TECH INSIGHTS: Why Data Backup and Disaster Recovery Need Separate Plans—and Separation from Each Other

David Donovan, Senior Infrastructure Architect

The information contained in this article is not intended as legal advice and may no longer be accurate due to changes in the law. Consult NHMA's legal services or your municipal attorney.

Data backup and disaster recovery are more important than ever to municipalities. In addition to traditional disasters such as fire, flooding, tornadoes, and hurricanes, ransomware has now become a devastating modern disaster for municipalities across the United States. When a disaster hits, permanent data loss is often not close behind if a town or city doesn’t have the right data backup and disaster recovery solution in place.

We applaud attempts by municipalities to back up data. However, our observations of towns and cities when we start working with them reveal a few major concerns with how they think about data backup and disaster recovery. A common theme with many of these concerns is that municipalities sometimes don’t understand the importance of a clear separation between data backup and disaster recovery.

Here are a few reasons why this separation is important, and how towns and cities may misconfigure their data backup and disaster recovery solution.

  1. Having your data backup and disaster recovery solution all in one place defeats the purpose of disaster recovery.

The point of data backup is quick recovery, and the point of disaster recovery is the ability to recover after the “worst” happens—usually a major disaster or devastating event that affects your electronic information. Think about it. If your data backup solution resides entirely in the same place where a disaster could hit, then both your data and data backup solution will be destroyed at once. It’s as if you don’t have data backup at all.

Some municipalities think backing up data in another nearby building, a bank vault, a city employee’s house, or a neighboring city counts as “offsite” data backup. Two risks exist with this approach:

  • A natural disaster that affects city hall will likely affect buildings nearby.
  • Storing “offsite” data at someone’s house or a bank vault risks manual error, lapses in regular backups, and liability issues.

An offsite disaster recovery solution really means OFF SITE—such as storing your data backups at data centers far from your geographical location. This way, your data is safe and recoverable after even the worst disaster that can befall your city. The separation of the two solutions is key.

  1. Having your data backup stored entirely offsite defeats the purpose of quick recovery.

Conversely, a city that only stores its data backup offsite can run into problems. Backing up data offsite is a different process than onsite data backup. Let’s say you have a smaller incident occur such as a city employee accidentally deleting an important file, or a server fails. If you relied only on your offsite data backup, then you might run into data availability issues. The data may be recoverable, but it will take a while to access. Also, offsite data backups often occur once a day, so data lost an hour ago may not reside in the offsite data backup.

An onsite data backup solution is more immediate, backing up data in real time as the day progresses. If you lose a file, you can retrieve it from your onsite data backup server relatively quickly. If a server fails, a copy of that server can get turned on and working quickly. Make sure you have an onsite data backup solution in place, in addition to your offsite data backup, that can handle smaller incidents.

  1. Using an online consumer-grade “offsite” data backup solution is not proper offsite backup.

Many consumer-grade data backup solutions exist that seem like they are offsite backup. You install them on your computer, the software copies all your files to the cloud, and you have all your data stored “offsite.” But is it really offsite?

It is important to note that storing files in the cloud does not mean backing up files in the cloud.

There is a difference between syncing and backing up. Otherwise, common syncing applications such as OneDrive and Google Drive would count as “data backup.” They aren’t. Unfortunately, many consumer-grade data backup solutions are essentially sophisticated cloud storage solutions that sync the files on your computer to the cloud location. But if files sync, then a ransomware virus affecting your files will sync those corrupted files to your consumer-grade data backup—rendering the backup useless.

To avoid these risks:

  • Use a professional enterprise data backup and disaster recovery solution: Consumer-grade data backup solutions just can’t handle the demands of a town or city. You may also run into storage limits or files that can’t be backed up.
  • Make sure your data backup process carves out completely separate data storage siloes. You need to make completely different, separate copies of your data and store them in walled off, completely separate places. That way, you ensure you have a copy of your data completely walled off from a ransomware attack.
  1. Storing your data offsite reduces your onsite data storage costs and avoids hitting storage limits.

Assuming your disaster recovery solution includes an unlimited offsite data storage component, it’s better to store your data backups offsite to reduce the risks of realizing your own inability to store that data. Onsite data storage requires you to purchase expensive servers that have limited storage. By contrast, affordable data storage solutions exist that are perfect for disaster recovery. Most of your data won’t change day to day, so it’s more cost effective to store it offsite and only update it daily with any new and changed data. If you try to back everything up onsite, then you can hit storage limits and risk not backing up important critical data.

  1. Disaster recovery is different than simply restoring data.

Sure, you may have all your data backed up somewhere. But when a disaster hits, it’s not very helpful when the data looks like a big pile of random stuff. How do you piece it all back together? Overlooked pieces of critical data that an improperly configured or limited data backup and discovery solution may miss include:

  • Databases
  • Specialized software and applications
  • Specific, unique files (such as operating system files)
  • Email

Both your onsite data backup and offsite disaster recovery needs to restore everything, including these complex files, applications, and software.

vc3 logo

About VC3 

VC3 is a leading managed services provider focused on municipal government. Founded in 1994 with offices across the east coast, VC3 forms partnerships with municipalities to achieve their technology goals and harness their data. In addition to providing comprehensive managed IT solutions, VC3 offers cybersecurity, website design, custom application development, and business intelligence services. Visit to learn more. 


Article Topics: