The list of reasons for corporate data loss includes everything from natural or man-made disaster to a ransomware attack, hacking, virus infection, human error, malicious employee behaviour or hardware failure.
Of these, the most prominent is ransomware, where a hacker or automated malware infection locks users and administrators out of computers and/or servers.
According to CRN and Emsisoft, in 2019 ransomware “impacted at least 948 U.S. government agencies, educational establishments and health-care providers at a potential cost in excess of $7.5 billion”.
Depending on the reason for and extent of the loss, and the type of data involved, such a loss has the potential to deal a serious, catastrophic or even fatal blow to your business.
Every business is therefore well advised to put measures in place to replace and restore data, so as to minimise disruption to normal operations.
These measures include backup and replication, and it’s vital that those responsible for making IT decisions understand what they offer in terms of recovery capability from an incident such as a ransomware attack.
What’s the difference between backup and replication?
Many business owners and directors know they need to put measures in place to mitigate accidental data loss, but many are unsure of whether it’s backup or replication – or both – that they need.
For most, the concept of backing up what’s considered to be ‘essential’ data is already well known, and in fact there are dozens of software applications available for business and consumer use. With so many choices, it can be hard to choose the most appropriate solution.
In fact, there is much confusion around whether the terms ‘backup’ and ‘replication’ are interchangeable, about whether a replication or backup solution on its own is sufficient to ensure business continuity or whether both are required.
Let’s start with some definitions
Backup is the process of making a copy of some or all of your data at a set point (such as the end of each day, or at set intervals) for storage elsewhere, normally offsite or in the cloud, so that it can be restored if the original is lost or corrupted in some way.
In summary, a typical backup process:
- Copies selected files or applications (from servers, laptops or desktop machines) to a media or a dedicated backup server which may be located at a separate site or the cloud
- Is carried out at set intervals, providing a data snapshot from a specific time
- Can restore data from the backup server, albeit that the timeframe of the restore may vary from minutes to hours
- Restores data from the last snapshot that was created
- Is typically used for operational and compliance reasons to protect the business against data loss.
Replication on the other hand involves copying data and moving it between sites such as a data centre or colocation site or, as with backup, the cloud so that any down time resulting from a system failure or data loss is kept to a minimum.
In summary, a typical replication process:
- Makes an instant, precise mirror version of business data at a separate location on secondary server infrastructure in real time and on a continuous basis
- Ensures users have continuous access to key data and applications
- Can restore access to data and applications quickly following an incident or disaster
- Is typically used for business continuity and disaster recovery, enabling normal or close-to-normal business operations to resume as quickly as possible.
Do I need both backup and replication?
While both backup and replication have benefits, both also have drawbacks when used alone.
So it’s vitally important that business needs are placed right at the top of the priority list when specifying the requirement. For example, where a replication-only solution is used, if files are accidentally overwritten, through human error, for instance, they are also overwritten on the replica.
This means that, in a ‘replication only’ scenario, in case of ransomware attack where files are overwritten and replaced with encrypted versions, the replica version may also be overwritten – meaning that there is nothing to restore from.
To avoid this, a replication solution should be complemented by a backup solution so that data can be rolled back to a point before the overwriting took place i.e. prior to the ransomware attack.
This kind of issue exists with Microsoft Office 365. Typical implementations involve email and file data being replicated rather than having snapshot backups.
The solution is for Office 365 itself to be backed up, including OneDrive and Teams sites.
So why bother with replication?
For most organisations, backup and replication policy will come down to how much revenue would be lost for every hour or day that the business is offline following a major data incident. It’s about weighing up the value of minimising your potential recovery time against the cost of lost revenue if data cannot be quickly restored.
Two key factors called the Recovery Time Objective (RTO) and Recovery Point Objective (RPO) are used in this process:
- The Recovery Time Objective is the timeframe set by the business within which data, application and systems must be recovered and running at a normal level. Within any organisation, the RTO may vary across different data types, applications and systems, according to how critical they are to operations.
- The Recovery Point Objective is the maximum tolerable period that can elapse between backups i.e. the amount of work (in minutes, hours, days etc) that the business can feasibly afford to lose from the point at which the last copy of data was made. Is a day an appropriate timeframe, or does it need to be more like an hour?
Other factors come into play too:
Storage space, backup retention times and the evolving sophistication of backup and replication technologies all add a premium to costs which must be weighed up against risk and benefit when deciding what route to take.
Through platforms such as Microsoft Azure, replication is now more affordable for smaller and mid-size organisations for whom just a few years ago it might have been beyond reach.
How quickly you need to restore your data depends on the nature of your organisation and business processes, the sector you operate in, the level and type of regulation your business is subject to and the policies you have in place.
Replication is most effective if you require near-instant recovery, for example if you need an RTO of less than 12 hours. Backup is the better option if all you need is to maintain archive data, or if your industry requires you to comply with certain backup legislation.
Does Office 365 require backup?
Microsoft use a replication-based protection system with Office 365. As described on our cloud backup services page, this means that backup is also required if data is to be protected against sudden loss through incidents such as ransomware.
The only way to achieve this is to use a third-party solution that can link directly with Microsoft Cloud. Taking this route will ensure that your staff and organisation can be operational again fast in the event of a ransomware attack.
Replication allows fast recovery from server failures and similar events, but not necessarily from ransomware attacks – which is why backups are still essential.
Both backup and replication alone have advantages and drawbacks, depending on the circumstances, so your ideal solution for business continuity and disaster recovery might be to combine both.
Consider the following for your organisation:
- If you use Office 365 you need a backup solution
- If you need very fast recovery, and can justify the investment, add replication
- Office 365 only offers replication, which means you will need to buy a third-party backup solution.
To understand more about the options for backup and replication systems or to enquire specifically about a backup solution for your Office 365 systems speak to Alliance Solutions on 0800 292 2100.
We also offer expert evaluation of your data, storage, IT and communications infrastructure and recommendations on the best replication, backup or hybrid solution to provide continuity for the business and operational dynamics of your organisation.
For more information on data backup, replication, business continuity and disaster recovery solutions, talk to Alliance Solutions on 0800 292 2100.