Most organizations invest heavily in cybersecurity. Yet, their infrastructures remain vulnerable to cyber threats as social engineering and hacking tactics evolve. At least 93% of networks can be breached, according to Positive Technologies. So unless you’re in the other 7%, your organization’s security system can fail sooner or later, compromising operations and the safety and integrity of critical data.
Disruptions can also be an unpleasant experience for your customers. Even the shortest of service interruptions, let alone prolonged downtime, can make your customers shy away. If you want to prevent service lags, minimize downtime, and avoid both data and customer loss, an effective data backup strategy is a must-have.
Building a strategy for data backup means thinking about the workflows required to support production continuity in your organization, even in the event of a global disruption. An ICT provider like BTC Network can’t afford any downtime. With a complex IT infrastructure that includes 14 physical servers and 100 virtual machines across 7 locations in 4 countries, its backup strategy relies on NAKIVO’s solution to maintain strict SLAs.
Enterprise Backup Strategy: Key Points
At first glance, answering these questions may seem like a walk in the park. But trust us, it’s not as easy as you think. Each question is a step towards understanding your organization’s specific infrastructure priorities, requirements, and available resources.
Below, I describe how to create a backup strategy for mid-size and larger companies based on the answers to the questions above. But before I proceed, it’s important to note that the strategy will differ significantly depending on the size and needs of your organization. For example, larger companies typically have more data to protect with zero tolerance for downtime. They can also afford larger budgets to implement a multilayered approach to data protection.
1. Identify backup requirements.
Even though we’ve all heard about the importance of an effective backup strategy, many organizations are still a far cry from it. Almost 90% of organizations back up their data, and 76% still suffer data breaches and loss.
Backup requirements should be your first step. This corresponds to the first three questions in the list.
So first, identify which system in your IT environment has the least tolerance for data loss and downtime. Here, we usually focus on the machines with critical data stored on them or those machines with critical applications. The priority level of certain data types can indicate how their loss affects operations and business continuity. Figure out the types and priority levels of data across the environment. The structure you get indicates the desired backup frequency for a specific data category.
2. Choose storage for backups
Now that you know the priority and sequence of your data backups and determined recovery objectives for all machines, you need to determine which backup storage to use. Or better to ask: how many backup storage types can you use at once?
An effective backup strategy is impossible without the 3-2-1 backup rule. Simply put, you need to have at least 3 copies of your backup data stored on at least 2 different storage media, with 1 copy stored offsite. There are variations of this rule, according to which you should also have at least 1 copy stored offline and at least 1 copy of your data should be verified and error-free.
In my experience, the most common combinations are using local (onsite) backups with remote backups offsite (on servers with hard disk drives) or in the cloud. I usually recommend customers store primary backups onsite (for faster recovery), send weekly backup copies to secondary storage, and store monthly copies offsite, be it in the cloud or on tape.
3. Understand the threats
Analyze the specifics of your organization to find out which threats are more relevant in your case. This will help you fine-tune strategies for multiple disaster scenarios.
Typically, data loss can happen due to:
- Ransomware
- Hardware failure
- Software disruption
- Power outage
- Natural disaster
- Human error
Organizations reasonably concentrate on external threats such as ransomware infiltration. But the risk coming from the inside of an organization is not lower: 95% of data breaches happen due to human error.
Cybercriminals often use employees’ inattentiveness to infect data. For example, I can remember when a customer had an employee who opened a phishing email and infected his OneDrive with ransomware (if you think that phishing is an outdated strategy, check the stats: almost 40% of breaches involved phishing in 2021). OneDrive was set up on the employee’s computer as a volume, and it had files that were shared with other employees. As a result, ransomware spread across the company, and most of the files in OneDrive were corrupted.
4. Ensure backup administration effectiveness
First things first, you need to invest in staff training, including incident response, cybersecurity and ransomware awareness, etc. Your IT teams should have comprehensive checklists for different disaster scenarios with clear steps they need to perform and responsible people they need to contact with. Without this, administration efforts will never be as effective as you expect.
To improve the efficiency of administration, you should automate as many workflows as possible to reduce the amount of work and mistakes that people have to do. An efficient and automated administration process can save a lot of money in the long term.
5. Calculate the needed budget
Before I write anything in this section, a quick reminder: the total backup system cost is never as high as that of the data loss that might occur.
The amount of funds you’ll need to spend on the backup strategy includes not only the backup solution and infrastructure that you require right away but also the investments in the system upgrades, expanding storage needs and more. It doesn’t mean that your backup strategy will take a heavy toll on your budget, though. Based on your recovery objectives, available infrastructure, data threats, and other criteria we discussed above, you can make an informed decision about where you can cut the budget and where you can not.
A tip. In case you are on a shoestring budget, consider backup and disaster recovery outsourcing, also known as backup/disaster recovery as a service (BaaS/DRaaS). This way, you will reduce data protection costs and offload the administrative burden. However, as you grant third-party vendors access to your data, you need to consider possible risks, such as a lack of security and vendor lock-in.
Read the full article here
Top comments (0)