A Society of Ghosts
The issue at hand is that back-up and restoration strategies must be in place to safeguard that data. If we use our standard balance diagram, we have the three dimensions to consider for data storage: technology, processes and people. So, let's look at each of these categories.
First and foremost, you must have the right people in order to design, implement, and consistently execute an effective back-up plan. On one hand, be sure to involve the appropriate IT resources. On the other, stakeholders outside of IT can identify key data categories and the level of criticality. Only by involving the correct people can a secure back-up plan be developed.
Once the right people are involved, it is absolutely essential to identify the various processes required to back up the systems, periodically test, and restore data. These processes must be formally documented and regularly rehearsed. The reasons for documentation, training and practice have to do with the fact that times and data change. Ideally, IT should always be involved with the operational stakeholder to understand data requirements. However, this doesn't always happen. Thus, by periodically exercising the plans, both IT and operations can review and approve the state of preparedness.
Once the right people are involved and high-level processes identified, then and only then should technology be procured. Yes, technology shapes processes, but here, we must make sure that the technology purchased matches the needs at hand. For example, there are numerous technology issues to consider.
- Amount of Access: How often must the data be retrieved?
- Storage Life: How long must the backup media remain viable? Months? Years?
- Speed of Backup: How fast must the data be backed up to meet service level expectations? What issues may dictate the speed at which data is backed up?
- Fault-Tolerance: How critical is it that nightly backups happen without fail? Also, bear in mind the risks if a single device is purchased and then when the data is finally needed and the device is either destroyed or damaged.
- Total Cost per GB Stored: In order to compare storage methodologies, think in terms of total costs per gigabyte stored, not just the cost of the drives and tapes. Factor in the maintenance, labor requirements, storage space requirements, etc.
- Managed Obsolescence: What if the data must be restored 10 years from now, how will you ensure a compatible reader exists?
- Restoration Time: How long will it take to recover data? Are there different situations? What service levels exist that mandate recovery times?
Of special note, the need for a defined data retention schedule is critical. Nobody can afford to store large amounts of data for an indefinite period of time. Furthermore, having everything since time immemorial creates a major liability in that if a lawsuit happens, those records can be summoned as part of a "discovery" effort and costs can go through the proverbial roof. Just imagine trying to hunt through years of backup tapes for any file that contains certain keywords or is authored by person X. Imagine trying to read backup tapes from a tape drive that no longer exists and the manufacturer went out of business 10 years ago.
As a result, it is key that IT and stakeholders identify the various categories of data, who owns the data in case questions arise, and how long it should be retained bearing in mind regulatory, legal and operational needs. Once this is defined, it is very important that the data retention policy actually be followed. Having a policy and not following it is far more damaging during litigation than having no policy at all.
In short, we are increasingly relying on digital methods to create intellectual property. To avoid a collapse of operations, care must be taken to implement backup strategies that safeguard the data over time. If we don't take adequate steps to safeguard the data, then our organizations risk not only the loss of some intellectual work, but also the viability of continued operations.