Securing Your Business: Disaster recovery – do you need backup or a business continuity plan?

bouncer-blogAs an MSP specializing in healthcare and security, StratX IT Solutions is often asked,

“Is there a difference between backup and business continuity plans for disaster recovery?”

Many believe that data backup and business continuity plans are one in the same but they are not! One allows you to recover your files, and the other enables you to continue operating your practice regardless of the severity of the outage or your physical location. They are complimentary solutions and you need both in order to secure the business of your practice.

With estimates that 70% of data outages are caused by human error (eg, opening emails with viruses*) and the Gartner Group study which predicts that 25% of PCs will fail each year, asking “IF” you need a disaster recovery plan for your systems has become moot. What is critical is “HOW”.

But let’s backup for a minute (bad pun intended). Let us explain what data backup and business continuity plans are, and what StratX recommends to our clients as the most failsafe combination.

It all starts with data backup. It is the foundation for disaster recovery and business continuity – no backup means no business continuity.

But, not all backup solutions are created equal.  Remember when tape backup was the only option? Data protection is a fast-evolving market, and solutions that were put in place a decade or so ago are no longer suited to meet today’s regulatory and requirements.

What is required is a robust, viable foundation for ensuring secure, HIPAA compliant data backup and retention. Backup products fall into three (3) basic categories:

  1. Onsite backup (data stored on hardware kept physically in your office)
  2. Cloud backup (data stored on hosted hardware via the internet)
  3. Hybrid onsite-cloud backup (combines the first two categories)

Onsite backup works well when a quick restore of lost or damaged files is required. The data is onsite and, it’s fast and easy to restore to its original location. But what happens if:

  • The power goes out?
  • If the device fails?
  • Or if the equipment is stolen or fails?

You might think the cloud looks more attractive due to onsite backup’s “what ifs,” but cloud-only backup is risky too.

  • What if you lose connectivity to the internet?
  • Restores tend to be difficult and time-consuming.
  • And, after all, the cloud can fail, too.

What is a hybrid onsite-cloud solution?

  • Your data is first copied and stored on a local device and your data is also replicated in the cloud.

StratX recommends that our clients purchase and use a hybrid onsite-cloud backup solution. By using onsite backup to mitigate the risks of the cloud, and using the cloud to mitigate the risks of onsite backup your data will be available to you in case of an emergency and allow you to put your business continuity plan into action.

Furthermore, we recommend our clients use a hybrid onsite-cloud solution which gives them the ability to work virtually. The backup contains full server images (vs. only files or data) which can be restored or activated as servers in a disaster and allow you to work as if the original servers were still functioning – this is where a business continuity plan comes into play.

Business continuity, the ability to keep daily operations running, isn’t a product that you purchase per se, it’s the action plan that is designed and managed by your IT staff or vendor.

The plan lays out how you will access your server, software, applications and data when disaster strikes and also sets a timeline to achieve that access. It should also have provisions to have your IT support continually test the process before you are faced with an issue. It’s better to troubleshoot failed “test” restorations than to lose days, weeks or even months reinstalling and configuring your systems.

The only safe way to head-off downtime of your systems, regardless of the cause, is to be informed and prepared. Do you have a clearly outlined plan in place for your practice?

It’s critical that you are prepared, ask your IT staff:

  • How quickly can my business be up and running in the event of disaster?
  • Do we have documented backup, security and a business continuity plan in place which meet our regulatory requirements?
  • Is all of our critical data backed up daily, or more frequently?
  • How fast can we get our systems up and running to a pre-disaster operating state?
  • Have we done a real world test our backup and business continuity plan?

 

Jack Mortell

SRSsoft guest blogger: Jack Mortell of StratX IT Solutions

* Print our “email safety guide” for your staff. It describes the key signs they should look for to identify and avoid opening malicious emails.