Difference Between Backup, Disaster Recovery, & Business Continuity [Video]

March 7th, 2019 | Best Practices, IT Risk Management, Security Policies

Video Transcription

Nick LaPalomento: Hi there. Thanks for joining us again for another Tech Talk. I’m Nick and I’m joined by Chad Hiatt. He’s our chief information officer here at Aldridge. Today, we’re going to be talking about disaster recovery and business continuity. Chad, explain to me, and to all those watching, the difference between backup, disaster recovery and business continuity.

Chad Hiatt: I’m going to add one additional phrase to backup, and I’m going to say backup and recovery on that. Disaster recovery being different than backup and recovery. Backup is normally creating a copy of a data as a point in time with the hopes that you’re going to be able to restore it at a later point. You want to be able to go back to that point in time to pull back a file, or a server, or a system, or some application and say, “Something went wrong.” Maybe someone inadvertently deleted data, someone changed something, and I need to restore it back to a prior point in time. Disaster recovery is usually when something unforeseen happens within the business. Maybe there’s a fire, maybe there’s environmental damage, maybe there’s theft. We actually have a disaster that is interrupting our business operations, and we need to resume operations to at least be able to achieve the minimum level to conduct business fairly rapidly. The last bit that you mentioned was continuity. Continuity is really about building in the resiliency in the network infrastructure, so that it can continue operating even if one piece of equipment were to fail, or a group of pieces of equipment were to fail, or a critical application were to fail. How does the business continue operations without noticing much of a bump at all?

Nick: Why do you think a lot of business typically don’t build out plans for all of these scenarios?

Chad: From an adjustment standpoint, it’s really finding out what the right balance is of what functionality, what storage, what features fo you really need to have. Oftentimes with organizations that have been around for a while, they’ve been through multiple cycles of equipment running within their own walls. Sometimes, there’s a feeling that I want to be able to wrap my arms arounds my data. I want to be able to hold it here. The reality is we’re all operating in an internet-based environment anyways. Business conducts outside of the walls all the time—your correspondence, your email, your backups, off-siting—making sure that that information is flowing. The important part of selecting cloud solutions that really do meet the needs of the business, but are also done by providers that are secure that are resilient, that offer the types of levels of service that you’re really looking for so that you can trust them.

Nick: What do all these changes mean for businesses who already have a lot of infrastructure?

Chad: I think a lot of businesses want to have these things. They start by making copies of their data, or they have some solution or system in place that’s making regular copies along the way. That’s really the first part. That’s the backup component of it. It’s not that businesses don’t want to plan for all the other pieces. It’s that people often plan for the day they’re in, or the week that they’re in, or the month that they’re in. It’s not until something actually critical happens that they really start recognizing, “We’ve got a vulnerability on this.” A lot of people don’t think about continuity and disaster recovery until a bad situation occurs, so it really behooves them to make sure that they’re working with a partner or provider that is thinking about the long-term strategy, about how we’re going to recover and ensure that the business is able to operate.

Nick: How would Aldridge help a client determine this and figure this out, and plan out this disaster and backup plan?

Chad: We usually look at it by inventorying the environment. We look at the applications that are present. We look at the communication systems that are in use. We try to identify, what are the critical assets of the business? How vulnerable is the business to those not being available? Then design a solution around, “Okay, we need to be able to recover this reliably within 24 hours anytime,” “We need to recover this within a week,” “We need to recover this within two weeks,” whichever is appropriate. There’s economic costs associated with each of those, depending on what we’re protecting, how big it is and how fast we need to recover it. That then leads into the conversations about, “Well, let’s figure out what the right mix of economy is to balance to to what the business perceives its own risk is.”

Nick: When a business is thinking through all this, and maybe they’re working with Aldridge or maybe they aren’t, what should they be thinking about when determining what to include as a part of the plan?

Chad: Anytime you’ve got information that is important to your ability to deliver the services and products that you sell to your customers, the things that generate revenue for you, you definitely want to be thinking about including that. That could be everything from correspondence to your critical transaction processing, to inventory management, to all those other pieces behind the scenes. Even the accounting system, very important to it. You also want to be thinking about anything that you have a regulatory or compliance mandate to protect. You have retention requirements in certain industries. You have reporting requirements in certain industries. How do you archive that information and ensure that you could reasonably produce it with reasonable measures at a reasonable cost?

Nick: This all sounds great, but how do you know that it’s working?

Chad: Well, I can speak for what we do. Within our service team, when we’re deploying backup solutions in client environments, it’s never something where we set it up and then just assume that it’s working. We have a Network Operations Center. Every backup solution that we put in place includes the reporting and alerting, both for successful and for unsuccessful runs of the backup solution. That there’s a problem, the network operations team receives that as a fairly high priority alert, such that they can go and investigate and remediate the underlying cause. We take it a step further, depending on the particular backup solution. That, if we’re backing up like an entire server, for example, or protecting an application, we have built into our backup solutions an actual startup, a test startup of the server in the backup environment, to verify that it gets to the point where it’s actually operable. It even gives us a screenshot, which the guys in the network operations teams can see. They then shut the server back down and say, “Yes, we’ve got a good backup report. We have proof of concept, that, yes, it started up. We’re confident that we could restore the system if we needed to.”

Nick: If you haven’t thought about the backup solution that you have, maybe this has encouraged you to start thinking through that. If you’re a client of Aldridge, feel free to reach out to your chief information officer. They’d love to have this conversation with you. If you’re not a client of Aldridge, we’d love to chat with you—reach out to us and we’ll see how we can help.

About Aldridge

At Aldridge, our team of IT professionals provides your business with the resources it needs to reach its potential. We put customer service first and deliver support and strategic planning that effectively manages your IT. Our approach relieves you of the hassle of technology management so you can focus on running your business. Talk to our IT support team today to learn more about how you can protect your data from disasters.