PC PROLIFERATION IN THE WORKPLACE BRINGS NEW PROBLEMS:
PROTECTION OF LARGE AMOUNTS OF CORPORATE DATA
Today’s “personal” computers in the workplace have little in common with the limited use of PCs just eight years ago. In most cases, corporate management and MIS don’t understand what today’s PCs are being used for or how dependent their organizations have become on their availability.
Responsibility for personal systems today often resides in limbo between the user and corporate MIS, with users ranging from secretaries to CEO’s who, more often than not, have no formal technical training or experience.
This has brought about a huge problem--protection of large amounts of vital corporate data. Data backup for personal computers evokes thoughts of tape streaming devices, specialized backup software and high capacity cartridges.
The initial problem, however, is understanding the evolved dependency on personal systems and realizing that users of these systems often are not from the DP ranks and have not accumulated the hard-learned backup disciplines of their mainframe counterparts.
The first step in implementing a personal computer data backup/disaster recovery plan, therefore, is the realization that personal computers, for the most part, are NOT personal computers. They are distributed corporate work stations that over time create operational dependencies as surely as any mainframe computer resource.
Also to be understood are the functions being performed on PCs and how these functions affect the corporation’s ability to conduct business as usual. The simplest method is brief interviews with actual PC users. They know what they’re inputting.
Most organizations, at this point, will begin to realize that much of the information they use to manage their business on a daily basis resides on or is produced by personal computers. Directions of their company, therefore, are shaped daily by decisions made with the assistance of PCs.
Once the actual dependence on PCs is understood, a recovery/backup strategy can be formulated. First, however, it must be determined who will be responsible for backup and what general backup scenario will be utilized. At the most basic level, backup can be performed either by the individual user or by a central resource. Each approach has benefits as well as potential pitfalls.
Individual users know best when their data has changed and threfore, backup time can be kept to a minimum by performing backups only when necessary. This individual approach distributes backup overhead, costing each user only minutes per session (assuming proper software tools are available).
On the downside, enforcing individual backups can be a near impossible task that when monitored properly, requires the central resource that was to be saved in the first place. Also, backup alone does not protect data. Most backup disks, if they exist at all, can be found in a desk drawer beneath or near the PC. If a disaster occurs, both the original and backup suffer the same fate. Backed-up data must be stored offsite in a secure environment.
A centralized approach to backup solves the problem of enforcement and offsite storage at the cost of identifiable overhead. Someone must perform the backups and have the hardware to do so. Potentially, this is a significant obstacle given the hundreds of personal computers used in corporations.
A compromise often is the best solution. Individual backups can be collected and monitored periodically by a central resource and rotated offsite according to the same schedule as followed by MIS for mainframe data.
LANS, which support personal computing needs while maintaining centralized storage, can provide the best of both worlds. They are a natural application of the compromise solution.
The central location for data lends itself to centralized backup techniques and the sheer amout of data makes it easier to rationalize backup as an MIS function, thereby utilizing already enforced disciplines.
Once backup strategy is selected, frequency of backup is determined. The most effective approach is to back up each file immediately as it is updated. This can be accomplished either by rigid individual disciplines or more assuredly by specialized software that runs in the background of a system continually monitoring the disk and backing up files as they are changed. Immediate backup assures that a duplicate version of all data is always available (although it might not be offsite immediately), but at the cost of the obvious system overhead.
The alternative to immediate backup is the periodic approach. At some predefined interval, data is backed up on a high capacity device and rotated offsite. In this method, the length of the interval between backups becomes critical. Daily backup for some files is overkill while for others it is insufficient. And, unless specialized software that backs up only changed data is used, the longer the interval between backups, the more time the backup takes.
Frequency of backups, once determined, will help select actual backup hardware and media that are most appropriate. Immediate backup requires a random-access approach that requires a random-access media. Choices include using a system’s existing floppy disks, removable cartridge systems or specialized tape systems that emulate the random nature of disk access.
Periodic backup will lend itself to high capacity devices such as tape streaming devices or certain cartridge systems. At this stage of the process toward information protection, four primary “ingredients” are in place:
1) Realization of an organization’s dependence on personal computers.
2) Responsibility for data protection is determined.
3) Frequency of data backup is established.
4) Hardware and software selections are made.
Now the real work starts! Strategy and procedures must be implemented and this can be fraught with many obstacles including resistance to the programs, budget considerations and territorial politics.
Whatever the potential roadblocks, keep in mind... the alternative to having adequate backup is much worse!
William Bedsole is Vice President of Contingency Service for Comdisco Disaster Recovery Services, Inc.
This article adapted from Vol. 1 No. 4, p. 27.