Is your data as safe as you think?
20 years ago, in my Computer Science 100 class, the instructor began with a geek joke: “There are 10 types of people in the world. Those who understand binary, and those who do not!” I chuckled as I was one of the 5 kids who got it.
In 2020, there are only 10 types of people in the world: those who have lost data, and those who will lose data. (In case you feel confused, 10 is binary for 2.
This article is to serve as a primer for Backup & Disaster Recovery—why we need it, and why we need to think about it as we navigate our digitally connected spaces. It is especially true for entrepreneurs, and Small-Medium-sized-Businesses needing to safeguard their intellectual property, client data or bookkeeping records, etc. It is also true for individuals with cherished memories in digital formats (photos and home movies), extensive collections of music and whatnot.
“Yeah, we use Dropbox, so all of our stuff is backed up in the cloud!”
These ominous words are all too common, and they represent a serious misunderstanding of these amazing cloud-based collaborative spaces. It does not matter which you and your organization use, they all have one commonality: Dropbox, OneDrive, Google Drive, Box, etc are Mirrors, they are not Backups. It is true that the data therein resides offsite and in a cloud, and this offers a layer of protection that would otherwise not exist, but let’s take a look at that.
These services are known as Mirrors – they mirror the data stored on a portion of your hard drive in the cloud. Thus your OneDrive or Dropbox folder syncs with the online counterpart. If you hold a mirror up to your face and apply some lipstick, you will see the lipstick in the mirror. Likewise, if you remove the lipstick, the change will be reflected. Beating this analogy to death, we would not hold up a mirror to see how we looked last week, or in tenth grade. For a glimpse at our past we would reach for the highschool yearbook. Alas! nothing that I do to my face or wardrobe today will affect the images in my yearbook. In this analogy, the yearbook represents a proper backup. It is a snapshot of the data set (my goofy appearance) as it was in tenth grade. The data in the mirror is volatile and changes constantly. If we do not understand this concept then we will lose data. What’s worse, if we do not learn and adapt to this concept within 30 days of said data loss, then there are no recovery options available to us. It’s gone for good!
So, to recap:
Your cloud-based mirror displays the data as it currently is. When changes are made to that data via any connected source, these changes are propagated to all connected sources.
Your backup represents your dataset as it was at the point-in-time the backup was made—it never changes. The length of time you can recover this data is set by your data retention policy.
So if you ever find yourself questioning the need for a veritable backup solution, the answer should be a resounding “yes!” Here’s the lowdown, the who, the what, the when, the where, and the all-important why:
Given that we’ve established there are only two types of people (or businesses) in the world: those who have lost data, and those who will, the lucky smart folks are those who have proactively taken the steps to ensure that the eminent data loss occurs on their terms and lands within acceptable, pre-configured parameters. That is, the data is recoverable back to an anticipated and reasonable point (RPO: recovery point objective), and within an acceptable timeframe (RTO: Recovery Time Objective—the time it takes to restore data to normal operations).
RPO: if my computer explodes at 3:00 pm today how much work and data am I ok with losing? If our backups happen daily at 5:00 pm then my RPO is maximum 24 hours. If we are running hourly backups, then I will be able to recover all work and data created up to 2:00 pm RPO maximum 1 hour. The idea is to balance the RPO cost of data storage with the cost of recreating the data.
RTO: how long does it take to recover the data that was lost. It should be noted that our RPO determines what can be recovered. The sophistication of the BDR software and the amount of data being recovered will determine the time it takes to the goods back.
This is very important. Many folks have a false sense of security that stems from the use of services like OneDrive, Dropbox and the like. The notion is that these services sync data to the cloud… like a cloud-based backup, right? Wrong. File syncing is not the same as backing up. Have a look:
When you work on File A and save it to the location that syncs to OneDrive (or Dropbox or Google Drive, etc.), the data finds a home within your purchased OneDrive storage allotment in the cloud which mirrors a location on your physical hard drive.
When you delete File A from that place on your computer’s hard drive, OneDrive mirrors that action—it gets deleted from the cloud-based mirror.
If you accidentally delete File A this accident is propagated to the cloud.
If File A was subject to cybercrime and ransomed… sync.
If these accidents are not detected soon enough (and by soon, I mean as little as 30 days for OneDrive for Business), then too bad, so sad.
A properly configured BDR solution does not work like this. It backs up data and stores it for a determined amount of time. Subsequent backups store any changes to made to the data, but the previous recovery point is unaffected. So, if you accidentally deleted or changed the content of File A but did not realize it for 2 months (or any amount of time equal to your RPO), your Backup solution will allow you to reach into history and retrieve a usable version of the file you need.
Once again, we are discussing the Recovery Point Objective. Typically, business data is backed up at least daily, and often considerably more than that! When you backup data, the RPO is determined by the amount of data you are ok with losing if and when disaster strikes. See the RPO bit above. For the average SMB, a daily incremental backup is sufficient with a Full Backup occurring once weekly. (Incremental Backups only protect only the data that has changed since the last Full or Incremental Backup.)
Where then, should these backups live, if Dropbox (OneDrive, Google Drive, etc.) is not sufficient? A proper BDR scheme follows, at a minimum, the 3-2-1 rule. 3 copies of the data exist, on 2 types of media, and 1 is stored offsite:
3 copies: On the computer hard drive; on a backup storage device; and on offsite media (tape/cloud/removable drive/etc.)
2 Types of Media: What this really means is on 2 distinct storage targets. Not 2 different folders on the same hard drive or upon 2 volumes on a single RAID array. So, your computer hard drive (original location can be 1) and a BDR storage device can serve as a second, as can the offsite media (whatever form it takes).
1 location should be off-premise, in case the building is swallowed by an earthquake or destroyed by a fiery meteorite.
As mentioned earlier, everyone will experience data loss at some point. This can be catastrophic. It always happens at the worst possible time, and the cost of rebuilding the data lost usually exceeds what it cost to create in the first place—that is, if it can be recreated. Some documents simply cannot as they contain signatures or other legal records and sensitive materials. In a nutshell, the crux of the why is this: your BDR solution is an asset, not an expense. The cost of recreating lost or compromised data far exceeds the cost of planning for and implementing a disaster mitigation strategy, which can and will save your biscuits.
The how is up to you, but INTECH would love to help. Contact us today and let’s begin the process of mitigating the perils of data loss.
email@example.com | 306.914.0846