Data storage and disaster recovery: be prepared. And be prepared now.Media brings attention to identity theft, lost laptops containing million of veterans' personal information, and the vulnerability of it all. Perhaps a more pertinent issue in a day when most every business stores all its records electronically is data storage, disaster recovery, and the management of said data. Business continuity is not often associated with disaster recovery. When, in fact, they share many common features. Proper information management must, by its very nature, address disaster recovery, information management and business continuity. In a nutshell: data storage. Backup and recovery have been with us since the beginning of the written word. Once a piece of data is recorded--be it the Alaska State Constitution, a Shakespeare folio or critical client records--how it is protected so it can be recovered and consulted as needed is the mandate of any business in business. The threat of loss is imminent for electronic data. The Sarbanes-Oxley Act (SOX) for the private sector and the National Institute of Standards and Technology (NIST) for government agencies and vendors clearly address data storage, security, stability and recovery. Data storage is the requirement of today's corporate culture. The responsibility is clear and obvious even without the government mandates and requirements. And, planning is key. Professional service companies, such as Structured Communications Systems based in the Pacific Northwest and with offices in Anchorage, assist businesses in building successful technology strategies, systems and processes. The main goal is to address enterprise security, connectivity and access, as well as storage systems. No Business is Immune The threat of lost data runs through all sizes of business. Enterprise and mid-market are particularly affected because of the volume of data and pressures of compliance, governance and litigation pressures. Small business is hardly immune. Business survival can depend on dependable and consistent backup and recovery operations. It can happen to anyone or any business, and does. Ensuring that employees don't lose information that can compromise the mission of the business or agency or that of the customer is extremely important. After all, employees are human and occasionally do something stupid. And, businesses are made of employees, from the top down. There is plenty of technology out there to protect data; managing the people handling the data is tough. Fortunately, the technology helps protect the data and makes it more difficult to lose information by accident, theft or stupidity. Policy must be in place to address the human error, but tools are mandatory as well and systematic security policy that accounts for human errors is important. Federal Computer Week magazine identifies five steps to stop sensitive information from walking out the door: Step 1: Set a policy Step 2: Protect your data Step 3: Find your data Step 4: Wipe your data Step 5: Setup remote access The magazine recommends to identify the critical data, protect it and limit access with a working security plan, trained employees and proof of the training. Additionally, audit the processes. Measures to protect data are best if transparent to the user and mandatory. If a laptop is stolen in airport security or somewhere else, the data on the device is by far more valuable and at greater risk than the hardware it is on. "Theft is 80 percent internal," says Ben Haidri, vice president of marketing at Stealth Signal. He said people occasionally lie and report that someone stole their laptop when no one did. Other workers take a colleague's machine if it is not physical secured. Knowing who took the machine means you can rid your agency of an untrustworthy employee. Tracking software helps identify the thief and the buyer of a stolen computer. Some products can be programmed to remove all data from a machine's hard disk when it is lost or stolen. Perhaps the best way to minimize the chance of losing critical data is to not let it out of the building. This can be done with remote access. The most effective is to require the use of products such as Citrix Systems client or Microsoft Terminal Server's remote client. These turn laptops into "thin clients," in the vernacular of the industry. A virtual private network (VPN) using encryption back to the enterprise is another viable option. For these functions to be safe, the IT department must protect against unauthorized storage and to ensure the remote client meets policy for antivirus, anti-spyware and firewall software, and that compliance is mandated. Requirements of Data Storage Users are asking for or demanding no disruptions, fast performance, no storage limits and constant access. IT departments may view these end-user expectations as unreasonable because of the complex computing environments and its unpredictability. The corporations are required to classify applications, manage data through archival storage, and retain data for an extended period of time. While not dissimilar to the end-user requirements, corporations have applications and data that are more critical than others. Sarbanes-Oxley regulations demand that corporations: * Classify applications and data by level of importance * Manage data in a disciplined fashion from daily use to archival storage * Retain data for extremely long periods of time. Add to this puzzle the computing infrastructure, the applications, data, and operating systems