Entrepreneurs typically have to be all things in businesses. They act as owner, financier, bookkeeper, janitor, delivery person, product expert, and of course computer support. So, with that in mind I wanted to cover the Why, What, and How of backup and recovery split into basic and advanced topics.
This may seem a bit odd to ask, but it’s a fair question. Why do we need to back up our data? Simply put, your data is the life blood of your business (see the What section for examples).
• So much of our world is connected systems and most have become reliant on that connection to conduct business. So, when your systems or computers are not available most businesses cannot “do” business which can impact revenue and customer satisfaction (key for return clients and referral business).
• In our modern business climate even small businesses are expected to be available when the client needs you. If you are experiencing computer issues you cannot be responsive to your clients.
Without backups it will take a considerable amount of time to get your systems into a state as close to the original point of failure as possible. Taking this type of time out of a schedule that probably doesn’t have much leeway can severely impact your ability to conduct business. There is an important concept within any backup and recovery strategy called lost opportunity cost (borrowed from the economic realm). If there is a computer outage/data loss what is the cost in revenue or reputation of not doing something or not having access to your business information? And, more importantly, what would that physically cost you? This potential loss is a key component in determining what the potential ROI (Return on Investment) would be in spending money on any backup and recovery technologies.
Most businesses need to consider a manual backup process – A backup to the backup, so to speak. I recently had a new client that had a storm take out her computer, the only one, and it didn’t have a backup. So, while I attempted to recover her data, which was eventually successful, she continued to do business with a manual paper system. Without realizing it she was modeling an important concept: when you go down we recommend you have a way to conduct business while the recovery is in process. The more you can conduct while down the less impact to your revenue and customer satisfaction.
Deciding what to backup and keep versus what to ignore is a key decision point for any backup and recovery strategy. There are many schools of thought on this. Some feel that a broad “back up everything” approach is safest and some feel a more surgical approach is appropriate. Let’s cover some of the basics. For your average single person owner backing everything up is a good strategy as it removes any doubt about what is backed up, but it will typically take much more space. It can grow out of control if not done properly and most users will need to keep tabs on it to ensure it stays cleaned up. We recommend keeping a weekly and/or monthly mirror of your operating system and supporting data (important data) and nightly backups of your critical and mission critical data. The key here is ensuring there is more than one copy of your data, and for this cataloguing is key (see below). Storage has become very inexpensive and your average small business can simply purchase a large drive and store a regular complete “everything” backup nightly and be comfortable that everything is covered.
*NOTE: Sometimes wholesale “everything” backups can actually back up the actual issue/corruption/virus/etc… and, if enough time passes, there is no ability to recover.
Identification of data types can be useful in deciding what to backup if space is an issue or the type of data needs different handling (sensitive personal data, financial data, etc…). So here are typical data types:
• Mission Critical Data: this includes financial data, client’s information, active project/product data, etc… and any data that changes on an hourly or daily basis.
• Critical Data: Marketing data, client contracts, product data, inactive client data and any data that is more static and may only change monthly or quarterly
• Important Data: Supporting documents, PDFs, images, fixes and patches, downloads, Operating Systems, Applications, Keys, etc… and any data that may only change annually or maybe never change.
• PII (personally identifying Information): SSN, Credit Cards, medical data, etc…
So, for a more surgical approach to backups where you need to treat data differently we have a number of options. You can store these different types of data on different media and then backing up separately. This is very useful when encryption is necessary for specific types of data backups. Also, data can be on a single location and utilizing a backup tool (see How below) to separate based on location or data type.
*NOTE: Encryption sounds great and secure, so, lets encrypt everything! Right? But, there are some potential pitfalls. If you lose the key or credentials then you no longer have access to your data. And, encryption often takes more time to backup and recover due to the extra layers of security.
There are a number of tools available within the operating system you are using and numerous tools on the market that all work for various requirements. There are three types I want to highlight (there are more):
• The easiest and quickest are operating system based recovery tools that will create images of your current system (all of it) and allow you to recover to a point in time. These backups are simple and easy and typically have a catalogue of backups over time that you can choose from. They do take up more space and can be finicky for a stable recovery and corrupt images can be an issue.
• Third party image tools will take images of your computer or server (similar to the embedded version mentioned above) and allow you to completely recover from a disaster. These are typically more stable and there are a number that allow you access to the individual files should you just need a file off an old backup image.
• File backup tools/synchronizer tools will simply backup files or directories that you can go back to and recover specific files or directories.
There are a number of free versions of all of these types of tools and most of the time simplest is best. For most small businesses the built in tools are sufficient to allow you to recover in case of issue, but should you need more advanced tools we can recommend a number of cloud or local backup tools.
As a business you need to decide at what level of recovery you will need to be if there is a disaster that impacts your computers/servers. Do you want to just restore data, recover the systems, or maintain availability? Each option requires a different, and sometimes layering, set of technologies that perform the backup and recovery.
• If you just want to restore the data and/or files only a basic synchronizing tool is all that’s needed. These tools simply copy the files into a backup location (drive or directory) and usually will copy everything once and only copy the changed files as time advances.
• If you want to recover the entire filesystem or complete system recovery a different toolset is required. These tools typically take images of the filesystem or a complete system (multiple filesystems) and allow for a complete system recovery. These tools are typically called imaging tools, but there are file level versions as well. Very useful when you’ve lost your entire system and have a backup computer.
• Maintaining availability is a very advanced topic. This option requires an active duplicate system that constantly has the active data copied or replicated to it, and should your primary system crash or have some issues the duplicate system can them become the primary system with no data or time loss.
Recovery testing is probably one of the least focused activities and IS one of the most important activities for any backup and recovery plan. Why? Because it takes up time and effort to mock up what your recovery looks like and then test, knowing that if it works you will have spent the time on no actual recovery, just the test. But, it’s most critical as your backup is useless if you don’t know if it actually works. It is recommended that any backup system (any mentioned above) is recovery tested at least twice a year. Just make sure it works! You really don’t want to be at recovery time, when everything was lost, and find out it wasn’t backing up correctly.
Always have at least one backup at an offsite location, even if it’s your home office. It makes no sense to have all of you data, primary and backup, at the same location and have that location have some form of disaster, natural or otherwise. This can be a combination of onsite and offsite backups and can include cloud backup locations as well. Be careful you don’t have so many backups that the recovery order gets confused, there is a balance to the number of backups and locations of each.
In any backup and recovery strategy two important points always need to be decided. How much data can you lose and how long can you be down with least amount of impact. We call these two the Recovery Point Objective (RPO) and Recovery Time Objective (RTO):
• RPO – How much data loss you can stomach losing (i.e. 4 hours, 24 hours, 3 days)
• RTO – How long it takes to get back up and running
These two decision points determine much of the What and How you will need to implement from above. If you can deal with being down for a week you might not need as costly a backup and recovery tool or automated process but, if you cannot have less than 4 hours of downtime suddenly the costs skyrocket and the process needs to be automatic.
Any Questions or Need assistance please do not hesitate to contact us @ 470-236-1999 or firstname.lastname@example.org