Backup and Disaster Recovery you’ve possibly got it horribly wrong
Back up and disaster recovery Boring, but if you have it wrong, then when you need it, well it’s not going to be pretty.
A lot of businesses think that backup and disaster recovery is as simple as diligently copying their data to USB drives and taking it home every day or automatically copying their data to cloud storage.
But I’m sorry they’re wrong, very wrong and here’s why.
Back up and disaster recovery or as we in the industry call it BUDR (we love an acronym, helps us feel clever) are two different things.
- Back up means you have a copy of your data and/or applications available
- Disaster Recover means, how long will take to get it back after well, a disaster?
So there are two things to first consider when creating a BUDR solution. RPO and RTO, I know more acronyms sorry, but I am feeling clever.
- RPO – Recover Point Objective, which simply means how much data am I willing to lose? If you back up every night, then you are effectively saying I’m willing to lose a day’s worth of data.
- RTO – Recovery Time Objective, which simply means, how long can I go without my data?
Actual Client Story
Now I could at this point, go into the various solutions available and costs associated, but that involves a whole bunch of techno mumbo jumbo and, frankly, most of you won’t care and rightly so, it bores me and it’s my job. So, let’s go with a real-life situation.
We recently were contacted by a company that had been hit with ransomware, if you’re not familiar with ransomware read our article.10 Things You Need to Know About Ransomware
This version of ransomware had not only encrypted the files but also corrupted the server operating system. The only option was a complete rebuild of the server. They had been backing up their data overnight using an automated online cloud back up program.
Problem number one, no one had been checking this service and unfortunately, they have an ADSL internet connection which meant that the speed of the upload was so slow that it was taking several days to complete each backup, as such despite the fact they thought the RPO was one day, actually it was five days as that was the last effective back up.
Problem number two. They hadn’t really considered the RTO, we needed to rebuild the server and as they only backed up data this meant reinstalling the entire operating system and all the line of business applications a task that took the best part of two days.
Finally, we needed to download the data from the cloud. Which we did in our office, so it was faster than uploading it to the server via USB, which took almost a day.
End result they were without access to their system and data for three days and when they did have access it was information from five days before the attack.
I’m pleased to say we have now implemented a BUDR solution that backs up all data and applications every 15 minutes locally and replicates nightly to offsite storage. Furthermore, it’s fully automatically monitored to report any failure. In the case, they had a server failure we can utilise the onsite appliance as a server and have them back up and running with an RPO of 15 minutes and an RTO of less than 30 minutes.
Morel to the story, understand your true RPO and RTO and what the impact on your business will be in the worst-case scenario. Secondly and most importantly having a solution that is monitored, set-and-forget will inevitably lead to you being let down when you most need it.
If you are unaware of your RPO and RTO or simply would like to check let’s talk. We’ll audit it for you free of charge, explain what you currently have and provide recommendations based on the results and your answer to the two most important questions ideally what’s your RPO and RTO objective.
Why do we offer these services free? Because we are in the business of creating solutions and we can’t do that without first identifying if you have a potential problem.