Natural disasters such as Hurricane Katrina keep network administrators acutely aware of the need for a solid data backup and disaster recovery plan to ensure business continuity. But too many companies observe worst practices, thereby dooming the plan. This two-part article lists a series of worst practices, in the hopes that showing what happens if you do it wrong will illustrate how to do it right.
- Fail to win management support. One of the worst things you can do for just about any IT project is fail to win management support. Without the executives on your side to back you up with the authority and the budget to do the job, the backup and recovery plan is virtually doomed.
- Provide no risk assessment. Without some form of risk or impact assessment, it is impossible to know which assets are critical and which ones are expendable. By wasting resources protecting expendable assets while leaving critical assets out of the plan, you will make the plan a failure.
- No written plan. People come and go. Maybe the parties that were present when the backup and disaster recovery plan was devised were so brilliant they didn't need to write it down. But, if you do not write down your well-defined and clearly documented plan so that anyone can follow it, there will be no recovery when the next disaster strikes.
- Lack of backup integrity. Many network administrators have a regularly scheduled backup to safeguard critical corporate data. But an oft-repeated worst practice is failing to ever validate the data or verify that you can restore it successfully and in a timely manner in the event of a disaster.
- Self-defeating data storage practices. When it comes to backup and disaster recovery, offloading critical data from the network onto tapes or other removable media is a best practice. But it can become a worst practice in two ways: One is by keeping the data on-site where it is sure to be destroyed along with the servers it backs up. The second is by storing the removable media at another site that is either insecure itself or is where you cannot easily and quickly retrieve it when you need it.
Part two of this article covers additional worst practices, including the more technical aspects of how not to create a backup and disaster recovery plan.
Tony Bradley is a consultant and writer with a focus on network security, antivirus and incident response. He is the About.com Guide for Internet/Network Security and provides security tips, advice, reviews and other information. Bradley contributes frequently to industry publications. For a complete list of his freelance contributions, visit Essential Computer Security.