Choose your backup strategy carefully

Choose the wrong approach to backing up your data and you could seriously damage your business: you could even end up in gaol!

This is a true story, but has been suitably anonymised. It serves to demonstrate the importance of choosing your back up strategy carefully.

Background

The story involves a very large privately owned company with global interests and takes place during the 1990′s. The company concerned was being prosecuted for fraud because of some dealings it had performed overseas. The alleged fraud took place about nine years before the case came to court. The time delay is significant.

The Investigation

During the investigation, the authorities were attempting to discover financial documents that supported its case. The company concerned claimed that no records existed for the period in question because it had a corporate policy to hold information for no longer than was legally required: in this case seven years. All documents had been shredded some years earlier.

Unfortunately for the company concerned, the authorities were aware that the company operated an electronic mail system and that the IT Department took regular backups of that email system. They asked for an old  backup copy of the email system to be restored so that deleted emails could be read.

When the company received this request, the business management quizzed the IT people and asked how this could be possible. As far as they were concerned, when they deleted an email, it was deleted. Only now did they discover that the IT department had been diligently backing up the email system, including deleted messages that were in the Trash Can. Not only that, but they used a backup strategy that kept one tape from each year forever. As you can imagine, the senior management were aghast at this development.

Nobody had asked the IT department to do this, but they felt it was good practice. If they had let this be known to the business, they would probably have been told otherwise in no uncertain terms.

In other words: this was a classic disconnect between the business people and the IT department. Unfortunately, the consequences in this case were potentially dire. Several senior managers could lose their liberty if the documents could be recovered and the evidence supported the authorities’ case.

As it turned out, attempts to restore the tape failed. The documents were not recovered and the case eventually fell. Further investigation found that the backup system hadn’t actually been working properly for years!

Lessons Learned

Several lessons can be learned from this episode:

1. The IT department misunderstood the needs of the business. It didn’t realise that it made perfectly good business sense not to hang on to old data forever.
2. The company had no formal Data Retention Policy. Thus the IT Department had no reason why not to hold on to data forever.
3. Having no Data Retention Policy meant that the IT Department saw no reason to have a proper archiving process and used retention of backup tapes instead.
4. You only backup data to allow yourself to restore it at some point in the future, If you never perform any test restorations, you will never pick up the fact that your backup system is broken.

The Morals

1. Understand why you backup data.
2. Develop a Data Retention Policy that defines what data should be kept, for how long, and how it is to be disposed of.
3. Make sure that everybody, particularly your IT Department, understands what the Data Retention Policy means in practice.
4. Use the Data Retention Policy to determine what data should be archived and for how long, and to choose the appropriate archiving technology.
5. Develop your backup strategy so that it supports the archiving policy.
6. Test the integrity of your backups and archives on a regular basis.

Conclusion

As it turned out, the company was not affected by the IT Department’s choice of Backup Strategy, but this was only because they hadn’t implemented it correctly.

Footnote

More recently, discovery of electronic documents has become a hot topic. So called e_Discovery technologies can be used to save enormous amounts of time and money when a company is forced to disclose electronic documents in the course of legal proceedings.

Related posts:

1. Monday Tip – Choose your Backup system with care Not all backup systems are created equally, make sure yours...
2. Choose your Cloud supplier carefully, really carefully If you transfer your Business to the Cloud, you’d better...
3. Monday Tip – guard your backups carefully This week’s tip is to always think about the safe...
4. How to define your approach to backup How you approach the topic of backup can make the...
5. Bare metal backup systems save you money Implementing a bare metal backup system as part of your...