Most companies have solid overall default data backup plans; however, many do not have sufficient processes or controls for ensuring proper data protection based on business requirements. To avoid the development of dangerous gaps between the level of protection that exists and that which is needed, every organization should devise and adhere to a sound data protection policy.
Related on MHA Consulting: Data Loss Is Inevitable: These Tips Will Help You Recover
Sound data protection is a fundamental part of resiliency and business continuity.
Most organizations have good overall strategies and solutions for backing up their data. These can include traditional backup, log shipping for databases, and replication. But in many cases, applications or data repositories are not sufficiently protected for data loss.
One area where we at MHA Consulting see this a lot is when new applications are brought into use. Typically, in such situations, the team involved focuses exclusively on getting the new app integrated into the production process. Little or no thought is given to protecting the data based on the business need.
Usually, this lack of attention to data protection is accompanied by an assumption that data backup for the new app will be managed by the IT department. This is usually true as far as it goes. But sometimes it does not go far enough.
Typically in these cases, IT will provide its standard level of protection, which in most cases means backing the data up using a traditional backup (think daily or the old school “tape”) once every 24 hours.
This is fine if that frequency of backup is appropriate for the new app. But what happens if the app is one for which the loss of 24 hours’ worth of data would create a serious problem for the company?
Two vital matters are commonly overlooked in situations such as that described above: Determining what level of protection is appropriate for the data associated with an app and ensuring that this level of protection is implemented.
When organizations allow holes to develop in their data protection efforts, they are creating potentially costly vulnerabilities.
Typically, when companies lose data which they are unable to recreate in a timely manner, their ability to perform their missions is compromised, with negative impacts on their customers, revenue, and reputations.
Imagine the impact on a bank that permanently lost eight hours’ worth of data on its customers’ deposits, withdrawals, and transfers.
Now, imagine a parallel loss of information at your own organization.
Clearly, this is a scenario best avoided, and the way to avoid it is to identify and close gaps in your organization’s data protection program.
The best way to prevent the sort of gaps and losses we’ve been talking about is for the organization to develop and adhere to a sound data protection policy (sometimes called a backup policy).
Such a policy should contain the following:
Protect your organization by protecting its data. Most organizations do an excellent job with basic data backup, but gaps sometimes develop when the data protection assessment is not part of the implementation or project. These data preservation gaps can amount to serious vulnerabilities.
The best way to avoid these gaps is by crafting and adhering to a sound data protection policy. Such a policy specifies the minimum level of protection, requires assessments of the data protection needs of new apps, mandates annual reviews of applications and data repositories’ RPOs, and spells out a process for tracking, approving, and closing exceptions.
For more information on data preservation, protecting your data, and other hot topics in BC and IT/disaster recovery, check out these recent posts from MHA Consulting and BCMMETRICS: