"When outage horror stories take over headlines, executives tend to have kneejerk reactions and look to adopt whatever disaster recovery offering they can implement fastest," he says. "But every organization and location is unique, and failing to thoroughly assess your situation may lead you to adopt a solution that is expensive overkill or cheap and inadequate."
And while most IT executives and data management experts acknowledge that there isn't one failsafe solution to protecting and recovering data, they agree that there are certain steps organizations should take.
What are the necessary precautions companies should take to protect critical files and applications in the event of disaster? Dozens of data storage, data management and disaster recovery experts share their advice. Here are their top 12 suggestions regarding how to disaster-proof data (files and applications).
1. Conduct a data assessment. "Know your high-value data assets -- where your customer information and other sensitive data live, which files are heavily used, who is using them and which departments they align with," says David Gibson, vice president, Varonis, a provider of comprehensive data governance software. "With usage intelligence and data classification, you can better prioritize what data you need to have on hand after a disaster and who will need to have access to it."
"Use the 80/20 rule," says Michael de la Torre, vice president, Product Management, Recovery Services at SunGard Availability Services. "Not all data is created equally. It's costly to ensure that every piece of data is always available and quite frankly most of it isn't critical to business functions," he notes. "By applying the 80/20 rule, a company can tier out its critical data and applications to decide which 20% is the most crucial to protect," he says.
2. Work with a trusted partner to disaster proof data & systems. "Use an experienced partner to ensure your [storage and disaster recovery (DR)] solution meets the needs of your business and the capabilities of your IT department," suggests Peter Elliman, senior manager of Backup and Recovery at Symantec, a provider of online and mobile security solutions. "Consider integrated appliance solutions to reduce complexity, remotely managed backup services to minimize operational impact and risks and consider both internal DR sites as well as DR providers with both on-premise and cloud recovery options."
3. Define what an acceptable recovery time is and choose the right storage media. Think about "how quickly you need to restore your data," says De la Torre. "The least expensive method is offsite, on tape and de-duplicated," he notes. But he quickly adds, "you will pay later when you have to wait for days to restore your data. Understanding the threshold for how long you can wait to restore your data will provide clear direction on which storage medium -- Disk or tape? Cloud or on-premise? -- is right for your company."
"Don't accept mediocrity when it comes to the speed of recovering your data," adds Jennifer Gill, director of Product Marketing for Zerto, which provides enterprise-class disaster recovery and business continuity software.
"Many companies think a reasonable recovery point objective (RPO, the highest amount of data a company is willing to use) is 24 hours. If the business did actually lose this amount of work/data the impact could be many times the cost of actually implementing any disaster recovery solution," Gill says. "Find a solution that provides continuous data protection and replication with an RPO of just seconds and a recovery time objective (RTO) of minutes."
4. Create a disaster recovery plan -- and test it."Have a written disaster recovery plan," says Gill. "It sounds obvious, but with the complexity of the old way of doing replication and disaster recovery, it is very easy to forget the most important aspect of disaster recovery, actually writing down a plan," she says.
"In an ideal world, everything from the replication, management, protection groups, failover and failover testing is managed from one single interface," Gill says. "Specify SLAs for replication, create virtual protection groups, select the VMs to protect and then allow your solution to take care of all the replication in the background."
"Think through the most likely threats to your business, keeping in mind everything from human error to component failure to natural disaster," advises Alan R. Arnold, CTO, Vision Solutions, a provider of cloud protection and recovery, high availability, disaster recovery, migration and cross-platform data sharing solutions.
"Creatively examine options for cost-effectively protecting your data in a place geographically distant from those threats. That may require access to a second data center or a cloud-based strategy," Arnold says. Also, "be sure to account for all servers in your infrastructure (e.g., Windows, Linux, AIX and IBM running on physical virtual and cloud platforms). Your solution must address all server types with off-site protection capabilities."
Then "test this plan multiple times to ensure that it is successful," adds Andrew Gilman, data director, Actifio, a provider of copy data management. "Testing makes all the difference. It will help CIOs work out any kinks in the plan and ensure that they are ready in the event of a data breach or disaster."
5. Make sure sensitive data is properly encrypted."To effectively disaster-proof data, it is important to incorporate encryption into the data backup equation," says April Sage, director, Healthcare IT, Online Tech, a provider of collocation, managed server and cloud hosting solutions.
