The following list of questions is not exhaustive however, I find them to be the most relevant when discussing the topic of backup and data management with organizations that are evaluating their existing backup strategy :

1. Where does your current backup data live? And why is it there? Technically that's two different questions but I think it's in the same context. The why is the question that usually gets everyone thinking and is either followed by a pause or a quick retort about RPO and RTO. Does your backup data, as critical as it is, should live on production tier storage ?

2. How much time do you spend managing and ensuring the uptime of your backup infrastructure? There is no denying it. Regardless of the business that any organization is in, data is the organization's lifeline. It is important that you ensure your primary data is stored securely in a resilient manner and is readily available whenever it is needed. It's more important that organizations retain at least 3 copies of the data, and store them in 2 separate storage media with at minimum that 1 copy of the data is kept in an offsite location. With that said, should you be throwing hardware, software, patches, and hundreds of man-hours at it - just to keep the lights ON?

3. Who has access to your backup data ? It's great your organization has backups in place. However, how secure is the backup data ? Who in your organization has access to the backup infrastructure ? How secure is your offsite tape storage facility ? Almost every organization have a server room ( be in a secure offsite location or in their own private datacenter ) however, majority of these organization lack proper control processes on how access to these facilities is granted. Does an engineer need a change request to visit the server room to replace tapes or troubleshoot the backup appliance ? If yes, who approves this change request ? What's stopping an admin from going rouge ? What processes or in-built protection mechanisms that the backup product has to prevent such a scenario ?

4. Is your backup data susceptible to ransomware or data corruption ? 3 2 1 Rule . TICK. State-of-the-art backup infrastructure. TICK. Documented and stringent control process to access the backup infrastructure. TICK. What happens to the backup data if the data that is backed up is infected with ransomware or malware ? How can the organization prevent other backup copies from being infected ? How often does an organization attempt to restore its critical workload from its long-term backup copy ? Twice a year ? Once a year ? Sometimes, the whole process becomes too counterproductive as they would need to create a staging environment, recall tapes from its secure offsite facility and dedicate skilled man-hours to perform restores and engage the respective application owners to run a validation test. After a few years, this process translates to a mere compliance requirement, and the offsite copy of the backup is assumed at face value to be in its pristine state. Organizations also fail to consider that the offsite backup hardware such as tape drives have a shelf life and require specific hardware to be able to restore its data. Should one decide to continue maintaining the hardware, it will eventually become too costly. TCO goes out of the window.

5. Ease of management ? How easy is it for an organization to manage its backup product? With the recent COVID-19 situation, a lot of organizations found it hard to manage their IT department. Backup is a key piece of this puzzle. Accessing data center becomes a cumbersome process and somewhat risky given that individuals are supposed to restrict their movement and stay in-doors. Users are working from home and due to data proliferation - laptops and mobile devices now contain critical corporate data that needs to be protected. How easy is it for the backup infrastructure to scale and start protecting these additional workloads at ease and at scale ? Would the organization require an additional backup tool to protect these workloads ? Is there a central pane of management to protect all these workloads ? What's the learning curve for an engineer to start managing the backup environment and its additional workload ?