Data backup and recovery—the process of making copies of critical data, storing it securely so that it remains accessible, and restoring it in the event of a disaster or drive failure—are fundamental to data protection and cybersecurity. Though simple at its core, the concept requires forethought and strategy around scheduling, media, and storage, with high stakes for enterprises with operational dependencies on data. As a result, dozens of vendors serve this space with a wide range of products and services. This article is a comprehensive guide to data backup and recovery, how it works, and the different types and techniques involved.
- What is Backup and Recovery?
- How Does Backup Work?
- How Does Recovery Work?
- Types of Data Backup
- Types of Data Recovery
- Bottom Line
What is Backup and Recovery?
Backup and recovery is the process of copying enterprise data, storing it securely, and being able to restore it in the event of a disaster or service interruption. Any number of events can cause data loss, from drive failures to accidental deletions to malicious attacks or theft to natural disasters. Backing up the data is simply creating a copy that can be used to replace the original if something happens to it.
The concept becomes more complex when you consider that the cause of the initial data loss might also affect the secondary copy. For example, copying a computer’s hard drive to an external hard drive gives a measure of protection—but what if both drives are damaged in a fire, or a piece of malware that infected the original computer also corrupts the backup drive? A true backup strategy involves keeping multiple copies in different locations on a variety of storage media to cover all possibilities.
While backing up data and recovering data are separate, individual processes, they’re linked so inherently that it’s instructive to think of backup and recovery as a single concept. Having a secondary copy of data is useless if it cannot be restored to a computer or network, or if it takes so long to restore that business continuity suffers. Ensuring that data can be fully restored is equally important as the act of backing it up, and organizations are devoting more attention to backup testing to verify that their backups can be recovered speedily in the event of an incident.
How Does Backup Work?
At a high level, data backup is accomplished using specialized software that copies data to a backup appliance, a backup server, or the cloud, where it is stored either on hard disk drives (HDDs), solid state drives (SSDs), or tape. Even data sent to the cloud is stored on one or more of these media. The data is encrypted as a safeguard—the most thorough backup systems encrypt the data both at rest and in transit.
It’s the details that can make or break a backup. Here’s a look at the most critical components of a successful backup strategy.
3-2-1 Backup Rule
The 3-2-1 rule is often employed to make sure there are sufficient copies of data to cover all eventualities. It establishes a best practice of making a total of three copies of critical data using at least two different storage media, and storing at least one copy offsite.
There are many possible configurations, from saving backups to an on-premises server and the cloud to a server and tape, with the tape stored offsite. However, not all configurations are equal—if malware infects data that is backed up to the cloud, the malware can also infect the backup copy over the internet.
When choosing media, the goal is to balance speed and cost. Almost everyone wants a recovery point objective (RPO)—which measures the greatest amount of data the organization is willing to lose after recovery from a failure—of zero. A zero RPO means no data is lost, but a zero RPO can be expensive.
Prioritizing data and choosing the right media can help reduce cost. For example, a small subset of data can be categorized as high priority and backed up to high-speed flash so that it can be recovered almost immediately. The remainder of data can be assigned lower classifications and stored on disk, with the lowest priority data—cold data—stored on tape.
Depending on the type and volume of files, backups can be enormous. This is less of an issue when saving the backup initially, but for a business that needs to restore data in a hurry, large files mean slow recovery. In many cases, compression and deduplication are used to reduce file sizes and network traffic while improving transmission speeds.
Compression algorithms reduce capacity by as much as three times, in some cases. Deduplication—removing repeat files or data to reduce size—is as effective or more than compression, depending on the quality of the data.
Backup Timing and Frequency
Because backups can take a long time—and slow down network traffic—they should be scheduled for a time when traffic is low, and are generally done at night and weekends. Automation features built into backup applications can schedule and run them without intervention. The best software also verifies that all data was successfully backed up with no failures or corruption.
Additional choices need to be made about how often to backup data, which we’ll cover in more detail in the Types of Data Backup section below.
In-House or Outsourced
Backups can be done internally, by an IT team, or externally by a service provider that takes care of all the underlying infrastructure, keeps the software updated, and provides the storage. Increasingly, organizations are relying on backup as a service (BaaS) or consumption-based storage as a service (STaaS) to manage their backup and restore functions.
Learn more about the top backup software on the market today.
How Does Recovery Work?
When a data loss incident occurs, the backed up copy must be recovered from wherever it is stored. Depending on the nature of the incident, recovery targets may vary—in many cases, the copies are restored to the original systems from which they came, but in the event of a physical disaster it may be sent to other systems at a colocation provider or a secondary data center.
Many businesses store backups for years only to find that the data is unrecoverable or only partially recoverable due to a number of factors:
- Malware entered into backup applications and infected the backups
- Incomplete backups due to poor administration or insufficient backup windows
- Corrupt or unusable files
Recoverability testing should be done with regularity to ensure that the backup upon which the business is relying is, in fact, reliable.
As with backups, recovering a huge amount over an internet connection is going to take a long time. A good backup and recovery plan will prepare for this by dictating a process to recover high priority data first. The amount of data and the storage media can both play a role in recovery time. For example, enterprises relying on cloud backups may have to wait days for all their data to be retrieved—as an alternative, some cloud providers offer to ship a physical box filled with your data within 24 hours to speed up the process.
Types of Data Backup
Data can be backed up several different ways depending upon the amount and the organization’s requirements. Here are the two most common:
- Full data backups. As the name implies, a full backup makes a copy of every single piece of data. Full backups are always done the first time that an organization initiates a backup to create an initial, full copy, but some businesses perform a full backup on a regular schedule. The advantage is that a recent copy of all data is always available. The downside is that it takes up a lot of space, and purging old backups must be done regularly.
- Incremental data backups. An incremental backup captures only files that were created or changed since the last full backup. They can minimize backup size and network traffic. Some organizations store a single full backup and consolidate incrementals into that copy.
Types of Data Recovery
Data can also be recovered in several ways. A complete recovery restores all enterprise data, which may be needed following a disaster or a ransomware attack, for example. But more often, a business may opt for a more granular approach. Perhaps one system suffered data loss, or someone accidentally deleted a single data set—in such cases, specific files, objects, partitions, or systems can be recovered as needed.
Bottom Line: Safeguard Enterprise Data With Backup and Recovery
Businesses of all sizes and across all industries are increasingly reliant upon data for everything from informed decision-making and customer engagement to sales, marketing, and customer service. They’re investing in ways to collect, store, and analyze that data to make it actionable and accessible and to mine it for insights that give them a competitive advantage.
They should also be investing in a well-considered backup and recovery strategy that protects that data and ensures that it is available for rapid restoration in the event of a failure, disaster, or cyberattack. A partial data loss incident can be an inconvenience; a complete loss can be devastating to business continuity, operations, and customer reputation.
Whether they handle it in-house or outsource it to a provider, all enterprises should be making backup and recovery—including planning and testing—an essential part of their daily operations and IT workflow.
Read 11 Data Backup Best Practices to learn more about the standards you should follow to ensure a successful backup and recovery strategy.