Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
Editor's Blog and Industry Comments

Misplaced trust in data back up and recovery.

03 October, 2007
Equiinet have revealed in a survey today that as much as 40% of data recovery attempts from back up media fail in smaller businesses indicating that many companiestest simply place too much trust in their disaster recovery processes.
With their increasing dependence on information assets, smaller businesses can ill afford to be relaxed about how they store their data and yet Equiinet's recent survey shows that up to half of small and medium sized enterprises have back up regimes that inadequately protect their critical data. The reasons behind this usually lie in the area of either policy or technology and can be grouped into key areas so ProsecurityZone has put together a brief potted guide to the broader elements of back-up and recovery for today's blog.

1 How often do you back up data?

The answer to this depends on how fast critical data is being added to the network, what technology is available and what the company can "afford" to lose.

Some enterprise systems in faster moving companies can invalidate backed up databases within seconds and conventional backup methods of copying to tapes are clearly inappropriate. Other methods exist such as mirrored disk arrays or data base journaling that allows a system to be rolled back to a point in recent history and is very good for unravelling user errors. Whatever the technique, the key to enterprise system data security is well-defined and well-executed administration.

For general server back-up, frequency depends less on transaction rate than on mitigating loss.

2 What technology is best for back up?

The answer is simply the best that can be afforded. Tape drives are simple and affordable for small companies but suffer from the human intervention requirements and storage regime. You can set automatic back-ups but what happens to the tape? Usually, it sits in the server room poking out of the tape drive all night which isn't ideal.

The best systems available include virtual tape libraries and off-site back up over virtual private networks. These are transparent, fast, effective and expensive.

3 Where do you store your back ups?

Equiinet's survey indicated that nearly two thirds of smaller companies kept their back up tapes in the server room and that others allowed the IT administrator to take them home, neither of which are ideal. With high bandwidth networks almost universally available there are much wider opportunities for being flexible about network storage and back up. Failing that, fire-proof and flood-proof safes are cheaply available for storing small items in locations away from the server room.

4 What do you back up?

The short answer is all of the important stuff and none of the junk. The long answer would require an IT administration text book and can't really be summarised in a few lines. IT administration skills play a key role in this concerning the way the server and network is set up and how the data is structured. Some data doesn't change such as applications but the parameters that these applications use can change often and a mistake that is often made is not to back these up making programme restoration from original disks a lengthy process requiring a lot of customisation and set up.

User data on the server is obvious but what about mobile users and what back up process is in place for all the company's mobile devices?

5 How do you know that the back-up has worked?

A crucial part of a back up and disaster recovery process that is more often overlooked than not is to perform a regular, scheduled test for restoring data. Some back up commands on Unix, Linux and OpenVMS servers are parametric command strings written by an IT administrator rather than Microsoft Wizards and these sometimes fail to work properly. It is a certainty that there will be people reading this who have a back up process in place which they trust and they simply don't know that the tapes are blank because of some mis-typed parameter in a command string.
Bookmark and Share