Disaster recovery

[Leonore Johnson]

Sharing my thoughts about Disaster recovery. Now a days data is very important for all of us and we keep, some critical data that should not be lost. For the future growth of any business or industry disaster recovery is important. Go now to a reputed software provider for all in one disaster recovery service. This ensure 100% data security,backup and recovery. What you think? haha

 

[MattLDN]

Hi Leonore
From my point of view, Disaster Recovery needs to be tailored for your business. When I have worked on setting up DR solutions in the past the longest process was looking at the companies data and working out what needed to be restored and what priority each service had.

There are items that can be put in place that could help reduce risk to your systems and data (for example dual power supplies to the server, regular checks of servers and PC etc) but there may come a point in which you need to invoke DR.

My initial thoughts are below
- Have a DR plan (either seperate or as part of your business continuity plans)
- Look at your current backups (do you backup nightly, weekly, monthly and how long does data needs to be kept.....I have worked for companies in the past when we needed to be able to restore the last 9 years of data)
- Test your restores!!!! It amazes me how many horror stories you hear of people needing to restore their data and it has become corrupted or just simply doesn't work.

It terms of software/application used, again it needs to be tailored to your needs. A lot of companies are moving over to could solutions but there are a lot I know still using physical tapes and hard drives. I guess the main question is what is the best cost to performance for your needs. The only thing I would suggest is not to cut corners when it comes to backup or DR.

 

[Nico Albrecht]

My point is coming from running a data recovery business and getting all sorts of jobs in. Fact is if you are use a single hard drive or solutions that cost several 1000's they can all fail and nothing gives you a 100% security. Hard to battle threats are ransomware an an on site + off site strategy can lower the risk. Having backups doesn't mean anything until they were tested under real world conditions and than problems come up during the restore. Running virtual machines helps a lot and hybrid backup environments help a lot but cost can be astronomic for business and slows the process down.

 

[Nico Albrecht]

also choosing the correct backup strategy in regards to incremental and full backups can bring cost ups quite a bit specially with databases that can become corrupted over time and you may need a working version from several month ago.

 

[7Tom7]

I would have thought that disaster recovery is a shrinking market as more people move to cloud based services.

 

[DontAsk]

Don't rely on cloud storage for disaster recovery would be my advice.

 

[Socio South West]

To borrow a post from a couple of months ago by someone else... 'The Cloud is just someone else's computer'

Beware, beware....

 

[netdesignr]

So true @Socio South West. From my own personal experience, traditional disaster recovery is the peace of mind.

 

[Nico Albrecht]

To borrow a post from a couple of months ago by someone else... 'The Cloud is just someone else's computer'

Beware, beware....

Modern tech makes it possible to have someone else's computer in your house. internet speeds allows for off site storage in your house and the syncing can be done relativity easy making it your own private cloud.

 

[Chris Ashdown]

As a business owner you need to stand aside and contemplate certain scenario's

IF you have a business that employs staff you need to make a plan for what could cause a fire and what actions people should take in even of one, this is a law

Next presume you have gone to work one day and find your business burnt down for any reason, how are you going to continue, what have you lost, that dictates what backup plans you need

 

[Bob Morgan]

'Computer Data' is merely one aspect of Disaster Recovery - What are your plans for recovering from Fire, Flood, Sabotage, Theft and/or Sequestration/Civil Enforcement? What are your plans for 'Prevention/Mitigation' and getting the business up and running 'Within Hours?' Once planned, you then need to practise it! DO NOT rely upon Insurers, 'The Cloud' and Third Party Backup Services.

 

[Mr D]

One of my previous employers was not bothered about DR. Could not convince the boss it was needed. It wasn't her idea therefore would not be implemented.

I used to back up my files to a separate USB each week and store it at home. Without the boss knowing.

I left the job, wiped my USBs, then reapplied over a year later when they advertised again. In the meantime they had lost all my old files and the guy who had the job hadn't saved anything at all - so basically a computer with software and zero data, zero saved files.
And no paperwork. He'd kept it all in his head maybe.

To set everything up from scratch would have taken me months. Luckily I found an old USB stick on a shelf at home that had a bunch of work files. By that time 2 years out of date but providing a basis to reconstruct some stuff.

Without it I would have walked from that job within a month. With the stick I merely had major problems to overcome of lack of data. The cost to the business of not having the data at all would have been in excess of a quarter million pounds. Rather than the 80 grand it did end up costing them in lost income.

