5 steps for security and disaster planning

1. Analyse

A "Worst Case Scenario" analysis is a closer look at your business requirements and in short poses the question: "If my website disappeared today, what would be an acceptable period to restore from a backup." Is it hourly, daily or up-to-the-minute? As you can imagine, the answer to this question will depend entirely from the type of the application you have. For eCommerce websites and applications which rely heavily on user interactions, backups should be up to the minute in an ideal world, however there is a trade-off between this kind of performance and your budget. There are ways to mitigate hardware failure and data loss due to corruption which involve distributed multiple copies of your data across different services, and there are plenty of levels of coverage to suit your needs.

How long you keep backups for will also be a consideration. This defines how many restore points you'll have to recover deleted data and content from. The larger backup history you need and the more restore points, the more disk storage is required so there is a trade-off to make here too.

These points should be at the forefront of your mind when building you new website or mobile app.

Sound confusing? We can help by applying our expertise and experience to define the right solution for you, in easy terms.

As part of the analysis process we'll help you identify risk areas and possible worst case outcomes so you're in a good position to deal with cases when technology lets you down. During the buzz and excitement of creating your new product you'll want to address backups and risk mitigation up front, so you have a plan when things don't go to plan!

2. Capture everything

We tend to take a "capture everything" approach to backups, rather than incremental backups, solely because it's the best fit practically and cost-wise for most applications (except the very largest enterprise level websites). This means taking nightly full snapshots of your website files and database (along with emails if the web server is set up to manage your emails). It makes it far easier to restore to given point in time than implementing a more comprehensive staged backup solution when used alongside hardware failure measures - such as RAID.

3. Test restore points

A backup is only as good as the last snapshot, so it's important to have an area where the restore point can be tested. For more cautious clients, we've set up a secure location online that they can visit to see the most recent backup restored and in place to see and interact with. This restore point is effectively a fully working version of your website at a given point in time, so provides the best way to assure you that should the worst happen the backup has been proven to work and captures everything (as described above).

4. Don't forget

Where we've taken over from a previous provider for our clients, we often find that there is no backup consideration at all in place. It is one of the first things we sort out when onboarding and advising our new clients.

Even once a backup solution has been considered and is in place, it's important to periodically check that everything is working as expected.

We set up notifications so that if backups fail for whatever reason, we're alerted to remedy the situation.

5. Scale

As the data and content for your website grows you can expect that the size of your backups will also grow. We can calculate how much space you need based on the solution you need (which we'll have defined from the previous steps).