Monday, January 08, 2018

Backup Vs. Disaster Recovery - Yes, There's a Big Difference.

You backup your data. You're prepared to handle the next big disaster, right? Wrong. DR requires much more than backup.

Difference between backup and DR

Let me begin this discussion with a personal revelation. I don't have a DR plan for my personal data. I do back virtually all of it up, however, using cloud services. If the unexpected happens - I lose my laptop, my HDD suddenly gives up the ghost or my computer suffers a fatal coffee spill - I can use my backups to recover from the event. But recovering will take me a long time and a fair amount of effort. I'll have to remember the password to my cloud backup service. I'll have to download all my files and put them on my new computer, probably losing some of the original directory structure in the process. I'll probably also have to reconfigure some of my applications manually because some of them depend on configuration files that are not part of my backup routine. This is all fine because I'm just an individual. 

If it takes me a few days to recover from a disaster, no one's going to go insane or get sued. If I were a business, however, my current backup strategy would fall far short of providing the complete DR solution that I'd need to ensure I could recover from an unexpected event quickly enough to prevent serious damage to the business or its customers. I might also be responsible for keeping pace with compliance regulations that require me to be able to backup and restore sensitive data within a specific time frame. (Related: Planned or Unplanned, All Downtime is Bad)

Building a Complete DR Plan I mention my personal backup strategy to illustrate why backing up data is only the first step in a complete DR plan. To prepare fully for a disaster, you should not only backup data somewhere, but also do the following:

  • Ensure that all relevant data are backed up.
    You may not need to backup every bit of information on your file systems. Temporary files, for example, probably don't need to be backed up. On the other hand, it can be easy to overlook certain types of files that you would want to backup (such as configuration files in the /etc. directory on a Linux OS - which I'd backup from my personal system if I were more responsible).
  • Secure your backups.
    Backed-up data is no good if it is damaged or data quality errors are introduced into it. In addition, backups can be a fertile source of information for attackers in search of sensitive data. For both reasons, it's crucial to ensure that your backups are secured against intrusions.
  • Determine how frequently backups should be performed.
    Performing continuous real-time backups of all your data is the ideal, but it is usually not feasible. Instead, most organizations determine how frequently they should backup data by determining how much of a lag in data they can tolerate without a critical disruption to business operations.
    If you could afford to lose a day's worth of customer records (or recover those records manually in a reasonable period of time), then you can perform daily backups. If you can tolerate only an hour's worth of lost data, then do a backup every hour.
  • Include your personnel in the plan.
    Determine who will perform backups and who will be on call to restore data in the event of an emergency.
  • Have a process in place for recovering data.
    Backing data up is one thing and restoring is another. You should have a recovery plan in place for different scenarios: One in which your infrastructure remains intact but your data is lost (in which case you can recover from backups to your original infrastructure), and another for a situation where you need to stand up totally new infrastructure, then recover data to it. In both cases, your data recovery plan should include as much automation as possible so that you can get things backup and running quickly. However, you should also build in safeguards to ensure that important data is not overlooked during backups, or files corrupted.
  • Ensure the quality of backups and recovered files.
    The data you backup and recover is only useful if it is free of errors and inconsistencies.
Again, if you're an individual, you can get away with just backing up your data. But any business hoping to survive a major unexpected event that impacts its software or data needs a complete DR plan in place. Backups are only one part of that plan.