Beating the Backup Blues

By Jodi Mardesich

High-profile disasters, from recent hurricanes that battered Florida to the September 11, 2001 terrorist attacks on the World Trade Center, have underscored the need for a well-planned data backup and recovery strategy. Property and business interruption losses stemming from the World Trade Center attacks topped $21 billion, excluding life and liability losses, according to the Insurance Information Institute. Losses due to Hurricane Ivan totaled more than $6 billion, minus life and liability losses.

Disasters can come in many forms. CIOs face these possible scenarios, as well as more frequent glitches, such as hardware failure, viruses, and human error. The costs associated with data loss of any cause can be astronomical, and mount quickly, as the loss of labor and lost sales are factored in. If data is not properly backed up and networks supported so that they may continue functioning in the face of crises, the companies' business will suffer.

As CIOs begin to think about proactive backup strategies, they need to develop a solid recovery plan that involves backing up data securely, efficiently, and cost effectively -- with minimal impact on network performance and availability. To this end, CIOs should create policies and procedures for data backup and recovery. They will also need to evaluate and implement appropriate technological solutions for the safekeeping of corporate data. The following points will inform and prepare CIOs when it comes time to thinking through backup strategies.

Putting a plan in place to safeguard data

Identify threats. According to the Gartner Group, one in three companies hit by a disaster will not be prepared and will lose critical data. Preparing for disaster involves considering anything that could happen to bring a network down, from faulty hardware and buggy software, to human error, natural disasters, hacker attacks and power failures.

Analyze business continuity needs. Preparation involves performing an analysis of business processes and continuity needs. What services must IT provide to the enterprise in all cases? Which services are the most important? Which services must never come down, and which may be temporarily halted without severely impacting business? Budget woes often constrain IT managers from accomplishing this basic task of analysis. In the Gartner study, about 40 percent of IT managers polled were forced to rely on a best guess scenario, rather than putting a well-researched plan in place, due to lack of budget. 

Prepare a prevention plan. Determine how to provide the essential IT services. Set goals for regular backups of the most mission critical data.

Consider the physical state of equipment. A well-thought out plan takes into account technological and non-technological threats. Besides building a solid network infrastructure, installing equipment like generators and dehumidifiers can help prevent the disruption of business functions, or help a business quickly resume mission critical functions. Generators can provide backup power, while dehumidifiers can ensure that computers and servers remain free of excess moisture in the case of inclement weather. Preparing for disaster may also involve physically protecting computers and other equipment. In the case of a hurricane, for example, this could mean actually wrapping computers in plastic.

Test the plan. Verify that the plan works by testing it during off hours. In addition, perform regular backups to ensure that data being backed-up is current.

Evaluating backup options

In the past, data backup was performed on individual computers, most often by storing data on tape drives that offered large storage space and didn't cost too much. However, they were slow, recording and storing data far from real-time. Also, a tape drive was required on every machine. As networks have grown in size and complexity, such a labor-intensive backup method has become unrealistic. It would be inefficient to hook up a tape drive to every computer across an enterprise. Thus, companies have found new efficiency by deploying servers that back up dozens or hundreds of computers. There are several technological options to consider when planning a comprehensive backup strategy.

Physical media. Backing up to tape is still an option, but its biggest drawback is that data recovery from tape is slow. It is also not a random access medium, meaning that the tape must be scanned sequentially to find and restore lost data. More companies are finding success with backup up on CDs, DVDs, and removable hard drives, which offer quicker and easier restoration of data.

Consider the network. Besides saving a copy of data itself, smart CIOs will back up a virtual map of the network infrastructure, including a snapshot of the way corporate data is organized. Software programs are available that take an image of a disk drive's contents and then stores the image on the network or in multiple types of media. When restoring the drive's image, the contents remain exactly as they were when the image was made. It's also important to look for software that captures changes to database files and automatically reconstitutes the data in reverse order to a point before the data was corrupted or lost.

Off-site options. In addition to physically backing up data where it resides at the business locale, smart enterprises are turning to remote backup, via the Internet. For a small monthly fee, use of the Internet for storing the data gives corporations duplicates of critical data that remain secure in the case of a natural disaster that may interrupt business on site. Ensuring further security, data stored away from the enterprise can be kept in encrypted form, preventing unauthorized access to data.

Backup server software. Software that automates the data recovery process can streamline backup and recovery, reducing both labor costs and time necessary to restore the network. Software programs from various vendors integrate multiple operating systems under one umbrella, and offer policies and procedures for implementing data backup. However, while the centralization of these systems streamlines the backup process, the consolidation of entry points to the system can pose a threat to security. CIOs should consider encrypting backed up data as an extra level of security.

System availability. In addition to the physical backup and safeguarding of data, corporations can improve the availability of data by building systems that can continue to operate in the event of power failure or disaster, without sacrificing quality or performance. Mirrored servers -- identical hardware housing duplicates of sensitive data -- in separate locations can switch into operation in the event of a system failure at one location. Companies can also implement an approach called "clustering," whereby a group of computers combine to work as a single device, or distributed computing, in which a network of independent computers link an organization into a distributed computing network.

The essential way to safeguard corporate data is to implement enterprise level backups. But the challenge for IT professionals is to plan, deploy, and manage backup systems that neither pose a drain on the performance of the network, nor decrease the network's security. Backing up and recovering data can be expensive, complex, and time consuming, but the potential losses in business-critical data and ongoing continuity are even greater.

Jodi Mardesich writes about business and is a former staff writer for Fortune.