By Bill Andrews, President and CEO, ExaGrid

The two key goals of IT organizations are to keep the business operational and to keep users productive.

Data backup is the pinnacle of data recovery.

Backup requirements need to be considered for 4 very different scenarios:

1. A user deletes or overwrites data
2. A large amount or all of an organization's data is deleted, corrupted, or encrypted
3. An entire data center site goes down due to a fire, flood, earthquake, hurricane, tornado, extended electrical grid failure, etc.
4. An audit that requires looking at data from months to years ago such as financial audits, legal discovery, and regulatory audits

To be prepared for each of these requires a certain set of features and functions.

The key to recovery of individual user files is to keep enough retention that goes back to before the data was deleted or overwritten. Most organizations keep 6 weeks of backup retention but sometimes the data was deleted or overwritten longer than 6 weeks ago, so longer-term retention is needed. Some files are only used once per quarter, and the file could have been deleted or overwritten up to 13 weeks ago and the user won't know it is not accessible until they try to update it. Longer-term retention is incredibly important to ensure files are recoverable.

Cyber attacks could be malicious and intended to bring an organization to a halt by deleting its data. Or the attack could involve a situation where threat actors encrypt the data and require that a ransom be paid to obtain the key to decrypt the data. Therefore, the backups need to be ready to quickly restore any or all data to continue operations. Restores need to be fast. The attacker will also delete backup data, so organizations need to be sure that the backup data has ways to guard against deletion, such as an air gap (backup data not accessible on the network), delayed deletes with retention lock, data locking, and immutability.

To recover from entire site failures, a copy of all data needs to be kept at a separate location outside of the disaster zone so that operations can continue. This requires WAN-efficient replication to send a copy of all data daily to the disaster recovery (DR) site. In this case, organizations need to deduplicate the data so that they are sending the least amount over the WAN possible to lower WAN costs and to have a strong RPO (recovery point objective). The sooner the data transfers to the DR site, the more up to date it is. In addition, organizations need to plan for RTO (recovery time objective) which is the time it takes to recover the data. Many organizations have a policy of being operational in 24 to 72 hours, which requires that organizations have their own second data center for DR data. To retrieve the large amount of data from a service or cloud typically takes weeks. It is also far more expensive, over a 5-year period, to keep DR data in the cloud versus in a second data center.

Lastly, organizations need to be prepared for audits. Organizations need to have data from months and years ago to ensure they can comply if audited (financial or regulators) or if they are facing legal action that requires legal discovery. Typically, 7 yearly backups are required, and it is not uncommon to see organizations keep 6 to 12 weekly backups for end-user data recovery and 12, 24, or 36 monthly backups, as well as 3, 5, or 7 yearly backups for audits and discoveries.

In summary, organizations have a lot to consider when meeting all requirements for business continuity, including end-user data restores, recovery from cyber attacks, site disasters, and audits and legal discoveries.