Editor's note: This article was excerpted from TechSoup's The Resilient Organization: A Guide for Disaster Planning and Recovery, which contains more resources on developing backup systems, strategies, and tools for your organization. This article was updated in 2012 by Ariel Gilbert-Knight.
Ensuring that your critical data is backed up regularly is essential for keeping your organization up and running, no matter what happens. This article will help you implement an effective backup strategy, with tips on what to back up, and how to choose local and remote backup solutions. This article is the second in a two-part series. The first article in the series covers backup strategies and best practices.
What to Back Up
Before jumping into a backup solution, you should first put together a list of what assets need to be backed up.
Of course you'll plan to back up your organization's computers, but this is actually a little more complicated than it sounds.
You'll need to know the location of the data you plan to back up. For example, while most Windows users store data in their Documents folder, they also may keep files and folders on the Desktop, which you'll need to back up as well. Special database- or financial-software packages may store files in their program directories, so be sure to back these up, too. Some programs will allow you to back up configuration or settings, so find out if your programs support this functionality. Finally, be sure to understand how your email is set up and where your messages (sent and received), calendar (if your email application has one), and contact information are stored.
If you have an extensive bookmark collection in your browser, be sure to back that up as well. You may choose to periodically export your bookmark file from within the program, or point to the bookmark file itself in your backup software. Check the application's Help tool or consult the web for details.
For servers, in addition to regularly scheduled backups, it's good practice to conduct a full backup of your server before every major update so that you have a way to restore its entire hard drive. A proper file server should also be running a server-class operating system, with software or hardware RAID (redundant array of inexpensive disks).
If your organization uses an in-house email server, it must be a part of your backup plan. If you host your own email, many email servers include their own backup utilities; check the user manual for more information. If mail is stored locally on users' computers and not on the mail server, the mail folder on each computer must be backed up.
Mail data file locations vary by program. For Outlook users, see Where does Microsoft Outlook 2010 save my information and configurations and How to automatically back up your personal folders file in Outlook for more information.
If you use a webmail service, check with your email service provider on its backup and restore policies. If your webmail service is offered through your Internet service provider (ISP), find out whether the ISP backs up your email. If you only use a webmail service like Google Apps for Nonprofits, these services are generally considered safe from hardware failure.
Do one or more of your employees, contractors, or volunteers work from home? Are they saving their work on a personal computer? If so, this data should be part of a regular backup strategy.
Many remote backup services allow you to install a client on a home computer and designate specific folders on that computer to be backed up. As a simpler alternative, require that work performed at home be saved to a work computer or shared storage solution every day.
Do you store any critical data on your mobile devices? For example, contact lists or other documents? If so, this data should also be backed up. Refer to the device's manual for backup instructions.
You can also think about using your mobile device to access or even store copies of essential files. For example, if Internet access is down but the cellular network is working, you can retrieve critical files from cloud storage using a mobile device.
Of course, if you're storing sensitive data on your mobile device, those files must be encrypted. For instructions on how to encrypt your files, see the device's manual.
Cloud and Other Hosted Solutions
Cloud solutions are arguably more impervious to disaster than other technology solutions because they are not physically located in the same place as your organization. A disaster that strikes your office or even your city or region likely won't have much impact on cloud solutions. You should still make sure that your data is regularly backed up and that you have planned for how you will access and use the data in the event of a disaster.
If you are hosting your website on-premise, then it would be backed up like any other server. If it's hosted off-site, be sure to ask your web hosting provider how regularly it backs up your website data and how recovery is handled if an accident occurs. Be sure to check with your provider: even if it offers a backup service, it may require you to opt in.
Especially if your provider doesn't perform backups (but even if it does), there are many reasons to keep a copy of your website on an office computer. If you start the habit of editing your site on your computer rather than directly through an FTP connection, then you can test the site before uploading it and you'll always have the up-to-date site ready to upload in case of computer failure or human error. What's more, you won't need an Internet connection to make edits to your site or find information on it. Most content management systems allow you to back up your data on a local computer.
Choosing On-Premise Backup Solutions
If you use on-premise backups, remember that storing copies of backup data off-site is crucial. Natural or manmade, any disaster that impacts your computers is likely to impact a backup drive in the same office.
