Welcome!

.NET Authors: Yeshim Deniz, Ivan Antsipau, Liz McMillan, Michael Bushong, Tad Anderson

Related Topics: .NET

.NET: Article

Taking Backup and Recovery Management Off IT’s To-Do List

Backup inventory plan maximizes value and efficiency

The inability to recover mission-critical information promptly can spell disaster for a company in today's 24x7 business environment. IDC estimates that server downtime cost organizations roughly $140 billion worldwide in lost worker productivity and revenue in 2007.

Much harder to quantify yet equally important to consider are the opportunity costs associated with failed and delayed recovery of vital applications, databases, and servers. Stringent business requirements and reduced budgets continue to place significant demands on the recovery of data.

Yet, like the property owner who only realizes the importance of homeowner insurance in the wake of a destructive fire, organizations often recognize the value of backup and recovery to the business only after an outage that interrupts operations and results in lost data.

Clearly, this reactive approach must be replaced with a proactive strategy that attaches much greater significance to the role of backup and recovery. By understanding and addressing common backup and recovery issues and implementing the most appropriate solution for their organization, companies can reduce the risk associated with unmet recovery objectives, data loss, and business disruption.

Better Backup

The most important step in maximizing the value of a backup and recovery operation is the development of a backup inventory plan.   This step is meant to catalogue all data in the enterprise and to determine the importance to the organization both in speed of recoverability and importance in ensuring it can be restored effectively.  After all, impressive backup success rates are of little consequence unless the right data is being backed up. As a result, organizations must be sure that they are preserving their most essential data, such as a customer database that is accessed and modified frequently every day.

To make sure they are backing up the right data correctly, IT should develop a tiered list of backup and recovery requirements that is aligned with the company's business needs. Once this service catalog is established, it should be reviewed and revisited regularly.

Once the service catalogue is completed, the respective costs of the organization's backup and recovery operations should also be determined.   Many firms fail to balance costs and risk to meet the most effective options.    For example, businesses may pay too much for backup and recovery simply because they are using snapshot technologies and off-host backup for data sets that are not the product of high-volume, mission-critical applications and, therefore, do not warrant such stringent and expensive technology.

Another critical focus area is the development of sound process and procedures in the management of day-to-day operations.   A documented set of operation procedures focused on incident management, root cause analysis, and change management are essential in order to effectively execute the strategy.    Many companies fail to perform root cause analysis, and thus repeat the same procedural mistakes, making it virtually impossible to optimize a backup and recovery strategy.

Establishing service level agreements to define the expected level of service, and then routinely proactively managing and analyzing backup logs to determine whether jobs are completed successfully are also steps toward more effective backup and recovery. And, when backups fail, thorough incident management should be applied to discover and resolve issues in a timely manner.

Rapid Recovery

Without the ability to recover data, backing up data is useless. As a result, organizations must not only devise and follow a recovery plan, but also make sure it works.

A good disaster recovery plan takes into consideration all the stages of recovery and all the components required. It addresses the need not only for data recovery but also the availability of skills and resources in order to resolve any problem that may occur.

Once a disaster recovery plan is created, it should be documented along with recovery procedures, and tested-not just once, but on a regular basis. By testing and re-testing recovery processes and systems, organizations can uncover and remediate any flaws in their backup and recovery strategy that would leave them vulnerable to the very information loss and downtime that such a plan was designed to avoid.

Backup and Recovery Services

Of course, while managing backup and recovery in-house may be a viable strategy for many enterprises, other organizations may prefer to outsource these operations to a trusted third party. After all, working with a reliable outsourcer alleviates many of the concerns and challenges of undertaking a comprehensive backup and recovery strategy in-house, including areas such as staffing, compliance, service levels and cost.

For example, while the total cost of ownership of an in-house solution may be difficult to measure, an outsourcer charges a fixed monthly fee, providing organizations the assurance of a known, consistent cost. Likewise, while it is often difficult to establish, adhere to, or measure operational service levels internally, an outsourcer that sets strict SLAs guarantees performance. Also, an outsourcer with in-depth experience working out recovery time objectives and recovery point objectives ensures that organizations are better positioned to recover the right data in the right timeframe.

Organizations may also prefer to work with a third-party to leverage the outsourcer's expertise in backup and recovery processes and technologies. An experienced service provider can also help the organization understand and address complex compliance demands as well as aid in responding to audits. In addition, a third party outsource provider can also leverage comprehensive reporting capabilities to bring a more structured approach to protecting critical business data.

By addressing so many critical needs so efficiently, an outsource provider may ultimately enable an organization to focus more on core competencies and deploy critical resources to more strategic business initiatives and projects. The most effective providers are those that offer tailored services, operate according to agreed SLAs, and have a proven record of delivering on their promises and a reputation for ensuring cost-effectiveness.

Whether opting to manage backup and recovery in-house or outsource it to a third party, organizations that make these critical services a business priority will be better positioned to respond effectively in the wake of a disaster or failure. By replacing a reactive attitude toward backup and recovery with a proactive strategy, organizations will significantly mitigate the risk of data loss and business disruption while addressing regulatory and legal demands with efficiency and thrift.

What to Look For in an Outsourced Provider

Once an organization decides to work with a provider to manage backup and recovery operations, they should ask a few simple questions to help secure a beneficial partnership:

  • What service levels and metrics do they offer for their backup and recovery service?
  • Do they have a documented set of procedures focused on areas such as incident management, problem management, and change management?
  • What is the experience level of their engineers related to the product?
  • What type of training programs are provided to engineers?
  • What automation have they deployed in the delivery of the service around monitoring and reporting?

More Stories By Bill Watson

Bill Watson is director of product management for Symantec’s Managed Backup Services. Prior to his current position, Bill held various roles within Symantec’s global services and enterprise technical support organizations, as well as positions with AT&T and World Commerce Online, a business to business e-commerce company.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.