Data backup planning: 10 best practices for protection

A data backup plan needs to anticipate changes to the organization and possible threats. These best practices will help you tailor your plan according to your business's needs.

For most organizations, loss of business data could spell disaster. Possible outcomes include reputational damage, regulatory penalties, loss of competitive advantage and damage to customer service. Ultimately, it could mean the end of the business.

No business wants to lose data -- of any kind -- so it's essential that all relevant data and databases are protected. The most effective way to achieve that goal is to establish data backup planning procedures with secure technology that not only protects data, but enables it to be quickly and securely accessible.

Here are 10 best practices for optimizing data backup planning activities.

Establish data backup, data retention and data destruction policies. These three policies comprise the foundation of a secure data backup program. Policies are also essential when an audit is being conducted. Data backup translates to the process of identifying data to be backed up, the frequency and timing of backups, the tools and technology to be used for backups, and the process for accessing backed-up data. Data retention defines what data will be retained, the format in which the data is stored and the duration of the storage. Finally, data destruction defines what data is to be destroyed, when it takes place, and the process for destroying the data and the media on which it is stored.

Plan for dramatically increasing amounts of data. Regardless of what your current data storage requirements are, plan your backup needs on the basis that your capacity is likely to grow annually. Whatever storage resources you have in place now -- whether on-site or remote/cloud -- be sure you can scale quickly and cost-effectively if needed.

Ensure backed-up data is secure and protected from unauthorized access. We have seen far too many examples of cybersecurity breaches where large amounts of data are stolen or compromised. Whether data is stored on-site or remotely, ensure the resources needed for confidentiality, integrity and availability enable data to be protected from unauthorized access, prevent alterations or changes, and allow access anytime and from anywhere via secure technologies.

Build a backup environment composed of multiple elements. While many organizations still use on-site physical data storage arrangements, such as file servers, NAS and tape, the growth and acceptance of remote and cloud-based storage options are significant. Costs for remote storage make those options increasingly affordable, and assuming their security arrangements are robust, remote storage is a major best practice. The 3-2-1 Rule for data backup planning states there should be at least three copies of data available, stored on at least two storage devices and that at least one of those devices is located remotely. Major cloud storage providers, such as Amazon, IBM and Microsoft, offer an array of options and pricing plans.

Optimize backup plans and procedures to business requirements. It's simple to have a backup program that requires once-daily backups of incremental data changes and once-weekly backups of all data. But if your organization is subject to regulatory requirements, you may need to have a backup arrangement for the regulated data and another one for other business data. Some data may need to be backed up or replicated almost immediately, while other data can be backed up daily or even weekly. Your data backup program should be based on your business needs.

Back up all your operating environments. Today's businesses use a variety of operating environments. The key trend is to virtualize critical business operations. In such environments, it is essential that backup programs are powerful, cost-effective, secure and fast. Naturally, such environments have a cost associated with them. Take a close look at the total cost of ownership when conducting your data backup planning.

Consider tape backup. Sophisticated remote and cloud-based data backup services can be costly, whereas tape can be a cost-effective alternative, especially for data that is not needed daily or even hourly for business operations.

Employ a backup architecture that supports data compression and deduplication to reduce infrastructure needs. With ever-increasing volumes of data to be stored, consider arrangements to conserve storage requirements, such as data compression and deduplication. The cost for such technologies may help defer a major -- and costly -- investment in backup technology.

Implement fast and secure access to backed-up data. With the investments being made in backup infrastructures, a key component is to have technology that speeds up the ability to find and access data that has been backed up.

Test backup plans regularly. No matter how robust your backup strategy is or how much diversity is in place for storing data, it's still essential to test your backup plan, especially if a disaster has occurred. Just as a technology disaster recovery (DR) plan should be tested at least annually, so should your data backup plan. Ideally, the data backup planning element should be part of a DR test.

Dig Deeper on Data backup and recovery software

Disaster Recovery