and requirement for an expert work force and extensive documentation of policies and procedures is well defined. Most users neither know, nor care, that a business continuity or disaster recovery plan is in place. It is, however, important that the corporate decision-makers are familiar with the need and have policy and modus operandi in place and enforced. A networking environment that requires high levels of availability is generally expensive. Of course, corporate data classification schemes vary from one business to another and even within individual business units. Thus, it is important to not let infrastructure costs bankrupt the company. To help keep cost in line, identify the critical business requirements, the lifecycle impact and maintenance. When all data, extreme cases, must be accessible and usable for long periods of time the only solution may be data format normalization. XML has emerged as a de facto standard for exchanging information between disparate processes and applications. Normalizing data may not be the most efficient database usage, the intent is to provide access and use without having to maintain the original infrastructure and associated cost of the original data. Today's Storage Devices The last few years have seen a rapid evolution of business requirements for a record archive. The requirement for tighter integration of archive policies with in the IT infrastructure is creating a demand for more flexible strategies to accommodate the new regulatory and risk management burden. This need for flexibility is particularly important in the choice of physical storage media. Currently, the two preferred advance-technology choices for archiving are UDO (Ultra Density Optical) with "True" WORM (Write Once Read Many) storage and disk-based technology such as WORM storage with CAS (Contend Addressable Storage) interface. Plan Ahead As new applications emerge, it is important to apply good information management and continuity practices proactively. Using a combination of business, technical and operational criteria to define requirements for new applications is not only a good idea, but may well be a make or break situation. These criteria must be formally captured in documents and training. Develop a storage media cascade that allows the repurpose of hardware, i.e., each storage media and device according to its availability and rating. Apply an end-to-end approach and tools to last as long as the data. In a perfect world it would be ideal to manage only one vendor's products. However, many computing environments are designed so vendors are redundant and solutions provide near-parity capabilities. When faced with multiple-vendor environments, heterogeneous management is a base requirement. Enterprise management vendors have implemented this schema for years with defacto standards like the Simple Network Management Protocol (SNMP). It is important that vendor's tools last as long as the data based on the longevity of the technology itself and the viability of the vendor. It is important the product must have an effective backwards compatibility (a primary reason why vendors such as Sun Microsystems and Microsoft continue to hole their position in the market) and the vendor must have technical and financial plans for the future. The common link among the three disciplines of percentage of uptime, planned downtime and data retention is TIME. Fortunately, most corporations have and are investing significant amounts of time, resources and capital into business continuity and disaster recovery. Your business should, too. The goal is to "keep the business running." It Takes More Than Just Technology Cutting-edge technology is just half of the equation for business continuity or disaster recovery. If there is no backup power source to make the technology work, then enhances to technology, best-of-breed or not, means nothing. Battery packs or uninterruptible power supplies (UPS) are fine for short power bumps or outages. They will not, however, handle the load for any extended power outage. UPS devices attached to computer and network devices will temporarily protect against blackouts, brownouts, sags, spikes, surges and EMI/RFI noise. However, to power critical systems for an extended periods of time, a generator is a must. Thousands of IT professionals had a quick wake-up call when Hurricane Katrina unleashed devastation on parts of Louisiana, Mississippi and Alabama. Industry, banks and other businesses suffered flooding and power outages for weeks. The downed power proved costly for many businesses, which lost critical data, financial records and customer account information as a result of stagnant IT centers. Don't think Alaska is immune. If the great earthquake of 1964 happened today, how much data would be lost and how fast would connectivity and IT services be restored? IT professionals must plan to include a backup power resource into their business continuity strategy, especially now that the entire business infrastructure is tied to large computer networks. In this era of heightened scrutiny regarding computer breaches and identity theft, it is imperative that businesses of all sizes have continuous power supplies to fuel networks and financial security systems. IT professionals should understand that a successful backup power system is more than just a generator itself. A high-quality transfer switch and enough fuel are just as critical as the generator. |
|
||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion