The difference between backup and disaster recovery

6th December 2019

We’re all familiar with the value of making a backup of business data, but how does this fit with ‘disaster recovery’ and ‘business continuity’ strategies?  This article takes a brief look at how these elements fit together to ensure that businesses can survive, function and get back up to speed when disastrous events (external or internal) pose a serious threat.

Reality

Normal life rules apply to the business environment i.e. things can and do go wrong, and backup and disaster recovery are both based upon this understanding.

Business continuity in the event of a ‘disaster’ is about making sure that your essential operations and core business functions can keep running while the repairs can be made that get you back up to speed.

What could go wrong?

There is a potentially huge range of ‘disasters’ that businesses could make plans to be able to overcome, and even though organisations come in different sizes and have different budgets, the risks they face are generally the same.  Typically, the more obvious ‘disaster’ threats to business include:

Backing up your data – where to store it

When it comes to backups, security, integrity, cost, scalability, complying with legislation, your own business plans, and ease of daily use are all considerations.  Where/how to store backed-up data is a decision tackled differently by different companies.  In the UK, GDPR (the data protection regulations) should be taken into account in these decisions.  Places to back up data could include:

Some businesses prefer to use a ‘hybrid’ cloud backup to help address any vulnerabilities that cloud-only or local-only backup solutions have.

There are many dedicated online backup solutions available e.g. IDrive Business, Backblaze Business, Carbonite Safem, or larger solutions for businesses with much bigger data backup requirements.

Backup decisions

Taking regular, secure backups of your business data is an important part of good practice.  It is also an important element of disaster recovery and the business continuity process.

There are several types of backup that businesses need to make decisions about.  These include whether, if/when and how to make:

In reality, many businesses make use of many different types of backup solutions at the same time.

Business continuity, backup decisions and disaster recovery

Accepting that disasters happen and you can plan how to maintain business continuity while you deal with them (using a disaster recovery plan) is an important step in safeguarding your business. Maintaining the ability to ensure that core functions and critical systems remain in place in the event of a disaster (business continuity) involves planning, an important part of which is the disaster recovery plan (DRP).  Creating this plan is usually an interdepartmental process which is often led by information technology.

RTO and RPO – linking backups to your DRP

There are two metrics you can use to help you to make data backup decisions that relate to your DRP.

The Recovery Time Objective (RTO): the recovery window/how long (time) the business realistically has to recover from a disaster before there are unacceptable consequences.

The Recovery Point Objective (RPO): how far back (the maximum tolerable period of time) your organisation needs to go in recovering data that may have been lost due to a disaster.

By working out these time periods (particularly RPO), it can help you to decide upon the frequency of backups, which backup methods are most suitable and preferable to you e.g. the need to go back longer periods may favour online backups, and businesses with large quantities of valuable historic data may struggle with a short RTO (which may require tiered data recovery).

In today’s business environment, it is worth bearing in mind that your customers are not likely to be very tolerant of downtime, so recovery windows now need to be as short as possible. Many businesses, therefore, simply opt for a daily backup.

Disaster recovery plan

At the heart of your business disaster recovery strategy should be the disaster recovery plan (DRP) which should provide step-by-step workable instructions to ensure a fast recovery.  A DRP should be tested and kept up to date to ensure that it will work in reality in the event of a disaster and typically includes elements like:

Putting the pieces together

The basic difference between a backup and disaster recovery, therefore, is that a backup is having a copy of your data and disaster recovery is the whole strategy to recover your business operations and essential IT environment in the event of a serious event e.g. cyber-attack, equipment failure, fire or flood.

Creating a DRP involves completing a risk assessment and business impact analysis in order to identify critical applications and services and it is from here that your business can then create its own tailored RTOs and RPOs which in turn will link to your backup strategy and cycles.

Backups are essential files that enable a full restore and as such are an important element of ongoing good practice and of your DRP, and your backup should relate strongly to the underlying strategy of disaster recovery.

One thing is certain about backup and disaster recovery which is that having no plan for either is planning to fail.