 

[Chris Ashdown]

Mr D
Sorry but your post dose not explain much but has lots of parts with no start or ending, a good story should have who, what, where, when and why

 

[Mr D]

Mr D
Sorry but your post dose not explain much but has lots of parts with no start or ending, a good story should have who, what, where, when and why

Very much missing the whom which isn't relevant, the what is data was not saved by the company, when was in the past and why was because the boss didn't have the idea. So it was done despite her. And a good thing I did.

 

[Nico Albrecht]

One of my previous employers was not bothered about DR. Could not convince the boss it was needed. It wasn't her idea therefore would not be implemented.

I used to back up my files to a separate USB each week and store it at home. Without the boss knowing.

I left the job, wiped my USBs, then reapplied over a year later when they advertised again. In the meantime they had lost all my old files and the guy who had the job hadn't saved anything at all - so basically a computer with software and zero data, zero saved files.
And no paperwork. He'd kept it all in his head maybe.

To set everything up from scratch would have taken me months. Luckily I found an old USB stick on a shelf at home that had a bunch of work files. By that time 2 years out of date but providing a basis to reconstruct some stuff.

Without it I would have walked from that job within a month. With the stick I merely had major problems to overcome of lack of data. The cost to the business of not having the data at all would have been in excess of a quarter million pounds. Rather than the 80 grand it did end up costing them in lost income.

I would have fired you straight away. Taken business data home without anybody notifying is gross misconduct and opens up a can of worms for the employer too. Finding business data a year later on your personal pen drive I am speechless to the point.

 

[Nico Albrecht]

You opened yourself up for criminal charges and civil law suits. How could you be that negligent. If your boss doesn't want backups , case close and we move on. He is the boss and that's it.

 

[Mr D]

I would have fired you straight away. Taken business data home without anybody notifying is gross misconduct and opens up a can of worms for the employer too. Finding business data a year later on your personal pen drive I am speechless to the point.

Saved the organisation considerably.

Not holding the data would have shut the company within a year of me starting work there again. Its still going now, albeit under new management.

 

[ffox]

I would have fired you straight away. Taken business data home without anybody notifying is gross misconduct and opens up a can of worms for the employer too.

AhAh. A very good and very valid point.

However, I wouldn't think @Mr D ever placed himself in jeopardy. If there were no backups being made, I suspect that there would also be an absence of any sort of corporate data or information policy. If employees are not informed that data must not be taken off premises on data sticks, saved to private cloud storage or emailed to private email addresses there would be little the employer could do with regard to disciplinary measures.

@Mr D did make himself liable for possible legal action if any of the data had been third party personal data and it had been made available to others, but who would know that he had the data stick?

 

[Mr D]

AhAh. A very good and very valid point.

However, I wouldn't think @Mr D ever placed himself in jeopardy. If there were no backups being made, I suspect that there would also be an absence of any sort of corporate data or information policy. If employees are not informed that data must not be taken off premises on data sticks, saved to private cloud storage or emailed to private email addresses there would be little the employer could do with regard to disciplinary measures.

@Mr D did make himself liable for possible legal action if any of the data had been third party personal data and it had been made available to others, but who would know that he had the data stick?

The organisation had a fine set of policies from 1970. Nothing at all about computers or information. Hard enough to drag them kicking and screaming into the 21st century on such things as pensions and annual leave. Data collection processes had to be set up without policies.

There was personal data on computer but not on my system and while my work occasionally used personal data it was scrubbed of identifiers before I was given it. That was not part of what I had to reconstruct. The admin computer had all that, my system was not admin.

The collected data that was only on one computer, the analysis, the quotes, the technical details, the planning applications and costed projects. Those were what was missing the day I started back.
With none of that available the organisation could run but could not have had any income generation done or projects started.

I was very good at my job. Tight timescales no chance I could have kept the organisation going with starting entirely from scratch on the data.

One organisation successfully kept going. When it should have shut due to management incompetence and lack of income.

 

[Nico Albrecht]

AhAh. A very good and very valid point.

However, I wouldn't think @Mr D ever placed himself in jeopardy. If there were no backups being made, I suspect that there would also be an absence of any sort of corporate data or information policy. If employees are not informed that data must not be taken off premises on data sticks, saved to private cloud storage or emailed to private email addresses there would be little the employer could do with regard to disciplinary measures.

