An easy guide to help you review your backup and recovery plan.

There are many ways for data to be lost. From natural disasters to human error and cyberattacks, protecting your data is key. So is being realistic about how important it is to have secure, frequently tested backups. 

Do we have what we need? 

What is our critical data? In case of a disaster, what data do we need to continue operating or resume operations? What is our Recovery Time Objective (RTO)? RTO quantifies the amount of downtime a business can tolerate. Understanding this metric is crucial to determining what data to backup, and for how long -- more on that later.

Where is our data being kept? Where are our backups?

Not everyone in your organization needs access to everything. Limit admin access only to those who need it. When it comes to backups, ensure you have backups offsite, and, ideally, air-gapped, especially in case of natural disaster. 

Woman with data projected on walls

How are we protecting our data? 

Preparedness is vital. But even better than recovering data is not losing it in the first place. Ensure you have a well-rounded data protection strategy in place (including an effective employee education program) to keep your data safe.

With support from experts, determine what backup strategy is right for you company.

Learn More

What are our retention periods?

Backup copies must be made regularly to minimize the amount of data lost between backups. The more time passes between backups, the more important data your company may be missing when you attempt to recover. While each business’ needs are different, best practice for retention is 14 dailies, 4 weeklies, 3 monthlies, and one yearly for certain businesses. 

Regardless of how you’re storing your data, ensure that it’s readable and can truly be recovered. 

What kind of data repository is right for us? 

Network (SAN or NAS)

Pros: Connectivity is faster, meaning you can back up and restore more quickly. 
Cons: Data always grows, so disks must continuously be added. If you’re on the network, you’re more susceptible to attack if your network is compromised. 


Pros: Can be disconnected and stored for safety. Because it is physically air-gapped, the chances of a remote hacker accessing it are few if it’s properly secured. USB devices are also faster and have greater capacity than tape.
Cons: Generally much more expensive than tape, susceptible to damage or destruction.


Pros: Inexpensive and a true air gap system, which makes it more difficult to destroy or attack. 
Cons: Deteriorates over time and can become damaged. Must be physically changed (relying on a person to remove the media and plug in the next tape) which introduces the possibility of human error.


Pros: Reliable, low cost, easy to access, requires no physical storage space
Cons: Lack of total control, can be difficult to migrate, and requires internet access. Cloud storage also poses security and confidentiality questions for companies reticent to hand their confidential information over to a third party.

Are we testing often and appropriately?

Having backups in place does your company little good if you don’t test with periodic file restores to ensure your data is fully recoverable. Regardless of how you’re storing your data, ensure that it’s readable and can truly be recovered. 

Are our backups immutable?

Immutable data is unchangeable and cannot be tampered with. The next best thing to an air-gapped backup, an immutable backup prevents data corruption and encryption because it can’t be overwritten, modified, or deleted — only read. 

What's the safest method for backing up? 

Air gaps (having a physical air gap between your backup and the network) can drastically shrink your vulnerability, but they're not infallible. ACS recommends investing in USB drive or tape and having multiple copies of your backups to minimize risk.

Need an assessment, advice, or have questions about protecting, backing up, and recovering your data? Our Storage & Virtualization team has the skills you need.

Get in Touch

Additional frequently asked questions regarding backup and recovery:

Q: As our data grows in volume and complexity, how can we ensure that our backup and recovery processes will scale effectively to meet future demands?
A: Ensuring that backup and recovery processes scale with your data's growth involves implementing scalable storage solutions, such as cloud storage or storage networks that can expand without significant overhauls. Regularly evaluating your backup capacity and performance is key. As your data complexity increases, you might also need to adopt more sophisticated backup software that can handle intricate data types and structures. Moreover, adopting incremental backup techniques, which only store changes since the last backup, can help manage the data volume efficiently.

Q: Apart from air-gapping, what specific security measures are you implementing to safeguard our backup data against ransomware and other cyber threats?
A: In addition to air-gapping, we employ multiple security layers to protect backups. This includes encryption of data both in transit and at rest, which ensures that even if data is intercepted, it remains unreadable. We also use access controls and rigorous authentication processes to ensure that only authorized personnel can access the backups. Regular security audits and penetration testing can help identify and mitigate vulnerabilities. Implementing robust antivirus and anti-malware solutions, along with network security measures like firewalls and intrusion detection systems, forms a comprehensive defense against various cyber threats.

Q: How do we determine the best balance between cost and efficiency when selecting a method for backing up our data?
A: Balancing cost and efficiency requires a tailored approach that considers your specific business needs, data criticality, and risk assessment. Start by identifying the most critical data and applications, which can help prioritize what needs the most efficient backup solution. Assess the trade-offs between different backup methods—while a cloud may offer lower upfront costs and higher efficiency, a tape solution could be cheaper in the long run. It's essential to consider not just the cost of storage media but also the potential costs associated with downtime, data recovery speed, and the impact of data loss. Regularly reviewing these factors and adjusting your strategy as your business and technology evolve will help maintain the right balance.