Your database is probably one of your company’s most valuable resources. Indeed, it is essential to the proper functioning of any organization, whether it is large or small. However, no business is immune to potential data loss. The question to ask yourself is: what would you do if you lost or could no longer access some, or worse, all your data?
It’s a scary question and a catastrophic situation, but it’s one to think about. Your operations could be paralyzed for an unimaginable period of time and even affect the sustainability of your business.
What can cause data loss?
There are many causes of data loss: destruction (by fire, for example), corruption, theft, cyber-attack, or even an integrity issue. Some will say that all you must do is make backups and you’re done. Wait a minute! Let’s take the example of a cyber attack. These days, hackers tend to move into data systems and maliciously wait for the best time to carry out their attacks. It is only after a certain period of time that hackers make their move.
Moreover, in such circumstances, if all backups have been encrypted or corrupted, you may not be able to use them anymore and they may be unrecoverable. Another consideration is the location of the backups. For instance, if they are in the same location as your IT systems or building, in the event of a fire, water damage or flood, they will also be lost in the disaster.
The importance of data backups (properly executed!)
First, it is important to establish data governance within your organization. Governance covers several aspects, such as confidentiality, storage rules, integrity, archiving and recovery rules, as well as roles and responsibilities while specifying the management framework for procedures. Ultimately, it establishes good data management while ensuring data quality and security.
Of particular interest to us is the reliability of the backups, which must be tested regularly. Thus, it is not enough to only make backups of the databases. In addition to this, it is essential to ensure that everything is done properly and according to procedures.
Also, it is important to perform restoration tests on these backups to ensure that they can be reused within the prescribed timeframe, while respecting information security rules (availability, integrity, confidentiality and traceability). Be aware that if you do not validate this process completely, you may not be able to recover anything following an incident or disaster, and this would certainly have major impacts that would prevent you from continuing your operations!
Backup rules must therefore be developed in the context of an IT recovery plan (or a Disaster recovery plan). This is where the Recovery Point Objective (RPO) gets on the line. In simple terms, the RPO is the period between the incident causing the data loss and the most recent backup copy (expressed in seconds, minutes, hours, days). The RPO is therefore the data loss tolerance for each application. Some data are more important than others and should have shorter RPOs (because of the impact of losses).
Ideally, no one wants to lose data, but it would be wrong to claim that they all require high frequency backups (for example, every 5 seconds, every 5 minutes or every hour). It is important to remember that greater is the frequency of backups (e.g., every hour), higher are the costs associated with the technology required for these purposes. It is therefore important to categorize the data, to schedule it from the most critical to the least critical and to determine the best approaches to mitigate potential information loss. In short, use RPO for these purposes!
Another approach to use to reduce the risk of data loss in the event of an incident or disaster is to minimally apply the 3-2-1 principle. That is, save three copies of your data on two different media, and always keep one copy off-site. This is the minimum to do, a first step in the right direction.
The Disaster recovery plan (DRP): the key!
All this information has made you think twice, and you want to protect yourself against a possible loss of data? The Disaster recovery plan ensures the recovery and/or maintenance of computer systems and operations in the event of an incident or interruption of operations within the timeframe required by business needs. Benoit Racette Services-conseils Inc. can help you develop a plan that meets your needs. Contact us, we can help you: [email protected].