Best Practices for an Iron-Clad Backup and Recovery Plan

Preparation is key

May. 3, 2005 10:00 AM

Today's security threats have become increasingly sophisticated and often combine several types of technology to maximize their impact on organizations. Even though businesses can't always prevent hardware damage from disasters like fires and hurricanes, they can protect data and information from disaster, manmade or natural.

The only way for businesses to ensure that their data is adequately protected is to integrate security technology and policies with regular and effective backup of systems and important data. To combat attacks, prevention tactics should include a multi-tiered approach that covers antivirus, firewall, content filtering, vulnerability management, and intrusion detection. In the event of a successful attack or crisis, businesses should set up a comprehensive backup and disaster recovery plan to reinforce the protection of their information and data from all sides.

The business costs associated with network downtime and data loss following a virus make secure backup and recovery an economic necessity. A recent survey of IT managers conducted by Insight Express, a research firm, said that 30% of the respondents figured that their companies lose at least $10,000 in revenue and productivity after a server failure. Data recovery can take anywhere from a few minutes to hours. For 85% of the respondents, recovering from a server failure takes two or more hours. Not surprisingly, however, 55% of them need five hours at the very least– with 13% needing more than 10 hours.

Disaster recovery should play an integral part of every organization's strategy for guaranteeing the safety and availability of mission-critical information. The Insight Express survey reveals that not all organizations implement backup and recovery measures; 35%of those surveyed don't back up on a regular basis, or only back up once a month. Even more startling, more than half (55%) don't back up their entire system on a daily basis.

These numbers are alarming, particularly since 72% of the respondents said their organizations suffer at least one server failure a year. By using a backup and disaster recovery solution, IT can recover quickly from a server failure caused by a virus or worm and get back to its "original state."

The risks associated with failing to implement an adequate disaster and recovery plan have proven to impact the success of a business significantly. Gartner notes that two out of five enterprises that experience a disaster go out of business in five years. Even more, Insight Express found that 54% of its respondents don't see the need to back up the entire system more often. Almost 29% said backups are too time consuming and there aren't enough resources to back up the entire system more frequently.

Despite the size and type of organization, it's imperative that all companies employ every available defense to protect mission-critical data and operations and prevent the loss of time, money, and customers. To successfully implement a backup plan, they should take a few best practices into consideration.

Implement a Comprehensive Recovery System

A good backup solution will create compressed images of a server's volumes, including its operating system, server settings and preferences, which will enable complete restoration of system and data volumes, or individual files and folders, in a matter of minutes. A system with 5GB to 8GB of data can be recovered in 15 minutes.

Disaster recovery, however, doesn't stop at the server. With a variety of technologies to choose from and use inside or outside the office, desktops, laptops, and handheld devices have become vulnerable targets. Anyone who's lost information on a laptop or had it die on them understands the headaches of retrieving the information stored on the hard drive. Insight Express notes that 72% of those in its survey don't include laptops in their backup routines, 50% don't include desktops, and 81% don't include PDAs.

As these technology devices saturate the workplace, and an increasing amount of critical data is stored on them, it's imperative that IT departments consider desktops, laptops, and handheld devices a priority, not an afterthought.

Verify Backups

Being able to recover data is imperative to securing it. Organizations often find that the problem isn't in creating backups, but in verifying their recoverability. "False backups" have proven detrimental when organizations realize that the backups failed and they lost data after a virus attack. Regularly scheduling test recoveries ensures that backup procedures work properly when they're needed.

Partition the Hard Disk

Partitioning a hard disk can help organizations reduce the amount of data needed for backup stores. By creating separate partitions for data and applications, IT can quickly back up mission-critical data after a virus attack without utilizing valuable storage space on applications.

Partitioning can also improve organization and simplify the backup and recovery process. By assigning a set of files represented by its own drive letter, IT can keep track of the partitions that has to be backed up in accordance with the disaster recovery method selected.

Disk-based vs. Tape-based

To back up data and information businesses have the flexibility of using both tape-based and disk-based solutions. Many organizations, however, leverage the strengths of both these solutions to create one comprehensive solution that uses tape as a direct backup and disk as a day-to-day backup. Disk backups provide flexible and immediate access for everyday use, without having to shut down servers and take a company off-line. Once saved to disk, it's then wise to convert the disk backups to tape where companies can store them for a long period of time.

About L.D. Weller
L.D. Weller is senior product manager for Symantec's enterprise administration business unit.