Planning and Managing Data Backup and Recovery Protocols

While simple in concept, saving and restoring large amounts of information (more than five gigabytes per day) requires significant process and repetition protocols to ensure systems can operate when unexpected events occur. Restores are needed when computer hardware suffers a serious mechanical or electrical failure, environmental accidents occur (such as fire sprinkler pipes breaking and flooding the computer room) or when malicious attacks are launched against the organization and its facilities.

Storing information from a production system used 24 x 7 must be scheduled with a plan that assumes some data cannot be saved due to the locking nature of relational databases during transactions that prevent copying. Also, the process of backing up data may impact system performance, which may impact user productivity and customer satisfaction.

The complexity of the restore depends in large part on how much information is being restored: does one file, one disk drive, one system or everything need to be restored? Does the restore period cover one day, one week, or one month? Or more? Do backup tapes or CDROMs need to be brought to the computer room, or are they stored inside the room? Does anyone know where they are kept, and what files are stored on which storage devices?

Where this gets interesting to management is after funding large IT budgets for years , data cannot be restored due to equipment malfunctions, incomplete or missing backup files, or lack of process. From a security perspective, not being able to restore information when needed ” no matter what the reason ” places the organization at a high risk of business failure or financial impact.

What should be done to reduce the risk of data loss and business impact due to poor backup and restoration? Several paths can be followed:

1. Use the 80-20 rule to determine what must be backed up daily (or hourly) and what can wait for a longer cycle

2. Test tape and CDROM hardware weekly for defective operations or irregular reliability

3. Test backup copies on different systems to ensure they can be read by any system ” not just the one that wrote the files

4. Clearly label each backup storage device along with an index of the file names and types on the device

5. Keep all backup storage devices in a safe and secure location away from accidental damage, theft, or corruption

6. Make multiple copies of the indexes and place them in different secured cabinets or locations

7. Every six months have the equipment manufacturer verify their equipment is operational, storage devices are correctly used, and recovery processes are appropriate

8. From a security perspective, ensure system operations will not be interrupted by the loss of data or processing capacity due to security breaches or attacks