Disaster Recovery Begins With a Solid Backup System

Traditionally, small businesses have relied heavily on people to carry out a backup plan. Systems that were automated and easy were the domain of our much bigger brothers and not within our limited budgets.

But technology has changed dramatically and small business doesn't have to settle for a backup system that is just good. In fact, you shouldn't settle for a system that is merely good. You should strive for a system that protects your data completely without relying on the actions of you or your employees.

So what criteria should you measure your backup system against? These seven points will give you a great place to start your evaluation.

1. The backup should not require human intervention. You want to be able to put your backup on autopilot and forget all about it. As more of us are working remotely, there may not be anyone in the office to swap out the backup media or take one offsite. So look for a solution that doesn't require any of those things.
2. Make sure that you implement a system that guarantees that all files are backed up, no matter what. If you are running Exchange or a database application, your backup solution must be able to backup files that are in use without errors.
3. It would be ideal if you could have snapshots of your data taken throughout the day. All of us have spent hours and hours on a project and then made a mistake and lost some or all of what we had accomplished. I know my mistake usually dawns on me just a hair too late to prevent the mishap. If your backup system is backing up in 15 minute increments, you can never lose more than 15 minutes of work!
4. Your backup should have no impact on your operation. You don't want to be trying to finish up a project in time for tonight's backup. Of course, you also don't want to slow down your employees productivity because the backup is running.
5. Restoring data should be fast and flexible. You should be able to restore an entire partition, a specific folder or an individual file quickly and easily. If you use Exchange, you need to be able to restore the entire database, an individual mailbox, or just a single message.
6. You should be able to restore your entire server image - and not just to the machine it came from, but to a machine that contains different components from the original. If your server fails and is not repairable, or will simply cost too much to repair, you need to be able to replace it with a newer, faster model and restore your backup to create a functionally identical server.
7. Your backup device should be able to take over for your server in a pinch. In the event that your server fails, it is completely possible to have a backup device that will virtualize your server and have you back up and running in less than an hour. And while it is running your business, it needs to keep backing up.

With all of those criteria met, you are well protected against a server failure. But what happens if you have a fire, flood, theft or other disaster? To protect your business from those events, you will need to have an offsite backup system as well. And I don't suggest that you copy your data to tape and take it home to put on your kitchen counter. Remember - no human actions should be required!

Today it is quite common to send your data offsite through the Internet. Obviously, you will need to have a suitably fast Internet connection, but for many small businesses the amount of data that needs to be transferred after the intial backup isn't huge and is easily transmitted between midnight and 4am - plenty early to avoid impacting your operation.

When evaluating offsite backup solutions, you need to ask these seven questions.

1. Is the data securely transferred? You need to be sure that no one can intercept your data while it is being transferred and access your information. For some businesses, it is a regulatory requirement that this be true. Look for a service that uses the 256-bit Advanced Encryption Standard - currently considered the gold standard of encryption techniques. Data encrypted using this standard has never been compromised.
2. Is the data securely stored? You want to be sure that your data is encrypted and that it cannot be read by anyone at the offsite location. The pass phrase or security phrase used to encrypt the data should not be known to anyone at the offsite location. You must take care to keep this information in a secure location and not to share it with anyone who should not have access to your data.
3. Can you receive your data overnight? In the event of a disaster, you need your data back quickly. If you have even 15 or 20GB of data to recover, not a lot really, it will not be possible to send that back over the Internet. So, make sure that your provider can put your data on some type of media and overnight it to you so you can be up and running in a short amount of time.
4. Can you send your inital backup on physical media? Just like you may not be able to get your data back through the Internet overnight, you may not be able to send the initial backup over the Internet quickly either. Make sure that you have the option of putting the backup on a hard drive and shipping it to the remote location.
5. Where are the offsite locations? Don't select a service that keeps the data within a few miles of your office. In the event of a disaster that effects your entire city, they may be in the same situation you are in. Ideally, look for a service that has multiple remote locations in two different parts of the country.
6. What will the offsite storage cost? Some plans include some storage, but it may not be enough to hold all of your data. Be sure that you have a good idea of how much storage you will be charged for and that you know what it will cost you per month.
7. Does the service comply with any regulations that apply to you, such as HIPPA, SOX or GLBA? These regulations cover issues such as encryption, retention and reporting among others.

Whatever backup solution you choose, don't forget that it needs to be monitored and tested periodically. Some services include 24x7 monitoring, periodic restores and virtualization tests.

Strict attention to these criteria will insure that your business is able to recover from disaster with the least amount of effort.