Guide to Personal and Small Business Backups – Conceptual FrameworkAdam Oswald
Too often I see our techs consoling a despondent customer, in tears, having irretrievably lost precious files. Family photos. Business records. Blog articles (!). All gone. Yet some of those people have been “Backing up”.
A simple definition of “Backing Up” is a process that makes a copy of data onto a second device that can be used to restore that data if your primary copy is deleted or damaged. A broader definition is any process that reduces your risk of losing data (files) or your system state (windows, settings). I prefer to use a more global term, Backup System, a collection of backup processes or other elements working together to reduce risk of data loss and related harm.
You might reasonably believe that backing up is a simple process. Before you run this process, your files are at risk of being lost, and afterwards, they are safe. Run a backup, and it’s all good. This type of binary thinking is prevalent even among IT professionals – Black and White, True and False, Risky and Safe. Unfortunately, applying a binary worldview to backups will only get you into trouble by giving you a false sense of security. Backups are not Black and White, they are Grey.
This article will disabuse you of false assumptions relating to backups, and introduce a conceptual framework you can use to design a Backup System and to protect your precious data.
Developing a Backup System is easy and effective if you use the right approach. Clicking a button that say “backup” and hoping for the best, is only good for gamblers!
Backup Systems are about Risk Management
The key concept here is risk. Most people have a decent, if subconscious understanding of risk. The subconscious mind has habit of simplifying complex concepts and can mislead if you don’t consciously interrogate the concept. So let’s consider, what we mean when we refer to risk. Risk relates to:
- the Harm you will take if you lose some of all files or system state, and
- the Probability of losing some or all files or system state.
In a business context, you might add other “harm” that can relate to backups, such as downtime, or files finding their way to unauthorised people.
So Risk = Harm * Probability. That seems simple.
But how do you quantify Harm? Say you look at a tender you are working on, perhaps you know it will cost $500 to rewrite it, so you can assign a cost of losing the file with some accuracy. What about the family photo album? Hard to assign a $ amount to that. You can probably make some rough estimate, but it is not possible to assign an exact value. Priceless, perhaps.
What about the second element in the equation, the Probability (chance) of loss? Probability can be very difficult to quantify. What is the chance of your HDD failing, being infected by a virus that wipes your drive, throwing the whole thing out the nearest window when its misbehaving, and tougher still, what about disasters you have not even though of? Again, you can only apply a ballpark figure on the likelihood of data loss.
The difficulty of determining the Risk Level that you are exposed to leads to another concept that is implicit with backups, but not often addressed explicitly. Uncertainty. Uncertainty, inherent in assessing risk, means that you can’t quantify your level of risk with accuracy, it necessitates a fudge factor, some safety margin to make sure you are not taking on too much risk.
Risk Level and Uncertainty lead us to our final concept, Acceptable Risk.
No backup system can reduce your risk of losing data to zero. No such system is possible in our world. Beware of anyone who tells you that their system is 100%! Instead of aiming for zero risk, you should consider what your level of Acceptable Risk is, and weigh that against the cost to reduce your actual Risk Level.
Finally to the good news. It is usually possible, with a little thought and attention, to vastly reduce your Risk Level inexpensively. Developing an effective Backup System for a home or SME environment is about using available tools intelligently rather than spending a fortune.
Before we go into the How, we need to cover more abstract concepts that you can use to assess the backup methods you choose. Again, without applying these concepts to critique your Backup System, it’s likely you will run into trouble and find you backups are not doing their job, inevitably when it is too late.
Develop your Backup System with Desirable Attributes
Certain attributes of a backups system tend to increase the likelihood that it will perform as desired. When developing or assessing the quality of a backups system, you may want to consider the following attributes.
To make life that little bit more difficult (this is about computers, after all), some of these characteristics contradict one another, so you must apply some common sense where a trade-off is necessary.
- Simple – Never add complexity for marginal benefit.
Convoluted backups systems fail more often than simple systems, because, by their nature, there is more to go wrong, with less visibility in how the system works. Simplicity leads to our second attribute.
- Visible – Know where your stuff is and how the backup system works.
The first step is knowing where your important files are. The second is knowing what process is used to backup those files. The third step is being able to locate your files at your backup locations and verify that they are complete and viable.
- Automated – Make it work without human intervention.
Most data loss I encounter where there are no backups is followed by the line “I used to do it, just have not got around to it recently”. The best systems should work even if you neglect it, but a word of warning, automated does not mean you can skip manually verifying that the system works.
- Independent – Multiple backup processes and data locations should be unrelated.
Processes that are less dependent on the same factors are less likely to fail on you at the same time. You might use an image backup and a simple file copy backup on the same data, since a failure with one method will not necessarily result in the other also failing. A backup located in another room is not as good as backup located in a different building, and implementing both Is better.
- Timely – Capacity to recover data that avoids damaging downtime.
For a business, downtime while you recover files can be costly. Assess how long your system requires to restore files and systems and reduce that time where unacceptable.
- Cost Effective – Seek balance between cost and benefit.
Aim to find a sweet spot where the cost and effort put into your backups effectively reduces risk, and then stop. Don’t fight your way to reduce risk just a little further when it requires massive extra cost, but also don’t be cheap and stop reducing risk when the cost to do so is minimal.
- Secure – Control access to sensitive data.
Consider the harm you will take if backed up data gets into the wrong hands. Where the harm is significant, consider encryption and other security techniques. Do not apply security without due consideration as increasing security techniques can, and usually will, increase the chance of your backup system failing.
Understand Concepts, Techniques, and set Objectives before you begin
Once you are comfortable with risk management, and the attributes you want to incorporate into a backup system, it is time to set objectives for your Backup System and how to achieve those objectives.
To develop a plan, you will need a grasp of:
- Your data and its characteristics: size, location, live or closed files, live services etc
- Include files and systems. Eg an accounting data file might be critical, but the installed accounting package might also be worthwhile to backup.
- Importance/acceptable risk level related to identified data.
- Related risks such as downtime and stolen data.
- Storage devices available/desirable and capacity: external HDDs, NAS, cloud, etc
- Backup tools available/desirable: Image creation tools, command line tools, VSS, etc
- Techniques possible: file mirror, images, full/incremental/differential/continuous, scheduled tasks, verification, encryption, cleanup, etc
- Contingency Plan – what can go wrong with backups and how can those risks be reduced.
- Available budget
Finally, start designing your system.
This article has covered some of the high level concepts relating to backups such as risk and desirable attributes. It has not covered the types of backups possible, storage devices, or techniques. Follow up articles will cover these areas and provide walk through examples of backup systems for home and business.