Backup Software: Bah, Humbug

There is no better computer security defense than having a known, good, safe data backup, right? Then why is nearly all backup software so complex and buggy? Why do backup drives frequently fail? Why do backup tapes fail so often?

I’ve been using backup software for 20 years now, and it doesn’t seem to get any better. If you can name the popular backup vendor, I can tell you I hate their software.

Why? It’s too complex, for starters. Backup software is something that should be reliable and simple -- a “Click here to back up all your data” kind of simple. Yes, I want to backup all data. Yes, I want to backup open files. Yes, I want you to verify the data you just backed up. Yes, I want to encrypt and password protect the data I just backed up.

I challenge you to find one product that doesn’t require 20 clicks to do a simple backup job.

Data backup software is among the most sophisticated software products out there. These products have hundreds of options and call for numerous decisions to be made; you almost need to be a Ph.D. to understand all the options. And sadly, even if you make all the right decisions -- or just take the defaults -- you can’t be sure your backup worked.

If you’ve been around backup systems enough, you know how often they don’t work. Tell the truth: When you get called to restore a single file or directory, and the restoration works, don’t you secretly heave a big sigh of relief?

I personally believe that some large minority of data backups, about 20 to 40 percent, aren’t working. People are doing backups every day and putting the tapes in storage, but they never test them. Want to restore your Exchange server to working condition after a fatal crash? Good luck unless you really knew what you were doing ahead of time, before the crash.

I wonder how bad the day would be if a Slammer-style worm, which infected nearly every possible SQL server in about 10 minutes, deleted all the server data instead of spreading as usual. We'd wake up one day and find all our data is gone, deleted by a previously unknown zero-day exploit. How many companies would find out they really hadn’t been backing up their data? The number would be higher than most people would expect.

I don’t blame the companies though. I blame the extreme complexity of something that should be bulletproof and reliable. How many of us, when upgrading a file server to new hardware, don’t just backup once, but backup twice, or even three times, because we were burned badly before. And just to twist the knife further, I love how the job says, “Successfully completed!”, when no files were actually backed up or restored.

Backup software technical support is never free. It’s expensive. Some vendors want you to pay them to help with the installation. You put the CD in, follow the screen prompts, and it bombs. What, no support contract? Pay up. Want to renew your backup support contract? “Well, there’s a renewal fee, then we require you to pay two years up front.” I’m not making that one up.

When you do get technical support, they will expend every effort to blame everything else besides the backup software. It’s the tape drive. It’s the lousy tapes. It’s the drivers. And it often is -- the whole system is convoluted, broken, and unreliable.