Data is a cause of stress for organisations like never before. From exploding data rates and multiple legacy tools, to regulation, virtualisation and always-present resource constraints, the practice of storing and protecting data remains a significant challenge.
The terms “data protection” and “backup” are sometimes used as synonyms, but there are actually distinct differences. In its simplest form, “backup” refers to the practice of replicating data and making sure a copy is available for restoration should an unforeseen event occur to make the primary data set unavailable.
“Data protection” indicates a far-reaching approach to ensure that data is not only available when needed but is also secured at every point along the lifecycle. Furthermore, data protection enforces the extra requirement of proving that the data is backed up, secure and available, generally through the use of advanced portals and reporting.
Some common themes have arisen when developing a data protection strategy. In my opinion there are three steps that have led to many successful data protection strategies:
1. Efficient use of technology
The good news is that there are a wide range of technologies and vendors that offer components of data protection. The bad news? No hardware or software vendor can offer all of the best facets under a single umbrella. For example, many vendors can offer disc-based backup with snapshots and de-duplication but cannot provide portal visibility or long-term tape archiving to drive down costs.
If one reviews the options available – disc-based backup, virtual tape libraries, snapshots, clones, geographically dispersed replication, de-duplication, compression, client based, server based, etc. – the results can be confusing. Therefore, as part of a successful strategy, it is important to select a provider with deep experience in data protection solutions as well as an understanding of how to assemble best-of-breed products to scale up functionality while scaling back cost.
2. Data segregation
Not all data is created equally. While that statement is slightly tongue in cheek, it’s clear that some data is critically more important than other data.
Many are executing on a strategy driven by technology selections performed years ago. For example, many organisations place all of their data into a single category and store it for the amount of time regulated by a small set of the overall data because their technology of choice dictates the strategy.
The “one-size-fits-all” strategy is easy to manage, however it is inefficient and expensive. Data can be organised into a number of categories, but I find it generally falls into three:
- Regulated – The name say it all, this is data regulated by law to be protected in a certain manner. This data is nearly always encrypted at rest and in transit and is retained for long periods of time, typically in off-site facilities
- Sensitive – This is data that contains organisational intellectual property but isn’t necessarily regulated by law to be protected in a certain manner. However, this is often an organisation’s “secret sauce” and should follow the same protection profile as the regulated data, but generally is not kept for the same duration. For example, while regulated data may be kept for seven years, sensitive data often is kept for less than a year
- Typical – This data is generated by a company during business-as-usual projects. Often classified as test-and-development data, it can encompass much more. The bottom line is that this data should be contained for the minimum amount of time to keep business continuity. Industry studies typically define this data as being kept for no more than two weeks.
3. Simplicity in execution
While there are many high-tech features and functions in any enterprise-level data protection strategy, the management and implementation must remain as simple as possible. For a data protection strategy to be successful it must not result in an overhaul of process just for the sake of protection.
Now, of course, any archaic process could use some change but most get the job done and do not need a new process; rather, they need a new toolkit. The most elegant solutions are flexible enough to meet business requirements while providing visibility and confirmation of execution, generally through the use of portal-based functionality.
Of course, there are more components to a good data protection strategy, but the aforementioned themes are present in every data protection conversation with Savvis’ customers. Talking through your unique situation with experienced experts is a good place to start to get onto the path towards a successful data protection strategy.