Top Ten Backup and Recovery Pitfalls to Avoid in 2016

When the inevitable hits, how will your business fare? Be it human error, technical failure, or natural disaster, backup and disaster recovery solutions are an absolute necessity in 2016. Putting time and effort into finding, implementing and maintaining a good backup and recovery solution should be top priority. Don’t thwart your hard work by experiencing one of these 10 backup and disaster recovery pitfalls.

Relying on an Inadequate Backup Plan, (or not having one at all!)

First, let’s just get this out of the way: Many businesses find themselves relying on the wrong technology: outdated media, equipment, or techniques. However, in a study released by CloudBerry Lab, a cloud-based backup and file management services provider, it was reported that one-third of enterprise organizations don’t back up business data- AT ALL! As many businesses strive to modernize their backup strategies through the use of cloud backup and automation, many still use outdated approaches. The study states that one-third of respondents have not yet deployed the appropriate level of backup that is needed.

Not Planning for a Ransomware Attack

Disaster-Recovery-as-a-Service providers, Quorum, offer businesses protection from the Cybersecurity infiltration that’s sweeping the nation. Quorum state in their blog:

“Sure, companies have security systems in place to catch and prevent the latest ransomware from causing havoc. However, what happens when ransomware is ahead of your own security controls? Disaster Recovery solutions won’t prevent ransomware…but DR solutions will quickly sidestep ransomware after its caused such a ruckus.”

Organizations that protect data with solutions like disaster recovery, and proper backup of critical systems, can be brought back online and continue to operate, regardless of some unknown individuals and their attempts to hijack your wallet and hold your data hostage.

Protecting Virtual Machines From Within the Same Hypervisor.

In a recent blog post, Quorum CEO, John Newsom, likens the hypervisor/VM security relationship to a boat….That’s sinking. Newsom explains,

“There’s a fundamental reason an ocean liner’s lifeboats are on the outside of the ship. The fundamental flaw with most of these products (Virtual Machines) is that they are deployed into and execute from the exact same hypervisor environment that the VMs to protect run within. So if there is a problem with the platform that the protected systems run within, then the recovery system within that same platform will be affected as well.”

Newsome goes on to mention that, not only is this a self sabotaging approach to backup, it’s also an expensive one, citing costs for additional VM licenses and infrastructure to host the DRaaS product local system components.

Not Commandeering Compliance

Backup and recovery vendor, Carbonite, report that more than two-thirds of businesses meet regulations, with HIPAA being the most prevalent, and that businesses today must ensure they’re compliant, as consequences and monetary fines can be steep.

“Companies required to meet HIPAA regulations must meet a number of administrative, physical and technical safeguards to stay in compliance.”

Administrative Safegards include: Administrative actions, policies and procedures to protect electronic protected health information.

Risk Management include:  Implementing security measures to reduce risks and vulnerabilities to ensure the confidentiality, integrity and availability of data.

Login Monitoring include: Monitoring log-in attempts and reporting discrepancies.

No Training or Testing

Important: Test systems on a regular basis.  IT departments may not test enough and some may never test their solution at all! The testing process is invaluable, and as times change, automation and self-testing tools are alleviating IT from this duty, allowing them to focus on other high-impact initiatives.

Organized training and testing of DR procedures is a necessity. IT will be more confident in their skills when a IT crisis arises. Third-party disaster recovery specialists can help with setting up training (including online options) and running tests so that your plan and your people will be ready to go when needed. Many BDR vendors include this training with purchase of their services.

Unrealistic Cost Expectations 

The reality of most organization’s relationship with backup and disaster recovery, is that most scenarios have gaps, and flaws. Most enterprises despite the tools, capabilities, cool features and strategy, have imperfect backup architectures, because the cost of maintaining a 24/7 backup solutions is not realistic, either financially, or what-have-you. Keep your expectations of the way that your solutions integrate, and the cost of operation pragmatic. You may have to settle with a slower backup procedure, and you may be able to backup your data less often than what is not anxiety producing. Whatever your limitations may be, recognize them and work with your vendor, many of which who are ripe with willingness and know-how about solutions that will send you on your way to a more protected, efficient business.

Product Not Infrastructure/Hardware Agnostic

Basically, hardware, or device agnosticism is the capacity for new hardware or software to work with various systems without requiring any special adaptations.  Great BDR products are designed to be compatible across most common systems, and once a new product is running, it should be seamless and easy to manage by teams trained on the traditional hardware.

Being Unaware of Data Corruption

On to a threat of more physical nature that, well, with all of the other wild things that put your data in harms way- who would think to anticipate the data corruption dangers that data stored on hard disk drives can face, due to demagnetizing, defects and/or disasters. Tape can become corrupted due to similar factors, such as demagnetizing, defects, dirty tape drives, disasters such as fires or floods, and human errors such as formatting failures or accidental overwrites.

No Communication When Systems are Down

In the event of a natural disaster or just plan disaster– if your company’s internet and phones are down, this could throw a major stick-in-the-spokes of business continuity. You must discuss with all employees a plan of action to keep in touch with customers, employees who are off-site, and most importantly, a way to contact emergency services if outgoing lines of communication shut down. A log of the personal cell phone or landline numbers of key personnel may come in handy, keeping in mind confidentiality requests of course, along with personal email addresses of employees, especially if the business runs it’s own email servers. Develop a plan and make these resources available to those who need them in a predetermined location.

Businesses Don’t Perform Audits on, and OFF Site

On top of your in-house auditing- you must audit off site as well. Think of it as an electric fence for sheep, or cows- shocking anything that doesn’t have the key to the fence and zapping anything that tries to get out too. OK, enough about sheep! This is serious! The key to successful disaster recovery is to have a plan well before disaster ever strikes. Included with that plan, you must audit the plan by implementing policies that it addresses all parties who have access to your data: security product providers, maintenance people, people who are there to help, but weren’t even called?! Especially those guys!