Backups Go Bad -Part 2

Posted Dec 14, 2011 @ 4:53 pm, Viewed by 1766 Visitors, Read 1817 Times.

Data recovery failure and how to prevent it

What makes grown men cry? It doesn’t happen often, but the face goes white, the voice quivers, and noticeable signs of irritation. Talking with Small Medium Business (SMB) owners, it quickly becomes apparent there is a big disconnect between what they ‘think’ they have and what they really have.  
 
The Small Medium Business world has changed. Transactions are faster and reaching out to more people in more places than ever before. All this change means an explosive growth of data including email, customer information, and business transactions.  The data is growing in importance to the SMB, however most SMB’s are not keeping pace with safeguarding that data, even though the value is growing. The common excuse IT Security people hear: ‘I have been doing it this way for ten years’. 
 
Talking with Small Medium Business (SMB) owners, it quickly become apparent there is a big disconnect between what they ‘think’ they have and what they really have.  To IT people there is a big difference between a backup and disaster recovery. To the SMB owner the difference is of no consequence they just want it working NOW.
 
Software vendor Symantec claims natural and man-made disasters wreak havoc on small businesses alike. Sixty-five percent of small and midsize businesses (SMBs) of 25 to 500 employees operate in regions susceptible to natural disasters. Add to that power outages, employee issues, and failed system upgrades, and it is estimated that SMBs experienced a median of six outages per company in 2010.
 
Research has revealed that only half of the respondents have appropriate backup and data recovery plans in place. Why? Companies just haven’t gotten around to it, others are still trying to figure it out, and others have a combination of solutions that work at cross-purposes but fail to consistently back up crucial data.
 
What happened to my data?
 
Was the data even backed up? —The easiest data failure to diagnose is the fact that the data was never backed up. Sounds simple so don’t laugh but clients have done backups for months only to learn that they were only backing up 4 GB and not the 160GB that they thought. According to Symantec’s 2011 SMB Disaster Preparedness Survey, only half back up at least 60 percent of their data, meaning they would lose 40 percent of their data in the event of a disaster.
 
Inconsistent backup—‘According to Symantec’s 2011 SMB Disaster Preparedness Survey, less than half of the companies surveyed back up their data at least once a week, and only 23 percent back up daily’. IT outages and data loss can occur at any time as a result of hardware failure, human error, or natural disaster.
 
Failing to protect remote computersCritical data on remote computers requires the same protection as data within the office. Sales people, field engineers, delivery people all carry critical business information, it could be sales orders, customers lists, price lists, contracts and much much more. Yet, often backups are not performed regularly, or successfully completed.  Most Small Medium Business don’t backup the mobile laptops at all. 
 
Poor planning—Companies change the location of folders, or the names of machines, but fail to update the backup job, leaving it pointing to something that no longer exists, therefore not backing up. However, one of the main challenges is not testing their recovery plans. It’s not enough to think you’re protected—have you tested the plan?
 
Different solutions- different vendors—According to Enterprise Security Group, only about 20 percent of backup jobs are successful.That is not good odds.
 
Media failureBackups that rely on tape media with a limited life can introduce risks to businesses. Many companies store magnetic tape improperly, leading to tapes that become damaged and unreadable. Fewer companies replace the tapes as recommended.  
 
Security failures Lost or stolen backups expose companies to legal risks, data loss, or damages to your brand. It happens to even the big players like the CIBC. Cloud storage without adequate security in place leaves data vulnerable and can actually increase risk. Even a small fire in the same building can cause significant smoke and water damage. A small water leak can cause enough damage to bring down a system.
 
Failure to test- Due to time constraints and lack of knowledge, few companies actually test the backups on a regular basis. Like many safety issues, when you need your backup, you REALLY need it. It is shocking, but most SMB’s have never actually tested their backup process. Even fewer test on a regular basis.
 
