We recently published a list of the top 10 IT challenges facing small business in 2019.
Two weeks ago, we looked at the first 3 of these challenges in a bit more detail and provided some hints and tips on how small businesses can try and overcome these challenges themselves, whilst also showing where fully managed IT support can help.
Continuing that today we are going to look at the following issues:
Backup and disaster recovery challenges
Back in October we produced a blog that went through the differences between backup, disaster recovery and business continuity in quite a bit of detail. We don’t want to repeat everything from that blog so we would recommend that you read it first.
Even if you’ve read that post it’s useful to reiterate what exactly we are talking about.
Firstly, a backup is a copy of your data replicated to another device or location, disaster recovery is the way you get this data back so you can work again.
We are going to start by looking at Disaster Recovery. The reason we look at this BEFORE looking at backup should become clear.
Disaster Recovery
Disaster Recovery refers specifically to the Information Technology and data-centric functions of the business. Essentially a Disaster Recovery Plan is the document that outlines what you will do to get your IT systems back up and running in the event of a disaster. Recovering your backup is part of this but there is lots more to consider.
The kind of disaster ranges from natural disasters such as storms and floods, through fire and theft, hardware failure and onto the threat posed by hackers and cyber criminals. All must be considered. Many businesses ignore the dangers as they only think about natural disasters, and the chances of those occurring are remote. However, hardware WILL fail, especially hard drives which are mechanical devices which contain moving parts. A good IT refresh plan will help, as will proactive monitoring, but you need to be prepared for something to go wrong.
Firstly, for those with an MSP in place don’t assume that your provider will sort everything out for you. It will depend on your agreement. If you’ve elected to do your backups yourself for example, or if you’ve not heeded warnings about old, failing equipment you might find that the help the MSP can provide is limited.
If you’re going it alone there are no short cuts.
The first tip is to involve everyone. What marketing views as a critical application or critical data will be different to what finance views as critical. This can also be an opportunity to introduce commonality across departments. It is not unusual to find different departments using different tools. This can especially be true for communications with one departments reliant on email, another on instant messaging and a third using something such as Microsoft Teams.
1. Conduct an asset inventory
List all of your IT asset. Include all servers, storage devices, applications, data, network switches, access points, and network appliances. Then map where each asset is physically located, which network it is on, and identify any dependencies
2. Carry out a risk assessment
Once you know what assets you have you need to identify the threats to each one. Using a threat matrix you can identify both the probability and impact of each threat. Whilst earthquakes and floods are a threat this exercise a should help you to start concentrating on the more realistic threats to each piece of equipment. An example is shown below.
We can see that power failure is the most realistic threat with the highest impact. A UPS could be the solution here.
3. Decide on your most critical applications and data
Now you understand the threats you need to understand what you have in the organisation. As we’ve mentioned you need to involve every department. Think about what is really needed to get the business up and running as quickly as possible. These will be your high impact items.
A traffic light colour coding system is recognisable and easily understood by all.
4. Define Your Recovery Objectives
There are a couple of things to consider here:
- How often new information is added into the application
- How quickly you need an application back up and running
The first will define from how far back a restore could come from. The second will affect where a backup is stored and the order in which applications are restored.
Again, it is imperative that every department is involved. Here are some sample questions that you could ask colleagues:
Which applications and data does your department use?
What is your tolerance for downtime for each? What is your tolerance for data loss for each?
Are there times when these applications are not being used by employees partners or customers?
Would you ever need to restore data that is older than 90 days old? How about 6 months old? How about 1 year old?
Are there any requirements (internal or external [i.e industry or regulatory]) for the organisation to retain the data for a designated period of time?
Are there any requirements (internal or external [i.e industry or regulatory]) that prevent us from moving the data from one geographical region to another?
Are there any requirements (internal or external [i.e industry or regulatory]) with regard to security and encryption?
The key here is to understand business needs and provide a differentiated level of service availability based on priority. Now that you have that information to hand, it needs to be translated into recovery objectives to be included in your disaster plan.
To get your Recovery Time objective you need to ascertain the acceptable time any of your data and applications can be unavailable. This is your recovery time objective.
You may well need your email back up and running almost immediately, whereas other applications may well be less critical.
In addition to the RTO you’ll also need a Recovery Point Objective. This will be based on the organisations tolerance to data loss.
You can start to put these into a table such as the one below:
We’ve shown some extreme examples here but hopefully it gives you the idea.
5. Determine the right tools.
Ideally you should do your disaster recovery plan BEFORE you chose your backup software. The RTO and RPO will determine your solution and where and on what media things are stored.
There is a balancing act here. You need sufficient protection for your needs, but you do not want to ‘over-protect’. This could end up costing the business money it does not need to spend. If you’ve done a robust assessment to this point then tool selection should be relatively straight forward.
