What is data recovery?

Typically, the data is restored from a backup copy that is stored in another location. The more recent the backup copy, the more completely the data can be recovered when loss or damage occurs.

For any business, successful data recovery—meaning recovery that prevents a greater-than-tolerable loss of data or business disruption—requires a backup and restore plan that meets specific data recovery objectives. Such a plan is usually part of a larger disaster recovery plan.

The term ‘data recovery’ can also refer to these processes:

• Software designed to ‘undelete’ files that a user might have accidentally deleted by restoring system formatting to those files.
  
  
• Specialized services for physically recovering data from damaged disks.
  
  
• Cloud-based backups (such as iCloud) are used to restore data to a mobile device.

However, this article focuses on enterprise data recovery.

Data loss due to human error remains more prevalent than data destruction due to natural or manufactured disasters or criminal activities such as ransomware attacks. However, your enterprise should be prepared for any data loss that can disrupt critical business applications or operations, no matter what the cause.

A comprehensive backup and recovery solution should be in place to protect every piece of data worth saving, wherever it resides. Backups might cover these types of data:

• Servers: Both on-premises physical servers and virtual or cloud-hosted servers might need to be backed up regularly or continuously.
  
  
• Storage area networks (SANs) and other shared storage resources: This category can include block, object and file storage.
  
  
• Endpoint devices: These examples might include desktop and laptop computers, workstations and tablet and mobile devices. For these device types, individual hard disk drives must be restored.

In addition to files, there are certain types of data you need to back up:

• Applications and their associated data
  
  
• Databases and any associated data structures, formats, tags or metadata
  
  
• System data, including operating system (OS) and application configurations
  
  
• Runtimes, including virtual machines (VMs) and containers

When you determine the types of data that need to be backed up, you must also decide how frequently to perform the backups. In addition, you must determine how quickly the data should be restored—that is the recovery point objective and recovery time objective for each data set or related application.

Recovery point objective (RPO), is essentially the age of the oldest backup you can tolerate. RPOs vary depending on the data, the application, the industry or a combination of these and other factors.

For example, the email system at a coffee shop might be able to tolerate a 24‑hour RPO. In contrast, the email system at a hospital, a bank or another highly regulated business might require RPOs measured in minutes. At a brokerage, where each trade might be worth millions, a trading system can measure an RPO in seconds—or less.

Recovery time objective, or RTO, is the longest amount of downtime you can afford. The checkout at your local bookstore might have an RTO of hours or days because downtime might cost USD 100 per hour. An online store might have an RTO measured in seconds with each second of downtime representing hundreds of thousands of dollars in lost business.

RPO and RTO determine the frequency, method and even the location of your backups. An application with an RPO and RTO measured in hours might be able to get by with nightly backups to any third-party cloud provider.

An application with an RPO and RTO measured in seconds (or less) might require continuous data replication or even fully redundant systems. These systems are typically hosted at a nearby location and can take over immediately and seamlessly if any data loss or system problems.

Any data recovery service provider you work with should provide a service level agreement (SLA) detailing the RPOs and RTOs they are able to achieve. The SLA should also outline the security controls in place and the safeguards against data loss they have established. Your contract should specify the site or sites where your backups will be stored and indicate how the provider will comply with any regulations in your industry.

Cloud backup and recovery solutions are increasingly popular among consumers and enterprises alike. They are especially useful when businesses must back up large amounts of data (such as the contents of an entire data center) and want to reduce infrastructure expense and administrative burden.

In cloud backup and recovery, data copies are maintained in a secondary, offsite storage location. The cloud provider offers access to the storage—and possibly, supplementary managed backup and recovery services—on a subscription basis. Pricing is typically based on storage volume and bandwidth usage.

The organization can select and deploy its own backup application, use one the cloud provider might offer, or employ a third-party service provider’s application. In all cases, the backup application designates files for backup, creates encrypted copies of the files and sends them to the offsite backup destination.

Enterprises employing cloud-based backup and recovery solutions enjoy the full benefits cloud storage has to offer. The cloud provider assumes all responsibility for securing, managing and maintaining the infrastructure and will typically guarantee that you’ll have access to data whenever you need it. Storage capacities are highly elastic and can be scaled in accordance with demand, so you won’t pay for resources unless you need them.

The security of your data backups depends on two major things:

• Encryption of backup files in transit and at the backup storage site.
  
  
• Physical security, user authentication and access controls at the backup storage site.

If your industry has regulations governing data privacy and security, you’ll want to make sure that your backup tools, processes or service providers comply with those regulations. (If you work with a service provider, ask for certification of compliance.)

No matter what industry you’re in, you’ll want to pay particular attention to protecting any backups of data related to your intellectual property. And it’s important to ensure that any backups no longer needed are fully destroyed.