Protect your data: top 10 list of recommendations.At the heart of every organization are volumes of irreplaceable data that is updated each second of every day. This data must be secured, protected and brought back online instantaneously in·stan·ta·ne·ous adj. 1. Occurring or completed without perceptible delay: Relief was instantaneous. 2. in the event of a natural or man-made disaster man-made disaster Technological disaster Public health An event in which a significant number of people are injured or die as a result of human devices or activities, unrelated to conflicts, and attributed to operator error–eg, Exxon Valdez . Below are the "Top Ten" list of recommendations to ensure that businesses and large organizations have implemented thorough procedures to ensure IT business continuity in the event of any type of system outage out·age n. 1. A quantity or portion of something lacking after delivery or storage. 2. A temporary suspension of operation, especially of electric power. . The Top 10 are: 1. Identify all business critical data and systems within the company 2. Perform a business impact analysis to revenue and cost implications of a disaster recovery plan. 3. Define retention periods for all data. 4. Establish data recovery service level agreements (recovery time objectives, recovery point objectives). 5. Develop a business 0continuity/disaster recovery IT plan for various types of system failures (natural disasters, human error, etc.). 6. Identify, educate and train the appropriate IT personnel on your organization's business continuity/disaster recovery plan. 7. Backup your data on a regular basis to a secondary source. 8. Replicate rep·li·cate v. 1. To duplicate, copy, reproduce, or repeat. 2. To reproduce or make an exact copy or copies of genetic material, a cell, or an organism. n. A repetition of an experiment or a procedure. and/or store a copy of critical data at an offsite location. 9. Test your data protection and recovery procedures See: explosive ordnance disposal procedures. on a regular basis. 10. Review and update your business continuity plan annually. #1. Identify all business critical data and systems within the company Corporate data is important and a very critical asset to every organization; however, all data is not created equal and as such should not receive the same service level across the board. Critical data sets need to be assigned to high-performance storage, be protected in real-time and be recovered almost instantaneously, while other data sets might not need that same kind of care. Companies need to be able to separate their mission critical data from their non-mission critical data. Such a categorization not only saves costs in hardware and software but more importantly, helps companies understand their recovery priority in the event of a disaster. The most valuable data sets are the ones which have the largest revenue/cost impact to the business either as a result of data loss or as a result of an extended outage of the application during recovery. #2: Perform a business impact analysis to revenue and cost implications of a disaster recovery plan. Cost implications of a disaster recovery plan can be significant depending upon the relative requirements of the business. While data continues to grow 50+% annually, it's estimated that 90% of corporate data is rarely accessed or modified. To better manage limited resources, it makes sense that businesses perform a usage analysis of their various data and applications which also help optimize revenue and cost balances. At a high level, the value of data and its impact to a business can usually be determined by two main factors: * Type of data: Application the data belongs to -- e.g. Order entry data, trading data, Exchange email, Word documents, PowerPoint presentations, MP3 media files, etc. * Currency of data: How current is the data -- for instance the last hour's worth of data in the order entry system vs. yesterday's email, last week's presentation, last month's spreadsheet, or last year's annual report. Clearly, the most valuable data set is associated with the most critical business application along with the most recent data. Investment in a DR plan needs to be directly proportional (Math.) proportional in the order of the terms; increasing or decreasing together, and with a constant ratio; - opposed to See also: Directly to the business impact of that data. #3: Define retention periods for all data. Besides the revenue impact on the business, regulatory compliance and corporate governance Corporate Governance The relationship between all the stakeholders in a company. This includes the shareholders, directors, and management of a company, as defined by the corporate charter, bylaws, formal policy, and rule of law. rules drive other requirements which mandate businesses to define stringent data retention policies. Many such policies impose requirements around capturing every type of data created, storing it in a way that enables on-demand and granular granular /gran·u·lar/ (gran´u-lar) made up of or marked by presence of granules or grains. gran·u·lar adj. 1. Composed or appearing to be composed of granules or grains. 2. restoration, and destroying data after the retention period expires. Protection of critical data should not be overwritten, but rather continuously appended so that the integrity of the data is always maintained irrespective of irrespective of prep. Without consideration of; regardless of. irrespective of preposition despite the operations performed on the data. Needless to say, the finer the granularity The degree of modularity of a system. More granularity implies more flexibility in customizing a system, because there are more, smaller increments (granules) from which to choose. of data capture and the longer the data retention history, the larger the resultant data could become. As such, business should choose the most resource efficient solution to protect, retain, and recovery business data. Defining these retention requirements not only will help in being compliant but also contain costs. #4: Establish data recovery service level agreements (recovery time objectives, recovery point objectives). Since data is valued differently, it's important to define the appropriate service levels that can be applied to application data based on the above discussed requirements. Establishing different service level agreements (SLA's) will help in "tiering" or categorizing the data as well as in monitoring and measuring the actual delivery