Do you know the difference between backup and disaster recovery?
Data Backup and Disaster Recovery are not the same thing. Lately, we have been having this very discussion at multiple client sites. So much so, that I decided to explain here. The biggest misconception we have been hearing is that a company has been performing routine backups of their data and has therefore been following a disaster recovery plan. This is not true at all. Data backup is essentially the copying of your data to another medium. The purpose of this process is to provide recovery of missing data in a timely fashion. This is not disaster recovery. A disaster recovery plan is a documented process that has been put in place to resolve catastrophic events that could endanger an organization. In essence, data backup is considered a part of the disaster recovery plan/process, but nowhere near the entire concept.
Let’s take a closer look at data backup.
When we perform data backup, we are copying our existing data and putting the copy on a highly accessible medium. It has to be highly accessible in case we need to recover some of that data in a timely fashion. We archive that data over time so we can recover much older data. How far back we archive the data is usually governed by a compliance policy. An important step in protecting our data is to have the copies taken off-site. This way, if anything happens locally, data we can rebuild from is still on a medium in another location. Here is where we start getting into disaster recovery. Backing up the data is very important. Making sure we can use the backup to recover is another thing. Most organizations have backups that they perform consistently. However, how many of those organizations have actually tried to recover using a backup? Great, we have a backup of a server’s operating system, applications, and data. Has anyone tried to rebuild from that backup? If not, how do we know the backup is viable? There are a number of recorded incidents where qualified organizations needed to recover from a situation only to find out the backup they have been doing for years has had issues that have made it impossible to recover data previously thought to be safe. The success of our backups requires planning and testing. This is where our backups become part of the broader disaster recovery plan.
Now, let’s take a look at Disaster recovery.
Disaster recovery is the process required for an organization to come back from a catastrophic event. A disaster recovery plan is the documented instructions, processes, and proven methods on how to achieve that goal. Disaster recovery incorporates facilities, resources, and personnel needed to recover from a severe situation an organization could face. In planning for the big picture, the departments in an organization plan for how they are going to recover. What if a facility in an organization is leveled? What does the organization need to do to continue operations? That is disaster recovery planning.
Let’s bring it back down to the IT level.
What if the facility that got leveled housed the organizations main computing infrastructure? Yes, we have backups of our data. We even have that data offsite. But now, we do not have the original site to recover the data to. This is why we need a disaster recovery plan for the IT department. Besides from backing up data, we need to replicate it. We need a location to replicate to. If we lose our main systems permanently, do we have other systems available to recover to? If not, how can we acquire those systems in a timely manner? Where are these systems going to be located? Who are the primary people we are going to need to perform the tasks to recover these systems? If they are not available, who can be substituted? Do we have documentation on how to recover these systems? Have we tested in the past that the recovery documentation actually works? This is disaster recovery and disaster recovery planning.
We have performed a backup. We have protected the data by taking backup media to a different secure location. Or, we used replication to get a copy of the data to another secure site. The copy we have can be used to recover portions of the data when needed. That is the purpose of performing a backup. A plan in place that documents the proven steps needed to restore that copy of the data, the personnel needed to enact the plan, the facility and its level of preparation for an emergency, and the requirements to gather the resources needed. That is disaster recovery.
I hope that helps. As always, please feel free to post any questions or comments below or reach me directly by email.
Craig R. Kalty (CCIA, CCEE, CCA, MCITP:EA, MCITP:SA, VCP)
| Sr. Network Consultant firstname.lastname@example.org
©2015 Custom Systems Corporation