Back in April, we gave you Ten Questions You Need to Answer to Survive a Data Disaster. Recall that, “Good business relies on good planning. Anticipating scenarios, detailing responses and understanding consequences is an essential part of your business survival kit.”
This notion remains true, and I’d like to take a more in-depth exploration of Data Backup and Disaster Recovery.
Data disasters can be the result of human or hardware error. In any case, safeguarding against data loss is imperative in today’s Information Technology climate.
Let’s look at the risks you need to start assessing.
Assessment of Risks – Plan Ahead
The first thing you will want to do is assess the risks related to securing the data for your business and clients to ensure business continuity.
Depending on the services you provide, annual risk assessments may be required. There can also be compliance requirements, such as the Payment Card Industry Data Security Standard (PCI) or the Health Insurance Portability and Accountability Act (HIPAA). Ensure you are utilizing HIPAA Compliant Cloud Hosting or PCI Compliant Hosting, respectively.
Let’s look deeper at data classification, data ownership, and data storage and security.
How is Data Classified
You will need to know and understand how your site or application gathers data. It is also vital to know the classification of it as well. This will determine the storage and security of data as you assess risk.
Some common data classifications are Public, Private, and Restricted data.”
Information that is available to and from the public may not need retention. If it does, the risk of compromise to that information would be low since it is public. In contrast, if private or restricted information were compromised, it would be catastrophic.
Who Owns the Data
Once you have determined the classification of the data, you will want to establish data ownership.
Does this data belong to your business, your client, or an outside individual or entity?
This is critical to determining what processes are necessary for accessing, storing, and securing the data. It is also good to have security access measures, such as Two-Factor Authentication, in place. After accomplishing this vital step, you can move on to access measures, storage, and security.
How is Data Stored and Secured
Data storage and security is a factor in the assessment process to watch on a continual basis. This will include storage capacity as well as where in the set up specific data will be.
For instance, do you want the operating system and site content on the same drive array or not?
This can also dictate the type of drives (SATA or SSD) as well as the array implementation of them. Disk encryption is another thing to consider in the security piece of the assessment. As mentioned above, determine the access method for those that need it.
If you are looking to dive a bit deeper on risk assessment, Digital Guardian has an excellent guide for putting together a business risk assessment.
Data Backup and Disaster Recovery
The final part of a Risk Assessment, which the rest of this article will deal with, has to do with Data Backup and Disaster Recovery. Critical to any Risk Assessment plan is having a data backup or recovery plan. Businesses large or small see the impact with data loss due to a catastrophic event. Having a plan in place to get back up and running should something happen is vital to survival.
During this part of the Risk Assessment, a Business Impact Analysis can prove valuable. The BIA will outline the consequences of a disruption of business function and processes resulting from data loss. This analysis will also put into place a proper backup and disaster recovery plan.
Mission-Critical Systems and Infrastructure – Know What You Need
This is where a proper assessment comes in handy. You will be putting all of the gained knowledge of your systems to use.
Because you know the classification of data, ownership, storage, and security, implementing a backup solution should not be difficult.
The other part to the equation would be the actual infrastructure itself. You will need to consider the configuration of your servers and how this setup will factor into your backup solution.
There are those that may have a single server setup. Your options are whether to back up the data on the server or to a remote location. For others, a multi-server setup will need evaluation for the best way to put backups in place. You will need to decide between backing each server up to its own server, drive, or to a single server or web cluster.
On-server backup storage, or local storage, simply means the backup and live data exist on the same server. This can either be on the same drive or another physical drive in the server. A configuration with on-server backups would have direct access to data, usually contained in the file system. This gives you some recourse should there be a need to restore a file or entire sets of data. But this would not provide the ability to recover data in the event of a full server failure.
By contrast, remote server backups provide a more sound disaster recovery option. The idea is that you are not only able to restore files and data sets, but the entirety of the data contained on the server if necessary. Depending on the implementation, direct access to the backups may or may not be an option. Still, this can be one of the best tools to consider when backing up your data.
Why Planning for Data Backup and Recovery is Important
In creating the recovery plan, it is essential to consider the Recovery Time Objective (RTO) and the Recovery Point Objective (RPO). As we discussed in our initial article on data disasters, the RTO is the measure of how long your business can be offline before the damages are catastrophic. What that time frame looks like business to business may vary.
Businesses that count on obtaining data and storing it to databases would suffer if that flow of data stopped for even one hour. Busy WooCommerce stores can lose money if potential customers are not able to reach their store to buy products. A capable backup and recovery plan should account for the time it would take to get systems restored.
The RPO is the measure of how much data you can lose during a catastrophic event before your ability to do business or remain in business is in question. There is nothing worse than restoring your systems and finding there were not enough restore points to ensure the most recent changes were intact.
Or, as in the case example of the Orleans Parish Civil District Court, data loss can occur due to having a backup solution that was not tested after a system update. Your backup and recovery plan needs to include proper testing to ensure functioning backups are happening for your business.
Have a Team – Be Ready to Go
Whether your infrastructure is in-house or with a managed provider, it is essential to have a team willing to act at a moment’s notice. If you’re in-house, ensuring your Backup and Recovery plan solves for your team’s availability in crisis will prove valuable.
If you are hosting your systems via a managed provider, it is good to know what their Data Backup and Recovery plans are. This is usually outlined in a Service and Organization Controls Report (SOC). This can be the difference between data loss, downtime for longer than desired, or quick recovery and loss avoidance.
Liquid Web’s SOC 3 report and all other certifications are available on our site.
How Liquid Web Handles Backup and Disaster Recovery
With Liquid Web, on-server backups can be with or without the use of a control panel. This holds true for our VPS, Cloud Dedicated, and Dedicated servers. Our Fully Managed servers use cPanel or Plesk for Linux, and Plesk only for Windows environments.
Using a control panel and setting up on-server backups provides flexibility in the days and times they run, giving you many restore points. You will want to ensure that you have enough server storage to house both your data and backups.
Our remote backups have a different implementation for server Cloud hosting than for traditional Dedicated servers. Liquid Web’s Cloud backups are a part of our Cloud Platform. Each backup is for the full server and runs daily. These backups store on nodes within our data centers managed by us. There are two options for Cloud Backups: Pay Per Gig and Quota Pricing. I discuss those options in a previous post, “What is Cloud VPS?“.
For Traditional Dedicated Servers, our Acronis Cyber Backup is the solution for remote backups. You can choose to run daily or continuous backups of your server, only backing up changes to your files. The latter gives you a secluded, incremental backup solution for dedicated servers. In this case, Acronis Cyber Backup takes incremental backups of your entire server to ensure that you can restore or reimage your server in case of a disaster. The initial image taken is of the whole server with more images only updating changes that made to files. All backups can be stored in our data centers or in the Acronis Cloud.
Check With Your Host for Backup Services to Match Business Needs
If your setup is being done in-house, it can be a daunting task, but having the right staff can ease the pressure. Likewise, having a managed hosting provider can make data backup and recovery easy for you. Most providers have professionals that are able to walk you through the options they provide. Liquid Web has Sales, Support, and a dedicated System Monitoring, and Recovery team available 24/7/365 to assist you with your data backup and disaster recovery needs.