Question

If you were in charge of Information Security for a financial services company how would you design the backup strategy? Include a diagram to document your backup strategy. Include recovery steps in your diagram.

Answer 1

Regular backups are vital insurance against data-loss catastrophe for business continuity that helps in disaster recovery. Developing a solid backup plan requires an investment of money and time, but the cost is far less than burdensome task of recreating data for which no backup exists.

Before you create backup plans, you need to know what to include in your strategies:

· Cost: You will need a data backup plan that you can afford. It's a good idea to think beyond dollars. Keep in mind the potential costs of a violation or loss. Then weigh this against the projected cost of the backup system. This will help guide you.

· Where to store copies of your data? Some companies prefer cloud-based backup. Others like to have a physical backup. The most prudent companies use several backup sources. This way, if one backup fails, they have another in place.

These are some famous backup strategies. Here are some steps to create an effective backup plan-

1. Assessment of company’s backup needs: The first step is to assess company’s backup needs. For this, you need to look at couple of parameters. For example-

· You may need the ability to restore data as soon as possible.

· You may need the ability to recover data.

· You may need to keep services available to customers.

2. Evaluation of options to find best backup strategy: After assessment of backup needs we need to evaluate options to find best backup strategy. For this you have to find:

· Hardware backups

· Software solutions

· Cloud services

· Hybrid solutions

3. Backup storage options:

· You will also need to think about where to store your backups. Here, you have several options.

· You can back up your data to local or USB disks. This option is best for backing up individual files and hardware. Not ideal for networks. If the drive is destroyed, you will lose the backup.

· Attached storage (NAS) and storage (SAN) networks are also options. These are ideal for storing data for your network. They make it easy to retrieve network data in most situations. The exception is if your hardware or office is destroyed.

· Bandwidth data backup can be attractive to some companies. The tapes will be delivered to a safe storage location. This keeps your data safe. The downside is that you will have to wait for the boxes to arrive to restore your data. They are best suited for restoring the entire system, not individual files.

· Cloud storage is becoming more and more popular. You will need an internet connection to send your data to the cloud. There are options available to help you transmit a significant amount of data. You will be able to access your data from anywhere, but not without an internet connection.

4. Budgeting:

· The third step is to create a budget for your backup plan.

· Some solutions are more expensive than others. Purchasing new hardware is expensive and may require downtime.

· Cloud-based solutions are more affordable.

5. Select a platform: Next step is to choose a platform.

· If you have made careful evaluations, you may already know what you want. As mentioned earlier, some companies prefer multiple backup options to cover.

· Choosing a single backup option can cover your needs. If you are sure you will have an internet connection; a cloud backup may be sufficient. You can access it from anywhere and get your data quickly.

· The most significant argument against a cloud-based service provider is privacy. If you store sensitive data, you may not want to rely on an outside company. Regulations may even prohibit you from doing so. If this is the case, consider off-site secure storage for backups. This way, you can get them if your business is damaged.

6. Select a vendor: It's time to choose a provider to help you implement your new backup strategy. You can opt for a full service. Some companies may provide hardware, software, and cloud solutions. It is also possible to help you with employee training.

These must include:

· Overall cost of implementation

· What options are included

· How long the implementation is expected to take

· Seller's reputation

7. Create a recovery plan: As your plan is built, put together detailed instructions on how to use it. Ideally, this should include an easy-to-follow security incident response checklist.

Your recovery plan should include:

· Type of recovery required

· The data set to be recovered

· Addictions that affect recovery

· Any post-restoration measures to be taken