Posts Tagged ‘data protection’

You (should) know the importance of having regular backups of your important data, but to what extent does data need to be backed up to be safe? With a crowbar and shove, thieves broke into my apartment and stole the backups I’ve used for hundreds of gigabytes of home videos, photo files and archives of past computers. A Dobro RAID enclosure and an external drive used by Apple Time Machine were both stolen, and if I didn’t have the originals on my laptop or a redundant offsite backup, I would have lost all of my data. My experience is not uncommon, and it’s a perfect example of an often understated principle that everyone should understand: You need redundant backups.

It’s pretty simple: You need to back up your data regularly. When you’ve set up that back up schedule, you should figure out a way to back up your data again. After you’ve got a couple current backups of your files, you should consider backing up your backups off-site. It seems silly to think of backing up backups, but if anything happens — failed drives, theft, fire, flood, etc. — those backups could be lost forever, and if you’ve ever lost a significant amount of data due to a hard drive failure or experience like mine, you know that backups are worth their weight in gold.

Admittedly, there is a point of diminishing return when it comes to how much redundancy is needed — it’s not worth the time/effort/cost to back up your backups ad infinitum — so here are the best practices I’ve come up with over the course of my career in the information technology industry:

• Plan and schedule regular backups to keep your archives current. If your laptop’s hard drive dies, having backups from last June probably won’t help you as much as backups from last night.
• Make sure your data exists on three different mediums. It might seem unnecessary, but if you’re already being intentional about backing up your information, take it one step further to replicate those backups at least one more time.
• Something might happen to your easy onsite backups, so it’s important to consider off-site backups as well. There are plenty of companies offering secure online backups for home users, and those are generally easy to use (even if they can be a little slow).
• Check your backups regularly. Having a backup is useless if it’s not configured to back up the correct data and running on the correct schedule.
• RAID is not a backup solution. Yes, RAID can duplicate data across hard drives, but that doesn’t mean the data is “backed up” … If the RAID array fails, all of the hard drives (and all of the data) in the array fail with it.

It’s important to note here that “off-site” is a pretty relative term when it comes to backups. Many SoftLayer customers back up a primary drive on their server to a secondary drive on the same server (duplicating the data away from the original drive), and while that’s better than nothing, it’s also a little risky because it’s possible that the server could fail and corrupt both drives. Every backup product SoftLayer offers for customers is off-site relative to the server itself (though it might be in the same facility), so we also make it easy to have your backup in another city or on a different continent.

As I’ve mentioned already, once you set up your backups, you’re not done. You need to check your backups regularly for failures and test them to confirm that you can recover your data quickly in the event of a disaster. Don’t just view a file listing. Try extracting files or restore the whole backup archive. If you’re able to run a full restore without the pressure of an actual emergency, it’ll prove that you’re ready for the unexpected … Like a fire drill for your backups.

Setting up a backup plan doesn’t have to be scary or costly. If you don’t feel like you could recover quickly after losing your data, spend a little time evaluating ways to make a recovery like that easy. It’s crazy, but a big part of “risk management,” “disaster recovery” and “business continuity” is simply making sure your data is securely backed up regularly and available to you when you need it.

Plan, prepare, back up.

-Lyndell

Whether you’re managing a SaaS solution for thousands of large clients around the world or you’re running a small mail server for a few mom-and-pop businesses in your neighborhood, you’re providing IT service for a fee — and your customers expect you to deliver. It’s easy to get caught up in focusing your attention and energy on day-to-day operations, and in doing so, you might neglect some of the looming risks that threaten the continuity of your business. You need to prioritize risk assessment and management.

Just reading that you need to invest in “Risk Management” probably makes you shudder. Admittedly, when a business owner has to start quantifying and qualifying potential areas of business risk, the process can seem daunting and full of questions … “What kinds of risks should I be concerned with?” “Once I find a potential risk, should I mitigate it? Avoid it? Accept it?” “How much do I need to spend on risk management?”

When it comes to risk management in hosting, the biggest topics are information security, backups and disaster recovery. While those general topics are common, each business’s needs will differ greatly in each area. Because risk management isn’t a very “cookie-cutter” process, it’s intimidating. It’s important to understand that protecting your business from risks isn’t a destination … it’s a journey, and whatever you do, you’ll be better off than you were before you did it.

Because there’s not a “100% Complete” moment in the process of risk management, some people think it’s futile — a gross waste of time and resources. History would suggest that risk management can save companies millions of dollars, and that’s just when you look at failures. You don’t see headlines when businesses effectively protect themselves from attempted hacks or when sites automatically fail over to a new server after a hardware failure.

It’s unfortunate how often confidential customer data is unintentionally released by employees or breached by malicious attackers. Especially because those instances are often so easily preventable. When you understand the potential risks of your business’s confidential data in the hands of the wrong people (whether malicious attackers or careless employees), you’ll usually take action to avoid quantifiable losses like monetary fines and unquantifiable ones like the loss of your reputation.

More and more, regulations are being put in place to holding companies accountable for protecting their sensitive information. In the healthcare industry businesses have to meet the strict Health Insurance Portability and Accountability Act (HIPAA) regulations. Sites that accept credit card payments online are required to operate in Payment Card Industry (PCI) Compliance. Data centers will spend hours (and hours and hours) achieving and maintaining their SSAE 16 certification. These rules and requirements are not arbitrarily designed to be restrictive (though they can feel that way sometimes) … They are based on best practices to ultimately protect businesses in those industries from risks that are common throughout the respective industry.

