April 14, 2017
Christophe Bertrand

Architecting a backup and recovery strategy that works

A ransomware attack is just about as “doomsday” a scenario as you can get—at least where data loss disasters are concerned. And, with news breaking daily about the risks and victims, we’re seeing mid-market businesses all across the globe re-evaluate their existing backup and recovery strategies with an extreme sense of urgency.

Of course, ransomware is often the driver, here. But an outage, corrupted data, or an accidental deletion of any sort could similarly put your business at risk.

If you’re a mid-market business, you recognize that you’re in a pinch. While you require similar service levels as enterprise businesses—especially when it comes to transactional environments and emails—you simply don’t have the same budget and labor resources to draw from.

So, how do you ensure an effective backup and recovery strategy that will mitigate a data loss disaster?

It starts with defining the processes, policies, and tools you need to protect against data loss. And, to get it right, you must begin to think beyond simple backup—because, in the end, it’s recovery that really matters.

Defining appropriate service levels

Your IT budget is finite. That means you need to classify your systems, applications, and data as part of your business continuity planning. What’s mission critical? Would the loss of “this” application or “that” data set represent an inconvenience—or catastrophic event? What does the actual cost of downtime represent for your business?

Assessing all of your systems, applications, and data—and then documenting the business requirements for each is your essential starting point.

From here, you can identify how available everything must be and construct service levels that target your investment in a highly-focused, cost-effective way.

Employing a 3-2-1 backup strategy

We’ve said it before, and we’ll say it again. Your data isn’t truly protected if you’re not performing routine, redundant backups.

That’s why we highly recommend employing a 3-2-1 backup strategy. That means maintaining:

  • At least three copies of your data
  • Two copies may be local, but one must be offline
  • One copy must be off-site

As you consider how you’ll implement the right mix of backup solutions to deliver on your 3-2-1 strategy, you’ll need to determine:

  • How much of your data you’ll copy offsite
  • Where the offsite copy of your data will live, so you can not only recover from an on-premise disaster, but a regional one, as well
  • If you’ll leverage a private or public cloud solution—or if you’ll even need a secondary disaster recovery center

What’s more, you’ll also need to assess how quickly your prospective solutions can be deployed, how much training will be required, and if your chosen solution can deliver the feature set you’ll need to not only backup reliably, but recover quickly, regardless of circumstance.

Deploy effective data protection solutions

Regardless of how you choose to deploy your backup and recovery solution—whether software, cloud, or appliance—there are a few things every mid-market business will want to keep in mind:

  • You’ll likely require a highly intuitive solution to support the IT generalists and small, overstretched IT departments common in the mid-market
  • You’ll need a flexible solution to deliver the service levels required by your business—ensuring turn-of-the-dial protection that also delivers cost effectiveness
  • You’ll want a solution that automates routine tasks to reduce demands on your internal teams

So, where do you begin?

Cloud solutions

Encrypted cloud solutions, including public options like Amazon AWS deliver mid-market businesses a flexible, affordable means to achieve offsite backup and recovery. Supported by a modern data protection solution with robust cloud integration, not only are you able to replicate recovery points to the cloud, you can easily spin up virtual machines, leverage virtual standby for swift recovery, and deploy different levels of RPO/RTO to cost-effectively manage your entire data protection landscape.

In short, you can use a public cloud service, like AWS, as a remote DR site for assured recovery.

Data protection appliances

Data protection appliances present a second deployment model that serve mid-market businesses quite well. Not only are they both flexible and scalable, they’re a one-stop-shop solution that alleviates the need to figure out server, storage, and software configurations. If simplicity is what you’re after, you can’t beat a plug-and-play solution.

Finnish skincare and cosmetics company, Dermoshop opted to go this route. They wanted an option that was simple to deploy, easy to monitor remotely by their managed service provider, and which would keep their data highly available. That’s precisely what their appliance delivered.

Offline media

Of course, as you round out your 3-2-1 strategy, offline media options, including USB disks, offline public cloud, and tape should also be considered. (Yes, tape can still play a role as a cost-effective, long-term retention backup point.)

Optimize your backup process for successful data recovery

Poor deduplication performance can throw an enormous, rusty wrench into your perfectly defined backup and recovery strategy. And, it’s an issue mid-market businesses have brought to our attention over and over again.

They launch a backup in the evening. By morning, the backup is still running and they need to cancel—leaving the previous day’s data vulnerable to loss.

That’s where source-side global data deduplication comes in. By deduplicating data at each node, job, and site, not only will you speed backup and reduce your backup footprint (read: save costs), you’ll be able to count on faster recoveries, as well. What’s more, powerful global deduplication technology gives you the ability to recover full systems and effectively execute bare metal recoveries.

Leverage virtualization for increased data recoverability

Many mid-market businesses are leveraging virtual standby and instant VM—in large part, to deliver a high degree of data availability, while simultaneously delivering cost savings. (Of course, these capabilities can leveraged via your hypervisor or in public cloud services, like AWS.)

Sauna and steamroom manufacturer, TyloHelo has been a long-time believer in virtualization. In fact, they’ve been relying on virtual standby for ten years. Like so many manufacturing businesses, their data must be continuously available to ensure the continuity of their manufacturing processes and supply chain.

And, since everything is automated, they’ve also reduced demands on their IT team—they only need to resolve issues as alerts arise. And, that helps TyloHelo both reduce costs—and ensure they can get back on their feet quickly.

Lean on disaster recovery testing and reporting

No backup and recovery strategy would be complete without a commitment to regular DR testing and reporting.

Here, we highly recommend implementing a solution that supports non-disruptive disaster recovery testing, as well one that offers automated testing to reduce costs. With the savings you gain from automated testing, you’ll have the ability (and budget) to test more frequently—ensuring vulnerabilities are identified early and IT teams have deep confidence in their ability to recover.

What’s more, the resulting RPO and RTO reporting gives you a means to measure the degree of data protection you’ve achieved against your stated objectives, helping identify risk exposure and target future investments appropriately.

How confident are you in your backup and recovery strategy?

As a mid-sized business, we can just about guarantee you’ll be targeted by ransomware this year. And when it hits, the consequences if you can’t recover quickly—or at all—could devastate your business.

That’s why it’s critical that you carefully reassess your backup and recovery strategy, and ensure you remedy the vulnerabilities that might otherwise impact business resiliency.