6. Document and Communicate
Produce the actual physical Disaster Recovery plan. Make sure this is written in language that the people who will implement it can understand. It also needs to be available in the event of a disaster. If your hard drive fails, you don’t want the document that tells you how to recover it on that drive! Make sure you’ve got printed copies and make sure key staff have them.
7. Test, practice and refine.
It’s great having a disaster recovery plan but don’t wait until a disaster to test it. Whilst a full simulation once or twice a year, or when a significant change to the IT environment takes place, is useful you can also get plenty of benefit from testing individual parts of your plan.
It is unlikely that you’re going to get it 100% right first time so testing also gives you the chance to refine the plan. By testing, practicing and refining you should have an excellent disaster recovery plan in place should you ever need it.
Now you’ve determined what you need to back up, where the data needs to be and how quickly you need to recover it you can then decide on your backup solution.
How to Backup – onsite or cloud?
The simplest way to back up your data is generally on an external device. This could be an external hard drive, a USB flash drive, or a Network Attached Storage (NAS) drive. Each has advantages and disadvantages, which we’ve again covered in the previous most.
Cloud storage offers some significant advantages over external devices and have revolutionised the backup process. They combine smart software with scalable storage, meaning you only pay for what you need – making them comparatively cheap. According to market research backup was amongst the most popular applications being migrated to the cloud in 2018.
Many people use the terms online backup (or cloud backup) and cloud storage interchangeably. However, they’re really very different types of service with different goals in mind. Online backup is designed to mirror your hard drive in the cloud, providing a means of recovery in case that hard drive fails.
Cloud storage supplements your hard drive capacity and promoting productivity. Modern small, portable laptops make use of solid-state drives (SSDs). While SSDs are faster, slimmer and less prone to breakage than mechanical hard drives (HDDs), they tend to come in smaller sizes to reduce price. A 250GB SSD isn’t an issue, however, with cloud storage as you simply store the bulk of your content online.
Managing Your Backups
The 3-2-1 rule is widely hailed as industry best practice. The rule states you should always have three copies of your data, that you use two different types of storage, and that at least one copy of your data is stored offsite. In the past this has been a challenge, but cloud backup makes this much easier and cheaper than ever before.
Every backup strategy will be unique to a particular business. The common factor is thinking about how you recover data not just about how easy it is to backup. You’re likely to want your most frequently used, business critical data in a fast-access location. This would probably be onsite in something like a NAS. This data, plus data that’s used more occasionally, could be stored in the cloud. This is a little slower but still reasonably quick to recover. Infrequently used or archive data can be stored on tape that’s stored securely in an off-site location with notice required to access.
In the event of a disaster the most frequently used, business critical data can be recovered from the local drive quickly and easily. This gets the business up and running again whilst other data is restored. If the onsite data is destroyed, such as in the event of fire or flood, then this will still be available via the cloud backup – it would just take longer to recover.
An issue with a cloud only solution is that disaster recovery could be slow. Your internet speed will certainly have an effect on how quickly data can be restored. To counter this some cloud backup solutions will offer business continuity features, such as spinning up virtual copies of machines in the cloud during a failure. Some even provide a hand delivered hard drive with critical system data.
Choosing A Backup Solution
Once again, we are going to recommend that you use a Managed Service Provider and let them handle your backup solution but if you are going to go it alone there are plenty of options.
Some of the questions you’ll need to think about include: How much storage space do you really need? What are you going to be backing up (don’t forget mobile devices such as phones and tablets)? Must the service support versioning (where multiple versions of documents are kept)? How will this be managed? What sort of encryption options do you get? Where is data stored? How is access to your data managed? The list goes on!
No one solution will meet every business’s needs, you are going to need to do some research. Some of the market leaders include:
Acronis – suitable for Windows and Linux servers, provides incremental backups and can sync data directly from Sharepoint, MS Exchange etc. Data is protected by 256-bit AES encryption.
CrashPlan Pro – features excellent customisation, unlimited storage and versioning and a powerful web console. Balances impressive features with reasonable pricing.
ICDrive – a versatile cloud backup service, covering PC’s running anything from Windows 2000 up. There’s Mac support, Linux Backup Scripts, iOS, Android and Windows Mobile clients and backup support for Windows Server, Microsoft SQL, Exchange, SharePoint and Oracle.
Just to give you an idea of the level of choice notable mentions should go to PC Mag Editors Choice Arcserve, Carbonite Computer Backup Core, Backblaze Business, MozyPro, Cloudberry Backup Ultimate and SOS Online Backup, to name but a few!
How We Can Help
As you can see developing a thorough backup and disaster recovery solution for your business takes a considerable amount of time.
A professional outsourced IT company will undertake the work described here, along with providing a IT Service Desk function for your users. This can free up time for you and your staff to concentrate on your core business.
If you find yourself experiencing any of our Top 10 IT Challenges for Small Business then do not hesitate to give us a call on 0115 8220200 or Contact Us today. We’d be very happy to help.