I have always maintained, since Day One, that the most important thing we do in IT management is to verify backups. (Day one for me was October 1995, when I went into consulting full time.)
In my last real job before I went into consulting, we had to back up systems across three states. These included HP MPEX operating systems in two states, Windows server in two states, and Novell in one state. And the entire systems in New York and California were big, beefy, and roomy enough to serve as the total-system failover to each other in an massive, unforeseeable emergency.
In the first consulting job I took, one of the teams I managed was the team that backed up all of the mission critical servers at a major corporation's campus serving 5,000 desktop users. Tapes went offsite every night for a 365 rotation. It is nearly impossible for the human mind to imagine how many DAT-72 takes that is!
And in the world of SMB IT consulting, our number one rule above every thing we ever did was: The most important thing we do is test backups!
TESTING backups is the most important thing we do because the ability to get a client back in business in short order is the most important service we provide. And testing a backup by restoring data is the only way to guarantee we can do that.
Too many people in this industry have lost sight of that. "We get a screen shot of a successful automated system mount" is absolutely and definitely NOT testing the backup. Monitoring and looking for green lights is NOT testing the backup.
There are three important reasons you need your team to do a test restore on any backup system. First, you make sure that you can actually get the data of the backup (cloud/drive/BDR/tape/whatever). Second, you verify that you team knows how to do this with each client and each system. Even if those systems are 99.44% identical, they are not identical. Third, everyone on your team should see all of this when it's NOT an emergency.
As I wrote recently, there's no such thing as set it and forget it with backup. Over the twenty-five years that I managed IT companies, almost exactly half of all new clients had no working backup, whether they knew it or not. And this never improved over time.
For about fifteen years now, I have preached that there is NO EXCUSE for ransomware to take down a client - especially in small business. Why? Because you should be able to restore everything within a day or so. If you spend enough money, you might do it faster. With less money, it will take longer. But there is no excuse to not have a working backup. Ransomware? Nuke and pave is the ultimate safety valve. You might have lots of other security stuff in place. But everything else fails, the greatest tool you have is a backup you've verified recently.
Make this you highest priority: Verify each client's ability to restore from backup every month. Yes, that's a lot of work. But since it's the highest priority thing you need to do, is must be done.
And maybe you don't need to buy every security tool you see. Just sayin.
No comments:
Post a Comment
Feedback Welcome
Please note, however, that spam will be deleted, as will abusive posts.
Disagreements welcome!