Backup is Evil – Part 1 – Bad Requirements
Data protection is about data availability, backup is not a business requirement, data availability is. 
IT professionals have at their disposal a variety of tools to help businesses achieve their data availability goals, including backup, restoration, replication and recovery, but it is critical to keep focussed on the actual goal, which is the availability of the data, and to balance that goal by using the right set of tools for the specific job. Held in balance are concepts like data importance or business criticality, budget, time to deploy, operational capability and costs of downtime.
Having stated that a data protection and retention solution should be designed from a balanced set of well-defined business requirements, it should be noted that this rarely the case. Instead, data protection solutions are designed and propagated based on inherited requirements that were not
- originally specified in consultation with the business,
- have not been adequately reviewed,
- and are inappropriate in the current regulatory, corporate, or technical environments.
The unfortunate fact is that backup, like insurance is an aspect of risk management, and that every dollar spent on backup is a dollar that cannot be spent on IT projects that have the potential to improve the bottom line. Because of this it is important for IT management to ensure that every dollar spent on data protection is not wasted on ineffective and outdated strategies.
The Origin of Typical Data Protection Requirements
Unfortunately, data protection processes and planning often revolve around the unsettling question of “how much can you afford to lose.”, a question that rarely meets with a well thought out or balanced response. While its understandable for the business to ask that “no data shall be lost under any circumstances, and all data created at any time shall be kept indefinitely”, the costs of doing so are prohibitive. The sad fact is, that in the absence of a detailed cost benefit analysis of the various options, these are the kinds of requirements that the backup designer has to satisfy often without adequate resources.
Rather than asking the difficult questions, many IT organizations fail to engage in any meaningful dialogue with the business, and fall into the habit of continuing whatever had gone before ; implementing a data protection regimes similar to the following
- Changed data is backed up to tape every night and kept for two to four weeks
- All data is backed up to tape once a week and kept for four to ten weeks
- All data is backed up to tape once a month and is kept for seven years
In addition, to protect against site failures, they may also perform the following additional procedures
- Backup tapes, or copies of backup tapes are sent offsite
- “Mission Critical” data is synchronously replicated via dedicated high speed networks to an alternate data centre.
The advantage of these data protection regimes is that they are well known, and serve as a general “catch all” solution. These are then signed off by management as “standard IT practice”. What surprises me is that this practice continues despite numerous examples of its inadequacy. As a case in point, over 25% of enterprise IT organizations report being either dissatisfied or very dissatisfied with tape based backup infrastructures, and synchronous replication is renowned for instantaneously replicating data corruption across two sites in a variety of data loss scenarios.
None of this is just theory, I talk to many of Australias largest organisations and best system integrators, and whenever I talk about this I see many heads nodding in agreement.
I’ll spend the next week or so detailing exactly what I believe is wrong with the way most people approach backup, and then, once my spleen is well and truly vented, I’ll write about how I think this should be fixed. (For those who cant wait, the answer is replication based backup combined with image based dumps to removable media)
 Paraphrased from SNIA Education “Disk and Tape Backup Mechanism”
 The Continued Shift to Disk based data protection solutions – Forrester Research 2007