The importance of Data Backup Policies

Performing consistent, regular backups of critical business data is a vitally important part of any recovery strategy. When treated as an afterthought or merely as a checkbox item on an annual IT audit, the risks of losing critical data are significantly elevated. For these reasons, it is important to establish a disciplined regiment of data protection defined by a set of clear backup policies that can be closely followed and monitored by IT professionals and business owners alike.

What is a backup policy?

A backup policy is a pre-defined, set schedule whereby information from applications such as Oracle, Microsoft SQL, email server databases and user files are copied to a safe place to ensure data recoverability in the event of accidental data deletion, corrupted information or some kind of a system outage. The safe place could be a local storage device and / or an off-site location. The policies will typically have a default protection scheme for most of the devices in the environment, with additional policies for certain critical applications or data.

For example, a default backup policy for all application data may be a nightly backup to a NAS Drive from Monday to Friday which is kept on-site to facilitate local recovery, and a second, duplicated set of data is sent off-site for storage in a secure location, this could be your cloud provider. Critical business data may be further protected by a super-set of policies. This might specify that, in addition to nightly backups, point-in-time snapshots of in-use data should be taken and replicated at frequent intervals during the business day to provide rapid, granular data and application recoverability.

In general, backup policies typically consist of capturing an initial full backup of data onto disk and/or tape, followed by a series of incremental or differential daily backups.

Regardless of which method is used, at a minimum, two backup copies should be maintained, one to enable on-site recovery and a second copy for vaulting to a secure off-site facility. That way, if the data centre were to be destroyed by a flood, fire or some other disaster, the off-site copy becomes the recovery copy of last resort.

Backup types

The most obvious place to start building a policy is with a full backup. A full data backup consists of taking a complete copy of all the data on a particular device / host. If a data loss event occurs, the more recent the full backup is, the easier it will be to recover information. For this reason, some IT providers will run full backup jobs each night. In some larger environments, however, full backup jobs may take more than 24 hours to complete and will consume a lot of resources. Consequently, many data centres will typically run a full backup over the weekend and run either incremental or differential backups during the week to reduce both the nightly backup window and economize on backup utilisation.

Incremental Backups only back up the data that has changed since the last backup job. For example, a Monday incremental backup following a Sunday full backup will only back up the data that has changed since the Sunday full backup was completed. Likewise, Tuesday’s incremental backup will only back up the data that’s changed since Monday’s incremental backup was performed. If a full system, cloud-based data recovery had to be performed on Thursday, it would require restoring the Sunday full backup, along with all the increments from Monday through Wednesday, in order to obtain the most recent version of the information.

Differential Backups on the other hand, will back up all the data that has changed since the last full backup. For example, Wednesday night’s differential backup would back up all the data that changed on Monday, Tuesday and Wednesday. In the same above recovery scenario, the Sunday full backup, along with the Wednesday differential backup, is all that would be required to begin recovering the data.

Pros and cons

As anything else, there are pros and cons to each approach. Incremental backups can be completed fairly rapidly and only consume a small amount of backup space compared with either full or differential backups. This helps reduce backup windows and cuts down on disk or tape consumption.

As described above, differential backups remove some of the recovery burdens that can occur when restoring from an incremental backup. However, if the application environment is subject to frequent data change on a daily basis, the backup window could become elongated. In addition, differentials will consume more backup resources, since each differential backup copy moves and stores all the changed data since the prior full backup.

Integrating disk into a backup architecture is an ideal way to remove some of the complexities from the backup-and-restore process, especially if data deduplication (dedupe) is embedded on the backup disk array. In this instance, there is no practical reason not to adopt a weekly full and daily incremental backup policy. For example, when restoring data from incremental backups saved on disk, it completely eliminates the need to swap multiple tape cartridges to process the recovery.

Deduplicated backup

As previously stated, a good backup policy is to back up data to disk first and then move data off-site to a cloud based service. Purpose-built de-duplicating disk appliances are ideal disk backup targets because they can be used with a number of different backup applications.

Most de-duplication appliances can efficiently store more than 30 days of backup data on disk, enabling end users to perform the vast majority of recoveries directly from disk. Data that needs to be stored for long-term compliancy purposes can then be gradually moved off to other media sources.

Reliable backup policies

The purpose of backup policies are to ensure that there is a consistent and reliable method for recovering data. Ad-hoc backup policies like providing a network file share for an end user to copy their data to can be a hit-or-miss (more likely a miss) proposition. These file shares include Onedrive, Dropbox and many others. Therefore, it’s best for an IT professional to take ownership of backing up all data to ensure it is done correctly. Otherwise, there is a very high probability that critical business data will be lost at some point in time and, most likely, IT professionals in charge of this will be held accountable.

Regular scheduled backups and well-defined, clearly documented backup policies bring more predictability to the recovery process backup administrators, and their successors will know where to recover the data from and the required steps to restore the data.

Regardless of the backup architecture deployed, establishing regimented and clearly defined backup policies is a good first step toward ensuring the consistent protection of business data.