Backups are one of the most critical parts of your network. They are also one of the most invisible aspects of any network, and for this reason, it can be the area where we see the most disastrous mistakes made. For this reason, I decided to put together a list of the most important questions every business should ask their IT provider about their backup and disaster recovery strategy.
Number One: What data is backed up?
This is an area where a lot of companies and their IT providers think they are on the same page but end up having a very different understanding of the situation. Find out exactly what is and is not backed up. Are your workstations backed up? Chances are they are not, and chances are that’s fine, as long as you and your staff know where to save files so that they will be backed up. Nobody wants to lose important financial reports because the CFO’s computer died, and they didn’t know to save to the V drive.
Are all your servers backed up? This is an area where you really need to know the answer, and if there is a server that is not backed up, you need to know why, and what the ramifications are.
What about email or any cloud storage you are using? This is where I see a lot of disconnect between IT companies and their clients. Way too often, I see people assuming “well, it’s in the cloud, so that’s backed up.” Cloud hosted is not the same thing as backed up. True, many cloud services, like Microsoft 365 and Dropbox for Business will have some sort of retention for deleted files and version history, but that is not the same as a true backup. There are ransomware variants that know to corrupt or delete previous versions of encrypted files, a disgruntled employee can still delete a file and remove it from the recycle bin, and mistakes can happen, and a file could be deleted, and the deletion is not discovered until after the retention period has passed. Make sure you are on the same page as your IT people on what is and is not backed up.
Number Two: Where are the backups stored?
There are two components to this question: do you have offsite backups, and if so where is that information stored? You can have everything backed up, but it will not do you any good if your server room burns down and all the backup data was in the server room that is now rubble. For this reason, offsite backups are critical.
Also important is where the offsite data is stored. Many industries have regulatory requirements and need to keep their data in Canada. They may also have requirements regarding the security of the offsite facility. At Reliability Technology Solutions, we like using Datto, which has two datacentres in Canada: their primary one in Toronto, and a secondary datacentre in Calgary. All data is processed and stored in Canada, and if we do need to physically mail a hard drive to seed the offsite backup, the drive is encrypted and it is shipped directly to a Canadian datacentre. Datto also has several measures in place to ensure the physical and digital safety of all backed up data.
Number Three: How often are backups captured and how long will it take to restore?
There are two common metrics used in the tech world for backups: The Recovery Point Objective, or RPO, and the Recovery Time Objective, or RTO.
Simply put, the Recovery Point Objective is how far back in time you have to go to do a restore. So, if a backup is taken every 4 hours, that means that at any given time, the most data lost will be four hours’ worth of work. Or, if you only take a backup once a day, you might lose an entire day’s worth of work.
The Recovery Time Objective is how long it will take to be up and running, again. Different technologies and different products will all have different Recovery Time Objectives. A file level backup may be cheaper than one that captures an image of the server, but recovery can mean everything needs to be rebuilt and reconfigured from scratch, which can mean added days or weeks until you are back up and running.
Even with image-based backups, the recovery time can vary quite a bit, depending on the solution that is used. In my experience, it is not uncommon for a server restore to take up to twelve hours to complete. The key is to be aware of what downtime might look like if a full server recovery is needed, and to make sure that it fits your business needs. If being down for a full business day is an unacceptable risk, some backup technologies, such as Datto, can virtualize any protected server instantly. This means that while the server is being restored, a version of it can run, either on the appliance or in Datto’s Cloud, that will allow you to continue working.
Number Four: What are the potential roadblocks to our backup solutions?
As much as many IT companies will try to standardize everything, the truth is: every environment is slightly different. This can lead to gaps in a backup plan that lead to disaster.
Internet is a big one. If you have slow internet speeds, the initial upload for off-site backups might fail. This can be worked around by shipping a seed drive to the datacentre for the initial backup restore point and doing incremental backups from that point forward. Incremental backups only backup the differences between backup points and have a much smaller footprint. Another area where internet can be a pain point is if you have metered internet, where your provider charges you based on data usage. Any overages caused by backed up data can balloon your internet costs, giving you a surprise bill at the end of the month. Again, a seed drive for the initial backup can help with this, as well as planning out for how much data transfer the backup is expected to cause and seeing how that fits in with your internet plan.
Another possible gotcha is compatibility. If you are running a modern server operating system, you should be fine. However, if you have an outdated server for whatever reason, you really need to make sure that your backup solution will actually back it up. Also, you should move off that outdated server, but that is another topic. On the topic of compatibility, most managed service providers, as well as the tools that they use, are very Windows centric. If you have any Linux or macOS devices that you want protected, you need to make sure the backup platform supports your devices.
Number Five: How are the backups monitored and verified?
There is an adage in IT circles: if you don’t verify your backups, you don’t have backups. The last thing anyone wants is to have a server completely fail, go to restore from backups, only to find out the backups started failing six months ago. That is why it is important to know what monitoring systems are in place, and how backups are tested to ensure they will work when you need them. Backups can fail for several reasons, and if they do you want to know that your IT provider is working to fix the issue.
The Datto platform we use at Reliability Technology Solutions automatically notifies us if a backup fails, automatically checks backup images to verify data integrity, and scans for signs of ransomware. If an issue is found, we make it right before it can become an issue.
I hope this gives you a clearer idea of the potential pitfalls that can come from a lack of communication between businesses and their IT providers on the topic of backups. If you have any concerns about your backup platform, please reach out to Reliability Technology Solutions, and we can ensure that your business has the right protection.