Choosing Backup Hardware
Choosing appropriate backup hardware is key to effectively implementing your backup strategy. As with any technology, there are probably several "right" solutions for your organization. Here are some guidelines for choosing backup hardware that will work for you:
- Determine how much data you need to back up. Take a look at the machines on your network — or at least a representative sample. How large is each user's documents folder? How large is the email file? How much data is in your organization's primary shared folder? Add up the totals for all your machines, or multiply the average by the number of machines in your organization. Be sure to leave room to add a few new staffers, and to plan for growth — it's very possible to add 1 GB of data per person per year.
- Now double that number. Choose a backup solution that allows you to store double the amount you think you need to back up. This will give you room for growth, and will also allow you to store incremental backups on the same media as full backups.
- Consider your drive's speed and how it interfaces with your computer. When you have a large amount of data to back up, a big storage device isn't much good if you can't write data to it quickly. Make sure your hardware can support reasonably fast data transfer rates.
Understanding Storage Media
Magnetic tape is the standard for storing large amounts of backup data. For larger organizations with an IT infrastructure in place, tapes are a solid option for local backups.
Disk-based storage includes dedicated backup and file-storage servers, as well as external hard drives.
Network Attached Storage (NAS) is a type of device that offers disk-based storage like a dedicated file server or backup server, but in a small and efficient chassis. While specific features such as scheduled backup or FTP access depend on the model, all NAS implement some form of hardware RAID that makes them a reliable form of backup hardware. For larger networks and disk space requirements, a storage area network (SAN) is a network of storage devices accessed and shared using standard network communications.
CDs, DVDs, and flash drives are convenient and cost-effective. But they can't be your organization's primary local backup solution. They are less secure than other backup solutions, and they are not conducive to best backup practices, such as conducting incremental backups. However, they can be great for:
- Creating quick, easy, redundant backups of super-critical files. If you store critical files on a CD, DVD, or flash drive, you'll be able to easily access your files without specialized backup hardware or software, and without an Internet connection.
- Transferring files from one computer to another.
- Archiving old data. CDs and DVDs are appropriate for storing data that you won't need to modify, such as photos and finished printed materials. Plus, disks make your archives portable, making it easy to store a copy off-site.
Choosing Local Backup Software
Having cost-effective and reliable backup hardware is only half of the local backup equation. You'll also need to choose backup software.
For individual users, Windows and Mac operating systems both have built-in backup tools. Backup works slightly differently depending on which version of Windows you are using. Windows 7 information is available here. Mac's backup tool is called Time Machine. These tools are adequate for individual users.
For an organization-wide backup strategy, however, a dedicated program such as Symantec's Backup Exec or System Recover is preferable. Consult the software documentation for details to determine specific needs.
Many devices also come with backup software that could meet some of your organization's data-storage needs.
Choosing a Remote Online Backup Provider
Because you're entrusting critical data to a third party, due diligence is required to ensure that the backup provider you choose is reliable and financially secure. Otherwise, you might end up with a company that has sloppy data-protection habits or goes out of business.
- Ask for references: When shopping for a provider, ask to speak with one or two customers who have used that provider.
- Ask for specifics about each provider's storage facilities.
- Discuss pricing. Are there additional charges to the base price? Will the company notify you if you are nearing your allotted storage capacity, and how much do they charge if you exceed that capacity?
- If you hold sensitive, health-related data about your users, clients, patrons, or community members, you may want to consider whether you need to comply with privacy regulations for data related to federal HIPAA rules. Learn more about the topic from our article, In Search of HIPAA-Compliant Software.
The following are some other important questions to ask:
- Has the provider built its own data center, or do they co-locate with a third-party provider?
- What redundancy have they built into their system to ensure that your data will always be available? For instance, do they make backups of your backup?
- Will your information be kept on hard disk or moved to tape? How do they secure physical access to the equipment where data is stored?
- Will your data be stored in a secure facility?
- Who has network access to the machines that store your data?
- Does the backup provider automatically encrypt your data? (Some services recommend that you encrypt your own data before backup.)
- Does the provider offer a guarantee or insurance of a successful recovery?
These questions will help you avoid unpleasant surprises and ensure that copies of your critical information are secure and available.
For more tips and recommendations, see Idealware's guide, A Few Good Tools for Online Data Backup.
Learn more about cloud computing for your nonprofit or library on TechSoup's cloud page.
Image: Backup key, Shutterstock