How good is your backup, really?
Set it and forget it is no way to treat a critical element of business resiliency
Backups are arguably the most vital component of an organisation’s tech setup. But as you don’t need them till things go wrong, for some organisations it is all too easy to set systems up and forget about them, which could be a recipe for disaster. What should an organisation be doing to ensure its backups are in fine fettle at the point when they’re needed?
With working from home now standard practice, are there any additional considerations for organisations in terms of ensuring their backups are in tip top condition, they’re regularly done and accurate, and quickly restorable?
Revisit, revise, repeat
The only way to be sure backups are fit for purpose is to keep a very firm eye on the regime. That applies wherever people are working – in the office, at home, or anywhere else. The basic rules of good practice don’t change.
The definitive guide to IT security
Protecting your MSP and your customersDownload now
In some organisations, those in charge of backups can find they are always fighting from behind. As Wes van den Berg, VP & GM at Pure Storage UK&I puts it: “Expectations for disaster recovery never equal IT disaster recovery capabilities.” That’s quite a pessimistic view, but the only way an IT team can be sure they can give their best selves when disaster recovery is needed is, he says, to “perform data recovery checks at least quarterly, bi-monthly or monthly if possible. The longer between tests, the higher an organisation’s risk over time.”
Peter Groucutt, managing director at Databarracks, agrees that if left unchecked problems can mount up over time. “If you have a large enough IT environment, there will be something that doesn’t work every day,” he says. “ In most cases, the issues are minor but they need to be checked and fixed or your most recent recovery point will be too old.”
Is your provider giving you what you need?
This is all very well, but the fact is that organisations rely on third parties to provide backup services and it’s vital that those third parties do the required job. For this to happen, an organisation must get the specifications for services right. In the best examples finding the perfect fit is a ‘double-act’, where the vendor advises the organisation, but doesn’t oversell to them, and the organisation understands its needs and buys what’s necessary. Both parties also need an eye on the future, so that the organisation’s general direction of travel can be catered for.
Key questions to ask a vendor include:
- Can the solution scale and if so, what’s the mechanism, how quickly can it be done and at what cost?
- How quickly are bugs and support issues dealt with? Are new applications supported quickly?
- How fast can data be restored, including full disaster recovery?
- What archiving services are on offer?
- How are backups protected from ransomware, data theft and other attacks? For example is there end-to-end encryption to protect any stolen data, and are backups properly isolated from the network?
While this isn’t an exhaustive list and organisations’ needs can and will vary, these five elements should be considered core to any backup strategy as if any of them should fail, it can be disastrous for individuals and the organisation. Groucutt puts it in simple terms: “No-one gets promoted when [the restore process] works, but you will be dismissed if it goes wrong.”
He adds that while “in an ideal world, backups would just happen silently in the background, in the real world, they fail quite frequently”.
Working from home doesn’t change the basics
The vaccine rollout means that an increasing number of companies are welcoming their employees back to their offices – especially in the US. However, in other parts of the world, such as the UK, where a work from home order is still in place, businesses might be reluctant to reopen due to restrictions or simply no longer need a common working space – especially if their employees have proven to be more productive from their kitchen table. Other enterprises, most notably Salesforce, are opting for a hybrid working model which allows employees to come into the office only for collaborative projects, customer meetings, and presentations, allowing them to work from home for the most part of the week. According to Druva EMEA VP Nick Turner, “the secret to supporting a successful hybrid workforce will be in recognising how the industry has evolved and the gaps which may have been overlooked in the rush to complete projects”.
“According to our Value of Data report, since the onset of the pandemic, IT leaders in the UK and US have reported an increase in data outages (43%), human error tampering data (40%), phishing (28%), malware (25%) and ransomware attacks (18%). As the threat of ransomware continues to rise, the rapid expansion of endpoints and cloud-based collaboration tools like Microsoft 365, Salesforce, and Google Workspace must be met with the right level of protection to safeguard against increasing risks,” he said.
Whatever the working model, companies have to factor in their backup regime and it is now a fact of life that organisations need to be able to reliably store, access, and restore files to remote users as a matter of everyday practice. With that in mind, Wes van den Berg gives some advice: “Businesses should look to backup vendors that make it easy to manage a product remotely and let leaders make changes quickly and with minimal disruptions.”
Servicing a home-based workforce may have allowed some key issues with organisations’ backup and restore processes to become visible, but perhaps those issues have been lurking for a long time, waiting to bubble up to the surface. Catch them early and deal with them, and they’re an opportunity. Carry on with the same old, same old, and sooner or later they turn around and bite you.
Consumer choice and the payment experience
A software provider's guide to getting, growing, and keeping customersDownload now
Prevent fraud and phishing attacks with DMARC
How to use domain-based message authentication, reporting, and conformance for email securityDownload now
Business in the new economy landscape
How we coped with 2020 and looking ahead to a brighter 2021Download now
How to increase cyber resilience within your organisation
Cyber resilience for dummiesDownload now