Over at The Daily WTF, there’s a story at the moment about a company that went out of business due to a developer deleting the company database for which there were no backups. Lamentably, this is still a common story. Oh, in many cases backups may actually be taken, but it’s still the case that we see situations such as:
- Backups are never taken off-site,
or
- Backups are never even taken out of a tape drive (i.e., constantly overwritten),
or
- Backups are never checked.
My book is titled Enterprise Systems Backup and Recovery: A Corporate Insurance Policy. That’s how much backup, to me, represents insurance. It’s the level of insurance necessary for any business to survive a disaster.
Failing to treat backup as insurance is unfortunately still familiar. The ever obvious-stating Gartner is frequently quoted as saying that one in three companies hit by a disaster will be unprepared and lose critical data.
I’d like to hope that within my career we’ll see that percentage shrink considerably – one in three is an unacceptably high number. One in a hundred might be more acceptable, but realistically, one in twenty would be a good number to start aiming for.
How do we aim for such an improvement? It’s remarkably simple, and comes from a few basic rules:
- Backup is insurance, it’s not an IT process.
- Backup requires buy-in from all aspects of a company.
- Backup budget is sourced from the entire company, not the IT budget.
- Company policies should prohibit deployment of new systems without a backup/recovery policy.
A good backup system comprises no more than 50% IT infrastructure and operations. The rest stems from policies, procedures, planning and awareness. Paraphrasing what I state in the introduction to my book, having backup software does not mean you have a backup system.