Archive & Data Protection

    All About Backup and Disaster Recovery

    Data backup and disaster recovery can help your business prepare for the worst.

    by Mercedes Cardona

    Key Points

    • Data backup is standard operating procedure for business continuity.
    • But you also need solid disaster recovery capabilities.
    • Modern realities from remote work to ransomware are driving home this dual mandate.


    We all hear the constant reminder to “back up your data.” And if your organization is concerned about business continuity, keeping a copy of all your records somewhere safe can help. But it doesn’t insure against business disruption. Without disaster recovery capabilities, data backup has limited use.

    What is Backup and Disaster Recovery?  

    Data backup is not the same as disaster recovery.

    • Data backup makes a copy of your emails, files and other data and stores it for safekeeping — whether in the cloud, in hardware on your company’s premises, or in some hybrid of the two.
    • Disaster recovery is your ability to pull that data up — clean and ready to go — and restore it without corruption so you can get back to work.

    Data backup and disaster recovery can be independent yet complementary. A backup copy may be adequate for handling smaller cases of accidental deletion of data by users or data corruption by apps. But you need a disaster recovery plan for more catastrophic incidents such as cyberattacks, natural disasters and major technical failures, which could require wholesale duplication of data or even switching to another data center. The current wave of ransomware attacks makes disaster recovery more important than ever.

    “Disaster recovery is at a very severe end of the spectrum and something you hope you never have to utilize. It's like the axe behind the glass panel,” said Garth Landers, Mimecast’s director of product marketing. “Backup is like a fire alarm. It could be used more frequently. Data loss is a part of everyday life.”

    Disaster recovery planning involves steps including:[i]

    • Inventory of your company’s hardware, software, cloud services and data
    • Identification of disaster recovery priorities
    • Setup of backup and recovery facilities and tools
    • Establishment of disaster recovery triggers and procedures
    • Delegation of roles in the event of a disaster
    • Documentation of communications protocols
    • Testing and periodic updating of the plan

    Importance of Backup and Disaster Recovery

    Imagine that you arrive at the office one morning and all of your organization’s data is gone. Now imagine that you have made absolutely no preparations for this disastrous scenario. While this is most likely an extremely unlikely situation for any modern enterprise, imaging such a scenario can give you quick insight into the reasons why data backup and disaster recover planning is important.

    Proper data backup and disaster recover planning:

    • Prevents data loss through redundancy
    • Allows for much easier data auditing
    • Provides a robust organizational information archive
    • Allows for speedy data recover when disaster strikes
    • Can lead to a competitive edge when a disaster strikes competitors
    • Helps ensure less downtime and recovery time when dealing with a disaster
    • Assists in much quicker and thorough reporting

    Steps for Disaster Recovery Planning

    • Inventory of your company’s hardware, software, cloud services and data
    • Identification of disaster recovery priorities
    • Setup of backup and recovery facilities and tools
    • Establishment of disaster recovery triggers and procedures
    • Delegation of roles in the event of a disaster
    • Documentation of communications protocols
    • Testing and periodic updating of the plan

    Key Terms in Backup and Disaster Recovery

    Recovery Time Objective (RTO): The amount of time to recover normal business operations after an outage.

    Recovery Point Objective (RPO): The amount of data you can afford to lose in a disaster.

    Failover: The disaster recovery process of automatically offloading tasks to backup systems in a way that is seamless to users.

    Failback: The disaster recovery process of switching back to the original systems.

    Restore: The process of transferring backup data to primary systems or a data center.

    The Cost/Benefit of Backup and Disaster Recovery

    When they perform well together, data backup and disaster recovery can ensure business continuity. Your organization’s needs depend mainly on its size, the industry in which it operates, your budget and how much of your data is mission critical. External influences may include everything from extreme weather to regulation.

    In today’s hypercompetitive business environment of just-in-time production and real-time operations, downtime costs are an important factor. Companies want to remain online as much as possible. At the same time, they are holding the line on expenses. Not all organizations have the budget to afford extensive data backup and disaster recovery.

    One rule of thumb is that the faster the recovery, the more it costs. That requires prioritizing the most important data and deciding how often it must be backed up. Managers must agree on how much data they can afford to lose in the case of a disruption because data will only be restored to the point of the last backup. That necessarily includes agreement on which data is mission-critical.

    Financial organizations have some of the most demanding requirements for backup and disaster recovery. Others, like healthcare companies, may be able to prioritize patient-critical operations over more mundane tasks, said Shane Harris, senior director of product management at Mimecast.

    Cloud Backup Considerations

    Increasingly, companies need to factor in how much their cloud-based service providers, for such essentials as email, offer built-in backup and recovery functions.

    Some cloud services’ backup could be limited to as little as 60 to 90 days, for example, which may or may not be long enough for your company’s needs. If regulations require saving data for years rather than months, you might need to purchase supplemental backup for compliance.

    Another reason for a longer backup is cybersecurity. Not all data breaches are exposed right away. For example, a highly publicized cyberattack that recently affected thousands of U.S. organizations actually began a year before the news got out, as an advanced persistent threat embedded in their networks. Effective security requires long-term data backups be available to ensure that safe, clean data can be restored and business continuity maintained when a breach is detected.

    “Ransomware is a great example of that. Not all ransomware exposes itself within 90 days,” noted Harris. “So, is that protection enough to really protect you from something like ransomware? No.”

    Backup and Disaster Recovery After COVID

    The disruption caused by the COVID-19 pandemic is also expected to have long-term effects on the need for data backup and recovery. As more companies have adapted to remote work, the use of cloud-based apps has expanded. Data is now more fragmented than ever in many organizations.

    “That creates a challenge in terms of centralization of control, management, administration, access to that data, insurance, backup and disaster recovery,” said Landers. Organizations need data backup and recovery to take a platform approach — including central management of continuity events on a web-based console — and solve for a variety of data protection and governance requirements, he said.

    The business need is evident in a Gartner survey showing that only 12% of organizations said they were able to keep operating as normal during the COVID pandemic. Not surprisingly, about half of the organizations polled by Gartner also say they will increase their budgets for cloud-based disaster recovery in the next two years.[ii] Most organizations will need to settle into this “new normal” for the long haul: Gartner also found 90% of human resources leaders said they would let employees work remotely even after the COVID vaccine is adopted widely.[iii]

    The Bottom Line

    Data backup and disaster recovery can minimize your company’s downtime during cyberattacks, natural disasters and major technical failures. Together, they help ensure business continuity amid challenges ranging from remote work to ransomware. 

    [i] “8 Steps to a Successful IT Disaster Recovery Plan,” EC-Council

    [ii] “7 Workloads That Should Be Moved to Cloud Right Now,” Gartner

    [iii] “Gartner Survey Finds 90% of HR Leaders Will Allow Employees to Work Remotely Even After COVID-19 Vaccine Is Available,” Gartner


    Subscribe to Cyber Resilience Insights for more articles like these

    Get all the latest news and cybersecurity industry analysis delivered right to your inbox

    Sign up successful

    Thank you for signing up to receive updates from our blog

    We will be in touch!

    Back to Top