Tech Tap

A backup administrator’s job is like that of a pilot—hours and hours of utter boredom, followed by moments of sheer adrenaline. Let’s face it. We all know that backup isn’t sexy – but it’s absolutely necessary. In some cases, it’s the last line of defense from ever-increasing malware, ransomware and just plain human error.

I served a five-year tour of duty at a disaster recovery services company, so backup is near and dear to my heart. In honor of World Backup Day, I give you Dave’s Eight Simple Rules for Backup:

Rule #1: Practice, Practice, Practice

Whether you’re a rocket scientist, surgeon or a musician, the only way to get good at what you do is by practicing your craft. The best way to excel at recovering data is to practice. There may come a time when recovering data is absolutely necessary for business survival. Being able to recover data is what turns IT nerds into heroes.

With backup software, the second most common operation is recovering files. You know the scenario: Betty in Accounting overwrote the accounts-receivables spreadsheet with a blank copy. It’s your job to get the good spreadsheet back. You do this all the time. It’s easy. But, are you confident you could recover all of your business’ data if your storage array suffered irreparable damage? What if your file shares suddenly became encrypted and held for ransom? How do you build your skill set and confidence to recover data and be a hero? Practice.

New backup techniques and virtualization technologies make practicing recovery easy. You can create virtual labs and test recovery without affecting the production environment.

Rule #2: Murphy’s Law Exists in IT

As part of my turn at disaster recovery, I witnessed all kinds of shenanigans, from pallets of tapes being run over by tractor-trailers to disk arrays rolling off the loading dock, lost passwords and more. And all of this was AFTER the actual “disaster” occurred. If anything can go wrong, it will. And don’t forget Murphy’s Law of Data Loss, which says “The probability of a hard-disk crash increases with the number of days since the drive was last backed up.”

Rule #3: Don’t Confuse Replication with Backup

Replication is a key technology in many disaster recovery plans. It is a “hot copy” of production data, allowing for a shorter recovery point objective (RPO) and a shorter recovery time objective (RTO). However, this means corruption at the source can be replicated and corrupt data at the disaster recovery target. Separate point-in-time backups are still recommended in most cases. A backup is a separate “cold copy” of production data—protected if the source is corrupted.

In the scenario where Betty in Accounting overwrote that important spreadsheet, the new file is likely replicated. You will need to recover it from a backup. If ransomware encrypts your customer database, chances are that the encryption will be replicated to the DR site. You will need to pay the ransom or recover the database from a backup.

Rule #4: Remember the “3-2-1 Rule”

Borrowed from Photographer Peter Krough, this is a simple rule. In a nutshell, you should:

• Have at least three copies of your data. This would be your primary and two backup copies.
• Store those copies on at least two different media. This would be your primary data repository and a secondary repository, such as a backup disk device or tape.
• Keep at least one backup (cold) copy offsite. You should replicate that backup disk or send your tapes off-site.

Rule #5: Tape is dead! Long Live Tape!

Many businesses have eliminated backup to tape and incorporated a “disk-to-disk” (D2D) backup scheme instead. Assuming the backup repository is replicated off-site to a secondary data center or to a cloud storage provider, this may be sufficient, depending on your business requirements. Tape can be relatively slow, especially when recovering data. Backing up to a disk-based repository allows for faster backup and recovery operations.

However, some businesses are incorporating a “disk-to-disk-to-tape” (D2D2T) backup strategy. This gives them both a fast, disk-based repository for immediate backup and recovery and a facility for long-term storage with the ability to ship the data off-site.

Tape is coming back into vogue because of perceived risks from ransomware attacks. In theory, once an attacker is inside the firewall, there is free access to all connected devices, extending to backup devices and off-site, replicated devices. But a tape that has been ejected from a library is not accessible unless the attacker has gained physical access. If the tape is off-site, that’s an unlikely scenario. Tape could be the best way to ensure that your data remains safe.

Rule #6: Automate Everything

Back in the day, a change process policy would include notification to the backup team that a new system was being brought online and should be included in backup. If someone forgot to notify the backup team, it may have been lost in the shuffle.

Some backup software allows for automatic backup operations. Obviously, they all should have options for scheduling backups, but some allow  you to create backup policies and apply those policies to groups–meaning any time a new workload is added to a group, it’s automatically backed up. In virtualization, this could be a guest that is a hosted on a specific cluster or is a member of an inventory folder. For physical hosts, it may be more complicated if backup client software is required.

Additionally, some backup software allows you to create automated recovery tests to confirm the integrity of your backup jobs. Remember my first rule? This may count as practice. To some, this is one of the most important features of a backup software package. If set up properly, it may reduce recovery times.

Rule #7: Empower the People

One thing  IT administrators hate to do is relinquish control. Allowing for any kind self-service just makes the hair on the back of our necks bristle. But think about Betty in Accounting. If she could recover that spreadsheet without calling you, wouldn’t the world be a wonderful place? Self-service recovery of files is a wonderful feature.

Rule #8: Encrypt Your Data

Data at Rest Encryption, or D@RE, is often implemented on primary data storage to protect data from being stolen. It should be a standard practice to encrypt sensitive data on backup devices as well. This is especially important with off-site tapes. The drivers for tape storage companies seem to be devout followers of Rule #2. Lost tapes could possibly be found by someone that may use the data for evil. Remember, it’s not being paranoid if they really are out to get you.

There you have it. Follow these Eight Simple Rules of Backup and your days will be sunnier. You could potentially become a hero in and about your circle of colleagues. You’ll be able to walk through the office with swagger instead of ducking below the cube walls so no one sees you come in.

CDW can help you decide which backup and recovery technologies are right for you. Our Solutions Experts can help you assess your situation and design a plan of action to fit your needs. We can also provide you with the expertise required to set up and manage your new solution.

For even more info on disaster recovery best practices, check out this article in BizTech Magazine to see how businesses can avoid a data loss nightmare.