More stringent regulations on the retention of email and other types of data will compel companies to revisit their data retention policies and strategies in 2008-”as well as focusing on tune-up measures for their disaster recovery and business continuation plans.
While many enterprises invested in and upgraded DR plans in the Hurricane Katrina aftermath, many have also stopped there. In spite of this, the Aberdeen Group reported in September 2007 that 80% of best-in-class companies planned to make continuous improvement and investment in data protection over the next 18 months. These companies recognize that data protection is an ongoing task that is just as important as disaster recovery. Data Protection versus Disaster Recovery Data protection is integral to disaster recovery because it involves the systematic backup of data and the ability to recover data at all times, especially during disastrous interruptions that threaten business continuity. However, it is also important to note that data protection goes beyond disaster recovery. It addresses other critical data needs-”like archiving, the ability to retrieve data quickly from historical archives-”and the safe and secure storage of historical data offline. Without attention to data archiving and purging, companies are expending more resources and backing up more data than they should. These backups are also taking longer. Recent regulatory pressures are hitting areas like data retention and archiving, especially with the growing importance of email and computer-based records in the compliance and litigation processes. Meanwhile, enterprises have major concerns when it comes to finding qualified persons on the IT staff in the areas of data protection that regulators are looking for, whether it is backup, recovery or archiving. Adding Expertise IT shops that look to train internal staff in the areas of data and storage management are usually challenged in finding what they want. One reason is the professional IT training market’s focus on training and certifications in network management and technical skills, database, communications, software development and Internet. Only a handful of storage vendors have responded to the dearth of storage training with their own internal programs. Beyond this; little else is available in the area of formal training. There is a severe IT skills shortage in the data protection area. This is most evident in smaller and medium-sized companies, where individuals usually just -œdraw- the assignment of being responsible for the DR plan and its execution. They make their best effort, but they have no specialized training for it. In many cases, they may not understand all of the different areas that data protection should address-¦.It’s a fact that most. SMBs are overloaded, and they are trying to meet their workloads with small, compact staffs. It is not hard to see how data protection and disaster recovery can be left behind in the race to meet every daily company priority. Our company gets many calls from SMBs–and from large enterprises that are tackling the task of backing up, restoring and maintaining the data of many remote offices. These companies see outsourcing to an expert with specialization in backup, recovery and archiving as an immediate way to acquire needed expertise without diverting IT staff from other daily activities. Developing a Comprehensive Data Protection Plan The good news for most companies is that they can -œbuild out- from their disaster recovery plan to include the other areas of data protection that are vital for the business. Here are several steps that businesses can take: Understand the Risks and the Value of Data Protection Many CIOs are hesitant to address the full spectrum of data protection because they know that they have other critical projects that they have to secure budget for, and that recent business investments have been made on DR. The value proposition for expanded data protection, as with DR, may well rest with proactive prevention of that single misstep that could come in the form of data breach, data loss, litigation or regulatory needs. No one wants to be fighting to correct a data breach or compromise; or in a position where he is waiting in the wings to talk to a news service about what happened. Even more importantly, the customers and the stakeholders of the business rely on its officers and employees to safeguard the data. If a cataclysmic breach occurs, there is probably no price that would have been too high for prevention. Fortunately, CIOs can usually find an ROI to justify the budgetary allocation for advanced data protection. It typically comes in the form of the number of hours that are saved from IT and business staff with a streamlined plan that uses automation in its data backups, recoveries and archiving-”and eliminates human error along the way. Define a Data Protection Strategy Organizations differ in their approaches to data protection. Some prefer to address data protection entirely with internal IT resources, while others totally outsource, and a majority of best-in-class companies employ a strategy that combines in-house management with strategic outsourcing arrangements with online data protection service providers. We note that SMBs frequently look for an affordable turnkey solution for data protection, backup and recovery, which makes outsourcing those functions very attractive. Large enterprises also look for outsourcing assistance in DR and data protection, since they have numerous satellite offices that require localized disaster recovery and data protection. Enterprises tell us that they are very challenged to maintain current backups for remote offices and locations.We find that when we deliver state-of-the-art services that blend well with their corporate disaster recovery and data protection plans, enterprises integrate our online backup and recovery services for the remote sites into their master corporate plans. These enterprises receive detailed reports of all data backup, recovery and protection activities at their remote sites, which is one less thing for corporate IT to do. We can also provide corporate-wide disaster recovery and data protection, since we cover virtually every piece of hardware and software that is used in the corporate IT environment. Implement Policies and Procedures for Data Protection Whether you are defining or refining data protection policies and procedures, it all begins with identifying which data you will archive and which data you will permanently delete- as well as your real-time backup data. This can be daunting for any enterprise with years of stockpiled data. Very often, a good approach is hiring an outside consultant who can assist in data analysis and bring special tools to the task. Companies should also evaluate their email archiving and retrieval. Most companies now have email retention policies (a majority chooses to retain email for seven years), but they frequently fall short in developing and publicizing corporate email policies to IT and to general business system users. This is where teamwork between IT and HR can pay off. Data protection policies should also be periodically reviewed by IT and management. Disaster recovery and business continuation plans should minimally be tested annually. Data retention policies for email and archiving should be reviewed every three years-”provided there are no major regulatory or other environmental changes that the company must respond to. Establish SLAs for Your Staff and for Vendors Both internal staff and any data protection vendor that you work with should have a clear understanding of your RPOs (recovery point objectives) and RTOs (recovery time objectives). Most sites prefer a nightly RPO, but others require RPOs several times daily, and still others require real-time, continuous data backups for their businesses. These expectations should be central ingredients in your SLA (service level agreement) with the vendor. If you use a vendor, also take time to check references. Even if an organization has a strong SLA, you need to trust the people whom you are dealing with. The service should meet your needs for data protection, hardware and software support at the vendor site and be of enterprise class-”because the outsourcer should be able to grow with you, and to be able to support a diversity of platforms. Final Remarks Disasters, security breaches, data losses and data compromises have cast corporate attention on data protection like never before. Best-of-class organizations see data protection as the -œnext generation- of disaster recovery. They are taking steps to achieve it. If they can’t handle the task internally, they are seeking outsourcers with expertise. Most are finding that a combination of internal and external resources is the -œbest fit- operationally and from the standpoint of the budget AUTHOR – STEVEN RODIN Steven Rodin serves as Storagepipe’s President and CEO where he is responsible for planning the company’s growth and determining its strategic direction. Steven has over 10 years experience in leading and managing high performing teams, sales and marketing, creating innovative technical solutions, deal execution and professional services. Prior to joining Storagepipe, Steven served as an Executive Director with Comverse Technology where he lead the company’s self-service and strategic customer management initiatives and established strategic alliances with systems integration and technology partners. Steven was the President and Co-founder of Davinci Technologies Inc., which provided enterprise Electronic Bill Presentment and Self-Service software to many world-class customers. Davinci was acquired by CSG Systems in 2003 and subsequently acquired by Comverse Technology in 2005. Mr. Rodin graduated with an Honors Business Administration (HBA) degree from the University of Western Ontario.
Related Articles –
THE, AUTHOR, IS, STEVE, RODIN, -, JOHN, SACKE, IS, THE, REPRESENTATIVE,
Email this Article to a Friend!
Receive Articles like this one direct to your email box!Subscribe for free today!