Data backup and storage is the IT equivalent to tidying up at the end of the day. Putting all your information away neatly so you know it is accounted for, secure, and easy to find again is an unlikely topic, you would imagine, for strong opinions and lively debate. Yet that is exactly what it has become, and for good reason.
Every day, greater amounts of data are handled by more employees who are spread across multiple locations and who use a variety of devices. This increases the vulnerability of information. The solution for many organisations is to implement a centrally controlled data back-up and storage plan from a range of available options available. It is here where the debate becomes heated.
In the red corner are the cloud converts, those who are quick to point out that ultimately all hardware-based back-ups will fail and that nothing offers the same storage capacity, flexibility and ease of access as the cloud. Meanwhile, over in the blue corner, we find those who approach the cloud with more caution. They point to a growing body of evidence, which includes a recent Symantec study(1) that shows 68 percent of companies have been unable to recover data stored in the cloud, as well as findings that Forrester urges companies to back-up all cloud-stored data(2).
The reality of the workplace is complex. IT departments need to prioritise limited budgets and work with legacy IT infrastructure as they build confidence in the security and benefits of an established cloud provider. In many cases, this leads to a hybrid data back-up and storage system that includes onsite servers for the most active, business-critical or confidential information; securely stored offsite tapes and discs; and then the cloud for less essential or dormant data. The results include tidy, cost-effectively managed and protected information, as well as an IT team that now has more time to add value elsewhere–at least, that is, until employees start asking for data they have lost or can’t access. The effort required to meet these requests has caught many IT professionals off-guard.
Free Download: Is An Outright Ban On Workplace Social Networking A Good Idea?
Earlier this year, we undertook a series of in-depth interviews with senior IT professionals in France, Germany, the Netherlands, Spain and the UK(3). The conversations revealed that some firms are witnessing year-on-year increases of up to 60 percent in demands for data retrieval. This is explained by an increase in the number of employees who are trying to find documents they have accidentally deleted or misfiled or who want to view access-controlled, centrally stored business data. Getting the data back can be frustrating (particularly when the creator can only vaguely remember what the subject or content was), complicated, and time-consuming; sometimes the process may even require the help of an outside expert.
To illustrate a real-world example, in businesses where data represents a significant competitive differentiator and demands for confidentiality are high, such as those in the pharmaceutical sector, employees are not allowed to keep business information on their PCs and are required to submit a formal request to access sensitive data. This access is given on a time-limited, read-only basis, which can result in a flood of daily retrieval requests.
Not all retrieval requests are internal, however. A growing number of requests are external and related to eDiscovery for legal, compliance and law enforcement purposes. Failure to retrieve and present the required data quickly is simply not an option.
Companies need to ensure that ease of data retrieval is factored into their overall back-up and storage plan. The best approach is a tiered one, with information ranked from records that are likely to be requested frequently, such as customer data or patient records, above those which may be required only once if at all, such as insurance policies. The former can be stored on servers close at hand, while the latter can be clearly indexed and stored off site, perhaps with an external provider, for rapid retrieval if required. This blended approach will maximise the benefit to the business while minimising the impact on IT resources and the risk to data.
Tidying data away and retrieving it out may seem peripheral to all the exciting things you do with the information once you are in possession of it. But if you don’t get those two stages right, the bit in the middle can’t happen either. Back-up, storage and retrieval is as business-critical as the actual data.
(1) Symantec, Avoiding the Hidden Costs of Cloud 2013 Survey
(2) , May 2014
(3) Opinion Matters for Iron Mountain, April 2014. Ten interviews were conducted with IT professionals in each of the UK, France, Germany, Spain and The Netherlands, representing the manufacturing, healthcare, telecommunications, financial services, professional services, hospitality, media and broadcasting, advertising, retail and software sectors, with between 50 and 10,000 employees.
By Christian Toon, Head of Information Risk for Europe, Iron Mountain
About Iron Mountain
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.