11-07-14 | Blog Post
If you have even been kept awake fretting about what would happen if your mission critical IT applications went down, chances are you’ve thought about or implemented an offsite backup and recovery plan.
If you are dying to escape the chains of tape backup, or adding new data protections to your mission-critical IT systems, this post will outline the best fit for offsite backup and recovery within a broader IT disaster recovery and business continuity plan. You might discover that you actually need a different type of service, or a combination of offsite backup and recovery along with other types of data protection to accomplish your goals.
You’ll find more details, and list of questions to answer about your own organization and to ask potential offsite backup and recovery partners in our more comprehensive offsite backup and recovery buying guide.
To begin with, we’ll start with the highest level of thinking about protecting your business and work our way down to where offsite backup and recovery fits in.
Business continuity refers to how a business can continue operating its core functions in the face of the unexpected. It could mean the sudden loss of a core leader as much as a problem with servers or software. With businesses relying on digital for all aspects of the business, being able to recover your IT infrastructure from the unexpected is critical for any business that plans to stay in business over the long haul. Unforeseen interruptions are a “when”, not “if”, part of every businesses. As such, recovering from the unforeseen is a business question, not just an IT question. As such, a business continuity plan defines the various functions of the business, evaluates potential threats to each function and the impact to the business if that function is disabled. Once this context is defined, you can associate which IT applications and infrastructure support the business functions that warrant protection in the face of an emergency.
While a business continuity plan accounts for handling transition of responsibilities, growth, and response to marketing conditions, disaster recovery focuses specifically on the policies, procedures, recovery systems and resources that will be employed when normal systems and services experience abnormal interruptions. Note that disasters are often thought of in the context of natural disasters like hurricanes, earthquakes, or tornadoes. However, human-caused disasters account for just as many “disasters” as Mother Nature.
Now we are in the technical realm of talking about IT applications and infrastructure. Each business will have different requirements for protecting digital information. There are 4 guideposts that roughly divide the different levels of protection along the data protection spectrum.
Some businesses must retain data for a long period of time for regulatory obligations or for longitudinal reference. Archived data is highly unlikely to have relevance to the business outside of the past 30 days. If there is a need, then the business can afford to wait several days to get it back. While this is the least expensive option on the data protection spectrum, it does not meet the needs of a business that needs to recover mission-critical IT systems within a day or hours
This is often the first place that a business invests for data protection, or continually works to maintain and improve. Offsite backup and recovery allows a business to recover mission-critical IT systems within hours or at most a couple of days if something unexpected disrupts primary production applications.
The “recovery” aspect of offsite backup and recovery is one that businesses often fail to test and give full consideration to until they experience the pain of recovery firsthand. Getting applications and data backed up offsite is considerably easier than getting them back and functioning, especially in an emergency situation. For example, if your offsite backup service takes days to send your mission-critical data offsite, how are you going to get it back more quickly? While this is offsite backup, it is not recovery. Offsite backup without responsive recovery options is equivalent to archival storage – it could take days to get it back.
Businesses that can’t wait hours for their mission-critical IT systems, and invest in the substantially more expensive option of replication, are able to significantly reduce their recovery point objective (RPO) and recovery time objective (RTO) scenarios. This is one step below synchronous, availability paradigms, and allows , data centers to be geographically separated since a bit of latency replicating data from point A to point B can be tolerated. Also, unlike availability, replication technology does allow for a moderate amount of data retention.
It’s important to realize that replication is not a replacement of offsite backup and recovery, it’s an addition. First, replicated environments are at risk for copying corrupted data from point A to point B. If there’s no accurate version to fall back to, then both environments become corrupt. Secondly, replication is expensive, and for industries like healthcare, banking, and others that have to retain data for a long period of time, it’s neither affordable nor helpful to replicate years worth of data. Companies in these industries often have archival storage for non-critical data, offsite backup and recovery for mission-critical applications and data, and replication for applications that require very short RTO and RPO timelines.
Some organizations use snapshots as a type of replication feature. Note that these have no revision history, assign files a random name making it very difficult to locate a single file, typically decrease server performance, and cannot be encrypted. While a valid aspect of a replication strategy, snapshots are not a backup and recovery solution.
Data protection with availability means applications never go down. While all businesses would love this level of protection, it requires huge capital investment. If your organization wants six 9s – or 99.9999% of uptime – be prepared to pay a minimum of six figures for that privilege.
Availability makes sense for businesses such as high-speed trading or highly transactional eCommerce if financial loss per minute can justify the premium investment. Applications that serve emergency health services might also be willing to make this type of investment, if it truly involves lives on the line. Otherwise, most companies can get a suitable level of disaster recoverability from replication or offsite backup and recovery services.
The laws of physics begin to place some limitations on availability as you simply cannot move high volumes of data every second halfway around the world. This is why companies often set up availability environments within close physical proximity to each other. They would certainly also leverage offsite backup and recovery as well in case a disaster impacted their availability environment and they had to recover systems in another location.
Here’s another way to look at it. In the graphic below, offsite backup alone – without recovery options that don’t involve days of time waiting – is the least expensive, slowest option of protecting data. We call this “stranded data”.
At the other end of the spectrum, if you are using replication or synchronous availability environments, you have excellent data protection, but a lot of “stranded capital”.
At the midpoint is offsite backup connected to cloud servers for recovery within hours or a couple days with a moderate investment.
Every business function and supporting applications and infrastructure will fit at different points on the spectrum. It’s the role of the business continuity plan or business impact analysis to figure out the right place on the spectrum for the various functions of the business.
No matter where you are on the data protection spectrum, may your journey be a safe one!
More IT disaster recovery resources: