Establishing Digital Trust: Don't Sacrifice Security for Convenience
Today, paper records aren't so common, as paperless offices grow inpopularity. As a result, the need for timely reliable system backups hasbecome critical as they serve as a safety net. If the data relating tothese all-digital records is lost or corrupted, then all records aregone.
In order to have timely and reliable data backups, there must be acareful blending of people, technology and processes using a systemicperspective to ensure that goals are met.
For any data backup project, it is important to have a defined scope ofwhat data and servers/hosts will be included. For each type of data, ITshould work with stakeholders to identify what hosts need to be backedup, how often, the level of security and the available service window fordoing so.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i In addition, an estimate of how often data needs to be retrieved from thearchival system is needed to better understand the possible technology,people and processes that will be required. An understanding of the risksconfronting the organization and each data set for backup will serve toguide additional factors that need to be considered.
These requirements should drive not only the identification of a solutionbut also be documented in the organization's formal backup policies andprocedures.
As a foundation element for the initial implementation project andongoing backup and restoration processes to be successful, the peopleinvolved must have sufficient training and understanding to grasp whatmust be done. Management must support the people and the processes byensuring that the correct people are hired, training is provided and thatpolicies and procedures are adhered to. The ''tone from the top'' isvital to this, and any other, project.
Avoid Techno Babble
As a tip, when dealing with a non-IT stakeholder, including seniormanagement, be sure to frame communications in language that the otherscan understand. Don't leave them dazed and confused with a slew of technobabble. Focus on the services they need, risks to those services,regulatory requirements and business needs. And make sure to quantifythings in terms of time-frame, dollars and risk whenever possible.
The goal is to put in a solution for the business. To do this, businessexecs must be able to understand and be involved.
There are a variety of types of backup systems, ranging from tape drivesto full host redundancy with real-time fail over. The solution that isput in place and its corresponding level of investment must be driven bya combination of risks confronting strategic, operational, reporting andcompliance objectives. One group may need a $5 million hot spare datacenter with real-time fiber optic feeds and another may just needredundant $2,000 tape drives with $1,000 worth of software.
One recommendation given to organizations of any size is to be very awareof the backup technologies in use relative to the data in storage.
It is vital to ensure that any restoration process will be able to handlethe vintage of media created in the backup process. Tape drives provide aclear case in point. It is common to walk into an organization withseveral models of tape drives of varying vintages. The groups religiouslyback up. However, if there is a fire or other disaster, they are in abind. Why? Because the needed combination of tape drives and software maynot be readily available after a disaster.
Having all the needed tapes but no way to read them defeats the purpose.Carefully consider how the correct model of tape drive, version ofsoftware and corresponding backup data can be stored offsite and madeavailable when needed.
Ultimately, whether the redundancy is simple or complex, the solutionsput in place must be driven by risk.
To be explicit, the probability of negative events and their impact tostrategic, operational, reporting and compliance objectives must beunderstood. By using a risk driven approach, investing in systems thateither provide too little protection or investing too much in extremelyelaborate systems can be avoided. Some people may find it odd to bewarned against buying too much redundancy, but it is because redundancyincreases systemic complexity.
This increase in systemic complexity comes at a cost in terms ofresources. And it's not always obvious. Initial purchase cost, additionaltraining and more avenues for failure must all be considered.
In looking at the confidentiality, integrity and availability of databackups, we must look carefully at the supporting processes. The besttechnology in the world can be negated by ill-conceived processes.
Different technologies may require specialization but the following bearconsideration:
Data is increasing critical these days as timeframes compress, risksincrease and businesses run on information that increasingly exists onlyin digital form. Data loss can result not just in financial losses to thecompany, but can also impact the strategic, operations, reporting andcompliance objectives of the organization. Each group must collectivelyidentify, understand and manage the risks associated with its data tosafeguard the overall organization.