Back in 1985, Ferris had no idea how true it was when he said, “Life moves pretty fast.” Especially in the world of IT. Technology that was amazing yesterday is outdated today. What we did before the Great Parcheesi (pre-March-2020) is pretty much old school now. Managing IT is a whole new world and, with that, our strategies and tactics have had to change dramatically.
It used to be simple. We had on-premises server(s) and a bunch of desktops. People stayed at work until they finished or dropped. Users simply weren’t mobile. Admins used various backup strategies that were some combination of:
- Full – includes all data
- Incremental – includes only data that has changed since the last backup
- Differential – includes all the data that has changed since the original backup
I still have nightmares about this one server that crashed and, wow, there was a LOT of tape swapping to get all the incremental backups restored. Ouch. Needless to say, we rewrote their backup strategy.
Keeping Up
Strategies have changed like everything else around technology. While some things in the IT Admin space have become more complicated, they have also in a weird way become simplified. It boggles the mind. The shift seems to be to make tech more intricate under the hood (good news for the job prospects in the dev space), which means that the world of admin becomes simpler. Not easier, simpler. Do not mistake simplicity for ease. We don’t need 10 admins to manage 500 computers anymore. Most management tasks have been simplified, often through automation.
But there are still tasks that require hands-on activity and, therefore, you need to staff in a way that takes these tasks into account. For example, backups – while mostly automated – still require some hand-holding. Admins know that backups should follow the 3-2-1 CISA-recommended methodology:
3 – Keep 3 copies of any important file: 1 primary and 2 backups.
2 – Keep the files on 2 different media types to protect against different types of hazards.
1 – Store 1 copy offsite (e.g., outside your home or business facility).
In other words – while we can use cloud backup services, that is not enough. While we use the cloud, smart admins don’t rely solely on the cloud for the safety of their data. That means that we still have to swap media in order to maintain safe and secure backups. Some trustworthy soul still has to transport backups offsite. I’ll say it again: while we use the cloud, smart admins don’t rely solely on the cloud for the safety of their data.
Since I Mentioned Media…
On my list of things I will never recommend again (but were useful in their time) are: optical storage and magnetic tape. I don’t see anyone really disagreeing with the optical storage statement. But the magnetic tape? Yeah, that may get some thumbs down from a few of you.
I will defend my position by saying that tape was terrific in its time. It was reasonably inexpensive media (even if the recording devices were ridiculously expensive) and easy to rotate for transfer offsite. While I did like the write-once restriction, heaven help you if your tape drive takes a holiday. A new device (even the same exact model) may or may not recognize your tapes and that became too much “if” for my comfort level. A backup is only good if you can restore from it (and restore it in a reasonable amount of time) – tape is just not enough of a guarantee for me.
Is Backup Still Necessary?
We know the risks – servers go down, sprinkler systems don’t work (or they do and that’s a different problem with the same result), and bad actors abound. Your data needs to be safe and secure. Your backups need to be regular, automated, and tested regularly. The benefits of a proper strategy far outweigh the risks.
And do you really want to risk your CEO’s new baby pictures getting lost?
You have to prepare for any data loss…whether it’s by carelessness, theft, accident, or intent. You need a plan. You need belts and suspenders.
Developing a Plan
While some use the term Backup Plan, others call it a Disaster Recovery Plan. But, really, a DRP includes more than just a plan to backup and restore data in case of emergency. It is broader in scope and includes other protections such as building and water security as well as people safety. I lack that broader experience so I’m going to stick to what I know – disaster avoidance for data.
Writing a Data Backup Plan from scratch is a daunting task. So it helps to have examples or templates to use. Thankfully, public education gives back. For example, UC Irvine puts their Data Backup and Recovery information online. Something like this can help you outline your document and can act as a springboard for developing your strategy.
Things that need to be addressed in your plan include (but are not limited to):
- Description of the Scope of the Plan
- What is the purpose of your plan
- What is included, generally, in your plan
- How often the plan will be reviewed
- Responsibilities
- Who is responsible for choosing solutions
- Who is responsible for creating the backups
- Who is responsible for monitoring the backups
- Who is responsible for testing the backups
- Who is responsible for the overall process
- Process
- How will the strategy be implemented (and when)
- How will this impact employees
- How will this impact your team
- Scenarios – a description of how employees will interact with your team should disaster strike.
- Theft
- Accident (fire, water, other destruction)
- Data deletion
- Ransomware
- Sabotage
- For each scenario define:
- who is affected
- what data is affected
- what is the expected response of your team
- what your team is doing to mitigate this possibility
The goal is to make your Backup Plan into a Disaster Avoidance Plan. While it can stand alone, ideally it should become part of your company’s larger Disaster Avoidance and Recovery Plan. Data is your domain. Protect it as much as possible.
Republished on 4/18/2023 – https://community.jumpcloud.com/t5/radical-admin-blog/creating-a-disaster-avoidance-plan/ba-p/2408