Backup, disaster recovery, and business continuity: how do they compare?
Backup, disaster recovery, and business continuity: how are they different and how do they relate to one another?
Understanding the differences between backup and disaster recovery might seem like a pretty niche issue to occupy someone’s mind, but for anyone responsible for protecting their organisation’s data and software it’s incredibly important. And although both terms are often treated as synonymous, recognising the difference and relationship between the two concepts is vital if you’re to ensure that things are not only safe, but can also get up and running quickly.
Indeed, the importance of getting up and running again brings us to a third concept that often gets thrown into this cocktail of terminology (some might say jargon): business continuity. Despite some confusion online, business continuity is a little different to disaster recovery. However, as a concept it too has a lot of value for anyone having to work in and around this space.
As we’ll see, becoming more comfortable with this particular word salad is, ultimately, the first step in developing a joined up approach — a strategy — that goes from big ideas and goals like protecting business revenue or organisational data — to the technical steps and implementation processes that are actually required on the ground.
Backup vs. disaster recovery
Before we go any further, let’s first take a look at the difference between backup and disaster recovery, beginning with some basic definitions (if you disagree with these please sound off in the comments!).
What is backup?
Backup is a technical process or, quite simply, a task in which files, folders, or systems are copied and saved so they can later be retrieved and restored. The type of backup — full, differential, incremental — and the way they are implemented — local, FTP, cloud — could vary enormously, but we won’t go into those specifics here.
What is important to note is that not only will approaches to backup vary from business to business, a single business might well use multiple different approaches and types of backup depending on their existing infrastructure and business goals — this is where business continuity and disaster recovery comes in, as we’ll see.
What is disaster recovery?
Disaster recovery exists because restoring software systems is a complex task. This isn’t just because the task itself is inherently technically challenging (although it often is), but more specifically because software systems themselves are complex.
To put it another way, even if we could just restore everything with a click of a button (there are certainly products and platforms out there that will try to convince you that you can), doing so would more than likely involve compromises and trade offs that we might want to properly consider. These are things that might seem obvious, but should actually be discussed with other stakeholders before just pressing ‘GO’. For example, does restoring quickly compromise any data? Will it cause performance issues? Is it going to create, say, issues in fulfilling customer orders?
Disaster recovery, then, is a plan or strategy for managing priorities in the event of a disaster that ensures that organisations can get up and running in a way that manages to be both quick, but also safe and effective. After all, there’s no point getting one component of your infrastructure up and running if it’s only going to go and break something else.
A good disaster recovery plan will need to be aligned with overarching business goals. If this is done properly, at its core should be metrics such at RTO (Recovery Time Objective, which measures the time it takes to restore a given system or application), and RPO (Recovery Point Objective, which is essentially the length of time from an incident that an organisation has to play with until data starts to be unrecoverable.
Comparing disaster recovery and backup
As you can see, the key difference between disaster recovery and backup is that one is concerned with strategy, and the other implementation.
It would be wrong to see one as more important than another of course. There’s no point doing backup without a coherent disaster recovery strategy; equally, a disaster recovery strategy without backup is incredibly flimsy — indeed, maybe even pointless.
But if they’re related how can you actually go about using them? The obvious answer is that backup should follow on from a robust disaster recovery plan — however, while this isn’t necessarily the wrong route to follow, focusing on the abstract elements of your plan without a rigorous understanding of different types of backup, how they work and why, your initial plan is likely to be somewhat limited, and maybe even technically ineffective.
As an alternative, it’s probably worth approaching your disaster recovery strategy with at least an awareness of technical possibilities and opportunities. Technology shouldn’t ever dictate strategy, but strategy that isn’t informed by technology is always going to be underdeveloped and lacking in potency.
Business continuity provides a good umbrella framework for allowing businesses to think about both strategy and implementation together. True, disaster recovery is normally regarded as a simple subset of business continuity, but seeing this terminology in simple taxonomic terms is limiting.
A better way of thinking about business continuity in this context is to see it as an overarching strategic initiative that grows out of an acceptance that unpredictability — from a systems and security perspective — is inevitable in the life of a business.
Now, that all extends far beyond disaster recovery and backup. But it’s because business continuity is such a holistic concept that it allows you to think about all of the various elements that keep a business running — its technology, its people, its processes — that it’s a good way of making sure that you’re balancing everything. It’s easy to prioritise, for example, people over technology or vice versa, but with a solid business continuity plan you will have done everything from understanding the threat horizon, auditing current IT assets and software infrastructure, and even understanding the cost of downtime or failure.
Moreover, business continuity ensures that disaster recovery is done appropriately and effectively. While disaster recovery ensures that technical steps are in place to protect a business, business continuity planning joins that with every other element. This is important, of course, because technology doesn’t run in a vacuum.
Does business continuity have anything to say about backup?
Business continuity and backup might well feel like completely different spheres. But, in fact, an effective business continuity plan makes it easier to ensure that disaster recovery is using backup — or any other technology or tool — in the right way.
This is because it provides the business context that necessarily informs everything that needs to be done, discussed, and considered in disaster recovery.
So, you can see here how there’s a direct line linking what might seem abstract and amorphous to the specific and deeply technical. It’s easy to forget, but absolutely essential.
Business continuity and disaster recovery in the cloud era
In today’s everything-as-a-service world, it’s tempting to overlook disaster recovery and backup. Surely that’s all taken care of, right?
Well, maybe it is — but there’s a chance that it isn’t. And even if it is, it doesn’t mean your data is comprehensively protected. There are always risks — and those risks are sometimes more pronounced when using public tools and products.
Whatever your infrastructure and solution architecture looks like — cloud native or completely on premise — having a robust business continuity plan in place, and a considered disaster recovery strategy — which almost certainly will include various forms of backup — is vital. It’s only with this framework that you can be sure you’re using third party tools safely and effectively.
Conclusion: From strategy to implementation, it’s all about joining the dots
Understanding the differences between backup, disaster recovery, and business continuity give us a key insight that many businesses ignore: prioritising technology over strategy, or strategy over technology is plain stupid. There’s no dichotomy, even if it sometimes feels like there is at an organisational level.
Indeed, the most effective and forward thinking organisations are those that have realised such a dichotomy is pointless. Instead of worrying too much about lines of ownership, to ensure businesses can manage disaster and unpredictability, joining the dots so there is clarity and transparency on what needs to be done and when, is far more crucial.
So, make that change today. Start thinking differently about disaster by seeing technology and strategy symbiotic, not in opposition with one another.