Data protection is the process of safeguarding information from threats to data integrity and availability. These threats include hardware errors, software bugs, operator errors, hardware loss, user errors, security breaches, and acts of God.
Data protection is crucial to the operation of any company and a sound data protection strategy must be in place. Following is my checklist of a good data protection strategy, including implementation and operation:
1. Backup and disaster recovery (DR) should be a part of the overall design of the IT infrastructure. Network, storage and compute resources must be allocated in the planning process. Small and inexperienced companies usually employ backup and DR as an afterthought.
2. Classify data and application according to importance. It is more cost-effective and easier to apply the necessary protection when data are classified properly.
3. With regards to which backup technology to use – tape, disk or cloud, the answer depends on several factors including the size of the company and the budget. For companies with budget constraints, tape backup with off-site storage generally provides the most affordable option for general data protection. For medium-sized companies, a cloud backup service can provide a disk-based backup target via Internet connection or can be used as a replication target. For large companies with multiple sites, on-premise disk based backup with remote WAN-based replication to another company site or cloud service may provide the best option.
4. Use snapshot technology that comes with the storage array. Snapshots are the fastest way to restore data.
5. Use disk mirroring, array mirroring, and WAN-based array replication technology that come with the storage array to protect against hardware / site failures.
6. Use continuous data protection (CDP) when granular rollback is required.
7. Perform disaster recovery tests at least once a year to make sure the data can be restored within planned time frames and that the right data is being protected and replicated.
8. Document backup and restore policies – including how often the backup occurs (e.g. daily), the backup method (e.g. full, incremental, synthetic full, etc), and the retention period (e.g. 3 months). Policies must be approved by upper management and communicated to users. Document as well all disaster recovery procedures and processes.
9. Monitor all backup and replication jobs on a daily basis and address the ones that failed right away.
10. Processes must be in place to ensure that newly provisioned machines are being backed up. Too often, users assume that data and applications are backed up automatically.
11. Encrypt data at rest and data in motion.
12. Employ third party auditors to check data integrity and to check if the technology and processes work as advertised.
A good data protection strategy consists of using the right tools, well trained personnel to do the job, and effective processes and techniques to safeguard data.