Version 1.6.1
David Trew
Consulting Ltd
11 Backup and Archive Strategies
The enduring records of your organisations operations are the records and data created during those activities. As these records are the sole testimony of the quality of your products or services it is critical that they are retained in a manner so they are readily available should they be required. During an audit you should be able to produce data and records within thirty minutes, or 24 hours if the records and data are off site. Electronic records and data should be backed up in a manner that preserves their accuracy, completeness and integrity.
It is important to understand the differences between the terms backup and archive. For the purpose of this paper backup is used for short and medium term storage where there is a need for immediate recovery. Archive is concerned with long term storage and immediate recovery is not required.
11.1 Developing Your Backup Strategies
A backup strategy is a set of procedures that you prepare and implement to protect your important digital content from hard drive failures, virus attacks and other events or disasters.
The purpose of developing, establishing and maintaining backup processes are to be able to recover:
From data loss in all circumstances, such as hard drive failure, virus attacks, theft, accidental deletes or data entry errors, sabotage, fire, flood, earth quakes and other natural disasters.
To an earlier state, if necessary, because of data entry errors or accidental deletes.
As quickly as possible with minimum effort, cost and data loss.
In addition, an effective backup process should require minimum ongoing human interaction and maintenance after the initial setup. Therefore, it should be able to run automated or semi-
The first step in planning your backup strategy is to identify what needs to be backed up. In a regulated or accredited environment, you will almost certainly need to seek a comprehensive backup or all of your files associated with your organisation’s operations, in order to comply with regulatory requirements. In addition, this entails going through your documents, databases, and files, and identify which files and folders you need to include in your backup plan. As some of this content is irreplaceable, the backup strategy need to protect against all events. Therefore, a good backup strategy should employ a combination of local and offsite backups.
Local backups allow you to back up a huge amount of data at low cost, and are also useful for their fast restore speeds, allowing you to get back online in minimal time. Whereas offsite backups are needed for a wider scope of protection from major disasters or catastrophes not covered by local backups.
Another major consideration, when planning your backup policy, is how often you back up your data. Some folders are fairly static and do not require frequent backed up. Other folders are frequently updated and therefore should be backed up more frequently, such as once a day or more often. Your decision regarding the frequency of backup should be based on a worst case scenario. For example, if tragedy struck just before the next backup was scheduled to run, how much data would you lose since the last backup. How long would it take and how much would it cost to recover that lost data?
You would typically want to run your backups when there’s minimal usage on the computers, as backups may consume some computer resources that may affect performance. In addition, files that are open or in use may not get backed up. Scheduling backups to run after business hours is a good practice providing the computer is left on overnight. Backups will not normally run when the computer is in “sleep” or “hibernate mode”. Some backup software will run immediately upon boot up if it missed a scheduled backup the previous night. Since servers are usually left running 24 hours, overnight backups for servers are a good choice.
Another major consideration when developing your back up strategy is the type of backup. There a number of different backup types, and each has its own advantages and disadvantages. These will be discussed in more detail in Section 5.10.2.
A further major consideration is the type of storage media you wish to store your data on. There are several different types of available storage media which are discussed Section 5.10.3.
As part of your backup plan, you also need to decide if you want to apply any to your backups. For example, when backing up to an online service, you may want to apply compression to save on storage cost and upload bandwidth. You may also want to apply compression when backing up to storage devices with limited space like USB thumb drives.
If you are backing up particularly confidential data to an offsite service, you might wish to consider data encryption. Encryption is a good way to protect your content should it fall into malicious hands. When applying encryption, always maintain records of your encryption key in secure locations, such as in sealed envelopes in fireproof document safes. You will not be able to restore it without your encryption key or phrase.
A backup is only worth doing if it can be restored when you need it most. It is therefore critical that you periodically test your backup by attempting to restore it. Some backup utilities offer a validation option for your backups. While this is a welcome feature, it is still a good idea to periodically test your backup with an actual restore.
Simply copying and pasting files and folders to another drive would be considered a backup. However, the aim of a good backup plan is to set it up once and leave it to run on its own. You would check up on it occasionally but the backup strategy should not depend on your ongoing interaction for it to continue backing up. A good backup plan would incorporate the use of good quality, proven backup software utilities and backup services.
11.2 Types of Backup
There are a number of different backup types and this is a compilation of the most common types of backup with a brief explanation of their meaning, common examples, advantages and disadvantages of each backup type.
- A Full Backup is where all the selected files and folders will be backed up. When subsequent backups are run, all the files and will be backed up again. The advantage of this backup is restores are fast and easy as the complete list of files are stored each time. Full backups are useful for projects, databases or small websites where many different files(text, pictures, videos etc) are needed to make up the entire project and you may want to keep different versions of the project. The disadvantage is that each backup run is time consuming as the entire list of files is copied again. Also, full backups take up a lot more storage space when compared to other types of backups.
