BETA
This is a BETA experience. You may opt-out by clicking here

More From Forbes

Edit Story

Mapping Data Protection Strategies For The New Year

Forbes Technology Council
POST WRITTEN BY
Jeffrey Ton

I love maps! The older the better! The walls of both my Bluelock office and my home office are covered with them. Last week, as I was engaged in my favorite end-of-year activity, budgeting, I couldn’t help but think how budgeting and map-making are related. After all, what is budgeting but the financial dimension of your map for the upcoming year?

Most of my maps are related in some way to the Lewis and Clark Expedition. You know, the expedition that set out over 200 years ago to find the Northwest Passage? I couldn’t help but let my mind wander to their year-end budgeting and planning process. Their journey took them about two-and-a-half years to complete. That means they had three occasions to pause and plan for the portion of the journey that would unfold in the coming year. Yes, three year-end budget and planning cycles.

They would gather all the information available to them, map out their route and their plans, discuss contingencies and strategize on how to meet their goals, not unlike you and I today. As they mapped out the year ahead, two of the things in the forefront of their minds were business continuity and data protection. That's right -- they needed to figure out how they could complete the journey and mitigate against unforeseen dangers while at the same time protect their data in the form of their notes, journals and discoveries.

Today, we think of a comprehensive data protection strategy in terms of a well-balanced, two-pronged approach. We need to take preventative measures to protect our data from corruption, theft or loss. While at the same time, we are realists: If something is likely to happen during the year ahead, we take restorative measures as well so we can recover from the unforeseen calamity.

Preventative measures include such things as data encryption, firewalls, intrusion detection and end-user education, to name just a few. Most companies I see doing the preventative part of data protection do it pretty well. CIOs invest heavily, yet they still don’t sleep at night because they know the company’s data is just one inadvertent click away from being held for ransom by a cyberattack. The well-rested CIO also has a comprehensive restorative strategy.

Recovery is not a one-size-fits-all solution. In fact, you need multiple methods to protect your data. Older, immutable data should be archived. It should be protected separately from the data you need to run your company on daily. Backups can provide protection on a daily, weekly or monthly basis. However, restoring entire systems from backups is also measured in days or weeks. Snapshots also provide “point in time” protection and are especially useful for providing a fallback plan during major system updates. Replication completes the picture by providing continuous protection with minimal loss of data and recovery times measured in minutes or hours instead of days or weeks.

The point is that different types of data need different restorative protections. Some of your data might need more than one type of backup for longer-term compliance requirements and replication for fast restores, for example.

Think through scenarios and plan how you would recover in each of the scenarios. What compliance requirements are you or your clients under? Outside of compliance requirements, what is your company’s retention policy? Do you keep data for a year? Five years? Seven years? Longer? If you are using tapes, can you be sure you can still read a seven-year-old tape?

What if you need to recover a file that was accidentally deleted? What if it was deleted yesterday, or last week, or last year? Can you restore it? What if a new software update corrupts your entire database? What happens to business operations while you recover it?

The list goes on and on. What if you were the victim of a ransomware attack? Or what about a data breach and the authorities need to perform a forensic investigation of your production systems? Can you return to normal operations while an investigation takes place? You see, data protection isn’t just about protecting your data from natural disasters.

Your plans should provide you with step-by-step instructions for what to do in any of these scenarios. They should be clear enough that someone other than your IT team can perform them. Why? Your IT team may not be available to recover your systems.

Returning to our heroes -- OK, admittedly, they are my heroes. Lewis and Clark also had to plan for all types of events to protect their discoveries. They employed multiple strategies. For one, they used backups. Each one of their journals was copied at least once and stored in a different container. This came in handy when their boat overturned and they were not able to recover all the containers. They even replicated off-site by sending a boat back to St. Louis with copies of their journals and the discoveries they had made to date. They also used a long-term archive before crossing the mountains. They dug a cache, lined it with animal skins and stored gear, provisions and, of course, copies of the journals for when they returned the following year to retrieve them.

As you make plans for the year ahead, be sure to include an assessment of your data protection strategies. Think about Lewis and Clark and the unknown dangers they faced. Think of the dangers that may come your way in the new year. Are you adequately protected? Draw your map for the year ahead and plan for how you will mitigate the dangers on your journey.

Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?