Are your backup administrators people who are naturally paranoid?
What about your Data Protection Advocate?
What about the members of your Information Protection Advisory Council?
There’s healthy paranoia, and then there’s crazy paranoia. (Or as is trendy to say these days, “cray cray”.)
Being a facet of Information Lifecycle Protection, backup is about having healthy paranoia. It’s about behaving both as a cynic and a realist:
- The realist will understand that IT is not immune to failures, and
- The cynic will expect that cascading or difficult failures will occur.
Driven from a healthy sense of paranoia, part of the challenge of being involved in backup is an ability to plan for bad situations. If you’re involved in backup, you should be used to asking “But what if…?”
As I say in my book, backup is a game of risk vs cost:
- What’s the risk of X happening?
- What’s the cost of protecting against it?
- What’s the cost of not protecting against it?
Paranoia, in the backup game, is being able to quantify the types of risk and exposure the business has – item 1 in the above list. Ultimately, items 2 and 3 become business decisions, but item 1 is almost entirely the domain of the core backup participants.
As such, those involved in backup – the backup administrators, the DPA, the IPAC, need to be responsible for development and maintenance of a risk register. This should be a compilation of potential data loss (and potentially data availability loss*) situations, along with:
- Probabilities of the event occurring (potentially just as “High”, “Low”, etc.);
- Current mitigation techniques;
- Preferred or optimal mitigation techniques;
- Whether the risk is a primary risk (i.e., one that can happen in and of itself), or a secondary risk (i.e., can only happen after another failure);
- RPO and RTO.
This register then gets fed back first to the broader IT department to determine question two in the risk vs cost list (“What’s the cost of protecting against it?”), but following that, it gets fed back to the business as a whole to answer the third question in the risk vs cost list (“What’s the cost of not protecting against it?”).
Finally, it’s important to differentiate between healthy paranoia and paranoia:
- Healthy paranoia comes from acknowledging risks, prioritising their potential, and coming up with mitigation plans before deciding a response;
- Paranoia (or unhealthy paranoia) happens when risks are identified, but mitigation is attempted before the risk is formally evaluated.
A backup administrator, given carte blanche over the company budget, could spend all of it for 5 years and still not protect against every potential failure the company could ever conceivably have. That’s unhealthy paranoia. Healthy paranoia is correctly identifying and prioritising risk so as to provide maximum appropriate protection for the business within reasonable budgetary bounds.
* Arguably, data availability loss is a broader topic that should also have significant involvement by other technical teams and business groups.