@Mr D did make himself liable for possible legal action if any of the data had been third party personal data and it had been made available to others, but who would know that he had the data stick?

I am not saying Mr D was bad person but the fact is it was theft and also confirmed by him that he didn't tell anybody taking data home makes it even worst. Because a supermarket doesn't put signs up everywhere you need to pay for goods to take them still makes it theft of a product regardless of what cooperate policy there is. Digital data is the same as physical but most people think it is not and just do it. Also there is not such a thing as personal data on business computer and laptops. I get your intentions and they might have been in a good interest but still this behaviour is considered theft by law. lesson learned

 

[Mr D]

I am not saying Mr D was bad person but the fact is it was theft and also confirmed by him that he didn't tell anybody taking data home makes it even worst. Because a supermarket doesn't put signs up everywhere you need to pay for goods to take them still makes it theft of a product regardless of what cooperate policy there is. Digital data is the same as physical but most people think it is not and just do it. Also there is not such a thing as personal data on business computer and laptops. I get your intentions and they might have been in a good interest but still this behaviour is considered theft by law. lesson learned

Theft?
Yet saved the company only because I missed deleting a single USB stick.

Perhaps next time I'll leave the company to go under. Just on the off chance I ever work at Nico Group.

 

[Nico Albrecht]

From my point of view is if vital company data is saved on a random usb pen drive floating around for 1 year and saves a company this business has serious issues. I am providing forensic reports to courts about data theft and the implications for employees are huge. A digital product or physical product is theft regardless of you intention. Just be careful the next time and make sure you have it in writing from your boss that you can do it. That might save you a criminal record. If you would have done that in my business I would go ballistic. For not telling , moving business data off site and so on.

 

[ffox]

@Nico Albrecht

https://legal-dictionary.thefreedictionary.com/theft - defines theft -

"theft in English law, now defined in statutory terms as the dishonest appropriation of property belonging to another with the intention of permanently depriving the other of it. The law has, however, been complicated by semantic arguments, leading the Court of Appeal to say that the law is in urgent need of reform to make cases understandable to juries. Wheel-clamping is not theft in England (contrary to the position in Scotland) because there is not the intention to permanently deprive."

As with Wheel-clamping, it would be difficult to prove the intention to permanently deprive.

Also theft is a criminal offence and not a civil offence. It is doubtful that the CPS would consider this a case. The employer could sue, but with no evidence that permanent deprivation was intended and no evidence of intent to profit from the data, it is doubtful a case would succeed.

Also there is not such a thing as personal data on business computer and laptops.

Of course there is - that is why DPA and GDPR exist. But, @Mr D has already said that no personal data was present in the backups.

Disciplinary action would also prove difficult as no specific IT, data or information policy had been given to the employee.

 

[Nico Albrecht]

We should copy part of that threat to the legal sections and you would be surprised. A general believe is that digital data theft is no biggy but it is theft after all and can lead to criminal charges. Also that content may have been created while working for the company is owned by them. It would be the same as the employee took away a business owned computer home without telling anybody and returns it 1 year later. He did commit theft. The facts are still that data belonging to the company was copied and taken off without informing anybody and retained for more than a year. If employees work on business owned computers and they put personal data on too bad for them. I agree a good clear policy should make things easier and by default usb ports should be blocked to prevent such data transfer to start with but again such actions is not excusable

 

[QPLAST]

I am into manufacturing, but before this, I have worked with IT industry for 18 yr starting from a developer to a Sr manager. Here are my thoughts:

Any business/individual should do a risk and an impact analysis of the data loss or an actual disaster.

Prioritise or group your data and then backup data based on importance.

You have many options to back up your data.
1. Back up on same pc/hard-disk
2. Back up on external media/hard-disk
3. Back up on network SAN (storage area network)
4. Back up on Public cloud (usually a free service from Microsoft/google/Amazon etc..)
5. Back up on Private cloud (Usually Paid service)
6. Ask any IT consultant for Professional services

The method, really depends on the risk associated to it and what you can afford interms of resources, budget, time etc.

Even a bank will have different strategy for their data backup based on It's importance.

I feel, the disaster recovery is not just about data loss. It's about how you run your business incase of a disaster. For example, if there is a flood and your office building is under water, do u have an alternative location or facility to run your business? Do you have multiple infrastructure to support your operation? Do you have any single point or failure in your business?

So, do an impact analysis or risk analysis in the first place.

Happy to help, just let me know if any further details are required.

Cheers,
Deepak