Let’s talk about a dreary and boring topic that’s important: backing up your digital stuff. I know, I know. It isn’t sexy or exciting or "social" or good at delivering killer ROI. But it’s important and we all know it.
Yet so few do it, or understand it. Let’s fix that.
Why back up
Just so there isn’t any confusion, let’s start with the "Why do we have to eat vegetables?" part.
We back up so that we can get access to files later. A good backup process examines all aspects of this seemingly simple phrase in depth and through multiple scenarios. A good backup process also calculates and identifies acceptable levels of risk.
What makes backup a challenging concept is that it requires us to think about "access" and "later" in ways that might be unusual for us. Also, no one really likes to think about the phrase "acceptable level of risk" and would prefer that life were a riskless proposition. Developing a backup process that eliminates risk entirely is likely impossible or beyond the means of most organizations.
Let’s unpack "access," "later" and "acceptable risk," because if we do that then we can think clearly about technology and our own relationship to technology and data.
"Access" might seem like a simple "I need to get my files and look at them" sort of thing. But "access" to technology includes a few important parameters. In order to get to your files at some later date, you’ll need:
- a hardware/software combination capable of reading or rendering those files at a later date.
- a storage medium capable of maintaining the integrity of those files for the duration of whatever is defined as "later."
- a hardware/software combination capable of interacting with your storage medium.
- the ability to physically access the hardware, software and storage medium to put it all together and retrieve the files.
Given that technology hardware and software is constantly changing, simply ensuring access can be a challenge. The most tricky part here, the part that drives access, is the storage medium.
There are all sorts of potential storage options ranging from ancient disk/tape systems through to contemporary cloud systems. Each has advantages and disadvantages. Later, after we’ve examined "acceptable risk" a bit, you might be able to make a better choice about what storage medium is appropriate for you.
Maintaining documents and files in formats that are not dependent on specific hardware/software combinations can also be challenging, especially in real estate where so many different proprietary systems are in place. Again, considering risk factors will be important here.
Finally, being able to connect the storage medium with the computer system to read the data is a physical security issue. Again, risk will play a part here.
Let’s put "access" aside for a moment and consider "later." Needing to get to your files "later," whether it’s because your industry is legally required to do so or simply because you want to be able to get to old files, can sometimes be troublesome.
Clearly defining what you mean by "later" can help. Do you mean tomorrow? Do you mean in 10 years? And does all of your data require the same degree of "later"?
There is also a matter of frequency. Does "later" happen every week? Every year? Only when something goes wrong? Only on the off chance that an outside organization requests it? Does all of your data have the same frequency of "later" or do different files have different frequencies?
For example, perhaps for completed client deals "later" means 10 years on the off chance an outside organization requests the data. At the same time, ongoing client deals have a "later" that means right now three times a day. And all of the other things on your computer (the programs and general email and so on) have a "later" that means every two weeks — and even then only if something goes wrong.
When it comes to "later," we begin the processing of segmenting the different kinds of data we need to access and how we need to access it.
With "access" and "later" sketched out, we’re ready to talk about "acceptable level of risk."
When it comes to risk, no one likes to have any. But to operate without risk would likely require tripling your existing IT expenditures, and even then you’d still have some risk.
So let’s focus on "acceptable" and apply it to the different segments of data you identified for yourself while thinking about what "later" means.
In our example, we had three different data segments: completed client deals, ongoing client deals and everything else. If our completed deals require archiving due to a legal requirement, then our tolerance for risk ought to be quite low. If our "everything else" category is all things that could easily be replaced (even if it would be a real pain in the ass), then our tolerance for risk might be a bit higher.
By approaching risk as it relates to our segments of data we can apply our resources to the areas that need it most (in our example: completed deals). It’s a way of optimizing our available resources to get the most security for our limited resources.
Tactics for backup
Now that you’ve had a chance to consider the three aspects of backup — access, later and acceptable risk — here’s a laundry list of different tactics you might consider and combine:
- Use cloud storage (high frequency but very risky as data access is completely dependent upon health of storage company and digital networks).
- Swap storage media on- and off-site (frequency is dependent only upon your tolerance for swapping disks, risk is tied to the hard drive medium and physical security of your off-site storage).
- Use RAID Mirror drives (decreases risk of hard drives by maintaining two identical copies, combined with swapping drives off-site can further decrease risk).
- Use tape media (though tape does not have as high a theoretical lifespan as other media, it has a much better known lifespan due to its length of service as a storage medium).
- Use hard copies (takes up space, often digests itself, but it does eliminate a variety of future-compatibility risks).
- Perform regular data restore tests (confirms the integrity of your backups regardless of storage medium).
- Audit physical and digital security of systems (reduces risk by identifying potential human factor threats, which can then be eliminated).