Backup policy definition
A backup policy is a set of rules and procedures that describe the enterprise’s strategy when making backup copies of data for safekeeping. An enterprise data backup policy is an integral part of an organization’s overarching data protection, disaster recovery and business continuity strategy. It is good practice to store two copies of the data, one on-premises or in the cloud for rapid recovery, and the other in the cloud, where data remains available in the event of a disruption. The backed-up data may contain diverse data sets that include structured and unstructured data generated by email apps or used by a wide range of applications, including databases. An organization’s data backup policy and data retention policy usually complement each other.
An effective backup policy identifies the information to be copied and the frequency with which one can perform backups, as well as the storage location where the backed-up data will be sent. Backup guidelines also outline the frequency of incremental backup, which IT performs after the initial full backup. An organization’s backup policy also identifies the roles of IT team members responsible for backup, including backup administrator if that role is part of IT.
An example of a backup policy article would be “Perform a daily incremental backup.”
What is a backup policy?
A backup policy should include what data is to be protected, where to store the backup, how often the backup should run, and how long to retain the backup copy. Organizations adopt backup policies as part of the overall disaster recovery posture that seeks to avoid data loss or extended shutdowns due to unexpected events. Many IT organizations have heard of the 3-2-1 rule of data backup: a company should have three copies of data, in two locations, one of which is offsite. A resilient data backup policy would then include making two copies of the source data, one for quick recovery and the other for keeping in a secure remote offsite location. A backup storage target could be on-premises or in the cloud, depending on the backup source data. For example, it is much faster to recover large sets of on-premises data from a local on-premises storage location, rather than from the cloud, while sending a secondary copy to the cloud for long term retention. Conversely, if the primary backup data source is in the cloud, it is often preferable by the company to backup directly to cloud storage and recover from cloud storage to the cloud application or data source. Companies are increasingly using the cloud for a safe backup repository taking advantage of its scalability, security, and compliance capabilities.
Types of backup:
- Full backup takes a complete copy of all data on the devices designated to be part of the backup process. This backup is performed at the start of putting the backup policy into practice. Full backup protects all the data and keeps it in one location for faster restoration but takes a much longer time to perform.
- Incremental backup only copies the data sets that have changed since the last backup. This type of backup is the fastest to execute and can be performed as many times as an organization deems necessary.
- A differential backup copies all the data that has changed since the last full backup. This backup provides companies with copies based on the same starting point when the last full backup occurs, but it takes longer time and occupies larger storage space.
In addition to outlining backup frequencies, a data backup policy should also include the recovery point objective (RPO). The RPO metric defines how much data loss is acceptable to the business before data will be restored. The RPO value places demands on the systems involved requiring more resources for shorter RPOs. In the world of disaster recovery, RPO has a twin called recovery time objective (RTO), which specifies the desired recovery time following a disruptive incident.
What is a backup policy and how does it work?
As noted earlier, the backup policy seeks to create procedures that could recommend one or more copies, for example, of a data source for safekeeping, that would be used for recovery in the event of data loss or disruption. Enterprises should strive to have a robust backup policy to avoid business disruptions and maintain compliance with data protection regulations.
A strong strategy for defining a backup policy would include,
- Clear processes. A data backup policy requires clarity of the procedures and schedules that it puts in place and. The policy, as mentioned before, should also outline the frequencies of backups, data retention, as well as identify the parties that will administer the backup processes and their responsibilities.
- Ownership. A good practice is to identify the parties responsible for administering and conducting backups.
- Choice. The backup policy should allow for different types of backup to satisfy the needs of the organization. The frequency of backups and when they are conducted should be clearly outlined, as well as storage targets.
- Redundancy. The backup policy needs to allow for two copies of the original data. If the source data is on-premises for instance, one copy should remain on-premises for rapid recovery and the other should be stored remotely, preferably in the cloud with air-gapped protection for use in the event of a disruption.
- Protection. A data backup policy should ensure that backed up data is encrypted when in flight and when at rest. Cloud providers offer encryption, which is a must-have feature of every enterprise disaster recovery policy. Encryption renders your data useless to thieves and protects your customers’ data from being exploited by cybercriminals. Security controls should be another consideration of the backup policy, to allow only those authorized access to the backup data and administration.
Why is a backup policy important?
The amount of data created daily is staggering, and all of it must be stored and protected against loss. By 2025, it is estimated that 463 exabytes of data will be created each day.1 Users expect to have the data they need accessible and available around the clock. With a sound backup policy, businesses can store and backup all their data and protect it from potential loss. It is almost inevitable that a business experiences some data loss and application failure due to scheduled and unscheduled disruptions. Without a reliable and rigorous data backup and recovery approach that includes smart backup policy development, many businesses would suffer the loss of vital data due to extended disruptions and disaster recovery times. In short, a robust backup policy is your best option for keeping the engines of your business running and brings them back to life faster in the event of an outage.
Benefits of a backup policy
Digital data and applications are the drivers of business growth. Adopting a backup policy is vital for businesses and protects against the potentially harmful impact of data loss.
Adopting and enforcing a backup policy helps enterprises in numerous ways:
- Ultimate flexibility. It is prudent to keep a primary copy of the backup data on-premises for rapid recovery. It is also vital to maintain a secondary backup copy in the cloud for disaster recovery purposes. The choice of backups and the reliability of cloud storage provide high flexibility in dealing with undesirable disruptions.
- Data protection and compliance. Protecting data against accidental deletion, corruption, or rapidly rising risk of malicious attacks are critical. Companies can take advantage of available data encryption and access management security available on the cloud. One can only benefit from maintaining regulatory compliance with the broad capabilities of the cloud in that area.
- Cost-optimized operations. Protect existing IT investments with a backup policy that extends data protection to the cloud, governed by backup as a service. This approach frees investments tied up in on-premises infrastructure and shifts upfront capital expenditures to budget-friendly operating expenses. Furthermore, cloud object storage backup offers superior durability that limits the potential costs of data loss or failures.
Common use cases for backup policy
Organizations of all sizes need protection against ransomware threats. Proper data protection allows customers to meet the demands of numerous use cases:
- Business continuity. With backup policies, businesses can protect all their data and bring business back to life following unpredictable disruptions.
- Data protection. Without proper protection, your data remains susceptible to potential loss and corruption. A correctly implemented backup policy preserves your data integrity and provides usable copies of lost or corrupted data. It also supports air-gapped copies for protection against malware.
- Disaster recovery. It is accepted that all businesses and IT environments will face unexpected events that could cause data loss, corruption, or disrupt IT operations. Using a sound backup policy ensures recovery and return to normal with reduced risks due to unplanned disruptions.
- Regulatory compliance. Companies can use backup policies to respond to audits and demonstrate compliance with data regulations through proper documentation and reporting.
How does Metallic handle backup policy?
Metallic Backup as a Service (Baas) provides SaaS-delivered data backup and protection and enables customer to set up the backup policy that best fits their data needs. A smart configuration wizard guides new users through adhering to best practices in backup policy creation. In addition, the solution’s unique flexible storage options for hybrid cloud data – referred to as “SaaS Plus” — gives customers numerous options for storage and archiving data per their backup policy.
The Metallic BaaS portfolio includes data backup and recovery for SaaS application data including Office 365, Salesforce; endpoints; databases, files and object storage; and VMs (virtual machines) and Kubernetes. Metallic Cloud Storage is also available as a cloud backup target location. These solutions protect data on-premises or in the cloud, for future-proof data protection, whatever your needs.