Spring World 2018

Conference & Exhibit

Attend The #1 BC/DR Event!

Spring Journal

Volume 31, Issue 1

Full Contents Now Available!

DRJ Blogs

DRJ | The premiere resource for business continuity and disaster recovery

Why Data Protection And Recovery Must Be Part Of Your Business Continuity Planning

Originally posted on Alertfind's blog.

From laptops to data centers, information technology is an integral part of modern business operations. Many businesses would find it difficult, if not impossible, to function if their information technology went down. So, for a business continuity plan to succeed, it must include an IT disaster plan with detailed processes for data protection and data recovery.

Data protection is the process of safeguarding important information from corruption, compromise or loss. Data recovery is the process of restoring data that has been lost, accidentally deleted, corrupted or made inaccessible. Your business continuity plan must cover both.

A hard-drive or a server may seem like a tiny thing when compared to a business’ physical inventory, but when a business’ IT infrastructure is damaged, the economic losses add up quickly.

It’s important to understand that data loss represents a huge risk for most businesses. Even if you can’t put a monetary value on your data, losing it would have significant and lasting negative effects on your daily operations.

To fully understand your data’s value, think about how much harm your company would suffer if it became impossible to interact with customers, fulfill orders, update employee records, produce financial reports, measure company operations, etc.?

Data loss, even partial data loss, is more than an inconvenience. You face costly downtime, compliance violations, lost revenue, reputation damage and more.

According to an EMC Corporation global IT study, data loss and downtime costs enterprises $1.7 trillion per year.  Data loss is a serious threat to the success of your business, and must be treated as such.

When most people hear data loss, they often think of malicious attacks or unplanned emergencies. And while power outages, natural disasters and equipment failures do lead to some data loss, these instances make up only a small percentage of cases.

In reality, most data loss is actually the result of human error – and it’s a lot more common than you might think. According to a global IT study by EMC Corporation, 64% of enterprises experienced data loss or downtime in the last 12 months. Protect your employees and your business by having data protection and data recovery plans in place.

Creating a Data Protection and Recovery Plan

Before you begin developing a data protection and recovery plan, ask yourself a few questions:

  • How much of my organization’s data do I need to retain?
  • How fast do I need to be able to recover that data?
  • How much data can I afford to lose?
  • When restoring very old data, will I run into compatibility problems?
  • If I were to leave the company, would anyone else know how to recover this data?
  • If I can’t bring systems back online immediately, what is the Plan B during the downtime?
  • How much will the recovery process cost?

Once you clearly identified your data protection and recovery needs, you can start creating your strategy.  A proper data protection strategy has multiple components:

  • Data backup

Protect your data with a backup policy that outlines when secondary copies, either physical or virtual, are made. Data backups are crucial. They should occur frequently to ensure that if data is lost, a recent version of the business’ data can be restored so it does not cause irreparable damage to the business. You can use your emergency notification system to remind employees when it’s time to perform manual data backups.

  • Data recovery

Data recovery strategies enable your data to be restored in the event of data loss. One popular method is cloud data recovery. Cloud recovery allows you to both backup and restore electronic records in a cloud computing environment. Since employees can access cloud data from anywhere at any time, this option limits downtime by enabling employees to continue working even if they can’t get to the office.

  • Remote data movement

Copy your data and move it to a location outside the primary facility or in the cloud. This technique helps protect your data from the physical damage that often comes with emergencies such as fires and hurricanes. Whether you chose to backup data in real-time or near-real-time, duplicating data in a second location is of utmost importance.

  • Storage system security

Your storage area network (SAN) should be easily accessible for authorized users, while simultaneously being guarded against potential hackers and malicious code. Apply best security practices to keep your data safe, such as data encryption, regular operating system updates and data redundancy.

  • Data lifecycle management

DLM directs the movement of critical data from creation to deletion. DLM products automatically organize data into tiers in accordance with specified policies, and move data from tier to tier when called for. For example, your DLM policy may dictate that critical data be saved as read-only when in its final state, or that data be moved to different types of storage depending on its age, file type and size.

  • Information lifecycle management

Like DLM, ILM directs the movement of critical data from creation to deletion, organizing and moving data according to specific policies. Unlike DLM, ILM products organize data based on the content within a data file. Your ILM strategy will outline specific policies for valuing, cataloging and protecting information assets. For example, your ILM policy may dictate that the data that is most frequently accessed be stored on the fastest storage media, while less-accessed data is stored on cheaper, slower media.

Testing your Data Protection and Recovery Plan

Once your data protection strategy is complete, it’s time to put it to the test. The only thing more frustrating than losing data in the first place, is a failed attempt at data recovery. Testing your data protection and recovery plan ensures that you’ll be ready should a real disaster strike.

The best method for testing is a combination of:

  • Simulated attacks

Cyber attacks look to exploit any weaknesses in your organization’s security. By running simulated attacks you can identify any holes that exist and fill them. Furthermore, simulated attacks also help to prepare your “human firewall.” They test your employees responses, raise awareness of security threats and improve the effectiveness of security training.

  • Recovery drills

There is always a chance that an attempt at a complete recovery will lead to problems. Recovery drills allow you to have confidence in the reliability of your backup, and in your team members’ understanding of recovery processes. Furthermore, recovery drills also aid in strict compliance and regulation standards that require you to send system performance reports periodically.

Once you are confident that your data can be recovered in the event of any emergency – a ransomware infection, a system failure or a natural disaster – you can relax. However, don’t get too comfortable. Make sure to test your data protection and recovery plan at least twice a year to ensure you’re addressing any new threats or changes to your environment so you can maintain the utmost security.

Is your organization’s data protected? Learn more about how to ensure your company is prepared for any emergency.

15 Factors Every Disaster Recovery Audit Must Incl...
How flexible is your BCP?