Over the coming months, I’ll discuss ways that you as a SoftLayer customer can mitigate and manage your risk. We’ll talk about security and backup plans that will incrementally protect your business and your customers. While we won’t get to the destination of 100% risk-mitigated operations, we’ll get you walking down the path of continuous risk assessment, identification and mitigation.

Stay tuned!

-Matthew

Unfortunately, having “book knowledge” (or in this case “blog knowledge”) about backups and applying that knowledge faithfully and regularly are not necessarily one and the same. Regardless of how many times you hear it or read it, if you aren’t actively protecting your data, YOU SHOULD BE.

Here are a few questions to help you determine whether your data is endangered:

1. Is your data backed up?
2. How often is your data backed up?
3. How often do you test your backups?
4. Is your data backed up externally from your server?
5. Are your backups in another data center?
6. Are your backups in another city?
7. Are your backups stored with a different provider?
8. Do you have local backups?
9. Are your backups backed up?
10. How many people in your organization know where your backups are and how to restore them?
11. What’s the greatest amount of data you might lose in the event of a server crash before your next backup?
12. What is the business impact of that data being lost?
13. If your server were to crash and the hard drives were unrecoverable, how long would it take you to restore all of your data?
14. What is the business impact of your data being lost or inaccessible for the length of time you answered in the last question?

We can all agree that the idea of backups and data protection is a great one, but when it comes to investing in that idea, some folks change their tune. While each of the above questions has a “good” answer when it comes to keeping your data safe, your business might not need “good” answers to all of them for your data to be backed up sufficiently. You should understand the value of your data to your business and invest in its protection accordingly.

For example, a million-dollar business running on a single server will probably value its backups more highly than a hobbyist with a blog she contributes to once every year and a half. The million-dollar business needs more “good” answers than the hobbyist, so the business should invest more in the protection of its data than the hobbyist.

If you haven’t taken time to quantify the business impact of losing your primary data (questions 11-14), sit down with a pencil and paper and take time to thoughtfully answer those questions for your business. Are any of those answers surprising to you? Do they make you want to reevaluate your approach to backups or your investment in protecting your data?

The funny thing about backups is that you don’t need them until you NEED them, and when you NEED them, you’ll usually want to kick yourself if you don’t have them.

Don’t end up kicking yourself.

-@khazard

P.S. SoftLayer has a ton of amazing backup solutions but in the interested of making this post accessible and sharable, I won’t go crazy linking to them throughout the post. The latest product release that got me thinking about this topic was the SoftLayer Object Storage launch, and if you’re concerned about your answers to any of the above questions, object storage may be an economical way to easily get some more “good” answers.

The value of our cloud options here at SoftLayer have never been more noticeable than during the holiday seasons. Such a hectic time of the year can cause a lot of stress … Stress that can lead to human error on some of your most important projects, data and memories. Such a loss could result in weeks or even years of valuable time and memories gone.

In the past few months, I’ve gone through two major data-related incidents that I was prepared for, and I can’t imagine what I would have done if I didn’t have some kind of backups in place. In one instance, my backups were not very current, so I ended up losing two weeks worth of work and data, but every now and then, you hear horror stories of people losing (or having to pay a lot to restore) all of their data. The saddest part about the data loss is that it’s so easily preventable these days with prevalent backup storage platforms. For example, SoftLayer’s CloudLayer Storage is a reliable, inexpensive place to keep all of your valuable data so you’re not up a creek if you corrupt/lose your local versions somehow (like dropping a camera, issuing an incorrect syntax command or simply putting a thumb-drive though the washer).

That last “theoretical” example was in fact was one of the “incidents” I dealt with recently. A very important USB thumb-drive that I keep with me at all times was lost to the evil water machine! Because the security of the data was very important to me, I made sure to keep the drive encrypted in case of loss or theft, but the frequency of my backup schedule was the crack in my otherwise well thought data security and redundancy plan. A thumb drive is probably one of the best examples of items that need an automatic system or ritual to ensure data concurrency. This is a device we carry on us at all times, so it sees many changes in data. If this data is not properly updated in a central (secure and redundant) location, then all of our other efforts to take care of that data are wasted.

My the problem with my “Angel” (the name of the now-washed USB drive) was related to concurrency rather than security, and looking back at my mistake, I see how “The Cloud” would have served as a platform to better improve the way I was protecting my data with both of those point in mind. And that’s why my new backups-in-the-cloud practices let me sleep a little more soundly these days.

If you’re venturing out to fight the crowds of last-minute holiday shoppers or if you’re just enjoying the sights and sounds of the season, be sure your memories and keepsake digital property are part of a well designed SRCD (secure, redundant and concurrent data) structure. Here are a few best practices to keep in mind when setting up your system:

• Create a frequent back-up schedule
• Use at least two physically separate devices
• Follow your back-up schedule strictly
• Automate everything you can for when you forget to execute on the previous bullet*

*I’ve used a few different programs (both proprietary and non-proprietary) that allow an automatic back-up to be performed when you plug your “on the go” device into your computer.

I’ll keep an eye out for iPhone, Android and Blackberry apps that will allow for automatic transfers to a central location, and I’ll put together a fresh blog with some ideas when I find anything interesting and worth your attention.

Have a happy Holidays!

- Jonathan