It wasn’t a Tornado or an Earthquake, it was an
Email.
Managing the growing risk of critical data loss.
With spring upon us, summer just a few weeks away, and a new season
of severe weather swirling into motion, now is the perfect time for
a business to consider what a natural catastrophe such as a tornado
or flood would do to its operation.
Oh, and emails too! It is hard to fathom mentioning “malicious
emails” as one of the catastrophes to consider when designing a
Disaster Recovery Plan, but it is the truth.
It doesn’t have to be an F5 Tornado or the Flood of ‘93 to
be considered a major disaster anymore. Businesses can officially include
“malicious emails” that show up disguised from“grandma”
as one of the top threats on the list. With the growing number of computer
viruses, as well as the number of cases where data has been damaged
as a result of unauthorized access, never before has a company’s
health been so at risk.
For example, on June 14th, 1999, eBay executives, employees, traders,
investors, the media, and the world watched as eBay stock value plummeted
by $4 billion dollars. The devaluation occurred because of an all-day
(22-hour) outage on its auction site. Executives at eBay estimated that
the impact included a drop of $3 to $5 million in sales. Every hour
that eBay was down resulted in an estimated $200,000 in lost sales.
In December of 2002 five Wall Street brokerages, including Morgan Stanley,
Goldman Sachs and Salomon Smith Barney Holdings Inc., agreed to pay
a total of $8.25 million in fines for improperly storing e-mail during
a three-year period. While some firms relied on employees to preserve
copies of the e-mail communications on the hard drives of their individual
computers, there were no systems in place to ensure that employees did
so.
The failure to comply in at least four of the brokerages was the result
of not being able to retrieve the data they thought they had backed
up -- not because it hadn't been stored but because they didn’t
have a good backup.
Not all businesses will have quite the same exposure as the eBay example
or the brokerage firms, but the level of risk is growing each day whether
businesses like it or not. With each day that goes by organizations
are becoming more dependant on technology
and more vulnerable to disasters, law suits and events that can take
down the organization for weeks at a time. The protection of critical
data stored on personal computers, laptops and remote servers has never
been more important. Ask any
professional if they would rather be without their phone service for
a week or their email and the dependence on technology will be evident.
Is it time for a checkup?
Data is becoming increasingly more valuable and exponentially more
vulnerable.
A businesses effort to protect these assets should grow at the same
rate as its vulnerability. This combination can become dangerous very
quickly. What used to be
calculated by paper and pen is now being processed online. With every
new software program bought, new critical data is produced and one more
element of day to day business is being left to the mercy of that cylinder
called “the hard drive”.
Data is becoming more vulnerable. In one quick swoop an entire system
can be wiped out from an employee opening a single attachment from a
family member. Even the best anti-virus software can’t protect
a business from opening the wrong email. The answer isn’t prohibiting
employees from opening email. The answer is educating them on the potential
hazards, how to avoid them and planning for the worst. Disaster Planning
and Backup
measures need to improve to manage this growing risk.
A serious question most businesses need to ask themselves is, “When
is the last time we improved our backup procedure? Or tested a restore
or simply kept up with technology?
Am I being penny wise and pound foolish?” The bottom line is that
businesses efforts to plan for disasters needs to grow with the times.
If a business doesn’t already have a Disaster Recovery Plan, creating
one should be right next to waking up in the morning on the owner’s
to do list. If one already exists, has the plan improved to adequately
protect against the growing vulnerabilities and changes in technology?
Backup Process or Restore Plan - Which do you have?
Whether it is new legislation that is forcing a business to comply
or recent data loss that is bringing a new awareness, it is time to
understand that this ritual called “backups” is really about
restoring data. The fact remains that the simplest restore process that
works is better than the most elaborate backup procedure that doesn’t.
For most businesses, this can be done quite easily. How do they turn
a backup plan into a restore process? Test it. Many users back up their
data only to find their backups useless in that crucial moment when
they need to restore from them. They fail because the systems are designed
with a set of requirements that rely too heavily on human intervention
for success. All it takes is one misplaced tape to produce a disastrous
result.
