Databases are the foundation for data storage, and backups are the foundation for disaster recovery should your database be compromised and data integrity ruined. For some cyber-attacks or hardware outages, the only way to return the business to operational performance is to restore data from a previous state. When this catastrophe happens, it’s time to pull the latest backup from your archives. Without a backup plan for disaster recovery, your business could be in danger of suffering from lost data, which in turn could mean lost revenue and possible financial ruin.
What is a Disaster Recovery Plan?
Before you create a backup plan, you should first understand disaster recovery. A backup plan is only one component of disaster recovery. Disaster recovery plans cover everything from what to do when there is a data breach to what to do if there is physical theft. The plan has a list of policy owners and employees who must be contacted to put the disaster recovery plan in action.
A disaster recovery plan is critical to business continuity, and an organization without one could suffer from huge financial loss. These plans can greatly reduce the time it takes to recovery from a catastrophic event. The organization could suffer from fires or floods that leave the physical location untenantable.
A disaster recovery plan instructs employees on what to do to move to a backup location such as a data center after a natural disaster.
One major benefit of a disaster recovery plan is that it gives employees responsible for bringing the organization back to functional performance step-by-step instructions on what to do. After a disaster, everyone is on edge and anxiety and stress run can cloud decisions. With a disaster recovery plan, employees don’t face terrible mistakes due to anxiety and stress. The plan tells them what to do so that every step is covered and recovery is a smooth transition.
Designing Database Backups
For any organization, the database administrator should be involved in every data backup plan.
The design should cover a few basic issues such as:
• What is the organization’s disaster tolerance? In other words, how much data can be lost before it severely impacts revenue?
• How long can downtime persist before it has a critical effect on business continuity and revenue?
• What happens if there is a physical disaster? Where can data be restored in the interim?
• Who should oversee data recovery for the database? This person is usually a database administrator, but organizations with large data stores might need more people to be involved.
• What data stores should be backed up, and where should these backups be located?
• What data is the most critical and should take priority?
Every organization has its own requirements, but there are some standard issues that all businesses face. For instance, database backups must be scheduled and run frequently. The frequency depends on the amount of data stored every hour and the amount of data that can be lost before it becomes a critical issue. Organizations with little data stored every hour could potentially have good business continuity with just hourly backups.
For most organizations, database backups must be done several times an hour. They can be scheduled, and good database engines will not lose performance while a backup is happening. Databases can be set to take incremental backups, so only the data that has changed since the last incremental or full backup will be in the backup. A full backup is always necessary at least once, and then the frequency of a full backup depends on how much data is stored in each incremental backup. After a time, another full backup will be more efficient for disaster recovery than several more incremental ones.
Backups should be stored in a safe location, but the organization should follow the 3-2-1 rule.
The rule states:
• 3 copies of backups should be created.
• 2 copies should be on two separate media types (e.g. tape backups and network drives).
• 1 copy should be off-site (e.g. cloud storage).
With cloud backups, you cover the second and last component of the 3-2-1 rule, so it’s often used as a solution to save costs on storage and off-site hardware. Google, Amazon Web Services and Microsoft Azure are the three big corporations that offer affordable cloud hosting for businesses that need cloud backups with plenty of storage space.
Don’t Forget Cybersecurity
After a backup plan is designed, it’s important to ensure that these files are secure. Backups have all data critical to your business, so an attacker would hit the jackpot should these backups be exposed. Backups should first be encrypted and password protected, so an attacker would be unable to read data if the backup files are disclosed.
It’s not uncommon for administrators to make mistakes when configuring cloud storage devices. It’s important that the person setting up cloud storage understands the right configurations, or all backups could be exposed to the public internet. There have been several critical data breaches due to an organization’s IT staff improperly configuring an AWS S3 bucket, which is the AWS cloud storage service.
Only official IT staff should have access to backups, and they should not be on the network and available to other employees. Treat backups like they are more critical to the business than other documents. Attackers specifically look for backups when they compromise a network, because attackers know that backup data has information that could be valuable on darknet markets.
Tying Backups to Disaster Recovery Plans
After the backup plan is created and put in full swing, disaster recovery procedures should include them in step-by-step instructions. The disaster recovery plan should list the location of the backups, who should recover data and restore the database, and an order of importance.
Finally, all backups should be validated and checked for errors. Most backup and recovery programs have a feature that checks backups for errors so that you don’t store corrupted files. Also, full backups are best done during off-peak hours to avoid performance issues on the network.
Disaster recovery plans are essential for business continuity, but backups are a key component. A plan should ensure that all business data is safe from hackers, but they should be freely available to administrators during disaster recovery. A plan can take months to create, but it’s well worth the effort.