In our previous blog, we examined a few different types of backup methods and outlined some benefits and drawbacks to each approach. While selecting the right type of backup for your organization is critical, that is only the first step toward ensuring that your important data is fully protected. Once your chosen backup method is in place, it is crucial to conduct periodic comprehensive backup reviews to be certain that your backup won’t let you down when you need it most.
Consider the following scenario which I like to call “How to lose a million dollars in 10 days”: Your organizations talented and dedicated IT staff have worked round the clock over the weekend to move the accounting software and accounting data from a clunky, old server to a fast, new server. The IT team has worked with the application vendor and stakeholders within the organization to test and verify that the move has gone smoothly. On Monday morning, the accounting staff show up and get right to work, receiving payments, paying bills, and doing other accounting-y stuff. Everything is perfect and the world is a happy place.
Now we fast forward a week. The IT staff gets a call first thing in the morning from someone in accounting who seems to be hyperventilating and claiming that they’ve accidentally deleted a million dollars from the account (that probably happens, right?). No problem says the IT staff, you just grab a paper bag to breathe into and we’ll get to work recovering from the backup. They open the backup software and browse to the accounting server…the old, clunky accounting server…that no longer has the accounting data on it…because it was all moved to the new server last week…uh oh. Now we’re all hyperventilating because no one added the new server to the backup.
While the example above may be a little extreme, this type of issue occurs with surprising frequency. Corporate infrastructure and the data that resides on it is constantly changing. Databases are moved from one server to another. User files are moved from one network location to another. The location of production data is constantly changing and, without a plan and process in place to review data backups, it is only a matter of time before an organization finds itself is a similar predicament to the one above.
So how do we prevent such a situation from happening? I’m glad you asked. To reduce the likelihood of a situation such as the one above, we recommend that the IT staff inside an organization (or a vCIO from your outsourced IT vendor) regularly sits down with key members inside the organization’s various departments to conduct a Comprehensive Backup Review (which I will call a CBR going forward because it’s way easier to type). A CBR will generally consist of presenting the various departments with a thorough reporting of the resources and data that are currently part of the backup plan, discussing any upcoming data related projects (new servers, new applications, etc…), and reviewing any changes made since the previous CBR. By consistently scheduling a CBR on a monthly or quarterly basis, organizations become far less likely to find themselves in a situation where critical data has not been added to the backup. An additional benefit of a regular CBR is that it allows for identifying old servers and old data that are no longer needed in the backups and can be removed, saving the organization the cost of storing unneeded data.
What else should I do to make sure my data is protected? Because the IT staff will already be in the backup mindset, the CBR is also a great time to perform some recovery verification testing to be certain that the data being backed up is recoverable. This process will vary depending on backup method, however, it essentially consists of identifying random data across the organization and performing a recovery of that data to a non-production storage location (so as not to overwrite or interfere with production data). Performing these recovery verification tests prior to the CBR will allow the IT staff to present to stakeholders any information regarding the recoverability of corporate data and identify any issues that would require discussion at the CBR meeting.
As we have shown, simply having a backup solution in place is only the first step toward protecting your organizations valuable data. Making sure that the backup contains the RIGHT data is critical to ensuring that your business is protected. Making a CBR part of regular operation can reduce or eliminate instances of data being inadvertently excluded from backup, and in some cases, can save an organization money by identifying data that should no longer be part of the backup routine. We also recommend that backups be tested prior to the CBR to identify any issues and allow for correction of those issues before they become a disastorphe* (that’s a disaster and a catastrophe at the same time).
*This is a word that my daughter invented when she was 4 that I think should be in the dictionary already.