Back up with confidence
 
Determine WHAT you need Backed up
·         -application data backup- A prime example of this is the poor retailer in the opening story. He was told he was being backed up to the cloud but it was only his Point-of-sale database that was being backed up. This is also quite common with accounting programs, it is often only the database for that program.
·         -System backup. This is usually the software that comes with operating system. It is designed only to restore the SAME make and model machine. Limited in value because if you are replacing a machine, computers go out of date so quickly, it is unlikely you can find the same make and model, and even less likely to do it quickly. Besides, if you are buying a new server, should you not buy the latest and greatest: a new CPU with the biggest number of cores, the triple speed RAM, the monster hard drives. That great new server doesn’t match your backup; you build the new machine from the ground up, patch the system, install all your applications, patch them , then copy over the data, hope you got it right!
·         -Disaster ready backup. This is a backup designed with the intention of getting your business back on line and running as quickly and accurately as possible. IT people know how difficult it is to find a replacement server that is more than a year old. YOUR business has to be back up and running as quickly as possible. You don’t have days to find a server and two days to do the rebuild, you need your data NOW, at worst within hours.
 
Determine the kind of backup you need:
·         -full backup –is a copy of the complete data set. This takes more time but it is a complete copy of the data in a single backup. If the original data (a database) becomes corrupted, this full backup can usually be restored and you are backup and running. If it is a system image it can be restored to the same (or identical) server.
·         -incremental backup – is a backup of the data changes. Most often used after a full backup on a weekend, the Monday incremental backup will record all the changes since the last backup. The Tuesday incremental backup backs up the changes since the last backup (on Monday) . these incremental backups are fully dependant on it’s sequential chain.
·         Continuous Data Protection: is a new technology that backs up the data as the archive bits are set. Most systems can backup that data moments after the user hits the save button. In the event of a failure you only loose less than 5 minutes of ‘not backed up data’. Compare that to losing a day of data because the last backup was from the night before.
 
The good news is that leading security providers are transforming the backup market with comprehensive, integrated and flexible recovery solutions.   Good security providers offer protection for physical and virtual environments. The new tools help control data growth and simplify virtual protection, allowing companies to deploy an infrastructure that best suits their needs.
 
Recommendations:
 
We recommend you look for backup solutions that:
 
Simplify backup— If you really want to simplify and reduce risk, contract it out. The alternative is time consuming and inherently risky. Generally, backups consume a big chunk of the IT costs and it does require specialty knowledge.
 
Modernize your infrastructure—As you upgrade your server, you have an opportunity to update your data protection. The best solution is to contract it out to a managed IT security services provider that you trust. Modernization includes protection of virtual machines (VM), better use of disk backup targets.
 
Backup versatility—the best way to achieve versatility is to hire a managed IT security services provider who will design the most up-to-date bullet proof solution for you, they will then implement and maintain the solution.    The alternative is daunting and something that has consistently and constantly challenged even the best and biggest IT departments.
 
Allow you to virtualize confidentlyAs you move to the virtual environment, you need to be confident that you can recover virtual applications and data when necessary. Let’s be realistic, most SMB’s have significant difficulty understanding virtualization. Know the intricacies of backing up this technology securely and safely is beyond most SMB’s. Definitely time to consider aligning yourself with a Security specialist who can design, implement and maintain a rock solid backup solution.
 
Manage storageAs your data grows, backup windows are at risk, and management costs climb. One of the most cost effective, least risky solutions is to find a managed IT Security services specialist to design, implement and manage the solution. 
 
Conclusion
Backup is more crucial than ever, failure is more costly than ever. Whether you want to manage your own backup policy or outsource it to a managed IT security services provider is a business decision.
 
There is no reason to let your business fall victim to downtime because of a computer or system failure. Keep your systems and data safe and retrievable with a tested recovery solution in the event of a natural or man-made disaster. SMBs need to protect more, store less, and save money with data protection solutions designed for growing businesses.hem
 

Tim McGrath

Chief Security Officer

Cell: 250.667.1361

Nanaimo: 250.591.1775

Victoria: 250.590.8677

Courtenay: 250.871.7720

 

Website: www.ITS-Secure.ca

 

 

1 Responses to “Backups Go Bad -Part 2”

photo Jay Banks

I have loads of data on my computer because I use it for all sorts of things so the idea that I might lose some important data sounds really scary to me. This is a very informative article, thank you for it. I will have to look more closely at this serious issue.

Posted 1 year ago