Based on the information collected, review all of the backup requirements and select the most appropriate backup strategy and develop it. You need to consider two major factors in defining the backup strategy:
the strategy options and;
the risks with the storage and handling of backup media.
Listed below are some common strategy options that you have to consider:
Centralised Vs Distributed Backup
Centralised is most preferred in general.
Distributed is useful for small amount of sensitive files of the organisation.
Hardcopy is easily backed up by photocopying. You may convert the hardcopy to electronic softcopy by scanning these documents.
Softcopy requires the selection of storage medium. You have to consider the capacity, durability and the availability of the backup device at recovery location. The media and devices have their own merits and drawbacks.
Backup Frequency and Retention Cycle
Select the frequency according to the requirement of individual data asset. Maintain backup copies for all operational data to enable recovery to the most up-to-date state is possible.
Multiple generations of backup copies should be maintained e.g. system data is backed up on Network Attached Storage once a month and is kept for 1 year or data is backed up daily from Monday to Friday and is kept for 4 cycles. Month end and year end copies of files may be retained for a longer period if required.
Full Backup refers to the backing up of all the files on a storage medium, e.g. a hard disk, by copying them to a tape or another storage medium. It is recommended because it is the simplest to maintain and it is a good security measure for frequent users to do full backups once a week.
Differential Backup refers to the backing up of only files that have been changed or added since the last full backup. For example, if you have a 5 day cycle and want to restore the data of last Friday, you need to restore last Monday's dataset followed by the Friday's dataset.
Incremental Backup refers to the backing up of only files that have been changed or added to a system since doing the last Backup. For example, if you have a 5 day cycle and want to restore the data of last Friday, you need to restore last Monday's dataset followed by all other four datasets sequentially. Incremental/Differential backup is useful when data set is too large to fit on one backup media.
Risks with the Storage & Handling of Backup Media
In addition, you need to consider the potential risks with the storage and handling of backup media. Examples of risks are:
Environmental threats such as fire, water and dust
Corruption/damage of backup media
Leakage of confidential information and theft from the backup media
Production site is not accessible resulting in the unavailability of the backup media and recovery procedures
In order to mitigate these risks, you have to include some addition practices in your backup strategy. For example,
Store the backup media in physically safe and secure place remote from the site of the systems.
Clean your backup device regularly to extend the lifetime of the backup media.
Specify an expiry date of the backup media on the media label.
Separate the backup media of sensitive data from normal data.
Use encryption technology for saving sensitive data in the backup media.
Keep the in/out logs of the backup media.
Devices and Media Data Backup
There are quite a lot of devices available for data backup and restore like floppy diskettes, CD-Recordable/Rewritable (CD/RW) discs, DVD-Recordable/Rewritable (DVD/RW) discs, Magneto-Optical (MO) discs and digital data storage tapes. The media and devices have their own merits and drawbacks.
Tape - is one of the most commonly used medium for large organisation. Tape Magazine or Automatic Tape Changer may also be used if data volume is very large that span multiple tapes in one backup session.
Popular removable media - most workstation backup software supports both backup to tape and to popular removable media like CD/RW, DVD/RW or MO. You should handle the backup media with care:
Clean the tape drive's head regularly. The cleaning frequency depends on factors like the operating environment and operational (backup, restore, scan tape etc.) frequency. Some tape drives have indicators to remind user to clean its head after certain number of runs.
Properly store and maintain the backup media. The media should be properly labelled and placed in their protective boxes with the write-protect tab, if any, in the write-protect position. Keep them away from magnetic/electromagnetic fields and heat sources and follow the manufacturer's specifications for storage environment.
Recommend to use local server tape drive backup rather than backing up of multiple servers through the network as backing up through the network will be much slower and time consuming if the amount if data is very large.
Use differential backup during night time on week days and use full backup on Saturday night, when no one will be accessing the server.
Keep a tape for each month or any special occasion in a safe when documents need to be deleted every month.
Check logs of backup runs daily.
If time required for backing up the server is too long that exceeds the site's allowable backup time frame, data can be copied to a dedicated backup server and let the backup task run on the dedicated server. But the security level of the dedicated backup server should be the same as that of the production server to avoid unauthorised access.
Server backup software is operating system specific. Most backup software products also provide disaster recovery option for system recovery.
Use local backup device: workstation data can be backup as frequent as required. Users can take the active role for backing up the data or use a scheduler to backup data to local backup device (e.g. DVD/RW drive) at regular intervals.
Use workstation backup agent and central network backup: most server backup software products provide the function to backup data that reside on connected workstations. Workstation data can be backed up to the server backup device following the client backup schedule defined by the LAN administrator. But the workstation will have to leave powered on during the backup.
Use central network backup with vital data copied to server: workstation data can be copied to server and server will be backed up according to its regular backup schedule. Users can take the active role for copying data to the server. Or a scheduler can be used to copy data to server at regular intervals to match with the backup schedule on the server.