Data protection is a vital business these days. Whether you look at it from the viewpoint of intellectual property, profitability, privacy or cybercrime, there is no shortage of reasons to pay close attention to how data is safeguarded. Here are some tips from the experts on how to do just that.
1) Remember the Basics
With the cloud, virtualization and the rapid pace of technological innovation, it’s easy to lose sight of the fundamentals due to the latest bells and whistles that come with storage and data protection products. That’s why Mike Vandamme, National Technical Support Manager at FujiFilm Recording Media USA, puts lots of emphasis on the basics: Always having multiple copies of backup data; ensure that tape is vaulted to recommended storage conditions; have a backup plan that specifies the computers and media where backups will be stored, the backup programs, schedules and offsite locations; implement fault tolerance; verify backup integrity, keep identical spare hardware. Plus: remember the importance of documentation.
“Document all service packs, hotfixes, patches and changes that have been applied as this is important in getting the system restored to its pre-disaster state,” said Vandamme. “Also, ensure that software and firmware updates are available, and that you periodically document and test your recovery plan.”
2) Plan Carefully
David Zimmerman, CEO of LC Technology International, agrees about the basics. In particular, he stressed the importance of planning. He said it is vital to take the time to put together a formal plan based on your unique requirements that is designed for your data storage environment. A written DR plan provides step-by-step instructions on data management.
“During planning they might uncover new sets of data or new insights that weren’t apparent before,” said Zimmerman. “For any plan to be effective, you also need to test your plans thoroughly. You need to see how your staff responds to a data recovery event and create formal benchmarks for the time-to-completion of several key tasks, and always look for ways to streamline and improve recovery time.”
Zimmerman believes that the process of creating formalized data management and recovery plans and then testing them develops a frame of mind within the staff that is a key part of success when recovering from an actual disaster. If personnel have been through the procedures many times during drilling, and are given responsibility to adjust the DR plan to make it more effective, they will react better during an emergency.
“You need to create plans in order to introduce structure and consistency, and to develop a mindset that data as your most valuable asset,” said Zimmerman. “Plans should lay out the steps for redundancy, responsibilities for staff, and details about where data is kept (whether it’s in the cloud or on-premises).”
4) Apps First
Data protection activities can range from archiving and backups through replication and disaster recovery (DR), but all of them have little value without assured access to applications. That’s why Don Boxley, Co-Founder and CEO of DH2i, advises companies to step away from the infrastructure as it’s the app that matters.
“The problem with today’s data-protection approaches is that they’re more focused on the underlying infrastructure than on preserving the availability of the applications and their data,” said Boxley. “While protecting the infrastructure will always be critical, IT organizations need to move from a infrastructure-centric mindset to a more agile, application availability approach or framework.”
5) Eliminate Accidental Architectures
Accidental architectures occur when a data protection requirement can’t be properly met by the existing protection infrastructure and processes, and as a result a new “island” of data protection infrastructure is added. The costs and management overhead can skyrocket and, in the scenario of a major event or outage, the existence of disparate multiple infrastructure elements can impede the disaster recovery process. An example we see more and more of these days is database administrators not feeling comfortable with the backup capabilities offered by their backup administrator, so they buy some disk and “roll their own” data protection.
“If a software-agnostic centralized protection storage platform is implemented, backup, replication and recovery processes can be managed by whomever in the organization makes best sense, yet the protection storage itself is still managed and scaled by the backup team,” said Rob Emsley, Marketing Director, EMC Data Protection and Availability Division.
Pat O’Day, CTO of Bluelock, is a fan of Veeam’s recommendation of a “3-2-1” backup rule. Veeam recommends that data is protected at all times with at least three copies of your data, stored on two different media, with at least one of those copies kept off-site.
“Disasters happen and according to statistics, the majority of disasters are caused not by natural disasters like flood or fire, but human error and technology error,” said O’Day. “Redundancy of data copies and variation in the media and where those copies are kept will provide a great level of protection against the greatest variety of disasters.”