This is a collaborative article created by Steve Dance of RiskCentric and CiContinuity.
Systems and data recovery strategies may harbour several dark corners and tripwires, compromising the timeliness and effectiveness of IT recovery activities.
Many organisations have built-in assumptions often proven wrong when the recovery process is tested or, even worse, when a live restore is attempted to recover from a major IT incident. Some of the most common tripwires are:
Lack of homogeneity in backup technology and media
A heterogeneous backup environment can significantly impair the effectiveness of the data restoration process. Different media, locations, and restore conventions can create protracted, error-prone outcomes. Maintaining a standardised approach to back-up media and solutions will optimise the overall effectiveness of recovery. A further tripwire often found in a heterogeneous backup environment is that esoteric restore techniques, known to only a few individuals, can creep in. Recovery can be significantly compromised if these people are unavailable during a major incident.
Speed and capacity of recovery infrastructure
The infrastructure used to deliver the restore process can significantly affect recovery speed. Network bandwidth, server speeds, and backup media transfer rates will all influence recovery times. It is important that assumptions in this area are proven by testing.
Understanding differences in recovery datasets
The underlying structure of the data to be restored can significantly impact recovery timings. For instance, 10 TB of data in a single file will be restored significantly faster than that same 10 TB in 100,000 discrete files. The structure of the data to be restored needs to be understood and factored into data recovery estimates.
Configuration recovery
As any ransomware victim will tell you, it’s not just data. If your data has been compromised by malicious code, that code will still be present in the IT infrastructure configurations. Reimage servers, networks, and endpoints to provide a trusted environment may be necessary before data can be restored. Maintaining configuration images that can be quickly restored to a target environment is a significant enabler for recovering from ransomware attacks.
Data growth
What looked achievable last year may not be as achievable this year. Data growth and new systems need to be considered when considering the ongoing viability of backup and recovery capabilities.
Knowledge and capability
The knowledge and capability of IT staff will always be a major factor in achieving an effective recovery. Training, testing exercises, up-to-date scripts and run-books will contribute to the knowledge and capability of the team(s) involved in recovery activities.
Ensuring that the organisation’s back-up and recovery capabilities are effective and aligned to the organisation’s risk management needs requires ongoing oversight and monitoring. The main activities to be conducted here should include:
1. Audit and inventory: Know your data’s structure, backup media, and the underlying infrastructure for delivering data and system restoration.
2. Test: Regular data restoration tests are the best way to find unidentified dependencies and confirm assumptions.
3. Optimise and rationalise: As far as practical, work towards a homogeneous back-up and restore environment. It simplifies and facilitates familiarity with the recovery process.
4. Train: Ensure that those responsible are completely familiar with the recovery process and that there are no single points of reliance on particular individuals.
If you would like to discuss your options for optimising and de-risking your organisation’s backup and recovery capabilities, please contact us or book a free call. To learn more about Centerprise International Group, please visit our website.
Key Takeaways
Avoid assumptions: Many recovery strategies fail because of untested beliefs about data recovery speed, infrastructure capacity, and system readiness.
Standardise your environment: A consistent backup setup across tools and media reduces complexity and minimises delays during data restoration.
Understand your data: The way your data is structured, such as file size and quantity, can greatly affect recovery times.
Include full system recovery: Focus on restoring clean configurations as part of the process, particularly after ransomware incidents.
Account for growth: As data volumes increase, regularly reassess whether your recovery solutions are still effective.
Train and test: Reliable data recovery depends on well-prepared staff and frequent recovery testing under realistic conditions.
Maintain visibility: Continuous audits, updated documentation, and a focus on simplification help ensure resilience and reduce operational risk.