<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=352585001801011&amp;ev=PageView&amp;noscript=1">

Certain nonfederal organizations need to be compliant with the requirements laid out in NIST SP 800-171 by this deadline. Learn more

NIST Compliance - Are You Ready? 00 : 00 : 00 : 00
Blog Feature

By: Matt Kozloski

Print this Page

September 25th, 2017

How to Make Sure You Have Disaster-Ready Data Backups

Executive Consulting | BCDRaaS

Backing up your data is a necessity. There are simply too many ways in which data can be lost, ransomed, or compromised in some way. Your original information can get deleted - by accident or on purpose. Your system or network can fail. A hurricane or tornado can strike.  

That’s why you have another copy safe and sound. It’s why you also have a disaster recovery plan in place to make sure your data is safe. You do have a disaster recovery plan, right?


If you don't - click this link or the button below to learn about the essentials in a business continuity or disaster recovery plan.

How to Create an Effective Business Continuity/Disaster Recovery Plan


Many organizations assume all backup systems are the same. This is simply a fallacy. The way some recovery systems restore data lacks the complete measures you must take to ensure your data is restored completely and accurately.

A backup plan isn’t complete until it’s been tested for potential gaps or areas that need improvement. Yet, even when these measures are taken, many companies see their results and think they’re “good enough.” They may not pursue further improvements as technology, data, or regulations change.

Some companies may not know it, but without having a backup plan in place and tested, they may not be able to save their data in the event of a disaster.

What do you need to do to make sure your backups are disaster ready? What are some of the limitations of these backups? This post will discuss some best practices and potential problem areas in which you can improve your backup processes.

Backup Procedures Must be Flexible

Before we get into specifics, it’s important that you understand that your company is the greatest determining factor in how you should backup your data. Backup policies and procedures vary according to the needs and capabilities of your business. As with virtually every other component of organizational IT, data backups and their processes should be tailored to you.

Since your technology and business environment will undoubtedly change over time, you need to systematically review your organization’s backup and restore procedures. Comprehensive reviews are vital to ensure that your data is both secure and recoverable.

Delegate Tasks According to Your Backup Procedures

Who creates your backup policies? Who signs off on them? Who decides what information needs to be copied, and how frequently? Who actually monitors the backup process? If you need to restore your data, who do you call first?

All of these questions are key to ensuring your data is safe.

It’s important that there is someone at your organization that owns this process. This person may not perform the backup, but will be accountable for it and interface with your chosen platform. Some organizations prefer use a third party like Kelser for their backup, business continuity, and disaster recovery needs due to the simplicity, ease of use, and other benefits of using a trusted managed service provider. In this case, that person at your organization would interact directly with your managed service provider.

If the dedicated person at your organization isn’t available for whatever reason - make sure there is a backup in place. Disasters won’t wait for you, so make sure you are always prepared.

Establish a Set Backup Schedule

Choosing which data to back up is just as important as when and how it is performed. You should also determine how long different types of backups take to complete. While you may not need to backup all of your data every time, it’s important that you follow a rotating schedule.

A good determinant of when and how often you should backup your data is your recovery point objective – or RPO. As for the many types of backups, these can be conducted locally, remotely, in the cloud, and through other means. Here are four of the most common types:

  • Full backup – backs up everything, every time
  • Incremental backup – initially a full backup, then only backs up data that’s changed since the latest backup
  • Differential backup – similar to incremental, but each subsequent backup copies the data that’s changed since the last full backup
  • Synthetic backup–  initially a full backup, but files are modified/overwritten as new incremental backups occur

While these are the most common types of backup, they aren’t the only ones. For example, Kelser’s Managed Backup Solution is powered by Datto’s proprietary Inverse Chain TechnologyTM, which allows efficiently managed backups with fewer restrictions.

If you’re unsure which type of backup is best for your business, consult an expert.

Determining your recovery time objective – or RTO – should be the first thing that you do when determining how to approach backup systems. Your business requirements will determine this, and an expert can help you calculate it.

Based on your RTO, procedures can be put in place to help hit it. Run tests or drills and aim to hit your RTO. If you fall short, evaluate to see what can be done to meet it the next time.

Backup Testing

Testing your backup and disaster recovery plan gives you accurate timing expectations and lets you adjust your procedures, if needed. A good plan ensures effective and efficient recovery of lost data.

Even if your software shows your data is regularly backed up, performing a restoration can reveal any potential hardware malfunctions, corruption in the data, or maintenance issues. Run through a complete trial restoration of your files. Did everything restore properly? Simulate potential problems to see how your system reacts. Some backup systems do this periodically and automatically, but not all of them. Make sure you know which you have (or are looking for).

Lastly, making changes to your operating system can interfere with your backups. So it’s especially important that you test your backups after installing patches or other OS updates.

Compliance Concerns

Does your organization handle sensitive data subject to HIPAA? The healthcare act outlines specific backup and recovery requirements. All covered entities – including medical practices and business associates – must securely backup "retrievable exact copies of electronic protected health information." This article details the other specific requirements for backup and recovery.

Health information isn’t the only kind of data subject to regulations. NIST 800-171 outlines proper backup and recovery protocols for government contractors and subcontractors handling controlled unclassified information (CUI).

Protect your Data, Truly and Thoroughly

There is no cookie-cutter approach to backing up critical data. In the event of a disaster, you need a recovery plan that aligns with your business recovery requirements and budget. But not all data backups are disaster-ready.

With proper planning and testing, you can ensure the security of your data with safe backups. That may even mean working with a partner like Kelser that can manage your disaster recovery and business continuity for you. If you want to take that route – as many organizations do – don’t hesitate to speak with one of our experts.

What business-critical information are you putting at risk? Click the button below to view our suggestions when crafting an effective Business Continuity or Disaster Recovery Plan.

BCDR Ebook

About Matt Kozloski

Matt is the VP, Professional Services at Kelser as well as former leader of the CT VMUG. VCDX # 194, CISSP # 526947.

  • Connect with Matt Kozloski