Skip to main content

With new working practices comes great responsibility – and changes to your data backup needs

Flatfile data
(Image credit: Flatfile)

The pandemic has resulted in a big shift in working practices with large numbers of employees abandoning their customary offices for kitchen tables, garden offices and spare bedrooms. For those organizations that had not already fully embraced remote working, home working and a more agile workforce pre-pandemic, there was a desperate scramble to deploy remote solutions, including SaaS, cloud, hosted or remote access to on-premise – or possibly a hybrid of all of these options.

Following this rush to deliver access to staff were other considerations, such as security, disaster recovery (DR) and data backup. Depending on the solutions deployed, backup had to be able to accommodate this new working environment and the nature of the applications being used.

If a SaaS solution is being delivered to staff, it’s a fair assumption that data is being securely stored and backed up by the service provider? The nature of how the data is stored and accessed may not allow a business using that application to easily back up their own data, so they are very dependent on the solution – and the policies – employed by the SaaS provider. 

If as a customer you are satisfied that the SaaS provider has fully considered backup, disaster recovery and service resumption, it is one aspect that has effectively outsourced. A cautionary note, however, is to check, with absolute and granular scrutiny, the service providers’ terms and conditions to understand their definition of what they deem to be ‘disaster’ and ‘service resumption’. It may not necessarily align with a your own expectations, and indeed, the organization’s interests. 

If data is held on a company’s own central systems, either on-premise or hosted in the cloud, then it is likely that most backup processes will match what was already being provided to staff working remotely. In this situation, as with SaaS, no data would be stored on local devices, but centrally; the main consideration being to ensure that users’ devices can start up and operate, which technically becomes a more basic undertaking.

Double-edged sword

If any applications or users store data locally, and these systems are now used remotely, then there are some additional considerations beyond the scope of backup. If the primary backup services were centralized, and secure connectivity to the central system in place (VPNs, etc.) then devices should still be able to connect and be backed up. But bear in mind that bandwidth may now be a factor to consider, but the backup process should operate. 

A cleaner solution removing additional complexities and considerations is cloud backup or backup-as-a-service, which removes the need for all devices to have access to the central system. All that is required is having Internet access. 

What should (and shouldn’t) be backed up and the frequency is up to the company’s IT team to ensure reasonable RPOs (Recovery Point Objectives) and also be alerted if backup schedules are being missed. This could be deployed to employee-owned devices in much the same way, and importantly, quickly.

Where organizations are using SaaS solutions, this has removed the job of providing backups, as the data in no longer under the user’s direct control. However, this is a double-edged sword; ease of delivery on the one hand – backups, maintenance, support – but also presenting a black box scenario regarding service reliability and resumption in the event of a failure. 

A SaaS solution provider will (or should) factor in backups, disaster recovery, RPOs and RTOs (Recovery Time Objectives), communication protocols and well prepared and regularly tested plans to invoke in the event of a serious outage that then takes them offline. However, users do not necessarily have sight of such contingencies, especially when working remotely, and will certainly have no control of the situation if an outage or disaster does occur.

Understanding what a SaaS provider is offering, and what guarantees to secure a company’s data are in place, is absolutely critical. So for example, how long can a business operate without critical systems, and more importantly, what if they disappeared altogether? 

Potentially permanent loss of data

The OVHCloud data center fire in March this year raised questions regarding what services and guarantees are provided when technology is deployed into a data center, and showed just how unprepared many organizations and providers were, with some users permanently losing data.

If as a business SaaS or cloud services are being utilized, it’s important that organizations look at how they can take ownership of the data and secure it in their own backup repositories in another location. With the stakes extremely high, businesses cannot assume that SaaS and comprehensive data security go hand-in-hand.

All IT systems require maintenance, including backup, and if on-premise or hosted solutions are being used then organizations will very likely have protocols in place for any downtime and staff communication required. The pandemic won’t have had a major impact on this procedure, but communication with staff should have improved. If the crisis has resulted in an organization moving to SaaS applications, the maintenance window scheduling will have shifted to a predetermined window decided by the provider, something the business should consider. 

If applications being used by remote staff are centralized, then backups remain the same. This scenario only hits complications if users store data on their local systems and this requires it to be backed up. IT departments then need to either deploy agents onto these machines so they can be included into the backup schedule, or use a cloud backup solution for simplicity.

Restoring data to a remote system can be constrained and complicated by the user’s bandwidth, most likely broadband of varying speeds. However, working on the assumption that the data restore is minor, the tools and flexibility with backup applications make this a straightforward task, perhaps bolstered with some assistance from IT.

Regardless of the cause and irrespective of the circumstances, if your data is lost and your backup and recovery options compromised, your data, and potentially your business, is gone for good.

Stephen Young, Director, AssureStor

Stephen has been a successful business owner and entrepreneur focusing on technology start-ups for 30+ years. His experience covers infrastructure, software development, data centres, service and support, and IT governance.