Business continuity and disaster recovery planning are vital business processes and yet they are often thought of as boxes that need ticking as quickly and cheaply as possible so that ‘more important’ issues can be discussed. Unfortunately, it’s usually only when a disaster occurs that proper business continuity and disaster recovery planning is appreciated. This is evident in the percentage of organisations that regularly test their DR and business continuity plans (widely reported to be under 50%). Its also one of the reasons that tape-based backup has persisted as long as it has. Despite being unreliable and usually no longer the cheapest option, it remains an accepted method of ticking the backup and DR box. The following information depicts the common pitfalls of tape backup and why it may be time for you to move to a more secure, reliable and probably more cost-effective alternative such as online backup.
1. Corruption and Exposure of Magnetic Media
Backup tapes are constructed using delicate magnetic media which is extremely susceptible to corruption and exposure. This is one of the reasons organisations use hard disk drives for primary storage. Whilst hard drives also rely on magnetic media, they are much more solidly built, being composed of rigid metal platters, permanently sealed in a metal enclosure. Tapes are instead a flimsy plastic ribbon, repeatedly rolled and unrolled in a plastic enclosure and exposed to dusty tape drive headers. Most systems that rely on magnetic media are designed to detect corrupted areas of the media, mark them “bad,” and not use them in future. However, once data has been saved to a tape, any exposure, whether it be in the form of a fingerprint, dust, dirt, sunlight, humidity or getting too close to a magnetized object for example, can result in the data on the tape becoming unusable. Unfortunately, you’ll be none the wiser until the time comes to try to restore that data and you find it’s corrupted.
One of the main causes of data security breaches is theft. There are several weak links that often lead to theft of data backup tapes. The first is when they are stored near the server or backup unit itself, as they can be easily taken by thieves. The second is that many organisations will have an employee take the tapes home for disaster recovery purposes which is inherently risky as the tapes can easily be lost, stolen or become damaged in transit. Thirdly, and by far the largest issue, is the risk of tapes being misplaced when transported to offsite storage locations by expensive third-party off-site data protection providers .
Tape backup regimes are notorious for difficult decentralised management. Often, tape backup software must be installed on each system that requires backing up, thus creating individual system vaults that are difficult to track and use during a restoration. Keeping track of backups from multiple libraries in multiple locations is very difficult as there is no centralised record of whether those backups have been successful or not, leading to an unreliable and unmanageable backup regime.
Tape backups are generally taken once a day and are then ideally transported offsite by a member of staff or third party, though in practise this can be done much less often. Provided a tape is off-sited once every day, the latest offsite backup can be 48 hours old at the time disaster is invoked. For most organisations, this is an unacceptable recovery point objective.
5.Time to Restore
Time taken to restore data is often grossly miscalculated by IT managers. In order to initiate a restore, a tape will have to be taken from the offsite location, returned to site and then manually restored by a technician. This process is lengthened due to the need to re-catalogue data sets and determine the correct tape(s) on which the required data lies. It may take days to get the correct tapes back to site to complete a restore procedure. A backup is often already 48 hours old before a restore has even been initiated. This time, plus the time it can take to actually restore the data, can result in companies being unable to operate for a considerable length of time which will have a huge operational and financial impact on the business. All of this assumes that the restore will actually work which is far from guaranteed.
6. Capacity Planning
Most organisations do not properly anticipate the size of the data backup system required when it is initially purchased due to the extreme difficulty in calculating data growth over the course of 3 years. This can result in an initial capital expenditure that becomes quickly outdated and new investment is required before a return on the initial investment has been achieved. It can equally result in spending far too much if data growth is overestimated.
7. A Backup for the Backup
When a major disaster happens, especially one that affects an entire region, you may believe your data to be safe and sound in an offsite storage facility many miles away. You may be able to get the backup tapes back in a few hours, but will you be able to restore the data from those tapes? If the backup unit itself was destroyed or damaged during the disaster, you will have to find a replacement unit prior to being able to restore the tapes. Often, a compatible backup unit is very difficult to procure, especially if the original was outdated and even if one can be sourced, tapes may not work, even if loaded onto an identical model tape drive.
Many backup strategies are employed without a clear knowledge of the real costs, which are rarely fully explored when looking at pricing. Tape is rarely the cheapest regime once all of the following have been accounted for: management time of backups, management time of restores, cost of media, cost of offsite media storage and retrieval, depreciation of hardware, depreciation of software, cost of software maintenance, cost of rackspace, cost of hardware maintenance, cost of cooling/powering hardware and finally the cost of the hardware and software itself.
Many organisations do not encrypt the data held on their backup tapes. The Data Protection Act states that organisations must have appropriate technical and organisational measures in place to prevent the data they hold being accidentally or deliberately compromised. Failure to ensure adequate security of data on tapes can lead to being in breach of The Data Protection Act. The Information Commissioner’s Office is tasked with enforcing the Data Protection Act and can fine companies up to £500,000 and/or prosecute individuals and organisations for basic breaches of legislation.
Redstor’s range of secure and encrypted cloud services are already protecting the data of over 10,000 organisations across the UK. Redstor’s Online Backup service ensures data is safely backed up offsite in an encrypted format. Our cloud sync and share service, Centrastor, enables organisations to store and share files securely online from any device with an Internet connection and our CentraStage service enables support providers to guarantee that devices they support are regularly audited, patched and safely up-to-date for effective endpoint management. Our Virtual Disaster Recovery service guarantees to have your systems up and running within minutes following a disaster. To find out more about our services and how we can help you comply with data protection laws and prevent data leakage, please contact us either by giving us a ring on 01189 515 200 or emailing [email protected].