So, what should you look for when choosing a company or service to backup and secure your data offsite? Who can you trust to not only keep your data safe, but also to be there when you need to recover it?
Unfortunately, this is not an easy choice. There are literally hundreds of companies offering backup devices, software and services because they see it as an easy way to make a quick buck. As you would expect, not all service providers are created equal, and you want to make sure you choose a good, reliable vendor or you’ll get burned by hidden fees, unexpected “gotchas,” difficult and slow recovery of your data or by the horrible discovery that your data wasn’t even being backed up properly, leaving you high and dry when you need it most. Here are 12 things we recommend looking for:
1. Production-Grade, SAS 70 Data Center. One of the first things you need to ask your IT person is, “Where will my data be stored?” After all, we are talking about your financial information, client data, and other sensitive information about your company! What you DON’T want is for them to keep your data at a rack in their office that is not designed to be a high-availability data center. A TRUE data center will be 100% dedicated to hosting data and should have:
- Redundant power sources and generators
- High-level, on-site building security
- Redundant Internet access
- SAS 70 certification
The term “SAS 70″ (Statement on Auditing Standards No. 70) refers to an official document issued by the Auditing Standards Board of the American Institute of Certified Public Accountants (AICPA). The AICPA sets out the auditing standards for data centers and issues this document to show that the data center is doing what they are promising in the areas of security and availability.
2. Bare metal imaging. This is important to ensure a quick restoration of your data and IT operations. A “bare metal” image is simply a snapshot of your server and all the data on it. That snapshot can then be copied to another server or “virtualized” (put on a server online), often within 1 hour. Without this type of backup, you would have to:
- Locate all your software disks and keys
- Re-install the operating system
- Re-install all applications
- Re-install the data
- Re-configure the settings
This process could take anywhere from one to two days; even longer if you don’t actually HAVE your software discs and keys. A bare metal image eliminates this delay.
3. The ability to recover data FAST. An EXTREMELY important question to ask is, “If my server crashes beyond repair, how do we get our data back?” You do NOT want Internet download to be your only option for recovering data from the cloud because it could take days or weeks. At a minimum you should be able to get an overnight copy of your data on a physical disk or device – but ideally you should have instant access to a bare metal image so that a new or makeshift server can be set up within an hour, allowing you to keep working (see above).
4. Continuous backup. Another feature to look for is ongoing or “continuous” backup versus a nightly backup. This allows you to restore a file that you worked all morning on and saved right before the server crashed in the late afternoon.
5. Multiple data centers that are geographically dispersed. Anyone versed in data security knows the best way to avoid loss is to build redundancy into your operations. All that means is that your remote backup service should store multiple copies of your data in more than one location. That way, if a terrorist attack, city-wide power outage or natural disaster destroys one of their locations, they have backups of your backup in a different city where the disaster did not strike.
6. The INITIAL backup should be to a local, physical device. Trying to transfer all the data online could take days (possible weeks) and cause your Internet connection and systems to drag. If you have a large amount of data to backup, ask your provider how the initial backup is created.
7. Make sure your data can be restored to a different computer than the one it was backed up from. Amazingly, some backups can only be restored to the same computer they came from. If the original computer was damaged in a fire, stolen, or destroyed in a flood, you’re left without a backup.
8. The ability to “virtualize” your server. This is a fancy term for putting your server online so that you and your staff can work remotely if necessary. This option would be important if your building was destroyed or if your area was evacuated.
9. Demand a local “spare” server and backup. Most server crashes are due to hardware failure, not natural disasters. Therefore, you should have an onsite, local backup server as a failover device if your main server dies. This local server also makes it much easier to retrieve a file or folder than trying to pull it down from the Internet (see #3).
10. Demand daily status reports of your backup. All backup services should send you a daily e-mail to verify if your backup actually ran AND to report failures or problems. The more professional providers should also allow you to notify more than one person (like a technician or your IT person) in addition to yourself.
11. Demand LIVE monitoring by a qualified technician. Many online backup services are “self-serve,” which allows them to provide a cheaper service to you. BUT backups are not “set it and forget it” processes so don’t settle for an “automated” monitoring service. All too often problems happen with backups that require someone who knows what they’re doing to investigate the problem and resolve it. Otherwise, you simply have an alarm system that no one responds to.
Plus, if you need to recover your data, you want to be able to call and talk to someone who can help you, especially if it’s a major disaster. If you’re using a cheap online backup service or a company that doesn’t offer live monitoring, you’ll be stuck trying to recover your data on your own, wasting tons of time and possibly not being able to get back up and running for days.
12. Demand a written IT disaster recovery plan. This shows YOU that they have a plan in place for restoring your data and that they won’t be scrambling to figure it out when disaster strikes. As the saying goes, “by failing to plan you’re planning to fail.” A written report shows you that they have thought the process though and know what to do in the event of a disaster.