Data Protection FAQ

This is a crucial part of any organization because it sets up what to do should a disaster occur.  This can be as simple as recovering a single system or should a major disaster occur (complete loss of primary infrastructure), be able to bring everything up at another location.  The plan helps to make all this possible while making sure that the business can continue to run with the minimum of downtime.  Without a plan in place, critical systems could be missed or misconfigured making for loss of critical data or missing time to recovery costing money. 

DR in the cloud offers much more flexibility than customers using a datacenter DR site.  They can scale from single to multiple regions depending on where their data is located and only pay for the services they need when used.  Customer can also choose multiple public cloud vendors to run DR in as well keeping the points of failure to minimum.

Yes, especially for backup.  Backup software should have at a minimum these three items: Immutability of data (data that can be written too once then read only afterwards).  This is extremely important because the data is safe from any ransomware trying to write to it.  However, it can get large in a hurry costing a lot in extra storage.  Therefore, a proper plan is needed to understand the retention of data to an immutability layer.  This may involve local and remote copies including cloud.  Secondly, backup software should have sophisticated scanning/identifying implemented within it which allows the ability to find anomalies trying to write to data which could be malware.  This may involve a series of honeypot files which backup software uses to look for changes to data and machine learning looking for anomalies within the systems and data. This will keep the attack surface to a minimum at the target backup location.  Third, hardening of the backup user account throughout the systems.  This keeps only a minimum with the ability to write to a data target while keeping every other user out.  

This often varies per asset.  The most critical of your assets (databases, applications...) may require daily testing whereas less used systems may only need to be tested quarterly or annually depending on criticality.  This is why it is very important to get an assessment created to look at your data and make the proper adjustments as to criticalness of testing restores.

RTO – Recovery Time Objective – If something happens to your data, this is the amount of time it takes to get it back online.  In other words, your downtime.  This goes back to a good plan to make sure the most critical to least critical of data is properly accounted for and recovered to meet the amount of downtime allocated.

RPO – Recovery Point Objective – How much data can you afford to lose since your last backup.  As in RTO, a proper plan needs to be created which sets the most critical of data to minimum data loss.  Typically, critical databases where only a small amount of data loss can occur will need between 1-15 minute backup points.  Least used systems may possibly be able to sustain a daily loss of data so a backup once per day is fine.  The disaster recovery plan is crucial for both RTO and RPO creation for systems.

Data replication makes sure you have the exact same copy at the point in time of replication at another site.  This is not a backup however since malware can be replicated as well.  Backups allow for a point in time copy of the data to be stored at another location (storage target).  Backups are a copy of the data which is malware free and can be brought back at that point in time should a system be corrupted.  

At the minimum backup to at least 2 separate places must be done (on-site and off-site).  However, to ensure proper recovery should errors or other unforseen problems occur, it is best to have at least 3 copies of the data (one on-site for quick recovery, one offsite for long term and one with immutability of the data or tape storage (air-gapped).  For a true DR experience a full site at the ready with both backup and replicated data can be used to reduce downtime by having an entire like infrastructure ready to go.  Testing of DR is also critical to verify DR is ready to go should it be needed.

This depends on the needs and costs of the customer.  A plan is needed to ensure RTO/RPO is followed along with retention periods of data.  This may mean local, DR datacenter, public cloud and/or offsite tape copies depending on what the plan states.  Along with backup of data a proper DR strategy must be accounted for to determine if all systems must be able to come quickly or to meet downtime periods according to the plan.