Getty Images/iStockphoto
How to craft a cost-effective backup strategy
A cost-effective data backup plan requires IT teams to examine their data protection requirements and choose the right strategy that fits into what the business can spend.
Backup availability and integrity are crucial to a well-run business. Secure, reliable backups are not cheap, but they are often the last line of defense against data loss. The consequences of insufficient backups will end up costing an organization much more than backing up data efficiently in the first place.
Unfortunately, since well-managed data backups are a significant cost, many companies seek to minimize it -- sometimes beyond reason. That is not a good look when facing a ransomware attack and having a set of worn-out, untested backups. A cost-effective backup strategy can ensure that a business gets the most out of its data protection plan without overspending.
Determine backup costs
To determine the costs associated with a data backup plan, the IT team must ask the following questions:
- What data needs protecting? Not all data is equally important. A good way to look at this is: "What is most important to keep us in business and how long can we survive without it?" That should highlight priority systems and indicate where the backup plan should allocate the most resources.
- How much data is there to be backed up? With data volumes growing ever larger, the price of backing up and storing that data will only go one way. The amount of data an organization backs up will affect spending decisions such as the backup medium. Most big cloud providers offer continuous data protection, at a cost, for both on-premises and cloud-based computing. If there is a lot of archival data, tape might be the most affordable medium available.
- Is data availability subject to legal requirements? Regulated industries, such as finance and healthcare, have requirements for long-term historical record-keeping. Sometimes record requirements can go back decades. IT teams must consider those requirements when they create a backup plan. They must consider long-term storage and management, as well as how accessible the data will be.
- How much data loss is allowable? Data can be backed up as frequently as the organization desires, but that also comes at an ever-increasing cost. Determine the amount of data loss that the organization can handle, and how far the backups must go to maintain and recover critical data.
- How quickly do services need to be restored? Losing a couple of hours of work is relatively minor, but having a key revenue-generating system down for hours can be expensive. There are well-used formulas to help calculate allowable downtime.
- How many multigenerational backups are required? The often-used quote "A single copy of data is not a backup" never rang so true. Some modern ransomware is backup aware and will wait until the backups are corrupted before striking. This is why having a sane three-generation backup policy makes sense.
Immutable backups are particularly effective against ransomware. They can be read, but cannot be changed or deleted for a specified amount of time. Most cloud vendors now include some sort of immutable backup as part of their standard offerings. - What is the backup testing schedule? Testing is one of those things that often gets overlooked until it's too late and the damage -- lost data -- has been done. There is no excuse for the lack of testing in today's world where virtual hardware can be spun up in seconds with minimal cost. However, organizations must acknowledge that backup testing is not devoid of cost. It requires an administrator's time to do a test restore and validation.
- What level of security is needed? Backups must be secure and encrypted. An unencrypted backup that falls into the wrong hands risks both severe reputational damage and possibly regulatory fines or worse. The level of encryption and security built into data backups will likely affect costs.
How to ensure cost-effective backups
An organization's cost minimization strategy depends on its answers to the above questions. IT teams must determine whether the existing backup plan matches the organization's needs while avoiding extraneous costs.
For example, not everything requires frequent backups. Data that doesn't change doesn't need daily backups. Establish a backup schedule that matches the organization's needs without running extra backups.
Cloud-based options do provide ease of use and remove hardware costs, such as disk arrays, tapes and maintenance. On the flip side, they reduce the flexibility available to the company when working with a cloud provider. IT teams must consider the questions of long-term relationships and cost management. Understanding and appropriately archiving data will help reduce the cost.
Lastly, and appropriately in tune with the purpose of backup, ensure that there is room for unseen expenses that will surely come up.
Stuart Burns is a virtualization expert at a Fortune 500 company. He specializes in VMware and system integration with additional expertise in disaster recovery and systems management. Burns received vExpert status in 2015.