We recently went through a new client acquisition that required us to use backups to install their new server because the old server was in the cloud far away. The process was pretty painful because the former IT company didn’t have proper backup systems in place. This made me think of some other issues we’ve encountered with backups for new clients over the years. It also reinforces our position on why every company needs Data Backup Testing on a regular basis.
Why Should You Test Your Backups?
The answer might seem simple, but if that’s true then why do so many IT providers fail to test backups regularly? Answer: because clients don’t know it should be required. I’ve witnessed dozens of disaster scenarios where a client was trusting their IT provider to manage the backups properly, but there was no reporting mechanism. Supervisors and Business Owners know that you can’t manage what do you don’t measure. This situation is no exception to that rule. At a minimum, every client should require monthly reports stating the integrity of the backups of their data. This report should explicitly show that the backups were restored – not just checked for integrity through built-in software.
What Does Backup Testing Look Like?
This answer may be slightly dependent upon the nature of your data system and the backup system used by your IT provider, but there are a few key components that should be universally observed:
- Multiple Layers of Backup: you should have at least two layers of backup – three if possible. That means you should have a local backup on-site for immediate restoration. You should have an off-site backup for total system failure recovery. Best practice would then replicate that off-site backup to a third location for catastrophic recovery.
- Monthly Remediation Testing: your IT provider should run a full restoration test of your backups each month. They should actually load the backups onto a virtual or physical machine and try to access the data. It’s time consuming, but the point of backups is to be the last line of defense so it’s absolutely necessary.
- Monthly Backup Reports: once you’ve built the system you have to execute the process. The only way to know that the process was executed properly is to report on it. Your IT company should provide a monthly report about the backup tests: how many were tested, how many failed, how long they took to restore, and so on. This will make them accountable during normal circumstances and prepared during a crises.
Backup systems can fail just like everything else. The only way to mitigate that risk is to constantly monitor and test the system. Don’t be content with a stock report from the backup software that says everything is good. Make your IT company do the remediation and you might just save your business in the process.