So far, I've looked at the necessity for data protection at the desktop user level, and also at the server level. Scaling out from the individual computer user to the inevitably more complex requirements of companies, so the importance of a complete strategy for data protection increases. Simply put, when zooming out from a notebook user to a whole company, the stakes are raised. Substantially.
In such scenarios, groups of users are supported by additional equipment such as servers and storage subsystems. Disaster recovery is part of a bigger picture of business continuity; within both, the role of data protection is absolutely essential.
Indeed, data protection is arguably more important than protection of the applications, and even the business processes. The equipment itself - the physical servers and hard drives and computers - is, almost paradoxically, of relative insignificance. All these things can be replaced. It is only the data, which if lost, cannot be purchased or otherwise restored.
Policies and procedures
Outside of the data, the considerations for business continuity and disaster recovery are quite broad. They include such practicalities as office space, power availability, communications (telephone and Internet), security, personnel and more. All of these should be covered within the business continuity policy and plan.
Assuming that provision is made for all these aspects, let's focus in on the data; specifically, that which is stored on operational components of the enterprise infrastructure. By that, I mean the servers, notebooks and PCs which people use to conduct and perform their everyday work.
What is of critical importance for these elements is that companies have assurance that there are measures in place to take care of data should the 'real thing' happen. The real thing could be anything, and is often the last event that could be expected; by their very nature, disasters are unexpected occurrences, after all. It could be a flood, an earthquake, a plane crash, a sinkhole - the world is an interesting, dangerous and sometimes unpredictable place.
Backup plans
But where companies really do want predictability is in the security of that data. Not security from unauthorised access, although that remains important, but security from the point of view that no matter what happens to the equipment, there is a persistent copy of that information. It's not good enough to have that assurance on paper, either - companies need to know that the measures put in place actually work. Disaster recovery testing is therefore essential to ensure that if the real thing occurs, companies are prepared, well rehearsed and have a good idea of the final outcome for data.
Data protection is arguably more important than protection of the applications, and even the business processes.
Petrus Human is technical director at Attix 5.
So it is that the 'humble' backup comes to play a critical role in enterprise disaster recovery. As the business continuity plan is formulated, it will be necessary to examine backup planning, examining frequencies, identifying and classifying the information which must be protected, and how it should be protected.
A recovery point objective is formulated (the acceptable amount of data loss measured in time) and a recovery time objective (the desired time to get business processes working again) set. Machines are classified according to these priorities in business processes.
Specific scenario testing needs to be done according to the risk priority for a company's environment; the risks with the highest likelihood of occurring (such as theft, fire, hardware failure due to power failure) are simulated.
What should be abundantly apparent is at least two things: it is not possible to anticipate all the dangers out there, but it is possible to have an action plan to deal with the possibilities. The other is that unless the data is protected, no business continuity plan is worth anything at all.
Share