Running Head: DATA BACKUP & DISASTER PLANNING 1

Data Backup & Disaster Planning

Teresa J. Rothaar

Wilmington University

DATA BACKUP & DISASTER PLANNING 2

Data Backup & Disaster Planning

Introduction

In the past, backup and disaster recovery (BDR) was considered to be a problem that only

large organizations had to worry about. However, in our increasingly technology-dependent

society, all organizations need a BDR plan. Due to the transition from paper to digital records,

electronic data is growing at a rate of 25% per year, and one study showed that over half of all

small- to medium-sized businesses could handle, at most, a four-hour shutdown before their

business was significantly impacted (StorageCraft, n.d., p. 8-9). Another study indicated that of

companies experiencing a “major loss” of electronic data, only 6% survived long-term, 43%

shuttered immediately after the loss, and 51% shut down within two years (StorageCraft, n.d., p.

1).

The terrorist attacks of September 11, 2001, highlighted the preparedness—or, more

specifically, the lack thereof—of most businesses when faced with a catastrophic event. Prior to

9/11, very few organizations addressed terrorist attacks or acts of war in their BDR plans; after

9/11, a survey conducted by the Disaster Recovery Journal reported that 97% of respondents

admitted that they needed to revise their BDR plans (Stephens, 2003, p. 34). However, terrorist

attacks and natural disasters aren’t the only events that can trigger a catastrophic data loss; a

computer virus or a simple system malfunction could easily bring an organization to its knees

(Botha & Von Solms, p. 328). The two most common reasons for using a backup system are

quite mundane: users accidentally deleting files and recovery from a disk failure (Chervenak,

Vellanki, & Kurmas, 1998, p. 17).

DATA BACKUP & DISASTER PLANNING 3

Developing a BDR Plan

According to StorageCraft (n.d.), small businesses in particular often have difficulty

constructing an effective BDR plan because there is little guidance available, and some business

owners may not fully understand the regulatory requirements of their industry; by not having a

BDR plan, some companies are actually in violation of the law (p. 6).

Further complicating the situation, all data is not created equal. Business-critical data

may be distributed across multiple platforms and intermixed with less important, easily recreated

data. This intermixing often results in inefficient, costly BDR plans because all data are treated

as business-critical. Data elements must be prioritized to reduce costs and human and

technological resources (Kaczmarski, Jiang, & Pease, 2003, p. 322).

Botha and Von Solms (2004) address the importance of business continuity planning

(BCP). BCP is not just about BDR, but “ensuring that the organisation would be able to respond

effectively and efficiently to a disaster and that their critical business processes can continue as

usual” (p. 330). The authors propose a seven-step BCP methodology that is similar to SDLC

models: project planning; business impact analysis; business continuity strategies; continuity

strategies implementation; continuity training; continuity testing; and continuity plan

maintenance (p. 331-332).

After a BCP has been developed, it must be implemented. Botha and Von Solms (2004)

describe implementation of a BCP as a four-step, iterative process consisting of “the backup

cycle, disaster recovery cycle, contingency planning cycle, and business continuity planning

cycle” (p. 334).

DATA BACKUP & DISASTER PLANNING 4

Backup Mediums

Tape backups have been the tried-and-true backup medium of choice, and are still used

by many organizations today. However, tape backups are notoriously unreliable, with a failure

rate of about 70% (StorageCraft, n.d., p. 11). Post 9/11, many organizations were unable to

retrieve data backed up on tapes due to defective media or data errors (Stephens, 2003, p. 39).

For these reasons, StorageCraft (n.d.) recommends using tape backups only for “off-site vaulting,

long-term data archiving and other related uses” (p. 12).

Disk arrays are the “current standard backup choice” due to their efficiency and

reliability, and “additional technologies can make disk arrays even more effective, such as using

ultra-reliable fiber- channel style drives for the array” (StorageCraft, n.d., p. 12).

Cloud-based backup is growing in popularity. Data is stored offsite, and cloud vendors

can often provide expertise and features many organizations do not have in-house. Backing up

data in the cloud allows for “automated recovery and verification” and the use of virtual servers

or machines (VMs) that “are dynamically scaled in real-time and are available in multiple OS

configurations.” VMs can be used in conjunction with other backup options or alone

(StorageCraft, n.d., p. 12-13). Another benefit of cloud backup is that, when information is

stored in a remote, virtual server, it is not in the same area where the disaster that befell the

organization occurred, the importance of which was clearly illustrated on 9/11, when

telecommunications services in Lower Manhattan were wiped out (Stephens, 2003, p. 36).

Regardless of the specific backup medium chosen, Stephens (2003) implores

organizations to regularly inspect backed-up data to ensure it is still retrievable and that the

medium it is stored on has not become deprecated, especially considering the short life cycles of

many technologies. He further points out that, when making BDR/BCP plans, many

DATA BACKUP & DISASTER PLANNING 5

organizations overlook backing up systems and software that are currently under development.

These, too, should be backed up and ready for restoration, especially if they are business-critical

(p. 40). For organizations that are still using paper records, the author recommends that they

assume a five-year time frame for full digitization, and needless to say, the digitization of paper

records, especially business-critical data, should be included in every BDR/BCP plan (p. 39).

Disasters cannot be prevented, but with a comprehensive BDR/BCP plan in place,

organizations can protect their data and themselves and know that they are prepared should the

worst occur (StorageCraft, n.d., p. 18).

DATA BACKUP & DISASTER PLANNING 6

References

Botha, J., & Von Solms, R. (2004). A cyclic approach to business continuity planning.

Information Management & Computer Security, 12(4), 328-337.

http://dx.doi.org/10.1108/09685220410553541

Chervenak, A., Vellanki, V., & Kurmas, Z. (1998, March). Protecting file systems: A survey of

backup techniques. In Joint NASA and IEEE Mass Storage Conference. Retrieved from

http://www.storageconference.us/1998/papers/a1-2-CHERVE.pdf

Kaczmarski, M., Jiang, T., & Pease, D. A. (2003). Beyond backup toward storage management.

IBM Systems Journal, 42(2), 322-337. http://dx.doi.org/10.1147/sj.422.0322

Stephens, D. O. (2003). Protecting records. Information Management Journal, 37(1), 33.

Retrieved from https://www.arma.org/bookstore/files/stephens_0103.pdf

StorageCraft (n.d.). Building Your Backup and Disaster Recovery Plan 101 [White Paper].

Retrieved from https://www.storagecraft.com/documents/Building-a-BDR-Plan-101-

final.pdf