Storage magazine, a leading technology publication conducted a poll
of their readers titled “Do you test your backups?” They found
that although 66% of the respondents regularly test their backup tapes,
another 77% discovered failed restores. Is it worth the effort for businesses
to test these restores? Yes, when you consider that over three quarters
of those that have tested their tapes have unearthed failures. At the
same time, consider the readership base producing these failed restores.
This is Storage Magazine not Sports Illustrated.
Testing restores on a regular basis is only part of the story and is
a step in the right direction. The other challenge that is becoming
more and more difficult is keeping up with the growth of laptops and
mobile computing.
Those Forgotten Laptops and Remote Workers
By longstanding IT practice, backups encompass data stored on servers,
not workstations. “If you want your files backed up, the policy
goes, don't store them on your desktop.”
And as for laptops? Forget it. It's up to the user to back up anything
vital. Unfortunately, this mindset runs into a problem with the explosive
growth of mobile computing. By the end of this year, mobile users will
have grown to as many as 60 million, according to International Data
Corp (IDC). To compound the problem, about 7 million of those laptops
will be badly damaged, lost, or stolen.
As more business professionals utilize laptops as their primary computers,
more and more corporate information is being stored on those hard drives.
According to Gartner research, 60 to 80 percent of corporate data resides
on PC or laptop hard drives.
Laptops in the field are also exposed to extreme conditions from bouncing
around on a plane to constant connectivity to the Internet. These laptops
and critical data are far more
vulnerable to theft, natural disaster, hardware failure, viruses and
human error. However, in most organizations little attention is being
paid to protecting these computers because it has been difficult up
until now. New technologies are enabling laptop users to securely backup
their data through the internet to a secure location managed by a service
provider. This process is called “electronic vaulting” and
is growing in popularity.
Protecting corporate data was a straightforward job when all data resided
on the company server. This fell squarely into the hands of an internal
IT person or outside computer consultant. Today, however, with laptops,
home users and remote offices, the implementation of regular backup
procedures is far more difficult. In order to effectively protect this
data on a regular basis, the process must be automated. Electronic vaulting
allows the user to select the critical data, setup a daily schedule
and let the process run. After the service runs the business is emailed
a report confirming the events.
Each day at a predetermined time the service wakes the computer, scans
for any changed data, encrypts the files for complete security and backs
up the data to a secure off-site location – all without any manual
intervention.
Up until recently there have been many factors that typically prevented
businesses from backing up these mobile devices – Internet connectivity,
size of files, security, etc…
The cost and complexity traditionally associated with a remote backup
have prevented many companies from properly protecting this data on
laptops.
It was always much easier to protect a dozen servers, for example,
than 60 laptops.
This reality, though, is being eased by new services that allow for
secure backups through the Internet from any connection in the world.
Availability of bandwidth, advances in data compression and new security
measures have made this solution a reality. Now even the
smallest business can afford a solution like this.
Particularly in companies that perform external audits, analyses, or
evaluations of client sites, the value of laptop data rapidly becomes
apparent. Firms that conduct offsite visits for expensive services like
accounting and audits are in the forefront of the mobile computing arena
and should make appropriate plans to protect this new level of data.
Organizations must ensure the protection of mobile and remote workforce
data as part of their basic IT plans.
The growing numbers of mobile users is just one example of how businesses
need to evaluate their Disaster Planning and Data backup needs on a
regular basis. All it takes is the CEO's machine experiencing a hard
drive failure while on the road, or one poor HR staffer losing the entire
corporate HR database that she kept on her own laptop, for mobile backup
to become a greater priority.
Times are changing and so are risks. As technology grows, so should
a disaster plan, even if this means guarding against “emails from
grandma”.
The bottom line is that Data is becoming increasingly more valuable
and exponentially more vulnerable.
Are you prepared?
| Dave Gambino is President and CEO
of e-Backups.net, a leading provider of fully managed online data
backup and recovery services. Mr. Gambino has over 10 years of experience
delivering technology-based solutions and online services. For more
information on protecting your critical data, please visit our web
page at http://e-backups.siteforsuccess.com
or email us at sales@siteforsuccess.com. |
