Introduction
Websites and web applications are the basic component of Internet. They play an integral role in presenting information and making available business critical processes online. Due to open nature of Internet, websites and web applications are vulnerable to unwanted events such as a cyber attack or natural calamity (Weaver, Weaver & Farwood, 2014, p. 12). Therefore, businesses are focusing on developing backup and disaster recovery strategies to keep their critical processes up and running in case of an unwanted event. In this article, we will discuss the key elements of backup and disaster recovery strategies.
Backup Strategy
Since the inception of Web 2.0, companies are investing in database driven websites. If due to an event the database becomes unavailable, the whole website will go down. Therefore, it is critical for a company to have a database backup strategy. A backup strategy has three key elements: backup purpose, backup location, and backup frequency.
Purpose
A backup strategy is part of the company’s disaster recovery strategy. Later in this article, we will discuss how part of disaster recovery is to restore the snapshots from the backups. Identifying the purpose of the backup is vital, for instance if the backup is meant to roll back to a previous legitimate state in case of an event
Location
The other key element of backup strategy is the location. Several options exist as backup location. A company can opt to store their backups on cloud services, which are by far most cost effective and efficient solutions (Ruggiero & Heckathorn, 2012). However, companies has limited to no control over the cloud infrastructure and how their data is stored. Other options include, removable storage media such as a mobile hard drive or flash drives. Removable storage gives more control but it is vulnerable to failures and corruption. Selecting the right kind of storage location is contextual and depends on the scenario. The backup location should be secured as per the company security policy.
Frequency
The last key element of a backup strategy is frequency. Companies can opt to backup the data every hour, day or week. It depends on their data recovery strategy and policy. A higher frequency is expensive but more effective. On the other hand, a lower frequency might mean less cost but the decreased effectiveness is a tread off.
A company has to carefully plan its backup strategy keeping all the organizational factors in account. The most effective policy is that one that does not violate the best practices and regulations but also is tailored as per the organization. The backup strategy should be documented as part of disaster recovery strategy documentation.
Disaster Recovery Strategy
The world of Internet is uncertain; everyday we see new cyber attacks and malwares. Natural calamities are also a threat to websites and web applications living on the Internet. As more companies are investing into making their business services available online, the room for downtime is no acceptable. Cyber space is becoming more critical for businesses and governments (Reveron, 2012). Recovery strategies should be developed for Information technology (IT) systems, applications and data (Ready, 2018). Therefore, companies are investing into devising foolproof disaster recovery strategies. The key elements of a disaster recovery strategy are: Identify, detect, respond, and recover (Bartock et al., 2007).
Identify
Identification of unwanted events is the most critical element and component of a disaster recovery strategy. An event could be a cyber attack, a natural calamity or industrial espionage (Schaub, 2018).
Detect
After unwanted events are identified, the recovery strategy should define how to detect such events. This component includes both the technical and administrative controls for detecting an unwanted event.
Respond
After an event is detected, the response has to be given. A disaster recovery strategy outlines what are the essential components of the response. The response entails, getting approval from the stakeholders to activate the disaster recovery strategy, managing the implementation and closely monitor the implementation.
Recover
In recover phase, the disaster recovery plan is implemented to bring the critical business functions back up. Part of the recover phase is to restore the data and file snapshots from the backup location. Earlier we pointed out how backup strategy is part of recovery strategy. The recovery is done at tactical level and strategic level. It is also important to measure the performance of the recovery strategy for continuous improvement.
Conclusion
We discussed how backup and recovery strategies are interdependent. A backup strategy is critical for a successful recovery strategy. The backup strategy relies on the purpose, location and frequency of the backup. Location and frequency are as important as the purpose. A disaster recovery strategy entails identification of events, their detection, response and recovery. It is important for companies to have a backup and disaster recovery strategies to operate in the vulnerable realm of Internet.
References
Weaver, R., Weaver, D., & Farwood, D. (2014). Guide to network defense and countermeasures (3rd ed.). Boston, MA: Cengage Learning.
Ruggiero, P. & Heckathorn, M. (2012) Data Backup Options. US-CERT.
Reveron, D. (2012). Cyberspace and national security. New York, NY: McGraw Hill.
Ready (2018). IT Disaster Recovery Plan. Retrieved from https://www.ready.gov/business/implementation/IT
Bartock, M., Cichonski, J., Souppaya, M., Smith, M., Witte, G., & Scarfone, K. (2016). Guide for Cybersecurity Event Recovery. NIST Special Publication.
Schaub, G. (2018). Understanding cyber security. Lanham, MD: Rowman & Littlefield