Avoid Data Loss Panic with a Solid Data Recovery Plan
By Stacey Vanden Boogart-Romenesko
That drop in your stomach as your laptop battery dies before you can save that report. Or the panic incited as an external backup hard drive is knocked to the ground by your curious cat, while you were in the process of recovering data from an already failed desktop hard drive. Maybe the second situation is just me, but many of us have experienced that overwhelming panic of lost data on a personal scale. The loss of valuable, often irreplaceable, data costs us time, money, and our sanity. On the business scale, augment these risks with loss of mission critical data, halts in productivity, unpleasant customer experiences, and the lack of a comprehensive data recovery plan equates to catastrophic consequences. Data recovery, as a part of your business’s overall disaster recovery and business continuity strategy, cannot be overlooked.
Begin with the Basics: The Who, What, When, & Where of Data Recovery
Many SMB's are lacking specificity and documentation in their data recovery strategy. IT professionals will often tell me that they have a data recovery strategy in place - "Of course, we have off-site backups at XYZ Data Center," but in reality they have a backup strategy in place. Unfortunately many organizations don't piece together their data recovery plan until after disaster strikes. Avoid getting caught Googling recovery procedures or stuck outside of a locked server room unsure of who holds the key by starting with the basic who, what, when, and where of data recovery. As Brad Artlip, one of our Solutions Engineers here at Aventis Systems, mentions in the 3-2-1 Backup Best Practices webinar, I've found data is really easy to backup, but strangely enough, not so easy to restore, especially when your job depends on it!"
Who (and How)? Sure, that IT professional we asked can tell us what his current data recovery plan is, but what about their boss? Can anyone else initiate the proper procedures when Mr. or Mrs. IT Manager has finally escaped the datacenter and is on PTO and off the grid on a remote tropical island?
When designing a data recovery plan, it's important to assign roles and document specific steps. Every staff member should understand their role and proper procedure in identifying threats, initiating data backup to secure, alternate locations, monitoring and testing to validate data restoration procedures, and relocating or recovering operations, systems, and data. Senior management should sign off on these policies. Staff training and availability should be assessed so that critical skills are duplicated and policy continuity is retained in the event of staff turnover. At a minimum, identify at least one primary and one backup person to implement policy practices. An often overlooked role in the data recovery plan is the person or departments responsible for communicating business or system status to employees or customers in the event of a data loss.
Businesses with limited IT staff or experience in data recovery planning may opt to involve a third party services provider to assist in the initial planning and documentation process, or to implement the data recovery.
What? Identify mission critical systems and data. Would business and revenue halt if your staff or customers were not able to access a specific application? What information is irreplaceable if it was lost tomorrow? For example, although email is a mission critical function for many organizations, is every single email in your inbox really worth backing up? Most businesses would agree that while some important emails and attachments must but backed up, there is also a lot of bloat in our inboxes that does not need to end up in our backup data.
For most SMB's, infinite data storage isn’t a reality. Defining your mission critical data and practicing organization-wide discipline to adhere to this definition is important in creating a manageable and practical data recovery plan.
When? In addition to identifying the mission critical data, assess the cost and risks associated with data loss and downtime. By defining the Recovery Point Objective (RPO), or the amount of time that passes from the point of data entry to the time of backing up, an organization can ensure that they are backing up their data as early and often as necessary. Defining your Recovery Time Objective (RTO), or the amount of downtime tolerated when recovering from a data loss event, allows a IT professionals to implement the proper availability and fault tolerance technologies to get a system back up and running as soon as required.
Where? As noted in 3-2-1 Backup Best Practices, a comprehensive data recovery plan includes three copies of your data - the primary working copy, an on-site backup on a separate media volume, and a second backup copy at an off-site location to keep data safe from theft, fire, or natural disasters. Examples of off-site backup include tape, usb-mounted flash or external drives taken off premises nightly, or automated replication to storage disk arrays at a 3rd party data center. The location should be secure, but also accessible within the timeframe determined by your RTO should the unfortunate need arise.
A comprehensive data recovery plan involves moving beyond a backup strategy and getting specific in your data management policies and procedures. Data recovery is often overlooked in small to medium sized businesses as they find they do not have the time, experience or budget in their IT team to design and implement a data recovery plan. Third party data recovery plan design and implementation services, such as Aventis Systems' Enterprise Solutions Data Recovery and Migration Services, empower customers to focus on moving their business forward while keeping their data safe. Whether working with a services vendor or developing your plan internally, avoid data loss panic by defining the key components of a data recovery plan before disaster strikes.