Protect Your Data - Top 10 List of Recommendations

yellow

At the heart of every organization are volumes of irreplaceable data that is updated each second of every day. This data must be secured, protected and brought back online instantaneously in the event of a natural or man-made disaster. Below are the "Top Ten" list of recommendations to ensure that businesses and large organizations have implemented thorough procedures to ensure IT business continuity in the event of any type of system outage. The Top 10 are:

1. Identify all business critical data and systems within the company

2. Perform a business impact analysis to revenue and cost implications of a disaster recovery plan.

3. Define retention periods for all data.

4. Establish data recovery service level agreements (recovery time objectives, recovery point objectives).

5. Develop a business continuity/disaster recovery IT plan for various types of system failures (natural disasters, human error, etc.).

6. Identify, educate and train the appropriate IT personnel on your organization's business continuity/disaster recovery plan.

7. Backup your data on a regular basis to a secondary source.

8. Replicate and/or store a copy of critical data at an offsite location.

9. Test your data protection and recovery procedures on a regular basis.

10. Review and update your business continuity plan annually.

#1. Identify all business critical data and systems within the company

Corporate data is important and a very critical asset to every organization; however, all data is not created equal and as such should not receive the same service level across the board. Critical data sets need to be assigned to high-performance storage, be protected in real-time and be recovered almost instantaneously, while other data sets might not need that same kind of care. Companies need to be able to separate their mission critical data from their non-mission critical data. Such a categorization not only saves costs in hardware and software but more importantly, helps companies understand their recovery priority in the event of a disaster.

The most valuable data sets are the ones which have the largest revenue/cost impact to the business either as a result of data loss or as a result of an extended outage of the application during recovery.

#2: Perform a business impact analysis to revenue and cost implications of a disaster recovery plan.

Cost implications of a disaster recovery plan can be significant depending upon the relative requirements of the business. While data continues to grow 50+% annually, it's estimated that 90% of corporate data is rarely accessed or modified. To better manage limited resources, it makes sense that businesses perform a usage analysis of their various data and applications which also help optimize revenue and cost balances.

At a high level, the value of data and its impact to a business can usually be determined by two main factors:

Type of data: Application the data belongs to - e.g. Order entry data, trading data, Exchange email, Word documents, Power-Point presentations, MP3 media files, etc.

Currency of data: How current is the data - for instance the last hour's worth of data in the order entry system vs. yesterday's email, last week's presentation, last month's spreadsheet, or last year's annual report.

Clearly, the most valuable data set is associated with the most critical business application along with the most recent data. Investment in a DR plan needs to be directly proportional to the business impact of that data.

#3: Define retention periods for all data.

Besides the revenue impact on the business, regulatory compliance and corporate governance rules drive other requirements which mandate businesses to define stringent data retention policies. Many such policies impose requirements around capturing every type of data created, storing it in a way that enables on-demand and granular restoration, and destroying data after the retention period expires. Protection of critical data should not be overwritten, but rather continuously appended so that the integrity of the data is always maintained irrespective of the operations performed on the data.

Needless to say, the finer the granularity of data capture and the longer the data retention history, the larger the resultant data could become. As such, business should choose the most resource efficient solution to protect, retain, and recovery business data. Defining these retention requirements not only will help in being compliant but also contain costs.

#4: Establish data recovery service level agreements (recovery time objectives, recovery point objectives).

Since data is valued differently, it's important to define the appropriate service levels that can be applied to application data based on the above discussed requirements. Establi-shing different service level agreements (SLA's) will help in "tiering" or categorizing the data as well as in monitoring and measuring the actual delivery results against expectations. Here are some of the more important parameters to understand and establish:

Recovery Time Objective - the time needed to recover from a failure

Recovery Point Objective - the point of last data capture before a failure

Recovery Time Granu-larity - the frequency of the data capture

Retention History - the length of time protected data is kept

#5: Develop a business continuity/disaster recovery IT plan for various types of system failures (natural disasters, human error, etc.).

Due to budget tradeoffs and piecemeal vendor tools, businesses often have to choose what data to protect or what failures to be prepared for. In reality, the right technology solution is one that can scale to protect all types of data and failures whether local or remote.

However, recovering from a failure it is not about technology alone. Rather, it is the entire continuity plan and processes that identify who, what, when, where and how the business will be resumed. Such a plan needs to be well documented and comprehensive since there is no room for ambiguity during the chaos of a disaster. The plan needs to identify all resources including specific people involved, exact actions and processes they need to follow, and the precise tools and locations involved for a successful business recovery when an interruption takes place.

#6: Identify, educate and train the appropriate IT personnel on your organization's business continuity/disaster recovery plan.

Ongoing training of IT personnel on the above defined processes is equally important. Disaster recovery software continues to automate multitudes of IT tasks but can get complex if built upon layers of tools that require integration. Compre-hensive software that simplifies DR administration can alleviate that complexity, along with training to encompass familiarity with both the processes and the software which needs to happen on an ongoing basis.

#7: Backup your data on a regular basis to a secondary source.

The first and the basic step in any kind of data protection or disaster recovery planning is the process of backing up your data to secondary storage. This helps companies protect from any kind of local or potentially remote failure. Traditionally, these backups have been performed incrementally on an hourly/nightly basis to tape medium with full backups being done nightly or weekly. Shrinking backup windows and costly tape operations have challenged these traditional methods. With current disk based technologies and recovery management software, companies can not only eliminate back windows by protecting data continuously, but also dramatically improve application availability with an on-demand recovery approach.

#8: Replicate and/or store a copy of critical data at an offsite location.

With the world becoming more volatile both environmentally and politically, it's no longer enough to backup your data locally. Local backups do not protect you from a site-wide failure as a result of a natural or man-made disaster. It is very important that a copy of data be stored at a secondary location for disaster recovery purposes. Traditionally, this has been done by vaulting volumes of dormant tapes offsite for security purposes. Existing replication technologies enable enterprises to duplicate their data to their DR site but replication alone is not enough. A replication solution that can maintain data history at a secondary site is required to recover from replicating data corruption.

#9: Test your data protection and recovery procedures on a regular basis.

Similar to a fire-drill, its important to test your DR plan on a regular basis to make sure everything is in place as planned and to iron-out any kinks. A successful data protection and DR strategy is only as good as the success or failure of the actual recovery. A failure in any single operational step of recovery can deem your entire DR plan useless and any investment in it futile. As a result more and more businesses are focusing their efforts around the efficiency of recovery vs. data protection.

#10: Review and update your business continuity plan annually.

Businesses and priorities continuously evolve because of today's fast changing environment. Changes in an organization can come from both organic (internal) and inorganic (external) developments. This can change the dynamics of information being protected and status quo processes and tools are likely insufficient. Annual review will help determine alignment with business requirements, continued compliance with regulations and most importantly, a fool-proof disaster recovery plan, which will let you well sleep at night.


Thanks for reading.
0 Responses to "Protect Your Data - Top 10 List of Recommendations"

Post a Comment