data backup & disaster planning
TRANSCRIPT
Running Head: DATA BACKUP & DISASTER PLANNING 1
Data Backup & Disaster Planning
Teresa J. Rothaar
Wilmington University
DATA BACKUP & DISASTER PLANNING 2
Data Backup & Disaster Planning
Introduction
In the past, backup and disaster recovery (BDR) was considered to be a problem that only
large organizations had to worry about. However, in our increasingly technology-dependent
society, all organizations need a BDR plan. Due to the transition from paper to digital records,
electronic data is growing at a rate of 25% per year, and one study showed that over half of all
small- to medium-sized businesses could handle, at most, a four-hour shutdown before their
business was significantly impacted (StorageCraft, n.d., p. 8-9). Another study indicated that of
companies experiencing a “major loss” of electronic data, only 6% survived long-term, 43%
shuttered immediately after the loss, and 51% shut down within two years (StorageCraft, n.d., p.
1).
The terrorist attacks of September 11, 2001, highlighted the preparedness—or, more
specifically, the lack thereof—of most businesses when faced with a catastrophic event. Prior to
9/11, very few organizations addressed terrorist attacks or acts of war in their BDR plans; after
9/11, a survey conducted by the Disaster Recovery Journal reported that 97% of respondents
admitted that they needed to revise their BDR plans (Stephens, 2003, p. 34). However, terrorist
attacks and natural disasters aren’t the only events that can trigger a catastrophic data loss; a
computer virus or a simple system malfunction could easily bring an organization to its knees
(Botha & Von Solms, p. 328). The two most common reasons for using a backup system are
quite mundane: users accidentally deleting files and recovery from a disk failure (Chervenak,
Vellanki, & Kurmas, 1998, p. 17).
DATA BACKUP & DISASTER PLANNING 3
Developing a BDR Plan
According to StorageCraft (n.d.), small businesses in particular often have difficulty
constructing an effective BDR plan because there is little guidance available, and some business
owners may not fully understand the regulatory requirements of their industry; by not having a
BDR plan, some companies are actually in violation of the law (p. 6).
Further complicating the situation, all data is not created equal. Business-critical data
may be distributed across multiple platforms and intermixed with less important, easily recreated
data. This intermixing often results in inefficient, costly BDR plans because all data are treated
as business-critical. Data elements must be prioritized to reduce costs and human and
technological resources (Kaczmarski, Jiang, & Pease, 2003, p. 322).
Botha and Von Solms (2004) address the importance of business continuity planning
(BCP). BCP is not just about BDR, but “ensuring that the organisation would be able to respond
effectively and efficiently to a disaster and that their critical business processes can continue as
usual” (p. 330). The authors propose a seven-step BCP methodology that is similar to SDLC
models: project planning; business impact analysis; business continuity strategies; continuity
strategies implementation; continuity training; continuity testing; and continuity plan
maintenance (p. 331-332).
After a BCP has been developed, it must be implemented. Botha and Von Solms (2004)
describe implementation of a BCP as a four-step, iterative process consisting of “the backup
cycle, disaster recovery cycle, contingency planning cycle, and business continuity planning
cycle” (p. 334).
DATA BACKUP & DISASTER PLANNING 4
Backup Mediums
Tape backups have been the tried-and-true backup medium of choice, and are still used
by many organizations today. However, tape backups are notoriously unreliable, with a failure
rate of about 70% (StorageCraft, n.d., p. 11). Post 9/11, many organizations were unable to
retrieve data backed up on tapes due to defective media or data errors (Stephens, 2003, p. 39).
For these reasons, StorageCraft (n.d.) recommends using tape backups only for “off-site vaulting,
long-term data archiving and other related uses” (p. 12).
Disk arrays are the “current standard backup choice” due to their efficiency and
reliability, and “additional technologies can make disk arrays even more effective, such as using
ultra-reliable fiber- channel style drives for the array” (StorageCraft, n.d., p. 12).
Cloud-based backup is growing in popularity. Data is stored offsite, and cloud vendors
can often provide expertise and features many organizations do not have in-house. Backing up
data in the cloud allows for “automated recovery and verification” and the use of virtual servers
or machines (VMs) that “are dynamically scaled in real-time and are available in multiple OS
configurations.” VMs can be used in conjunction with other backup options or alone
(StorageCraft, n.d., p. 12-13). Another benefit of cloud backup is that, when information is
stored in a remote, virtual server, it is not in the same area where the disaster that befell the
organization occurred, the importance of which was clearly illustrated on 9/11, when
telecommunications services in Lower Manhattan were wiped out (Stephens, 2003, p. 36).
Regardless of the specific backup medium chosen, Stephens (2003) implores
organizations to regularly inspect backed-up data to ensure it is still retrievable and that the
medium it is stored on has not become deprecated, especially considering the short life cycles of
many technologies. He further points out that, when making BDR/BCP plans, many
DATA BACKUP & DISASTER PLANNING 5
organizations overlook backing up systems and software that are currently under development.
These, too, should be backed up and ready for restoration, especially if they are business-critical
(p. 40). For organizations that are still using paper records, the author recommends that they
assume a five-year time frame for full digitization, and needless to say, the digitization of paper
records, especially business-critical data, should be included in every BDR/BCP plan (p. 39).
Disasters cannot be prevented, but with a comprehensive BDR/BCP plan in place,
organizations can protect their data and themselves and know that they are prepared should the
worst occur (StorageCraft, n.d., p. 18).
DATA BACKUP & DISASTER PLANNING 6
References
Botha, J., & Von Solms, R. (2004). A cyclic approach to business continuity planning.
Information Management & Computer Security, 12(4), 328-337.
http://dx.doi.org/10.1108/09685220410553541
Chervenak, A., Vellanki, V., & Kurmas, Z. (1998, March). Protecting file systems: A survey of
backup techniques. In Joint NASA and IEEE Mass Storage Conference. Retrieved from
http://www.storageconference.us/1998/papers/a1-2-CHERVE.pdf
Kaczmarski, M., Jiang, T., & Pease, D. A. (2003). Beyond backup toward storage management.
IBM Systems Journal, 42(2), 322-337. http://dx.doi.org/10.1147/sj.422.0322
Stephens, D. O. (2003). Protecting records. Information Management Journal, 37(1), 33.
Retrieved from https://www.arma.org/bookstore/files/stephens_0103.pdf
StorageCraft (n.d.). Building Your Backup and Disaster Recovery Plan 101 [White Paper].
Retrieved from https://www.storagecraft.com/documents/Building-a-BDR-Plan-101-
final.pdf