IT failures and data loss are not only annoying, they endanger the company’s existence and usually cost a lot of money. To make matters worse, companies must take appropriate data backup and data recovery measures under the EU GDPR. Against this background, companies should implement a powerful backup and disaster recovery strategy that, in addition to efficient and regular data backup, also includes contingency plans for rapid and reliable data recovery – including for data from cloud services and software as a service offerings (SaaS).
IT failures and data loss come faster than you think. They can be caused for a variety of reasons. This ranges from hardware or software errors, targeted hacker attacks and ransomware to human error and accidents.
Although the majority of companies are now aware of the dangers, in many places insufficient precautions are taken for data backup and data recovery in the event of a disaster – especially when using cloud services and software-as-a-service solutions.
Because the fire not only completely destroyed several thousand servers, but also irretrievably destroyed all sorts of data from numerous companies and organizations – especially those who, for cost reasons and belief in the security of the cloud, have not taken any backup and disaster recovery precautions at all.
The 3-2-1 Golden Rule For Backups
Effective and continuous data backup is essential when it comes to maintaining business continuity, protecting data and protecting against major threats and disasters.
As a Rule, Companies Should Follow The 3-2-1 Backup Rule
In short, the rule defines that companies
- should keep their business data in triplicate,
- on two different storage technologies,
- of which a copy is kept externally.
The beauty of the 3-2-1 backup policy is that it is easy to understand, maintain, and usable even when backing up cloud services.
However, companies should ensure that the original data and backups are not backed up by the same provider, in the same server farm or on the same server, but in several different data centers that are physically independent of one another.
With this measure, companies not only prevent serious data loss, as in the case of OVHcloud, but also long downtimes in an emergency and financial losses.
When Creating A Disaster Recovery Plan, Companies Should Consider The Following, Among Others:
1. Analysis Of Company Processes
In the first step, companies must define the scope of business continuity management and identify all problematic business processes that are of essential relevance to the company.
2. Risk Analysis And Calculation Of The Financial Effects
After all critical business processes have been identified, companies should carry out a risk analysis and, if possible, quantify the costs that result in exemplary downtimes. On this basis, it can be decided which countermeasures are appropriate and to what extent.
3. Definition Of Responsibilities And Involvement Of Colleagues
In order to ensure effective control and monitoring of emergency management, companies must define responsibilities and processes that can start the necessary recovery steps in the event of damage. Logically, this presupposes that elementary colleagues are aware of all the steps and objectives of business continuity management.
4. Defining The Recovery Point Objective And Recovery Time Objective Variables
In order to design an appropriate disaster recovery plan that maintains business continuity after an unexpected incident, organizations need to determine several metrics.
The indicators of the Recovery Time Objective (RTO) and Recovery Point Objective (RPO) are essential parameters for emergency planning.
- The RTO is the time allowed for data recovery, that is, the maximum time that can elapse from when the damage occurred to when the system is fully recovered.
- The RPO is about the question of how high the maximum tolerable data loss can be between a backup and the failure of the system.
5. Continuous Control And Testing
In order to check the usefulness of emergency management, companies should carry out exercises and tests at regular intervals that simulate an IT or server failure. Depending on the test results, the implemented backup and disaster recovery strategy can be continuously improved.
A Backup And Disaster Recovery Concept Is Not A Possibility, But A Necessity!
Cloud services and applications “as a service” have become indispensable in everyday business. However, the convenience and round-the-clock availability of the data mean that companies forget that the cloud is ultimately a physical location – and that this is just as susceptible to disruptions and failures.
Because of this, companies should definitely reflect on their existing backup and disaster recovery strategy, modernize it if necessary and, in particular, regularly check it in order to work on continuous improvement of the implemented backup and disaster recovery strategy.
As is well known, companies can only minimize downtime in an emergency and ensure business continuity as well as the availability and integrity of business data with efficient and regular data backups and reliable data recovery within minutes.