"A full-scale backup with encryption of the data at rest and in-transit will prevent unauthorized users from gaining access and effectively minimize exposure," she explains. "It is the answer for security-conscious organizations which must follow regulatory frameworks to maintain security of sensitive data. With encryption, security breaches can be prevented and eliminate a media firestorm that leads to credibility and profit loss," she continues. And if you use a cloud-based solution, "ensure the process has been vetted and the encryption keys are not accessible."
6. Regularly backup and snapshot data. "No strategy will work if you haven't set up automatic backups," states Scott Harris, the vice president of Services at Egenera, a provider of cloud management and disaster recovery software. "Whether it is to one of your corporate data centers, your DR site or the cloud, be sure that all critical data is backed up on a schedule that protects your business from downtime in the event of a disaster," he advises.
"Take real snapshot backups, not just RAID mirroring or database replication," adds Chris Camejo, director of assessment services at NTT Com Security. "If someone or something issues a command to overwrite or delete data, intentionally or otherwise, your RAID controller or database replication will dutifully delete it from the mirrors as well," he explains. "Removable media (tape) has the advantage that it can't get accidentally altered unless somebody physically mounts it."
7. Make sure critical applications are also accessible. "Protecting your data is not enough if you want to keep the business running during an event that causes downtime," notes Justin Moore, CEO of Axcient, a provider of data backup and restore, business continuity, disaster recovery and cloud continuity solutions. "Ensure critical applications can be virtualized in the cloud so that your employees keep productive."
8. Don't neglect laptops. "Most disaster recovery plans are focused on protecting the data center," says Peter Eicher, senior manager for Product Marketing at CommVault, a provider of enterprise backup and recovery, data management, deduplication, data protection, archiving and e-discovery software.
"While that is certainly critical, according to Gartner, almost two-thirds of corporate data lives outside the data center. Laptops, [for example,] are far less resilient than data center servers and disk arrays, and laptops are also subject to loss and theft," Eicher says. So it is important to include laptops and similar devices in your DR plan.
9. Follow the 3-2-1 rule. "If an enterprise wants truly disaster-proof data, it needs to follow the 3-2-1 rule: three copies of the data, stored on two different kinds of media, with one of them stored offsite," says Doug Hazelman, vice president of Product Strategy for data protection provider Veeam.
"By following the 3-2-1 rule, IT eliminates any single point of failure," Hazelman says. "For example, if the organization relies on SAN snapshots (which are great for backing up frequently), IT will need to find a way to create backups from those snapshots to get multiple copies and move at least one copy off site."
10. Keep backups off site, in a safe location."How far off site depends on the risks you are worried about," says Camejo. "If your data center is in San Jose and a major earthquake knocks out all your infrastructure, then it doesn't do any good if your backups are in an 'off site' facility in Santa Clara, the next town over. Consider the threats and plan appropriately."
11. Store data in a secure cloud. "In today's environment, one of the most secure ways to secure your organization's data is to put it into a hosted cloud environment," says Heinan Landa, CEO, Optimal Networks, which provides IT services, support and consulting. "Essentially, you are putting your network into a hosted cloud environment and then it is being delivered to you on-demand. The onus of responsibility for security, updates, redundancy, failover and business continuity rest with your provider."
"Cloud storage providers now provide secure, highly available services, combined with the maturity of cloud gateways to interface these clouds," adds Rob Whiteley, vice president of Product Marketing, Riverbed Technology, which provides a location-independent computing platform.
"Companies can actually improve their disaster preparedness by leveraging multiple cloud storage providers for service and geographic redundancy," Whiteley says. "Cloud storage improves backup costs, boosts performance and dramatically reduces recovery point objectives (RPO) by avoiding outdated tape and offsite storage methods."
12. Test for recovery -- and test again."It's all about the recovery," states Jarrett Potts, director of Strategic Marketing, STORserver, a provider of data backup solutions. "All the backups in the world cannot save you if you can't recover to test. [So] test then test some more," he says. "When you're finished, test it again. Do random recoveries each week. Do disaster recovery testing and audit your data pools. Always be sure you can recover your data."
Jennifer Lonoff Schiff is a contributor to CIO.com and runs a marketing communications firm focused on helping organizations better interact with their customers, employees, and partners.
Read more about disaster recovery in CIO's Disaster Recovery Drilldown.
This story, "12 ways to disaster-proof your critical business data" was originally published by CIO.