Save It or Lose It - Don't Let Your Firm's Data be at Risk

It is impossible to think too much about protecting your data. If you are the business owner responsible for Information Technology or an IT professional, protecting data has to always be top of mind. Backup and recovery is not an area you can leave to chance. The January installment of this column spoke about alternative approaches and pitfalls of backup and recovery. The options are worthy of review if you are interested in backup and business continuity.

Data backup and recovery are integral to the security of your firm. Saving the right amount of data for the right amount of time and being able to recover the data in a timely fashion is important risk mitigation for a firm. We’d like your firm to recover from hardware failures in two hours or less and from catastrophic incidents, like a fire, in less than 72 hours. We also don’t want data saved beyond your normal retention policies.

One way to think about backup is to consider what you are willing to lose entirely and how long you are willing to be unable to operate. We can’t cover everything needed in a single column, but consider how long you can work without computing or your data. There are a myriad of solutions promoted: web based backup, backup appliances, running in cloud data centers, and more. The size of your organization often dictates your appetite for risk. What is your current position? What is your risk appetite?

 

Restore Time!

Think about your organization’s need to be able to operate. How much does it cost you per hour when your computer systems are not working? Run your own numbers, but consider the weighted cost per hour of your team members. Usually, calculations are done per hour. For our purposes, ten employees will be used since it is easy to multiply or divide for larger or smaller numbers. If your labor cost is $35/hour and benefits are about one third the hourly cost, then the hourly cost of down-time is approximately $50/hour x 10=$500/hour for every ten employees. One day of down time would cost the organization $500 x 8 or $4,000. If you believe your cost per hour per employee is different, substitute your real numbers into our illustration. However, when considering the cost of downtime you should always have in the back of your mind the hourly cost to the organization for down time.

Quick recovery, or a short restore time objective (RTO) minimizes downtime costs. Minimizing data loss or a short restore point objective (RPO) keeps work from having to be redone. A key advantage to backup appliances is the ability to copy data on a routine basis, typically every 15 minutes, and still have the ability to be substituted for the production hardware to run your application with a current copy of the data. You can read more about backup appliances at www.nmgi.com/netrescue/technology.html or speak directly to a business continuity professional. You do not have this ability with a web based backup or a cloud based service. If you have a local hardware failure, it could take hours or days to copy your data back to local hardware. If you are running in a pure cloud service, you are at that provider’s mercy to execute their own recovery process and to put you back in service. Cloud providers may have very skillful IT people, but may not be able to control a data center level outage caused by environmental factors beyond their control.

If you are a single location firm, your owners and their homes are probably in the same geography. Historically, you probably took tapes home or to a bank vault on a regular basis. You later switched to hard drives, which were probably not encrypted, and carried a few of these home to have a copy of your data “just in case.” All of these off-site methods simply provide a copy of your data that can be restored to computers for use. The applications themselves are rarely backed up in this scenario, and if the applications are backed up, they can’t easily be restored to dissimilar hardware. Recovery times should be expected to be 72 hours or more.

If you are a multi-location firm with offices in different geographies, you can use two backup appliances to maintain a copy of all of your data and applications. Likewise, you could create a much more complicated and expensive Storage Area Network (SAN) replication for continuous data backup. The Federal Emergency Management Agency (FEMA) recommends a separation of at least 70 miles between sites. Further consideration should be given to be in a different power grid (east/west/Texas) and locating your backup out of the geography when practical.

Cloud vendors guarantee their performance through Service Level Agreements (SLAs) which include the amount of allowable down time. Unfortunately, there are rarely provisions for extended outages other than refunds or waiving service fees. Few data centers are fully redundant (hot or active/active) because of the complexity and expense. Many providers try to portray that they have multiple data centers, but won’t disclose how they operate. Few publish the expected time of recovery in the event of a major outage. All of the major accounting profession providers are very active in this area, and you should contact the provider directly for their current statement of position on recovery.

 

Close to a Magic Formula

A key advantage to backup appliances is that they can work as virtual servers during hardware failures. In effect, the most common issue, hardware failures, can be addressed by simply making a decision, and starting up a virtual machine to run the application(s) using current data on the backup appliance. Since backup appliances back up data on a frequent basis (typically once every 15 minutes) and can back up from one backup appliance to another or into the cloud, you have a local solution that has protection with an off-site copy. If your cloud provider allows the option, you can do a reverse backup from the cloud to an appliance.

If you have a multi-site organization, you can backup in one location on a near continuous basis, and automatically have an off-site copy of your data every night. Wherever a backup appliance is running, one or more virtual machines can be started on the backup appliance, keeping your organization functioning in the face of a small or large scale disaster. For the investment in hardware, backup appliances may have the best value for the dollar spent in the technology industry. If a backup appliance saves your business, you will consider them priceless.

 

Randy Johnston is executive vice president and partner of K2 Enterprises and Network Management Group, Inc.

He is a nationally recognized educator, consultant and writer with over 30 years’ experience. He can be contacted at randy.johnston@cpapracticeadvisor.com.

Loading