Data protection is a vital business these days. Whether you look at it from the viewpoint of intellectual property, profitability, privacy or cybercrime, there is no shortage of reasons to pay close attention to how data is safeguarded. Here are some tips from the experts on how to do just that.
1) Remember the Basics
With the cloud, virtualization and the rapid pace of technological innovation, it’s easy to lose sight of the fundamentals due to the latest bells and whistles that come with storage and data protection products. That’s why Mike Vandamme, National Technical Support Manager at FujiFilm Recording Media USA, puts lots of emphasis on the basics: Always having multiple copies of backup data; ensure that tape is vaulted to recommended storage conditions; have a backup plan that specifies the computers and media where backups will be stored, the backup programs, schedules and offsite locations; implement fault tolerance; verify backup integrity, keep identical spare hardware. Plus: remember the importance of documentation.
“Document all service packs, hotfixes, patches and changes that have been applied as this is important in getting the system restored to its pre-disaster state,” said Vandamme. “Also, ensure that software and firmware updates are available, and that you periodically document and test your recovery plan.”
2) Plan Carefully
David Zimmerman, CEO of LC Technology International, agrees about the basics. In particular, he stressed the importance of planning. He said it is vital to take the time to put together a formal plan based on your unique requirements that is designed for your data storage environment. A written DR plan provides step-by-step instructions on data management.
“During planning they might uncover new sets of data or new insights that weren’t apparent before,” said Zimmerman. “For any plan to be effective, you also need to test your plans thoroughly. You need to see how your staff responds to a data recovery event and create formal benchmarks for the time-to-completion of several key tasks, and always look for ways to streamline and improve recovery time.”
Zimmerman believes that the process of creating formalized data management and recovery plans and then testing them develops a frame of mind within the staff that is a key part of success when recovering from an actual disaster. If personnel have been through the procedures many times during drilling, and are given responsibility to adjust the DR plan to make it more effective, they will react better during an emergency.
“You need to create plans in order to introduce structure and consistency, and to develop a mindset that data as your most valuable asset,” said Zimmerman. “Plans should lay out the steps for redundancy, responsibilities for staff, and details about where data is kept (whether it’s in the cloud or on-premises).”
4) Apps First
Data protection activities can range from archiving and backups through replication and disaster recovery (DR), but all of them have little value without assured access to applications. That’s why Don Boxley, Co-Founder and CEO of DH2i, advises companies to step away from the infrastructure as it’s the app that matters.
“The problem with today’s data-protection approaches is that they’re more focused on the underlying infrastructure than on preserving the availability of the applications and their data,” said Boxley. “While protecting the infrastructure will always be critical, IT organizations need to move from a infrastructure-centric mindset to a more agile, application availability approach or framework.”
5) Eliminate Accidental Architectures
Accidental architectures occur when a data protection requirement can’t be properly met by the existing protection infrastructure and processes, and as a result a new “island” of data protection infrastructure is added. The costs and management overhead can skyrocket and, in the scenario of a major event or outage, the existence of disparate multiple infrastructure elements can impede the disaster recovery process. An example we see more and more of these days is database administrators not feeling comfortable with the backup capabilities offered by their backup administrator, so they buy some disk and “roll their own” data protection.
“If a software-agnostic centralized protection storage platform is implemented, backup, replication and recovery processes can be managed by whomever in the organization makes best sense, yet the protection storage itself is still managed and scaled by the backup team,” said Rob Emsley, Marketing Director, EMC Data Protection and Availability Division.
Pat O’Day, CTO of Bluelock, is a fan of Veeam’s recommendation of a “3-2-1” backup rule. Veeam recommends that data is protected at all times with at least three copies of your data, stored on two different media, with at least one of those copies kept off-site.
“Disasters happen and according to statistics, the majority of disasters are caused not by natural disasters like flood or fire, but human error and technology error,” said O’Day. “Redundancy of data copies and variation in the media and where those copies are kept will provide a great level of protection against the greatest variety of disasters.”
7) Cloud Recovery
The key to better DR is to make your DR recoverable more quickly. Traditional DR solutions, however, rely on cold-site or warm-sites that can take days to bring systems and data online
“The ideal scenario for the fastest recovery is a VM that you can power up, not just a pile of data or files that you have to piece back together,” said O’Day. “By modernizing the approach to DR to include on-demand, cloud resources, businesses are finding themselves back online and running production in the cloud in as little as 15 minutes.”
8) Avoid Standardization
While you would think EMC would be fan of centralizing everything on one vendor’s tools, Emsley has an alternate view. He thinks that the most effective data protection strategy involves a full range of processes such as backup and archive to continuous availability. These different applications have different data protection requirements.
“The days of ‘let’s standardize on one data protection point product’ are long gone,” said Emsley. “Meeting the SLAs associated with different application and data types requires complementary levels of protection. I’d recommend addressing the full continuum of data protection processes holistically, but by applying best-of-breed tools.”
9) Preventive approach
IT organizations tend to get into a fire-fighting mode of operations. But it is much smarter to transition to a preventative approach, as that ties in directly to the data protection mindset. It’s probably cheaper, for example, to invest in backup and security that it is to have to pay a ransom to some cybergang who just hijacked the corporate network.
“Look for solutions that can automatically and continually verify the environment against risks and provide IT teams with an up-to-date view of the organization’s readiness state,” said Doron Pinhas, CTO of Continuity Software. “With this knowledge in hand, IT will be able to identify areas of risk and focus their attention and resources on fixing these issues before they impair business operations and turn into costly undertakings.”
10) Snapshot frequency
Snapshots are often used as one element of a data protection strategy. But they can be overdone.
“Set the rate at which you want snapshots taken on different types of data, so the most critical and most active data sets will have shorter recovery points,” said Chris Schin, Vice President of Products at Zetta. “That way you don’t waste resources doing frequent snapshots on less critical data.”
Photo courtesy of Shutterstock.