3 Questions to Help SMBs Plan a Backup Strategy
If a business cannot go back, it also won’t be able to go forward when something happens to its applications or data. The need to go back is not a matter of if, but when. Inevitably, something will happen that affects app and data availability.
Some risk scenarios make headlines: fires, floods, hurricanes or other natural and manmade disasters. There are also those that do not but are generally more likely to occur: a virus or malware infects a presentation or financial spreadsheet; somebody accidentally overwrites or deletes an important file; a database table becomes corrupted — the list goes on.
Therefore, the need to protect data against varied threats requires that companies, even the smallest, develop a solid backup strategy. But where to start? Here are three questions that businesses will want to answer as they draw up their backup strategies.
What are the chief challenges?
When it comes to developing a backup plan, most businesses must address a few common challenges:
- Data and information stores continue to grow.
- Budget constraints often mean doing more with the same or only a slightly larger IT budget.
- Data has a longer life span — that means more data to protect longer.
- Threats to data and applications evolve, requiring changes in backup and protection plans.
The IT and management teams will want to look at how these challenges play out in their organization and be prepared to revisit that information as the team develops its strategy.
It’s also important to note that not all data needs to be protected to the same degree. Some considerations that will be specific to different data sets include backup frequency, backup amount (full or partial), the number of copies made, and where and for how long they will be kept.
What should we protect?
A good place for any business to start when deciding what to protect is to identify the threat risks it must protect against and their relative likelihood. It also should evaluate the relative impact and associated costs in the event a threat becomes reality. This way, the company can prioritize threats and costs and explain to users that it probably won’t be treating all threat risks the same for all apps and data.
The IT team will also need to determine whether any data protection efforts in use were built around specific technology tools and services or if they were chosen based on business needs. The key is to distinguish needs and requirements from technology that someone might want or like to have. But, like the song lyric, while a business might not always get what every user wants, if it tries it can get what most users need.
Now that the IT team has established its backup criteria and has determined what apps will be protected to meet different threat risks, the next step is to focus on time- and technology-driven elements. This means addressing backup frequency, where to back up data (local, remote or cloud), what type of data is being protected (physical or virtual), the amount of data that needs to be copied and for how long.
Most restores from backup tend to be from recently saved data, so having a buffer speeds up restoration times. Disk-to-disk (D2D) technologies can also make user-initiated restores easier, while enabling data to be streamed more effectively to secondary storage.
D2D backup solutions can also be used for automated tiering or movement of data between local and offsite storage, including cloud storage services.
How can we reduce and manage what we must back up?
Data footprint reduction through archiving, compression, consolidation, data management and deduplication enables more data to be stored with less impact. Using space-saving snapshots instead of full copies also helps to reduce the data footprint and can result in further savings.
But here’s an important optimization caveat: The IT team should regularly monitor the storage environment to spot and resolve any bottlenecks, which could include archiving data at the source so that downstream activities — network, disk, tape and cloud usage — benefit.
It’s incredibly valuable to regularly archive files, home directories, email and databases along with project-specific data when completed. But saving and moving the data itself is not enough. Businesses need to make sure applicable apps and settings along with metadata are also preserved. Real-time data compression and dedupe can further reduce the data footprint at the source and the target destination, resulting in more effective network bandwidth usage.
Ultimately, understanding the company’s apps requirements along with applicable threat risks will help the IT team settle on the policies, technologies and services to implement for its backup strategy. The result? More data can be protected in an effective manner and be available more quickly when a restore is necessary.
Is the cloud the magic (and safe) bullet to address backup and data protection challenges?
Cloud storage, backup and archiving services can be safe if the IT team takes responsibility for implementing best practices, which include evaluating providers on more than just a cost basis. An evaluation also should look into each potential provider’s physical and logical security capabilities, service-level agreement options and reliability information.
It’s also critical to ensure that data backed up to a cloud provider is secure and encrypted. Although cost is important, look at functionality, ease of moving data into and out of the cloud, compatibility with existing tools and service reliability.
To make effective use of a cloud provider, a business might opt to back up only some of its data to a cloud service. Data that the business needs frequently could be copied to the cloud, similar to how it might use onsite disk-to-disk protection. Then data that changes less frequently or is not as mission-critical might be archived offsite or backed up to the cloud less often.
When it comes to backups, all things are not created equal.
By not treating all applications the same in terms of threat risks (what can or is most likely to happen), a business can weigh the different forms or amounts of protection it should apply. The IT team should conduct a business impact and threat risk analysis to identify the most likely scenarios, along with those that might or could happen. Based on those insights, it will be able to stretch the IT budget further while assuring applicable levels of data protection.
This approach will set the stage for determining service-level objectives and agreements, as well as recovery time and recovery point objectives. Making a backup program affordable requires using these criteria to help determine the data and applications that need to be protected — both to what extent and how frequently. By not treating everything the same, critical data can be backed up more often, while the time intervals for other data can be less frequent.
Businesses should also revisit “needs” versus “wants,” which often get confused. Based on what users and managers request, the IT team can price out options so that management can prioritize based on benefit, risk and cost factors. Sometimes, when cost comes into the equation, “wants” change to “needs” and vice versa.