Here are 10 Questions to Consider When Developing a Disaster Recovery Plan

Properly backing up your data in a secure manner is tantamount to keeping your cherished memories and important files stored safely..

Every year on March 31, ICT Pros around the world celebrate World Backup Day. In an age where there seems to be a holiday for just about anything, this one brings worldwide attention to backing up our data—something that affects most denizens of this planet to one degree or another.

The aim of the day is to focus on our responsibility as technology users to do the best job we can to care for our data by ensuring that we implement and follow a back-up plan for protecting the data we utilize daily.

Despite this level of awareness, it is mind-boggling how many issues are reported to IT regarding data loss from improperly backed up devices; and this includes those that were set up correctly but never tested to confirm backups being created were viable.

Don't let this happen to your data. Backing up data, or developing a disaster recovery plan (DRP) is simple as long as you take the time to answer a few questions regarding the types of data you'll back up, how much storage you'll use, the privacy/risk involved with the data, and ultimately the budget for protecting it all. This article's aim is to simplify the DRP creation process as much as possible and will continue in future articles and will tackle design and implementation elements.

Planning a disaster recovery plan

The easiest way to create a DRP is to ask yourself the questions below and answer honestly. Whether you're planning for a consumer-based client or SMB business, be upfront with your answers as they will steer you toward the best possible solution given your unique circumstances.

1. How many devices need to be backed up?

Providing an accurate count of the number of devices helps planning for total usage, including upfront and ongoing costs associated with equipment and/or service purchases, licenses, and to determine what types of devices will be backed up. An Android smartphone has hardware available (micro-SD) to allow for device-based backups, while an iPad is limited to a software-based solution, such as iCloud, for example.

2. What is the total storage space needed for all the backed up devices?

Total capacity is a required quantifier at least initially so that the correct service level or hard drive size may be purchased to meet the requirements of the devices being backed up.

3. What types of data will get backed up?

This question is a big deal, and the more regulated the environment, the more important this becomes. If the back-up plan is for an SMB with three users who predominantly utilize spreadsheets and PDFs when conducting work, the requirements for backing up these types of files will be much lower than a videographer that shoots/edits 4K video. By determining the data type, better decisions can be made as to which services and hardware will provide the best data protection.

4. What is the privacy level associated with the backed-up data?

No one knows the sensitivity level of your data better than you. Depending on how private this data may be, users may wish to opt for keeping their backups local (external hard drives) and in their hands (not on any type of cloud service). Cloud-based backups may be simpler to set up and maintain, but if your data must now sit on a system or device that you no longer control and that makes you uneasy than the cloud won't meet your needs.

A. Is any of the data bound by federal/country regulations or laws?

A follow-up to the above question and one which plays a significant role in identifying back-up options is if the data in question is regulated by law. Health records (HIPAA), financial documents (SOX), and personally identifiable data (GDPR), to name a few are all governed by strict laws—either at the federal or country level—that define how data that matches these types must be accessed end-to-end. Failure to abide by these regulations can lead to stiff penalties, including prison terms and excessive fines.

5. What is the level of risk (exposure) that you are comfortable with in having the data backed up?

If your data does not fall into a regulated field, but may or may not be deemed private, ask yourself how you would feel if any part of that data was exposed to the public. For some, especially those that use social media regularly, photographic data may not be much of a concern and would rate low on a risk assessment. However, what about the metadata, which is often attached to photos? This type of data embedded within photos can contain details such as the person's full name, what device created the media type, and even the latitude and longitude pinpointing exactly where the photo was taken. Consider this, and other risks when choosing back-up types and service providers.

SEE: Getting ready for the GDPR: An IT leader's guide (Tech Pro Research)

6. What kind of disaster(s) are you attempting to workaround with your back-up plan?

While the aim is to back up data. What exactly are you trying to protect against? Device failure, natural disaster(s), or do just want a duplicate of your files just in case? It is not uncommon for businesses to assess the risks of natural disasters, for example, especially if they live somewhere that a disaster could disrupt business continuity, such as areas known to be affected by hurricanes or earthquakes. Bear this in mind when planning your DRP, as disasters of this magnitude often disrupt other resources, such as utilities, which may inadvertently affect the options available to you when trying to recover data.

7. How quickly does backed-up data need to be recoverable, in the event of a disaster?

Are you just backing up data for your personal devices or does the plan entail getting your sales team on the job as quickly as possible after a disruptive event? Depending on the severity of the risk, the plan could change or may even develop several alternatives to account for multiple types of service disruptions. If your ISP is offline after a storm, for example, then restoring from cloud-based backups will not be the fastest option compared to local backups on external media. Always take into consideration the number of users, data, and extra circumstances that could prevent a recovery from occurring when the time is a concern.

8. In the event of a disaster does the backup require additional resources to recover data?

Like the preceding two questions, some back-up options will be more (or less) reliant on other resources when performing data recoveries. A NAS offers great back up and recoverability for a local environment and can typically handle multiple concurrent connections. It is also reliant on an external power source and a network connection to power on the device which transmits the data. If neither the power or network are immediately available after a disaster, consider alternatives to the plan and/or the resources to make sure it's available when you need it.

SEE: Information security policy template download (Tech Pro Research)

9. Who will be responsible for managing backups?

A very important question and one that continues to shift and evolve over time are if IT or users should be responsible for managing backups. This should be answered early on during the planning phase. The responsibility of managing backups needs to be identified if the best plan for protecting data is to be considered. Alongside other important bits of information such as device type, and whether the device will be mobile or connected locally, this helps to paint a picture of the typical use scenario and who is in the best position to ensure that the data is backed up regularly.

10. Who will be responsible for the costs associated with data backups and services?

Last, but certainly never least is the financial impact with choosing hardware and/or services to aid in data backups. Typically, IT will implement a managed solution for its company-owned devices, considering any/all expenses in supporting that solution. However, every environment is unique and with BYOD initiatives and remote workforces growing, the bottom line often dictates what type of protection will be utilized.

All operating systems have their own built-in mechanisms that work to back up data. What's most important is that the data is securely backed up and said backups are tested to make sure they'll work if—and when—they're needed.

For more, please follow me on Twitter @johnniefellix