Backup & Disaster What Now?
Backup & Disaster Recovery: The who, what, when, where and, most importantly, the WHY?
20 years ago, in my Computer Science 100 class, the instructor began by writing a geek-joke on the whiteboard:
“There are 10 types of people in the world. Those who understand binary, and those who do not!”
I chuckled as I was one of the 10 kids who got it. In 2020, there are only 10 types of people in the world: those who have lost data, and those who will lose data.
(In case you feel confused, 10 is binary for 2, and 101 is equal to 5)
This article is a primer for Backup & Disaster Recovery (#BDR) —why we need it, and why we need to think about it as we navigate our digitally connected spaces. Understanding the importance of BDR is vital for entrepreneurs and Small-Medium-sized-Business owners needing to safeguard their intellectual property, client data or bookkeeping records, etc. It is also important for individuals with cherished memories in digital formats (photos and home movies), or extensive collections of music and whatnot.
“With so much of our data already in the 'cloud' do we really need a Backup & Disaster Recovery strategy?”
This is fast becoming the most common question posed to Managed Service Providers. With the proliferation of cloud-storage and cloud-services like #Office 365 (for mail and documents), and #OneDrive, #Dropbox, #Google Drive, etc. (for documents, files and folders), and line-of-business services like #QuickBooks Online, many folks wonder if they are really in need of an additional BDR solution.
The answer is a resounding “yes!” and here’s the lowdown:
Given that we’ve established there are only two types of business or people in the world - those who have lost data, and those who will - let's agree that the happier folks are those who have proactively taken steps to ensure that the eminent data loss occurs on their terms and lands within acceptable, preconfigured parameters. That is, the data is recoverable back to an anticipated and reasonable point-in-time (#RPO: recovery point objective), and within an acceptable time frame (#RTO: Recovery Time Objective—the time it takes to restore data back to normal operations).
RPO: if my computer explodes at 3:00 pm today how much work and data am I ok with losing? If our backups occur daily at 5:00 pm then my RPO is a maximum 24 hours. If we are taking hourly backups, then I will be able to recover all work and data created up to 2:00 pm; RPO maximum 1 hour.
The idea is to balance the RPO cost of data storage with the cost of recreating any lost data. RPO establishes the frequency of backups.
RTO: how long does it take to recover the data that was lost? It should be noted that our RPO determines what can be recovered. The sophistication of the BDR software and the amount of data being recovered will determine the time it takes to get the goods back.
Many folks have a false sense of security that stems from the use of services like #OneDrive, #Dropbox and the like. The notion is that these services sync data to the cloud… like a cloud-based backup, right? Wrong! File syncing is not the same as backing up. Have a look:
When you work on File A and save it to the location that syncs to OneDrive (or Dropbox or Google Drive, etc.), the data finds a home within your purchased OneDrive storage allotment which mirrors a location on your physical hard drive.
When you delete File A from that place on your computer’s hard drive, OneDrive mirrors that action—it gets deleted from the cloud-based mirror.
If you accidentally delete File A this accident is replicated to the cloud.
If File A was subject to cybercrime and ransomed… sync. Shucks!
If these accidents are not detected soon enough (and by soon, I mean as little as 30 days for OneDrive for Business), then your data is lost.
A properly configured BDR solution does not work like this. It backs up data and stores it for a determined amount of time. Subsequent backups store any changes to made to the data, but the previous recovery point remains unaffected. So, if you accidentally deleted or changed the content of File A but did not realize it for 2 months (or any amount of time equal to your RPO), your Backup solution will allow you to reach back through history and retrieve a usable version of the file you need.
Typically, business data is backed up at least daily, and often considerably more than that! As mentioned above, The When defines your recovery point objectives and is determined by the amount of data you are ok with losing if and when disaster strikes. For many SMBs a daily incremental backup is sufficient with a Full Backup occurring once weekly. (Incremental Backups only protect only the data that has changed since the last Full or Incremental Backup.) Some companies establish complex BDR schemes that sees constantly-evolving, mission-critical data backed-up with greater frequency than less important data.
Where then, should these backups live, if Dropbox (OneDrive, Google Drive, etc.) is not sufficient? A proper BDR scheme follows, at a minimum, the 3-2-1 rule. 3 copies of the data exist, on 2 types of media, and 1 is stored offsite.
3 copies: On the computer hard drive; on a backup storage device; and on offsite media (tape/cloud/removable drive/etc.)
2 Types of Media: What this really means is on 2 distinct storage targets. Not 2 different folders on the same hard drive or upon 2 volumes on a single RAID array. So, your computer hard drive (original location can be 1) and a BDR storage device can serve as a second, as can the offsite media (whatever form it takes).
1 location should be off-premise, in case the building is swallowed by an earthquake or destroyed by a fiery meteorite.
As mentioned earlier, everyone will experience data loss at some point. This can be catastrophic. It always happens at the worst possible time, and the cost of rebuilding the data lost usually exceeds what it cost to create in the first place—that is, if it can be recreated. Some documents simply cannot as they contain signatures or other legal records and sensitive materials. In a nutshell, the crux of the why is this: your BDR solution is an asset, not an expense. The cost of recreating lost or compromised data far exceeds the cost of planning for and implementing a disaster mitigation strategy, which can and will save your biscuits.
The how is up to you, but INTECH would love to help with a custom built, proactive and scaling solution. Contact us today and let’s begin the process of mitigating the perils of data loss.
firstname.lastname@example.org | 306.914.0846
One More Thing:
While researching an building a custom solution for one of our clients, which corresponded with writing this piece, we confirmed some rather scary facts about QuickBooks Online. The product advertises a backup & disaster recovery facility to guarantee clients access to their data. What is not advertised is that this facility is to protect Intuit in case their servers suffer some catastrophic incident. The QuickBooks Online BDR is not in place to roll back user errors, or to recover from malicious cyber attacks. If you accidentally delete your General Ledger, your only recourse is to rebuild the General Ledger. This is QuickBooks Online, out-of-the-box. There are a handful of 3rd-party applications that provide comprehensive BDR solutions for QBO. Contact INTECH for more information, or to read the terrifying chat-logs documenting questions we posed to Intuit support.
Have you protected your assets? Contact INTECH today if you have any questions, or require any assistance shoring up your computer’s defences. We offer a host of solutions that will help to keep your assets safe; ask us about integriTRUST, integriSHIELD or familySHIELD for details.