How to create a perfect backup strategy: the ultimate guide in 5 steps

Why is backup so important?

If your company was affected by a ransomware attack, suffered a terrible fire, or simply an human error happened and your data was lost, would you have a way to restore it?

Backup is the first measure to take to avoid disasters such as loss of files and work, caused by unintentional errors, malfunctions, damages or emergency situations.

This practice has taken on a fundamental role in our society, based on the exchange of data. In fact, the World Backup Day (March 31st) was established to raise awareness on the topic.

Despite the need for frequent backups, many companies underestimate the importance of prevention and think that "it will never happen to me": in this way they put the existence of the company at risk.

Having a strong backup strategy really helps to limit the risks of data loss. Data losses can in fact occur for the most varied reasons, including cyber attacks, breakdowns, thefts, natural phenomena and human errors.

By following these five simple steps, you can create a backup strategy that not only prevents data loss, but also ensures a quick return to normality in the event of a recovery.

Let's dive into the five basic steps to protect your business data with backups:

1. Analyse the data

To create a good backup strategy, you must perform a careful analysis of the data that you are going to copy, in order to determine the space needed, the frequency of backups and the Recovery Time Objective (RTO).

Every company has some data that is critical for the activity: this data must be the first to be available, so it will require a higher priority than the others for recovery.

It is important to remember that there is no data that should not be backed up: all information is essential for correct business management, even if it may not seem so at first glance.

To help organizations optimise backup space and time, specific technologies have been create for data deduplication, such as Dell Technologies' DataDomain. This technology does not save duplicate data, but saves its references, saving storage space and reducing the time required to perform backups.

2. Determine the type of backup to perform

We distinguish three different types of backup:

• Full: consists of a copy of all data. It can take a significant amount of time and storage space to do.
• Differential: Consists of a copy of all data that has changed since the last full backup.
• Incremental: Consists of a copy of all data that has changed since the previous incremental backup.

A business needs to consider what recovery time it deems acceptable in case of need, called Recovery Time Objectives (RTOs) and how much time should elapse between copies of data (Recovery Point Objective – RPO).

An example of the standard approach is to do a full backup every week and then an incremental backup every day or every 4 hours.

In recent years, other backup techniques are also spreading, such as Reverse Incremental, which consists of an incremental backup that merges every day with the complete backup, while in the previous days only incrementals are maintained. This allows for faster recovery as the incremental data consolidation operation with full backup has already been performed.

Another innovative technique is Veeam's Continuous Data Protection, which allows you to have a replica of a mission-critical Virtual Machine in near real time, with recovery points (Recovery Point Objective - RPO) that can be customised at the level of seconds.

3. Determine where to store backups

Backups can be made on-premise or in cloud.

I on-premise backups they are carried out in external storage such as SAN or NAS and are usually composed of a main backup and a secondary one, called backup copy. Like all physical systems, hardware machines have acquisition and maintenance costs.

Instead, cloud backup solutions defer expenses over time (usually in monthly or annual subscriptions) and optimise them for the needs of the company. Also, there is no need to hire staff to maintain the infrastructure. However, to take advantage of this type of backup you need an Internet connection with enough bandwidth and a network infrastructure built to support high traffic workloads without compromising business operations. It should also be considered if the Internet connection isn’t available, it won’t be possible to access the data in the cloud.

The safest solution is to follow the "3-2-1 rule". According to this rule you should have at least three copies of the data, of which two are stored on different supports and one located off-site. In this way it’s possible to minimise the risk of data loss and protect data in the event of disasters that can affect the entire company (for example a fire): if you have a copy located off-site, it will still be possible to restore your data.

Furthermore, the data, at least in one of the on-site copies and in the cloud copy, should be archived using a system that guarantees itsimmutability.

4. Determine frequency of copies and retention period

The correct question to ask yourself is: "How much does a lost day of work cost?" Answering this question will help you make the right choices to ensure Business Continuity.

Regarding the frequency of copies, we recommend to do at least daily backups, but in the case of activities based on Databases and transactions, the frequency of copies should be at least one every four hours.

The minimum retention period that we suggest is fourteen days.

A recommended practice is also to store monthly snapshots of the entire infrastructure and keep them for at least one year in the cloud. This type of cloud storage is called Object Storage and allows you to recover a file if it was deleted and no longer present in backups, or to monitor how the infrastructure has evolved in a specific period of time.

5. Test your backup strategy

Finding out in a time of need that your backup copies are unusable isn't a pleasant surprise. Testing your backup plan frequently and regularly and instructing your staff about it will allow you to find errors and weaknesses and remedy them in time.

Conclusion

The role of data in our society is becoming increasingly important: the companies themselves make their choices based on the analysis of data.

There is data of any type (many of which are particularly sensitive) and it’s all necessary for the survival of the company: its loss would lead to serious consequences that would affect both the company and the final consumers, leading to huge monetary losses as well as damages to the company’s reputation, with the risk of not being able to restart the activity.

Better to spend a little extra time planning a backup strategy than putting your entire business system at risk.

Keep reading…

• 
  Microsoft Copilot: the AI ​​that increases work productivity in Office 17/04/2024
  Copilot, Microsoft's new generative AI, is designed to optimize productivity in the daily tasks carried out with the Microsoft 365 Suite. Thanks to its advanced artificial intelligence, Copilot offers assistance and suggestions to improve efficiency and simplify operations within the Microsoft ecosystem.
• 
  IT security in Italy: analysis of the Clusit 2024 Report04/04/2024
  Cyber ​​threats are increasingly numerous and we need to keep up with them it has become a real challenge. To prevent any cyber attacks, companies need to have a detailed overview of the risks of the digital world. It was born for this reason the Clusit Report, a precious tool that offers an annual analysis of security incidents most significant events that have occurred globally, with particular attention to Italy.
• 
  DORA regulation and IT risk: the article by Distline's Compliance Manager published on Cybersecurity36019/02/2024
  The renowned newspaper Cybersecurity360 published an article written by us Compliance Manager entitled "DORA and cyber risk: automation of the evaluation process of ICT service providers”.
   
• 
  Distline is certified according to ISO 9001 and ISO/IEC 27001 standards06/11/2023
  In Distline we are committed every day to providing high quality, secure, reliable and innovative IT services to meet the needs and expectations of our Customers.
  This is why we are proud to announce the certificazione of our Quality and Information Security Management Systems according to standards ISO 9001. e ISO / IEC 27001! A very important stage in our process continuous improvement.
   
• 
  Why XDR is essential in 202310/07/2023
  XDR is a Cybersecurity technology that extends the ability to detect and respond to emerging and sophisticated threats by analysing and correlating data from different security products.
  In a landscape where cyber attacks are increasingly targeted, you need to have a global view of cyber threats in a single interface. In this way, you don't need to use many platforms.
  In the following article we will explain in detail what XDR features are and why it is a tool that Distline strongly recommends.
• 
  How to recognise phishing emails18/04/2023
  Phishing is a hacking technique that consists in fraudulently tricking unsuspecting users into sharing their account credentials. However, it's often possible to recognize phishing emails by paying attention to some details and recurring topics. In this article we explain in detail how to recognise a phishing email, how to protect yourself and what to do if you suspect you are the victim of an attack.