Backup Data Audit Preparation

The Bocada Team | February 13, 2018

Are you prepared for a data audit? How strong is your backup and recovery plan? Is your backup environment ready to withstand threats from cyber attacks or natural disasters. Even if you could answer these questions properly one year ago, can you answer them with certainty today?

Enterprise IT environments are undergoing rapid change, and with that change comes a need to evolve data protection protocols and adjust oversight measures to ensure data security. Yet according to a Ponemon survey, over half of all organizations admit to never reviewing or updating their incident response plan. This means countless organizations undergoing these IT evolutions are ill-prepared to address disruptions to data integrity.

To determine how prepared your organization is to address data breaches or other issues affecting data quality you will likely be subjected to an annual data protection audit. A high-level assessment will quickly offer visibility into your backup environment’s health, and pinpoint where you’ll need to focus your attention to best safeguard your data.

10 Questions to Prepare for Your Backup Data Audit

While each enterprise data environment is unique, there are fundamental approaches to addressing data protection and security. By answering the following ten questions, you’ll be able to see how protected your backup environment is from external threats.

1. Are you backing up all your targets, clients and servers?

You’ll need oversight over your entire backup environment, which covers every single client and server across your organization’s departments, business units, or geographies. After all, should a natural disaster hit in one location, you’ll need to know that any data stored on affected systems can be readily recalled. Without that holistic oversight, you’ll never know how prepared you are to respond to data corruption or deletion.

2. Do all of your backup products define successful backups the same way?

Organizations that have undergone mergers and acquisitions, or even technology evolutions, are likely using multiple backup software products. Considering that each backup software has a unique GUI and scripting protocol, with different features, functionality and definitions, comparing performance across the backup products can be challenging. Standardizing backup performance metrics is very difficult…but necessary to ensure you have comparable data across your backup environment.

3. Can you easily review backup success or failure rates?

Easy access to backup success or failure rates is crucial as it paves the path for troubleshooting those backups that continue to fail. Unless you have a way to easily view which backups failed, and especially which backups consecutively failed, you won’t have a way to efficiently hone in on problem areas that could result in long-term data loss.

4. Do you know the backup frequency and backup type of critical data?

When you’re dealing with vast amounts of data, and trying to minimize data storage utilization, it can appear favorable to opt for partial backups to reduce the shear amount of data being backed up. However, for critical data that needs to backed up daily, if not more frequently, that may not be sufficient. Visibility into backup frequency (e.g. daily, weekly) and type (e.g. partial, full) is crucial for ensuring that vital data is never lost.

5. Are you alerted when a critical backup fails?

Even if you do have a way to easily see which backups failed, what happens if it’s a mission-critical backup? Days could go by while you fix other failures, and never know this critical data sits unprotected. Do you have a way to be notified right away when must-save data isn’t getting backed up?

6. Do you have a way to efficiently enter failures into a ticketing system?

As you tackle backup failures, what does your process look like for fixing them? Consider if you have a process that lets you efficiently collect the time, location, and reason behind a backup failure and share it with the backup team. Without an efficient way to get failures into your service or ticketing system, you’re slowing down how quickly they can be addressed.

7. Can you map your backed up data by media type & location?

In long-standing enterprise environments, data is likely stored on tapes and disks in both on-premises locations and 3rd party storage site. Data is likely also stored in the cloud through AWS or Azure and on storage devices like DataDomain or StoreOnce. Do you know where all your data is stored, and on what media types? Being able to map all of your backup data by media type and location ensures that if you ever need to access it, you’ll know exactly where to look.

8. Are your backups meeting the correct policy criteria?

If your organization is accountable to government regulations like HIPAA or GDPR that stipulate data retention periods, or if you have internal requirements around backup types, you’ll need some level of oversight that those policies are being met. Without clear visibility into your policy set up, backups may not be meeting regulation criteria, leaving your organization at risk for serious fines and penalties.

9. Can you quickly show you’re meeting compliance or SLA requirements?

Consider the different types of service agreements you might have in place such as completing full backups every day, or hitting a certain backup success rate. Reporting on SLA compliance is often mandatory, but takes time away from operational tasks. With a quick way to report on these metrics, you’ll be assured that time is being better spent on managing the day-to-day health of your backup environment.

10. Can you quickly check on your backup servers’ storage capacity?

One of the common reasons backups fail is because there is insufficient server storage capacity. Yet checking on capacity cuts into valuable time spent maintaining and fixing backup failures. By ensuring you have a way to quickly check on storage capacity, you’ll know if you can turn your attention back to managing your backups, or need to focus it on building storage capacity.

The Right Tools For Your Backup Data Audit

While the questions in the backup data audit may appear simple, they are extraordinarily time consuming and often difficult to answer when faced with complex, enterprise backup environments. Organizations managing servers across geographies, and using different backup software to protect their data, often leverage automation solutions to tackle these very questions. When assessing which automation solutions to use, consider ones that:

  • Function effectively across your suite of backup software
  • Reduce or remove manual reporting and script writing
  • Offer visibility into backups across targets, clients, and servers
  • Provide details on server capacity and utilization
  • Ease backup failure pinpointing and troubleshooting
  • Track backup policies across your entire environment
  • Function across a wide range of backup destinations

If you are preparing for a backup data audit, we encourage you to schedule time for a personal demo of the Bocada system. When tested in your native backup environment, you’ll see right away just how quickly and easily you can answer all ten questions in your backup audit.