Backup Policy, what is it for?


Userlevel 7
Badge +3

Much has been said about backup and data protection. However, little is said about Backup Policy. In today's post I decided to address what are the aspects that surround a backup policy and why it is important to have one.

 

What is Backup Policy?

The backup policy is nothing more than a document that gathers all aspects related to the workload that the backup exerts on an IT environment. On this document we can gather all the information that is considered useful during the backup process or even during a moment of disaster that involves the failure of one or more IT services to operate. So I decided to talk about some topics that I consider important to include in any backup policy.

 

Forget Templates

A backup policy is a document about your backup routine. So, forget about any kind of templates or pre-made documents about backup policy. You are responsible for the backup. So, no one better than you to understand the data protection environment and landscape. Write a document from scratch about your environment.

 

Business Alignment

This second topic is fully in line with the first. Since you are responsible for backing up your environment, you are also very likely to understand the business necessity. Bring together the people who are responsible for business continuity. Focus on the real needs of the environment and don't go on talking about what should be done just because you saw company X or Y applying within their backup policy. You have your backup window! You have your data retention need. Understand the business and establish methods, steps and deadlines consistent with your business. Remember to take into account if your company has a need to comply with any specific legislation. Also remember if your company has any type of auditable certification that may require information from 1, 3, 5 years ago or more.

 

Stipulate Deadlines

Remember that every backup environment has two terms which are called RPO and RTO. I emphasize once again… These are your deadlines and your goals. Therefore, take into account the SLA of the business and not the neighbor. If the SLA stipulated by the business says that the IT environment requires recovery in a short period of time, we soon came to the conclusion that doing this restore by a backup tape does not make sense, after all, we are subject to the restoration being time consuming using this type of media. The same goes for any type of media stored in disaster recovery environments miles away or even in cloud computing environments. If your business needs a quick restore, it's worth thinking about performing disks or even SSD to store your backups.

 

Match Backup with your Infrastructure

Now that you know your business in terms of data protection and service restoration deadlines, see if the IT infrastructure and also the backup infrastructure are adequate for the size of the business. It's no use having a super robust, state-of-the-art production environment if your backup environment is those old servers with low performance. If the production datacenter has all flash disks, why does the backup environment have those old 5400 RPM disks? Remember that if the backup destination is precarious, data restoration will certainly have a performance burden, even if the production environment is of high performance.

 

Take Care with the Cloud

Nowadays, there has been much talk about cloud computing. However, when it comes to backup, by the time you need a restore, the last type of backup you'll like is what's stored in the cloud, regardless of the player you're using. Firstly, because restoring data from the cloud is completely dependent on the transmission rates we have over the Internet. Second, it is worth remembering that the vast majority of cloud computing vendors charge fees at the time a cloud is downloaded. So, always pay attention when you are doing a restoration so that a surprise does not appear on your billing at the end of the month.

 

Attention to Retention

Always pay attention to the retention of your backups. After all, the trend is for data from the production environment to always grow as time goes on. Consequently, the location where you save your backups also needs to increase. All of this, together with very high retention, can be quite a bottleneck in terms of storage. So, my recommendation is that you make a relationship between business need vs. time needed to store the backup vs. cost. Last but not least, full backup with retention forever doesn't exist! Every backup needs to have a retention time.

 

Cryptography

Every good backup has a level of encryption that can be implemented. Therefore, make use of this function. After all, your backups are nothing more than a copy of your production data. Therefore, you must ensure that your backup is not “visible” if that backup is accessed by any third-party source. Who will guarantee you this is a complex password when encrypting your backups. Do this for at least the most critical workloads.

 

Backup Availability

If you use disks as your backup destination, always remember that disks have a lifetime. If you think by purchasing a backup repository you are free of operation and maintenance costs because these disks are used “only for backup”, I am sorry to say that you are mistaken. Each and every disk over time needs to be replaced, after all, blocks and sectors inside the HD can start to fail. Within the backup environment this is no different. When you have the need to do a restore from backup, the last thing you want to come across is a slow or faulty disk. Write on your backup policy that the repository disks need to be changed every X years as the disk manufacturer's own datasheet recommends.

 

Backup Redundancy

If you also use disks as your backup destination, use a disk pool with redundancy. Many arrays or even some NAS already have the function of performing RAID. So, choose at least between RAID 1 and RAID 5 to save your backups with disk fault tolerance.

 

Backup Integrity

Finally, it is worth noting that the moment you are in the process of restoring a backup, you want that backup to be intact. I'm talking about logical data integrity here, because as much as you have a reliable, industry-leading tool for backing up, know that software errors can happen. Therefore, the recommendation is that you perform restore tests from time to time so that you can validate that the backup was successfully restored and that the environment is healthy and reliable. Remember, the moment you are going through disaster recovery you don't want to run into errors and problems. Validate your backup!

 

Conclusion

Your backup is the security you have at the moment your IT environment has any kind of failure. The backup routine is the insurance policy that you will use or present to any person who needs to understand the environment that ensures your data protection. You need both backup and policy!


10 comments

Userlevel 7
Badge +2

Nice one @wolff.mateus !!!

Userlevel 7
Badge +3

Great writeup @wolff.mateus ! Like you say, the most important part about the policy comes from your business; it doesn't matter what others do.

Userlevel 7
Badge +1

Good @wolff.mateus 

Userlevel 7
Badge +3

Nice share @wolff.mateus 

Userlevel 7
Badge +3

Nice share @wolff.mateus 

Tks Chris!

Userlevel 7
Badge +4

Very nice post @wolff.mateus 👍🏼

Userlevel 5
Badge

Great post @wolff.mateus 

Userlevel 5
Badge

Great choice of the very important topics that need more attention, especially in Ransomware times that are challenging most of the security and backup policy of all companies globally on daily basis. Well done @wolff.mateus !! :clap:

Userlevel 7
Badge +3

Great choice of the very important topics that need more attention, especially in Ransomware times that are challenging most of the security and backup policy of all companies globally on daily basis. Well done @wolff.mateus !! :clap:

Thanks Nik! Your words are very important to me. :punch_tone1:

It is always a practice to apply Policies with understanding of self business requirement, new Policy if it enhances the existing policy we can re apply the update changes 

Comment