How Data Recovery is Sometimes like a Seinfeld Episode
January 24, 2017
The Seinfeld comedy series is famously referred to as “a show about nothing.” Though many of its episodes revolved around mundane incidents from the main characters’ lives, there usually was a profound message that resonated with many viewers simply because many of the events are so recognizable. On some level, most people could find something to relate to in the show whether it was “shrinkage,” “man hands,” or “serenity now,” there was usually something for everyone.A memorable scene from one of the episodes that I find quite apt for a lot of situations that occur in IT is the famous “car rental” incident. You can view it in the embedded player on this page. For our purposes, substitute “data” for “reservation” and “backup” and “restore” for the words “take” and “hold” in the following line:
You know how to takethe reservation; you just don’t know how to holdthe reservation.
And that in a nutshell is the nightmare scenario you never want to find yourself in when attempting to restore lost data after a catastrophic event. Unfortunately, many organizations regularly set themselves up for just such a predicament, which is anything but a laugh fest when disaster strikes.Risk Management and PoliciesIf you’ve taken any of the great courses here on Cybrary.it on the topics of Risk Management and Business Continuity (I’ve a least watched the videos), then you’ll be familiar with the importance of having a data backup and recovery policy (DR) in place. The importance of periodically testing the recovery/restoration process is emphasized in the training. I don’t know about you, but if I were an IT admin, I’d sleep a whole lot better at night knowing that in the event of a major data loss that my team could fully and quickly restore our data. If the day ever came where that wasn’t the case, then I’d either be driving as fast as I could to the border or looking for a window to jump out of.Events resulting in data loss can range from equipment failures, malware and ransomware infections, or complete loss of all equipment and facility access due to a natural disaster such as fire, hurricane, tornado, earthquake, or other act of God. This usually concerns businesses, but personal data restoration is also a best practice for consumers. For organizations, data recovery/restoration is a component under the broader process of business continuity planning with a separate set of policies governing it.What could go wrong?Having a data backup and restoration policy is a good start, but it’s not enough. At least if you value a good night’s sleep. Another great meme that came out of The Seinfeld Show is “who knew?” (Imagine it in Jerry’s voice.) You can find yourself uttering this exasperated line if your backup policy limits data backups to a single copy. A much older meme, “don’t put all your eggs in one basket” is also quite apt.A best practice is to have multiple backups of the same data image, ideally stored in multiple locations - both onsite and off. Off-site repositories should ideally be geographically distant from the main site in order to mitigate against the effects of a regionally located natural disaster. It might require a road trip or arranging for courier service to deliver the media, but at least it’s there and intact if you need it.Imaging and backing up PCs is one thing, backing up and restoring data to an infrastructure of distributed storage media is another entirely. This situation is referred to as “configuration drift” and is more prevalent in today’s virtualized environments. It’s easy to have this situation sneak up on you and only become apparent when the time comes to recover lost data.Auditing and TestingPlans may look great on paper, but many often go up in smoke when put to the test. Ideally, the test should be planned – not ad hoc as would be the case in an unexpected event that caused data loss. The latter will cause flashbacks to the Seinfeld car rental episode mentioned above. Testing data recovery procedures is not a trivial matter and can tax the resources of any organization.The cost to test DR procedures can be high. Larger organizations typically employ a vendor to perform the testing on their behalf. This has several benefits, with the most important one being independence. Designing a comprehensive DR plan takes specialized knowledge, something that is often lacking in-house. In-house staff can also be susceptible to tunnel vision resulting in consistently overlooking major weaknesses in a DR plan. Due to the large expense associated with testing DR plans, many organizations opt to perform them on an annual basis. Regardless of the size of an organization – even for end-users – testing a data backup and recovery process is vital.Having a DR plan in place and then testing it are both corollaries to another ancient meme: “better safe than sorry.” You back up the data, and then you assure that you can restore the data. Jerry and Elaine would be proud of you and if you truly want to be “the master of your domain,” then you owe it to yourself to take the critical courses here on Cybrary.it on Risk Management and Business Continuity!