How to Defuse Landmines in Your Backup and Recovery Strategy

Landmines in your backup and recovery strategy, really? Really. While we may think more today about the threats to our data due to some type of cyber incident, the reality is we may be more subject to some self-inflicted harm if we aren’t taking a holistic look at our data – all our data!

At this point in time, it’s likely some of your production data is still on-prem, while a majority of your data resides in both private and public cloud environments. With your production data in more than one place, what does that mean for your backup data? How many locations is it in? What is your strategy as it relates to all your backups?

Start by Examining Your Business Continuity Strategy

The answer for this, or at least the starting place to determine your answer, should reside in your risk assessment and business impact analysis. These two critical components of your business continuity strategy should dictate what your disaster recovery strategy and your approach to data backups should look like. Your critical and non-critical applications should be identified and prioritized. Each application should have a recovery point objective (RPO) and recovery time objective (RTO) determined. A backup solution should then be put in place (or adjusted if one already exists) that enables and aligns with these expectations. While a much longer conversation should be had, at this point at least ask yourself this – are the C-suite, business operations, and IT teams all on the same page when it comes to what this really looks like today?

Don't Fool Yourself – Are Your RPOs and RTOs in Sync?

World Backup Day was started by a vendor in the Disaster Recovery space and occurs on March 31 each year. It’s not a coincidence this important day is recognized the day before April 1, which most of us will recognize as another prominent day on the calendar. I’ve seen many situations where we’re simply trying to fool ourselves that, when it comes to backups, we have everything covered and nothing to worry about. The reality, though, is that many financial institutions don’t have their RPOs and RTOs in sync to allow effective recovery of all their data with minimal loss. Do you?

Ask yourself these questions:

• Where is my production data going that’s outside of our own walls?

  • If you answered “to the cloud,” which cloud and where?

    • How many times is your data replicated to other cloud locations and where are they?

• How is my data outside of our own walls being protected?

  • Encrypted, just in transit, or also at rest?

• How many iterations of our data do we have and where is it?

  • Seven days? 30 days? One year?

  • Once a day? Once an hour? More frequently than that?

• When I need our data, how long will it take to retrieve it?

  • Is there a cost associated with that retrieval?

• How frequently are we testing recovery to know that our data will perform as expected?

  • Once a quarter? Twice a year? Once a year?

    • Anything less than annually is non-compliant!

• What safeguards are in place with our cloud provider to protect our data?

• What independent information exists about my cloud provider or the technology they are using? (Think SOC reports and industry recognition.)

You Play a Key Role in Saving Your Data

Accountholders expect 24x7x365 access to their money, which is made available by 24x7x365 background access to their data. A sound backup and recovery strategy are critical to the availability of that data. So, perhaps we should think of every day as World Backup Day, as criminals are working around-the-clock to figure out how to wreak havoc on you and your accountholders. Yet those same accountholders are counting on you to play a key role in safeguarding that data. Are you up for the challenge?

Learn more about reducing risk and fraud at jackhenry.com.