8 Must-ask Questions for a Robust Backup Strategy

Becky Lawlor

Companies that don’t have a data backup and recovery strategy risk data loss with potentially catastrophic consequences to their businesses. They can face extended downtime, loss of revenue, and a decline in customer trust. However, organizations struggle to balance the necessities of data protection with the required time and budget investments.

Eighty-five percent of IT leaders say they predict their company’s data protection budgets will increase. Those who expect increases say budgets will likely grow by an average of 8.3% over the previous year’s spending.1 

To get the most out of your investments, it’s important to develop a backup and recovery strategy. Begin your planning by answering these eight questions. 

1: What kinds of data do we need to protect?
Important data to back up includes proprietary information, customer data, employee data, internal processes, finances and billing, communications, and project data. These types of data can reside within files, applications, databases, containers, servers, hardware, and elsewhere. Understanding and categorizing your data will help you establish your data backup and recovery priorities.

One of the challenges with data protection is that your data is likely to be in a variety of locations. The cloud can help by centralizing data and backups. Many aspects of organizational infrastructure are moving to the cloud because it’s easier to manage.

The ability to support modern work in the cloud is a top consideration for IT leaders and managers looking at enterprise backup solutions. For 15%, it’s the most important feature.1 Cloud-hosted environments can include software as a service (SaaS), platform as a service (PaaS), and infrastructure as a service (IaaS). Cloud solutions also offer the added benefit of protecting data from on-site disasters and attacks.

2: What is our recovery point objective?
Your recovery point objective (RPO) is the point at which you have backed up enough data to get back to business in case of an interruption. Once you know how much lost data is acceptable, you can decide whether you need to back up data daily, hourly, or at some other frequency.

You need this information to establish the correct frequency for your backups, so you don’t lose critical data in an incident. Without knowing your RPO, there could be an unacceptable gap between your last backup and the data loss.

3: What is our recovery time objective?
Your recovery time objective (RTO) is the amount of time it will take you to adequately recover data and systems to have your business up and running.

Without the ability to meet recovery time objectives, your company can’t get back to business and may suffer from revenue loss. Most IT and data center outages cost organizations more than $100,000.2 Extended downtime can also impact your productivity, customer satisfaction, bottom line, and long-term business success.

4: Is there data that requires high availability?
Depending on your industry, type of work, and types of data, you may have data that you want available to always access–or as close to that as possible. Many organizations strive for 99.9999% availability—a goal that’s as close to perfect as many systems will get.

Your data protection plan will need to include redundancy safeguards as well as a limit or eliminate interruptions needed for backups. There are costs to achieving redundancy and high availability, so it doesn’t make financial sense for most organizations to designate all their data as high availability.

5: How long do we need to retain data?
Decide how long you want to keep backup data. Determine what is required by law for your industry and for your types of data. Establishing a documented internal retention policy will help you meet regulatory commitments and protect your company from liability.

While you want to save backups of all the data you need, unnecessary backups and copies take up valuable space and resources. However, if you hold on to data too long, you waste time and money by backing up unnecessary data.

6: Is our data clean?
Unclean data may be corrupted, duplicated, inaccurate, incomplete, or unnecessary. If you’re working with data that has errors, you’ll back up those errors. Analyzing bad data can lead to faulty decision-making, and duplicate data is a waste of storage.

You can scrub data by deleting or correcting it as necessary. This may mean clearing formatting, adding missing values, or replacing data with the last clean version.

7: Who will oversee data backup and recovery?
Determine who is responsible for backup and recovery processes. These responsibilities include backup scheduling, testing, compliance, management, and triggering the incident response plan. You can decide whether you want to do this internally or hire a service provider. Different cloud environments also operate under shared responsibility models. This means everyone from data service providers to IT managers to users share in the responsibilities for data. A backup as a service (BaaS) provider can take a lot of responsibility off the plate of busy IT teams.

8: What is immutable storage and do we need it?
Cyber criminals tried to attack 93% of backup repositories in their ransomware efforts, and they affected 75% of those.3 Immutable backup storage protects data that you can’t afford to lose in the case of ransomware, power outage, system failure, natural disaster, human error, power outages, or something else.

It provides a copy of data that cannot be altered, overwritten, or deleted, and should be one of your copies, according to the 3-2-1 rule. That standard means making sure you have three copies of data in two media types, one of which is offsite.

Formulating Your Backup and Recovery Strategy

By delving into these critical questions, you’re not only identifying potential data protection risks, but gaining a deeper understanding of your specific business needs. This will enable you to implement tailored processes and solutions that align with your overall needs and objectives.

As data volume increases and infrastructures become more complex, choosing a managed BaaS provider is becoming an increasingly popular choice for many companies. Industry experts predict the BaaS market will grow by $32.78 billion by 2028.4 Embracing BaaS and disaster recovery as a service (DRaaS) offerings can streamline data backup and recovery and liberate your team to focus on higher-level IT priorities. These services also improve cost efficiency because they scale with you—and you don’t pay for tools or storage you don’t need.

If you need help answering any of these questions or getting started on your backup and recovery strategy, Connection’s cloud and data center services can help. Reach out to your Account Team for more information.

2 Uptime Institute, 2023,  Annual Outage Analysis 2023
4 TechNavio, 2023, Backup-as-a-Service (BaaS) Market Analysis

Becky Lawlor has been covering the convergence of business and technology for over a decade. Her writing focuses on emerging trends in big data, IoT, AI, mobility, cyber security, cloud computing, and more. She especially enjoys examining how these technologies are impacting critical business and public sectors such as healthcare, education, government, and retail. You can find more of her writing and insights on Twitter @lawlor_becky.