Everyone is familiar with the idiom, “it’s better to be safe than sorry.” It’s a good general rule to operate under, and that is certainly the case when it comes to the safety of your data. Whether it’s the files that make up your website or a database with sensitive information, it’s critical to your operations that there is always some way to restore your data so that you don’t suffer from excessive downtime, or worse, be noncompliant with certain regulatory agencies depending on the industry you operate in. Yes, your backup solutions, or lack thereof, could be putting you at risk of being in violation of some laws.
If your business operates within the healthcare industry and creates electronic medical records, there are specific requirements in place regarding not only the storage of EMRs but also where you back up these records. These requirements can be found in the HIPAA Security Final Rule: the Data Backup and Disaster Recovery Specifications and are an important consideration in HIPAA-compliant hosting, which Atlantic.Net provides. There are certain backup elements that must meet contingency plan standards.
As you can see, recovery plans aren’t just good practice. In some instances, they are required and are enforced with monetary penalties. There are several kinds of recovery options and it’s important to understand the difference between them all so that your data is saved through redundancy and so that you are in compliance with regulations. Here are some main points you should be aware of when securing your data within a recovery plan.
Safety, Redundancy & Backups
A “backup” is a broad term that can be used to describe a variety of solutions. The first type of backup that generally comes to mind is a full backup. It creates a copy of all the files and folders selected for easy implementation should the need for a backup arise. This is convenient, but you run the risk of duplication and long backup times.
There are also snapshots. A snapshot isn’t as large as a full backup and better avoids scenarios where there could be data corruption because new writes are being made to data while it’s backing up during the process of a full backup. A snapshot is a read-only copy of system data made during a specific moment in time. This is lighter on system resources and acts as a safe alternative to complement regular full backups.
An incremental backup will save all changes made since the last full backup. While recovery time is slower compared to a full-time backup, it’s more efficient as a secondary backup solution. This reduces possible duplications that can happen with repeated full backups. As an alternative to doing a full backup every day (or even, every week) and incremental backup fills in the gaps to ensure that your saved data is up to date.
While there are many different kinds of backups, the location of your backups is just as important as the type. For the safety of your organization, it’s important to make sure all of your backups aren’t local and are kept in multiple locations.
Offsite backups, in particular, are a necessity because in the event of a physical threat, like a major hardware failure, accident, or natural disaster, you’ll need to be able to retrieve your information. If all of your backups are local, whether that be on the same machine as your database or just the same facility, you are exposing yourself to a loss that may be impossible to recover from.
Offsite backups can appear in a few different forms. One is quite literally making a local backup on a disk and then delivering it to another geographic location. While it is ensured you have a backup made if you do it locally, the due diligence required to make sure the media is physically being delivered to wherever it is being stored may be considered a hindrance.
Of course, the other possibility is to perform the backup over the network and have it downloaded at another location. This also negates the possibility of the physical media failing as it’s transported. Regardless of the solution chosen, offsite backups are a must regardless of the industry you’re in. PCI standard 9.5.1 requires companies to “Store media backups in a secure location, preferably an off-site facility, such as an alternate or backup site.” Offsite backups should always be used to complement whatever local, quickly deployable backup solution you’re using. They are also a key part of a company’s business continuity strategy and disaster recovery plan.
Business continuity and disaster recovery
Business continuity in the face of a major disruptive event can make the difference between a business that thrives and one that fails. The combination of data loss and downtime costs businesses an exorbitant amount of money. According to a study conducted by EMC Corporation and Vanson Bourne, that combination costs businesses around the world about 1.7 trillion dollars per year. Business continuity affects the structure of your organization as a whole, but your disaster recovery plan specifically should be data-focused to mitigate damage.
Redundant backups are an integral piece of a wider disaster recovery plan. Disaster recovery will look different depending on the specifics of your firm, but essentially you must plan for ways to work around the loss of a major component of your IT set up. Typically this takes the form of a piece of hardware failing, if not a facility. However, it could also be a loss of connectivity due to a natural disaster, being cut off from where your data is housed, or software becoming corrupt. Regardless of the actual cause of a catastrophic event, a broad strategy must be in place to allow your business to resume functionality with a minimum of downtime.
Access to your data will be critical in the immediate aftermath of a disaster. That’s why backup redundancy, including multiple offsite backups, is an investment every business should make. Whether you have multiple locations, plan on using an IT “hot site” or whatever other solution you put in place in your disaster recovery plan, having physical media or a cloud backup accessible to restore your data from will be one of the first steps following an event.
It’s necessary to have a variety of backups made and stored in several locations for the continued success of your business as well as any legal or regulatory issues that may arise.
Atlantic.Net: Your Backup Experts
Having multiple backups in a variety of locations is essential for any kind of organization. That’s why Atlantic.Net offers different backup solutions with our hosting plans. Our Cloud Servers backup daily and can be retrieved within moments should you need to revert to a backup due to an issue. It’s important to note, however, that one location is provided for these backups. Therefore, it’s strongly advised you still seek out a remote location for additional backups. Remember, it’s best to have this backup location in an entirely different geographic area from your base of operations as Delta Airlines, unfortunately, learned the hard way.
Handling sensitive data is a big responsibility and you need the right solutions to protect it, which is why we encourage you to the contact the team at Atlantic.Net should you have any issues related to your data recovery or hosting solution in general. Partner with Atlantic.Net to minimize data loss and have peace of mind knowing your information resides on industry-leading infrastructure.
Atlantic.Net’s robust architecture, redundant connectivity, and secure PCI compliant hosting will ensure superior delivery and support for your applications.