5 Backup and Recovery Plan Questions for CIOs on World Backup Day

Today is World Backup Day. In the past, we’ve used this event to call for an end to backup, but instead of rehashing old arguments, I’d prefer to offer a few suggestions to CIOs. Massive changes are happening across organizations as companies shift away from traditional infrastructure, trading expensive hardware for flexible cloud file services. Regardless of where your company is along this journey, World Backup Day is a good time to stop and consider whether your data backup and recovery plans are optimized for the era of ransomware. Here are five questions to help you get started.

1. How long will it take you to recover in the event of a ransomware attack?

Ransomware attacks are becoming more prevalent, sophisticated, and difficult to detect. It’s no longer a question of if your company will be attacked but when it will be attacked. Backup can be effective at protecting your files, but you need to have a clear sense of exactly how long it will take to recover data from your backups into production and truly get your business running again.

Today, simply protecting data is not enough. Your systems need to be smarter. Organizations need to evaluate and invest in technologies that detect and mitigate ransomware attacks as early as possible to limit the scope of the damage. And you need to have solutions in place that allow you to recover that data in as little time as possible. If your backup and recovery plan requires days or weeks to restore all your files after a ransomware attack, the productivity impact could be severe.

2. How much will downtime cost the business?

The severity of the impact depends on your industry and business specifics, but whether you are thinking about natural disasters or ransomware, you need to have a clear sense of the cost of downtime. Here at Nasuni, we have worked with leading global manufacturers that face significant financial impact if they can’t access their data and smaller organizations that are at risk of sacrificing thousands or tens of thousands of dollars in income for each day of downtime. The scale is different, but the importance is the same.

3. How much data will be lost after recovery?

Another critical factor to consider is whether there will still be a loss of files and data after everything is restored due to the timing or scheduling of your backups. Some organizations assume that daily backups are good enough, but in the event of a ransomware attack or disaster, restoring from the last backup or the last healthy backup could mean that one or more days of work will be lost, in addition to the time lost to recovery. As you evaluate your data protection and recovery systems, you need to take this into account.

4. Are your recovery plans and strategies testable?

If you have a data protection and recovery plan that effectively addresses the first three questions, the final consideration is whether that solution is testable. Few high-pressure situations rival the intensity of your business going offline because of a disaster or ransomware attack. As a CIO or IT leader, you cannot simply trust the assurances of your vendors. You need to have a solution that you can test on a regular basis so that when disaster strikes, you know exactly what to do and exactly how that solution is going to respond.

5. Is there a better backup and recovery solution for your business?

In brief, yes. Protecting your organization’s data through a cloud file services solution gives you the power to craft and implement a more intelligent, responsive, resilient, testable, and cost-effective data protection and recovery strategy. I encourage you to explore the alternatives yourself as you formulate your backup and recovery plan, but keep in mind the five questions above as you do.