Subscribe

Individuals ignore backup policies

Jacob Nthoiwa
By Jacob Nthoiwa, ITWeb journalist.
Johannesburg, 26 Mar 2010

Many companies have server backup solutions in place, but focus is now shifting to 'user data' stored on PCs and notebooks, and its protection.

This is according to a recent survey carried out by ITWeb, in partnership with data security company Cibecs, which surveyed over 300 IT senior executives and risk professionals.

Cibecs CEO Richard Dewing says this is where a backup and recovery vacuum exists. Individual computer users will never follow data backup policies, he adds. “This is because they forget to back up, do not know how to, or think it will take too much time.” Quite often, they do not want their data on a server where it could be accessed by a third party, he adds.

The survey found nearly half (46%) of the companies rely on some kind of backup policy (be it to a file server or external hard drive) to ensure business critical data is backed up. However, these very same companies list the fact that users do not follow policy as their main obstacle in ensuring successful data protection.

Fatal impact

The survey highlighted other trends, including that 72% of data losses are ascribed to hardware and software failures, theft and negligence. It also found 68% of respondents do not think their current data backup solution is highly effective.

Dewing says these statistics underline the massive risk South African businesses are exposed to in the event of data loss through any number of everyday occurrences. “A scary thought, especially considering today's hard drives store 500 times more data than a decade ago, which means the impact of such a loss is vastly amplified.”

Data loss also negatively impacts the ability of a business to sustain its operational efficiency, ultimately impacting the bottom line. Half of the respondents are unsure if their company could recover business critical data in the event of a loss. This is because a lot of time and resources have to be allocated in trying to get the lost data back or recreating it.

Better backup

Dewing says companies now realise they need a better solution for data backup and recovery problems, but are not quite sure exactly what is required. “This is simply part of a legacy where the amount of data floating around wasn't nearly as vast and unstructured as it is today.”

Companies around the world are starting to realise that older technologies and methods are just not manageable or practical in this day and age, he adds. “Legislation such as King III locally, and Sarbanes-Oxley in the US, has also forced companies to protect the integrity of their business-critical and sensitive data.”

On the whole, notes Dewing, the survey proved local businesses, like their international counterparts, do not fully appreciate the risks they face from losing data stored on user PCs.

“So much information is stored on company desktops and laptops, especially as we move to a more mobile society,” he explains. Companies are beginning to understand the need to take responsibility for that data away from users and manage it from one central location, he adds.

Governance is key

The Data Governance Institute says it all boils down to data governance. It says all organisations need to make decisions about how to manage data, realise value from it, minimise cost and complexity, and above all manage risk. This will ensure compliance with ever-growing legal, regulatory, and other requirements.

“Management and staff need to make good decisions - decisions that stick - and they need to reach consensus on how to 'decide how to decide',” the organisation advises.

They need to create rules, ensure the rules are being followed, and deal with noncompliance, ambiguities, and issues. In short, they need to do more than manage data; they need a governance system that sets the rules of engagement for management activities, the institute adds.

Dewing says this survey was a quest for concrete verification of problem areas locally, in enterprise data backup and recovery strategies. “The objective of this survey was to highlight the business and operational data loss risk organisations are exposed to. We also wanted to impress upon business owners and IT executives the need to proactively plan for that inevitable bad day at the office.

“South Africa is not far behind the rest of the world in this realisation. The next step, however, is taking appropriate action based on that realisation,” he points out.

Share