Three Key Steps for Implementing a Disaster Recovery Strategy

This is part of Solutions Review’s Premium Content Series, a collection of contributed columns written by industry experts in maturing software categories. In this submission, OwnBackup CTO Adrian Kunzle offers three key steps for implementing a disaster recovery strategy.

All around us, there is a great data transformation afoot. Companies are shifting their workloads to the cloud at an astounding pace, and there is no sign that the trend will slow in 2022. Instead, Gartner predicts spending on public cloud services will grow 21.7 percent, reaching $482 billion this year.

As companies continue to invest in digital transformation, there are several actions they should take to ensure their data is secure, one of the most important being a data backup and recovery strategy. When it comes to SaaS applications running in the cloud, there are a number of unique considerations. With the right planning and tools, you can maintain business continuity and minimize service disruptions should a data loss occur. Here are the key steps to consider:

Steps for Implementing a Disaster Recovery Strategy

1. Understanding Your Responsibility

When it comes to the security of your data, nearly all SaaS providers today subscribe to the shared responsibility model. This means that they are responsible for providing always-available application services that are hosted on resilient infrastructure and maintaining data copies to withstand infrastructure failures or site-wide outages. On the other hand, the customer feeds the SaaS application with their own data, and they are responsible for recovering from loss or corruption that impacts the data in the application–regardless of the cause.

2. Determine Your Backup and Recovery Needs

Based on your organization’s security strategy, companies should determine and define the levels of data backup and recovery they need for the unique challenges they face. Here are a few strategic considerations for determining your organization’s needs:

• Recovery Point Objective and Recovery Time Objective: A first step in determining backup and recovery needs is determining the recovery point objective (RPO) and recovery time objective (RTO) for each of your important SaaS apps.
• RPO is an indicator of how often a business should back up its data for a particular application or system. The frequency of backups should match what is determined to be the maximum amount of time the organization has to recover from data loss based on the last backup. Understanding RPO will help determine how often to back up your data.
• RTO, which should also be set at the application level, is the timeframe by which a business must restore data after loss or corruption has occurred. For example, if your RTO for your Salesforce instance is 48 hours, it means you must be able to restore data in less than two days. RTO helps you prepare in advance and calculate how fast you need to recover to avoid further disruption.

Regulatory Compliance

Another angle to consider in determining backup needs is the scope of government and industry regulations you must comply with, as well as any internal governance policies for your data. The breadth of government data regulations worldwide makes a significant difference in how companies store and use customer, employee, and sensitive health and financial data, making it challenging to keep up with internal and external compliance requirements. Regulations like HIPAA, for example, require exact copies of electronic Protected Health Information (PHI) to be encrypted, stored offsite, and backed up frequently and securely while also undergoing regular stress tests.

Storage Requirements

Storing large datasets for an extended period of time requires ample space, and businesses may have regulatory requirements that dictate what should be saved and for how long. The backup strategy a company pursues should be flexible enough to accommodate the amount of data a business needs to store while considering forecasts for future growth.

3. Select a Solution Provider That Meets Your Needs

The final step to bringing a data backup and recovery strategy to life is to choose a solution provider. When selecting a provider, there are a number of features you should consider to make sure a solution aligns with your organization’s unique needs.

For robust backup capabilities, consider the following:

• The ability to keep backup data separate from production data in case your SaaS provider experiences a system disruption or outage
• Frequent backup ability to support the recovery point objectives defined earlier
• The capacity to backup metadata, files, and attachments
• Whether you have any limits on the volume of storage your backups can consume
• The ability to centrally manage backups across multiple instances of SaaS applications

To choose a solution with strong recovery abilities, ensure that it:

• Has tools to proactively monitor application data and quickly alert you to unusual data loss or corruption
• Can provide an analysis of the extent and timing of loss or corruption
• Allows you to restore not just specific records, but also specific fields with unwanted changes, so that you don’t overwrite good data when trying to fix bad data
• Offers 24/7 customer support with response times that match the urgency of data loss or corruption incidents

After a year that saw a record increase in data security incidents, it is now more important than ever for organizations to be protected against data loss and corruption, including ransomware attacks. And with businesses increasingly shifting to the cloud, companies have a heightened need to fortify and protect their data.

To best prepare, business leaders should implement a proactive data backup and recovery strategy by taking the key steps outlined above. By understanding company responsibility, determining your backup needs, and selecting a qualified solution provider, your business will have a robust backup and recovery plan that leaves you well-equipped to avoid business disruptions, protect against data loss and corruption, and seamlessly comply with data regulations.