- Incremental Backup is a backup of all changes made since the last backup. With incremental backups, one full backup is done first and subsequent backup runs are just the changes made since the last backup. The result is a much faster backup then a full backup for each backup run. Storage space used is much less than a full backup and less then with differential backups. However, recoveries can be slower than with a full backup and a differential backup.
- Differential Backup is a backup of all changes made since the last full backup. With differential backups, one full backup is done first and subsequent backup runs are the changes made since the last full backup. The result is a much faster backup then a full backup for each backup run. Storage space used is much less than a full backup but more then with Incremental backups. However, recoveries are slower than with a full backup but usually faster than Incremental backups.
- Synthetic Full Backup is similar to an incremental backup where the incremental backups are combined with the existing full backup. The end result is a full backup that is indistinguishable from a full backup that has been created in the traditional way. This results in greatly reduced recovery times. As it doesn't require the backup operator to restore multiple tape sets as an incremental backup does. Synthetic full backups provide all of the advantages of a true full backup, but offer the decreased backup times and decrease bandwidth usage of an incremental backup.
- Full PC Backup or Full Computer Backup, in this type of backup an image of the hard drives of the computer is backed up rather than the individual files. With this type of backup, you can restore the computer hard drives to its exact state when the backup was done. Not only can the work documents, picture, videos and audio files be restored but the operating system, hardware drivers, system files, registry, programs, emails etc. are also be restored.
- A Local Backup is any kind of backup where the storage medium is kept close at hand or in the same building as the source. It could be a backup done on a second internal hard drive, an attached external hard drive, CD/ DVD –ROM or Network Attached Storage (NAS). Local backups protect digital content from hard drive failures and virus attacks. They also provide protection from accidental mistakes or deletes. Since the backups are always close at hand they are fast and convenient to restore.
- An Offsite Backup is when the backup storage media is kept at a different geographic location from the source, this is known as an offsite backup. The backup may be done locally at first but once the storage medium is brought to another location, it becomes an offsite backup. Examples of offsite backup include taking the backup media or hard drive home, to another office building or to a bank safe deposit box. In addition to the protection offered by local backups, offsite backups provide additional protection from theft, fire, floods and other natural disasters.
- Online Backup are ongoing or done continuously or frequently to a storage medium that is always connected to the source being backed up. Typically, the storage medium is located offsite and connected to the backup source by a network or Internet connection. It does not involve human intervention to plug in drives and storage media for backups to run. The storage data centres are located away from the source being backed up and the data is sent from the source to the storage data centre securely over the Internet. Although many commercial data centres now offer this as a subscription service to consumers, the customers may not have control over the management of the facilities within the data centre, such as configuration changes or upgrades which could have implications for those operating in a regulated or accredited environment.
- Remote Backups are a type of offsite backup where you can access, restore or administer the backups while located at another location. You do not need to be physically present at the backup storage facility to access the backups, but you do need to be able to electronically access the software to administer the backup. Online backups are usually considered remote backups as well.
- Cloud Backup is where data is backed up to a service or storage facility connected over the Internet. With the proper login credentials, that backup can then be accessed or restored from any other computer with Internet Access. However, as you do not have management control over the associated infrastructure this is probably not an option for those working in a regulated or accredited environment.
- FTP Backup is a kind of backup where the backup is done via FTP (File Transfer Protocol) over the Internet to an FTP Server. Typically, the FTP Server is located in a commercial data centre away from the source data being backed up. When the FTP server is located at a different location, this is another form of offsite backup. However, as with cloud backup unless you have management control over the associated infrastructure this is probably not an option for those working in a regulated or accredited environment.
11.2.1 Backup Media
Regardless of the repository model that is used, the data has to be stored on some data storage medium.
Magnetic tape is probably the oldest medium still commonly used for bulk storage, backup, archiving of data. However, as tape is a sequential access medium, access times may be poor, and the tape is vulnerable to damage if handled incorrectly.
Magnetic hard disks are a commonly used medium for bulk storage, backup, archiving of data. The main advantages of hard disk storage are low access times, availability, capacity and ease of use.[7] External disks can be connected via a range local interfaces or via longer distance technologies. Some disk-
Recordable CDs, DVDs, and Blu-
Solid state storage devices are convenient for short term backup up of relatively low data volumes. As a solid-
Remote backup services are gaining in popularity as broadband Internet access becomes more widespread. Backing up via the Internet to a remote location can protect against some scenarios such as, fires, floods, and earthquakes, which would destroy any backups in the immediate vicinity along with everything else. There are, however, a number of drawbacks to remote backup services. First, Internet connections are usually slower than local data storage devices. Residential broadband is especially problematic as routine backups must use an upstream link that's usually much slower than the downstream link used only occasionally to retrieve a file from backup. This tends to limit the use of such services to relatively small amounts of high value data. Secondly, if a third party service provider is used, users must trust it to maintain the privacy and integrity of their data. In addition, the user normally has no control over infrastructure management, such as changes to the configuration and upgrades. This may preclude the use of a third party service provider in a regulated or accredited environment. Ultimately the backup service must itself use one of the above methods so this could be seen as a more complex way of doing traditional backups.
Page
Page