should help the organizations to get back fast to work, or otherwise this may lead to loss of customers and always impact business value. Alone a data backup plan cannot help when it comes to disaster recovery, thus both are equally important.
(The author is Regional Director – India & SAARC at Arcserve and the views expressed in this article are his own)