results against expectations. Here are some of the more important parameters to understand and establish: * Recovery Time Objective -- the time needed to recover from a failure * Recovery Point Objective -- the point of last data capture before a failure * Recovery Time Granularity -- the frequency of the data capture * Retention History -- the length of time protected data is kept #5: Develop a business continuity/disaster recovery IT plan for various types of system failures (natural disasters, human error, etc.). Due to budget tradeoffs and piecemeal piecemeal patchy, e.g. necrosis of the liver in which groups of hepatocytes are separated by small groups of inflammatory cells and fine, fibrous septa following extension of the inflammatory process beyond the limiting plate. vendor tools, businesses often have to choose what data to protect or what failures to be prepared for. In reality, the right technology solution is one that can scale to protect all types of data and failures whether local or remote. However, recovering from a failure it is not about technology alone. Rather, it is the entire continuity plan and processes that identify who, what, when, where and how the business will be resumed. Such a plan needs to be well documented and comprehensive since there is no room for ambiguity during the chaos of a disaster. The plan needs to identify all resources including specific people involved, exact actions and processes they need to follow, and the precise tools and locations involved for a successful business recovery when an interruption INTERRUPTION. The effect of some act or circumstance which stops the course of a prescription or act of limitation's. 2. Interruption of the use of a thing is natural or civil. takes place. #6: Identify, educate and train the appropriate IT personnel on your organization's business continuity/disaster recovery plan. Ongoing training of IT personnel on the above defined processes There are two major approaches to controlling any process:
#7: Backup your data on a regular basis to a secondary source. The first and the basic step in any kind of data protection or disaster recovery planning is the process of backing up your data to secondary storage. This helps companies protect from any kind of local or potentially remote failure. Traditionally, these backups have been performed incrementally on an hourly/nightly basis to tape medium with full backups See backup types. being done nightly night·ly adj. 1. Of or occurring during the night; nocturnal: the cat's nightly prowl. 2. Happening or done every night: the physician's nightly rounds. or weekly. Shrinking backup windows and costly tape operations have challenged these traditional methods. With current disk based (1) Refers to devices that use magnetic hard disks for storage. It often refers to portable devices such as digital music players that have hard disks rather than flash memory. All desktop and laptop computers are presumed to have hard disks, and most servers have hard disks. technologies and recovery management software, companies can not only eliminate back windows by protecting data continuously, but also dramatically improve application availability with an on-demand recovery approach. #8: Replicate and/or store a copy of critical data at an off-site location. With the world becoming more volatile both environmentally and politically, it's no longer enough to backup your data locally. Local backups do not protect you from a site-wide failure as a result of a natural or man-made disaster. It is very important that a copy of data be stored at a secondary location for disaster recovery purposes. Traditionally, this has been done by vaulting vaulting Gymnastics exercise in which the athlete leaps over a form that was originally intended to mimic a horse. At one time, the pommel horse was used in the vaulting exercise, with the pommels (handles) removed. volumes of dormant Latent; inactive; silent. That which is dormant is not used, asserted, or enforced. A dormant partner is a member of a partnership who has a financial interest yet is silent, in that he or she takes no control over the business. tapes offsite for security purposes. Existing replication technologies enable enterprises to duplicate their data to their DR site but replication alone is not enough. A replication solution that can maintain data history at a secondary site is required to recover from replicating data corruption Data corruption refers to errors in computer data that occur during transmission or retrieval, introducing unintended changes to the original data. Computer storage and transmission systems use a number of measures to provide data integrity, the lack of errors. . #9: Test your data protection and recovery procedures on a regular basis. Similar to a fire-drill, its important to test your DR plan on a regular basis to make sure everything is in place as planned and to iron-out any kinks. A successful data protection and DR strategy is only as good as the success or failure of the actual recovery. A failure in any single operational step of recovery can deem your entire DR plan useless and any investment in it futile. As a result more and more businesses are focusing their efforts around the efficiency of recovery vs. data protection. #10: Review and update your business continuity plan annually. Businesses and priorities continuously evolve because of today's fast changing environment. Changes in an organization can come from both organic (internal) and inorganic inorganic /in·or·gan·ic/ (in?or-gan´ik) 1. having no organs. 2. not of organic origin. in·or·gan·ic n. 1. (external) developments. This can change the dynamics of information being protected and status quo [Latin, The existing state of things at any given date.] Status quo ante bellum means the state of things before the war. The status quo to be preserved by a preliminary injunction is the last actual, peaceable, uncontested status which preceded the pending controversy. processes and tools are likely insufficient. Annual review will help determine alignment with business requirements, continued compliance with regulations and most importantly Adv. 1. most importantly - above and beyond all other consideration; "above all, you must be independent" above all, most especially , a foolproof disaster recovery plan, which will let you well sleep at night. Marty Ward is vice president of products and marketing at Asempra Technologies. www.asempra.org |
|
||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion