Modernizing Authentication — What It Takes to Transform Secure Access
Today, paper records aren't so common, as paperless offices grow in popularity. As a result, the need for timely reliable system backups has become critical as they serve as a safety net. If the data relating to these all-digital records is lost or corrupted, then all records are gone.
In order to have timely and reliable data backups, there must be a careful blending of people, technology and processes using a systemic perspective to ensure that goals are met.
For any data backup project, it is important to have a defined scope of what data and servers/hosts will be included. For each type of data, IT should work with stakeholders to identify what hosts need to be backed up, how often, the level of security and the available service window for doing so.
These requirements should drive not only the identification of a solution but also be documented in the organization's formal backup policies and procedures.
As a foundation element for the initial implementation project and ongoing backup and restoration processes to be successful, the people involved must have sufficient training and understanding to grasp what must be done. Management must support the people and the processes by ensuring that the correct people are hired, training is provided and that policies and procedures are adhered to. The ''tone from the top'' is vital to this, and any other, project.
Avoid Techno Babble
As a tip, when dealing with a non-IT stakeholder, including senior management, be sure to frame communications in language that the others can understand. Don't leave them dazed and confused with a slew of techno babble. Focus on the services they need, risks to those services, regulatory requirements and business needs. And make sure to quantify things in terms of time-frame, dollars and risk whenever possible.
The goal is to put in a solution for the business. To do this, business execs must be able to understand and be involved.
There are a variety of types of backup systems, ranging from tape drives to full host redundancy with real-time fail over. The solution that is put in place and its corresponding level of investment must be driven by a combination of risks confronting strategic, operational, reporting and compliance objectives. One group may need a $5 million hot spare data center with real-time fiber optic feeds and another may just need redundant $2,000 tape drives with $1,000 worth of software.
One recommendation given to organizations of any size is to be very aware of the backup technologies in use relative to the data in storage.
It is vital to ensure that any restoration process will be able to handle the vintage of media created in the backup process. Tape drives provide a clear case in point. It is common to walk into an organization with several models of tape drives of varying vintages. The groups religiously back up. However, if there is a fire or other disaster, they are in a bind. Why? Because the needed combination of tape drives and software may not be readily available after a disaster.
Having all the needed tapes but no way to read them defeats the purpose. Carefully consider how the correct model of tape drive, version of software and corresponding backup data can be stored offsite and made available when needed.
Ultimately, whether the redundancy is simple or complex, the solutions put in place must be driven by risk.
To be explicit, the probability of negative events and their impact to strategic, operational, reporting and compliance objectives must be understood. By using a risk driven approach, investing in systems that either provide too little protection or investing too much in extremely elaborate systems can be avoided. Some people may find it odd to be warned against buying too much redundancy, but it is because redundancy increases systemic complexity.
This increase in systemic complexity comes at a cost in terms of resources. And it's not always obvious. Initial purchase cost, additional training and more avenues for failure must all be considered.
In looking at the confidentiality, integrity and availability of data backups, we must look carefully at the supporting processes. The best technology in the world can be negated by ill-conceived processes.
Different technologies may require specialization but the following bear consideration:
Data is increasing critical these days as timeframes compress, risks increase and businesses run on information that increasingly exists only in digital form. Data loss can result not just in financial losses to the company, but can also impact the strategic, operations, reporting and compliance objectives of the organization. Each group must collectively identify, understand and manage the risks associated with its data to safeguard the overall organization.