Nope. Afraid Not. The terms backup, business continuity and (DR) disaster recovery are often misused and misunderstood when discussing the growing need to protect data and IT systems. As security breaches and high profile system failures become more commonplace, it is important to understand the differences.
Having a backup solution is not the same as having a business continuity system – equally, business continuity and DR are not the same. In basic terms, a backup is having a copy of your data; business continuity is the prevention of system downtime while DR is the strategy to recover your essential IT environment in the event that it is compromised or a complete disaster strikes at your place of work. If you don’t have strategies for each of these scenarios then your business could end up paying a heavy price.
Let’s take a look in more detail:
What is Backup?
A backup is a copy of your data on another device and/or in another location. Ideally performed on a daily basis, a copy of data committed to computer since the last backup is stored away from the original data location. Whilst most routines are performed daily, the frequency of backup should be determined by a company’s recovery point objective (RPO). That is to say, how far back in time is the business prepared to go to a data recovery point? If one hour of data loss is acceptable then backup should run every hour; if one day is acceptable then backups should run on a daily basis. More modern, off site data backup solutions should provide you with data integrity assurances, complete data protection and encryption and, for various compliance requirements (not least GDPR), should be stored in UK based locations away from your main business location. A solution should also be able to restore single files or folders from any point in time within a configurable retention policy. So if Document A became lost or corrupt 4 days ago, the version restore point from 5 days ago saves the day.
Older, more traditional tape and disk backups have a high failure rate (over half fail according to Gartner) and often rely on the most unreliable component of a backup routine – a human being is needed to run the backup, take the tape or disk off site and perform a restore, etc!
What is Business Continuity?
For many businesses, a reliable and secure off site backup plan is sufficient as a business continuity solution – however, this not only relies on the RPO but also the RTO (Recovery Time Objective). RTO = the amount of time a business is prepared to wait for normal business to resume and work to continue. If one day of complete business interruption is acceptable then maybe a daily backup routine is actually sufficient to satisfy both data backup and business continuity requirements.
If one hour of interruption is the maximum tolerated RTO for an organisation then a more sophisticated High Availability (HA) solution need to be considered. Computer A has a standby system (Computer B), so that if A fails, B takes over (after a period of failover) so that business can continue within the acceptable one hour period. Solutions available vary across levels of sophistication and data integrity guarantees. A HA solution should be able to guarantee zero data loss or corruption if the failover conditions are met. Furthermore, the recovery process back to a protected state once the failover on A has been resolved should be seamless, easy and again without any data loss or corruption.
For many organisations, HA solutions are not good enough any more. Those where people’s lives depend on the system, where secure access into restricted or sensitive environments need to be managed 24/7; where banking and financial systems rely on computer systems, etc then clearly HA (ie one hour of interruption) is not acceptable. These organisations require zero downtime and zero data loss no matter what – hence a fault tolerant (FT) approach is required. Options become limited at this level but a solution that simply ensures processing continues when a component, multiple component or even a full server fails should be considered. Such solutions adopt an ‘active/active’ approach to system resilience. That is to say anything occurring on computer A is also occurring on computer B AT THE SAME TIME. This is a much more sophisticated solution than HA, with no period of failover involved and true business continuity through system failure and restore back to a protected state.
What is Disaster Recovery?
Again, this all depends on the levels of RTO and RPO for an organisation. However, DR is much more about having a plan in place should disaster strike, as well as a robust technical solution to ensure computer systems are back up and running within an acceptable period of time. A fire or flood wiping out an entire office, factory, processing facility etc needs a robust contingency plan at every level. But having remote data, systems ready to deploy should the worst happen or, at the ultimate level, real time off site data synchronisation to computers ALREADY at the DR site or hosted in the cloud should be seriously considered. When DR conditions are met then the failure procedures need to sensibly match the RTO and RPO DR requirements. Whilst data integrity and data loss is very difficult to guarantee when a sudden complete workplace-wide failure occurs, a solution that minimises the disruption as much as possible needs to be considered.
Of course, each organisation’s requirements are unique to them. We are happy to engage with organisations who need assistance in identifying the complicated requirements and see through the often blurred lines of overlap between Backup, Business Continuity and DR strategies.
Learn more about Fault Tolerant Solutions
Learn more about our Disaster Recovery Solutions