Do Your Backups Match Your Expectations?

A previous WST (https://10dsecurity.com/wst/building-blocks-of-a-business-impact-analysis.html) described what a business impact analysis (BIA) is and how it’s a key component of your business continuity program and disaster recovery success. If you’ve done the work to define recovery point objectives, have you also made sure that your backups actually match your needs? For instance, if a server has a recovery point objective of eight hours but you are only backing it up every twenty-four hours, your backups are misaligned! Should system recovery be necessary, data loss beyond eight hours may be experienced. When updating and reviewing the BIA, we recommend that you include a review of your backup retention schedule to ensure that all backups meet the institution’s BIA requirements for recovery point objectives. You may find systems that you need to expand backup frequency. Or, you may find BIA requirements that are unrealistic or unattainable. In those instances, it may be wise for the institution to adjust expectations or develop other processes to resolve the planning gaps.

Authored by: David Matt, CISSP, CEH