1. Identify Your Critical Data and Processes
The first step is to verify and identify all critical data and systems that need to be backed up. This includes not only on premises data, but also data that might be stored off-site including cloud storage, email and data stored with vendor services such as Microsoft’s Office 365 and Sharepoint.
You must also consider whether any of your data is regulated since it requires special handling of the data. Are you required to maintain compliance with laws such as the Health Insurance Portability and Accountability Act (HIPAA), Sarbanes-Oxley, Payment Card Industry (PCI) or other regulations?
Considering every source of critical data and each critical process needed to continue operations is important not only to prevent data loss, but is also a part of a broader disaster recovery plan to ensure your business continuity.
2. Determine Your RPO and RTO
In the event of data loss, how quickly can you be back up and running?
Every organization will have a “recovery point objective” (RPO) and a “recovery time objective” (RTO) that is unique to them.
The RPO is the frequency of your backups, whether that’s every 24 hours or more often. It also includes retention—how long do you need to keep your backups? How much data loss is tolerable?
The RTO refers to how much time it will take to perform a recovery, replace the machines or servers if necessary and get the recovery data back onto the machines and servers. How much interruption to production is tolerable?
3. Implement a Modern “3-2-1” Backup Plan
Once you’ve determined your RPO and RTO, the next step is to implement a 3-2-1 data backup plan. This simply means that you maintain 3 copies of your data on 2 types of devices or media and include 1 remote, off-site backup. 3-2-1 backups originated in the early days of data protection, where companies stored data on tapes with a 2nd copy taken to an external physical location. The model has changed over time to include on-site servers and today’s virtual backup options.
We typically back up clients’ data both on-site and off-site every four to 12 hours, and sometimes as frequently as every 15 minutes.
On-site backups make restoration faster. Off-site backups are more secure and protect your data in the event something happens to your onsite backups (eg – the building burns down or a pipe bursts and floods the office).
Having both will give you peace of mind that you’ll be back up in running a quickly as possible in case of an issue.
Other things to consider:
- Backups should be automated, regularly scheduled and encrypted
- Be sure to include all company devices such as tablets, phones and other connected equipment
- Have a policy for data on personal devices
- Compliance requirements for your industry may dictate how data is backed up and how long you must store it.
4. The Final Critical Step: Validate Your Backup Process
Does your backup plan ensure limited or no downtime? When it comes to protecting data, a common pitfall is not testing the backup process. Complete testing of your backup plan will ensure it is complete and works as expected.
- What is the plan to get backup hardware to your business, and how long will it take for new equipment to arrive?
- How long will it take to transfer data from the backup to the systems?
- How much downtime—if any—is acceptable due to data loss?
When we work with customers on their backup plans, we always simulate an outage to determine how much downtime may occur. If even a brief shutdown of operations would be detrimental or catastrophic, NO downtime may be your goal.
We can build your backup plan to meet your specific goals.