5 Ways to Fool-Proof Your Data Backup Strategy

by Jerry Gilreath
01 April 2013

World Backup Day was yesterday, March 31st.

Nearly three years ago, an aspiring Reddit.com user made a proposal to the world at large. His proposal was a modest one:

"I propose we have a "Back-Up Day", a day when everyone remembers to check that they have good backups of all their treasured data."

The proposal was met with a resoundingly positive reaction, and the day adopted was March 31st; ironically, the day before April Fool’s Day.

Since that time, World Backup Day has taken off like wildfire, and here we are – three years later, yet another World Backup Day in the books.

In honor of World Backup Day, I’d like to give you five points, of advice. These are by no means complete. They’re just common-sense notes from the perspective of someone that has been in the thick of it.

  1. Get it right the first time.
    Back in my consulting days, I had a favorite quote by Paul “Red” Adair, a famous oil well firefighter. I remember reading about his efforts after the Gulf War (1991) when he was brought in to extinguish the oil well fires left in the wake of the retreating Iraqi troops. Red, if I may be so familiar, said, “If you think it’s expensive to hire a professional to do the job, wait until you hire an amateur.”

    Sorry to say it, but sometimes you do get what you pay for, and when it’s the recovery of your business on the line, do you really want to skimp on your backup? Now, don’t get me wrong, you certainly won’t find me arguing against the case for affordability; I mean a company has to stay in business, right? There are certainly world-class providers of backup that are "affordably" priced – my advice is simple: be sure any company you choose backs up their product with solid and proven software and systems; they should staff round-the-clock professionals that understand and can operate the technology; make sure those people are augmented by the staff that engineered the solution; and lastly, make sure the product is supported, via an active support contract, by a manufacturer and vendor that is available 24x7.

  2. Trust but verify.
    If you’re like me, you hire competent people to run your systems, therefore I trust my people.  I buy top of the line systems and hardware, therefore I trust my systems. I buy enterprise class software, therefore I trust my software. I trust my people to make mistakes, I trust my hardware to fail when I need it most, and I trust my software to have bugs.

    Your vendor should be willing to discuss restore procedures with you, to do scheduled verification restores, and to exercise their software and hardware frequently. If you live in a world of compliance issues, your vendor should also be willing to provide logs and evidence of these actions.

  3. You don’t get to decide how important someone else’s data is.
    You heard me. Unless the data you’re protecting is your own, you don’t get to decide how important it is. There may be regulations and orders that specify retention periods, or availability – and these may meet your short term need, but until you have some tough conversations with department heads, you’ll never have a comprehensive backup strategy.

    Spend the time talking to the owners of your respective business units. Ask the important questions: What are your retention times; how many copies should be maintained online; what are your recovery time and recovery point objectives; what are common causes of data corruption, deletion, or destruction? Be sure to explain the jargon and educate at the same time – not everyone will be as savvy as you are.

    The business needs to understand that there are costs associated with meeting its need, but more importantly the business needs to understand that there is a need. Period.

  4. Tune and update your backups
    Just like networking, database administration, and email administration, Backup is a specialization. Backup systems are high performance environments that serve a niche purpose. Tuning and maintaining the environment that protects your assets shouldn’t come as an afterthought. Like any other specialized high performance system, your backup environment will perform differently under stress than under day to day operation. This includes the people that manage the environment.

    Pick an interval to evaluate your backup strategy and put it on your calendar. Ask yourself, have your systems changed and do you backup new systems? What happened to data from retired systems?  Are your backup policies still valid for the data? Are there any new retention orders (legal or otherwise) and can you produce evidence of backup success, failures, and verifications for audit purposes?

    Don’t forget your backup windows. Are your backup windows still comfortable? Are there things you can do to optimize your backups, such as segmenting data into multiple types and spreading the backup activities over the day and week, based on policy for each type, instead of midnight every night? And, if possible, leverage technologies like client side and server side de-duplication to reduce both long term storage requirements and the amount of time it takes to perform the actual backup.

  5. Reports and alerts should only go to those that will, and can, act on them.
    Sending reports and email alerts to someone who will just create an email rule or filter to delete it serves no purpose.  Instead, send success/fail/verify reports to the people that need to know their data is protected. Make the alerts actionable, and assign responsibility for ensuring error messages are addressed.

There you have it, five tidbits of advice – neither complete nor authoritative – simply serving as nothing more than a starting point for World Backup Day.

Remember, April Fool’s Day is today, the day after March 31st. If you’re like me, you don’t want to be caught without backups, because… well, that’s just foolish.

Jerry Gilreath

Vice President of Information Technology