The issue at hand is that back-up and restoration strategies must be in place to safeguard that data. If we use our standard balance diagram, we have the three dimensions to consider for data storage: technology, processes and people. So, let's look at each of these categories.
First and foremost, you must have the right people in order to design, implement, and consistently execute an effective back-up plan. On one hand, be sure to involve the appropriate IT resources. On the other, stakeholders outside of IT can identify key data categories and the level of criticality. Only by involving the correct people can a secure back-up plan be developed.
Once the right people are involved, it is absolutely essential to identify the various processes required to back up the systems, periodically test, and restore data. These processes must be formally documented and regularly rehearsed. The reasons for documentation, training and practice have to do with the fact that times and data change. Ideally, IT should always be involved with the operational stakeholder to understand data requirements. However, this doesn't always happen. Thus, by periodically exercising the plans, both IT and operations can review and approve the state of preparedness.
Once the right people are involved and high-level processes identified, then and only then should technology be procured. Yes, technology shapes processes, but here, we must make sure that the technology purchased matches the needs at hand. For example, there are numerous technology issues to consider.
Of special note, the need for a defined data retention schedule is critical. Nobody can afford to store large amounts of data for an indefinite period of time. Furthermore, having everything since time immemorial creates a major liability in that if a lawsuit happens, those records can be summoned as part of a "discovery" effort and costs can go through the proverbial roof. Just imagine trying to hunt through years of backup tapes for any file that contains certain keywords or is authored by person X. Imagine trying to read backup tapes from a tape drive that no longer exists and the manufacturer went out of business 10 years ago.
As a result, it is key that IT and stakeholders identify the various categories of data, who owns the data in case questions arise, and how long it should be retained bearing in mind regulatory, legal and operational needs. Once this is defined, it is very important that the data retention policy actually be followed. Having a policy and not following it is far more damaging during litigation than having no policy at all.
In short, we are increasingly relying on digital methods to create intellectual property. To avoid a collapse of operations, care must be taken to implement backup strategies that safeguard the data over time. If we don't take adequate steps to safeguard the data, then our organizations risk not only the loss of some intellectual work, but also the viability of continued operations.