Changing approaches to data protection - Backup/Restore

Computer Technology Review, Dec, 2003 by Jim Ellis

Data backup and disaster recovery planning has long been an important part of corporate organizations, although often not an especially prominent one. A number of trends (from the attacks in 2001 and the continued threat of natural disasters, to the increased corporate and government data collection and retention requirements of regulations like Sarbanes-Oxley. HIPAA and the Homeland Security Act) have heightened the attention and awareness of the importance of data backup and disaster recovery in organizations of all sizes.

But what has been the result of this increased attention? Have IT managers changed how they prepare, plan or operate? Imation Corporation, a global leader in data storage technology, commissioned a data protection survey in the spring of 2003 to find out. While much of the attention to IT practices post-9/11 focused on the world's largest companies and their data center operations, this survey focused on the broader set of IT directors and managers operating in open systems network environments.

IT Departments Responding With New Approaches

The fresh attention to data backup and disaster recovery appears to have translated into action at many companies. In the survey, more than one in three IT managers reported that they have made changes in this area since the events of 9/11.

At Imation, we have seen many organizations react by moving along a continuum beyond where they were before 9/11 in terms of data backup and disaster recovery. If their pre-9/11 baseline was an absence of a formal backup plan, we've seen new interest in establishing one. If they already had a plan in place, we have seen renewed interest in refining that plan to make it more powerful, sophisticated and reliable.

The survey findings support this observation. Among companies who have made changes since 9/11, the most commonly reported changes were refinements to existing plans, such as the establishment of regular testing and update procedures, movement of data backup offsite, and increases in allocations to disaster recovery budgets. A smaller percentage reported the undertaking of preliminary steps, such as the development of a disaster recovery plan for the first time, and the establishment of budgets for both disaster recovery and data backup.

Regulations and Retention

Another area IT departments are addressing is how their technology infrastructure can support new data retention requirements. Financial scandals and concerns about security of electronic medical records have brought new regulations that are forcing companies to be sure that vital electronic files are preserved for the long term--or whenever they are needed. For example, the Sarbanes-Oxley Act of 2002, enacted in the wake of the financial scandals of the past few years, mandates tighter controls on financial reporting and more robust record retention--increasing the need for long-term data archiving. The Health Insurance Portability and Accountability Act (HIPAA), enacted in 1999, ensures the portability, privacy and security of individuals' medical information. Meeting HIPAA requirements includes a higher degree of secure electronic storage of patient medical records, and requires patient data to be kept at least six years after treatment by any medical organization.

Since most companies already create tape backups and archives, many can meet regulatory requirements using existing systems. Tape storage remains the most economical and efficient way to ensure that records are kept secure, available and portable for the long term.

Many Businesses Operate Without a Net

Planning ahead in case disaster strikes is like wearing a seatbelt--you may not need it on every trip, but you wouldn't want to be without it in a crash. And yet, many surveyed companies leave themselves vulnerable through lack of a formal disaster recovery plan. Of the companies surveyed, three in ten do not have such a plan. Similarly, neither testing of disaster recovery plans nor engagement of external audits of data storage and disaster recovery plans is a universal practice, with 32% and 64% of respondents reporting, respectively, that they do not take these simple, preventative actions.

Tape technologies are among the most cost-effective and reliable for addressing the large-scale backup methods that guard against vulnerability and data loss. Moreover, tape is the only truly removable media designed for the enterprise, enabling those charged with protecting data to make sure it is not at risk all in one place. As managers look to strengthen their data backup and disaster recovery programs, tape particularly excels in those applications that address some of the most feared situations.

Conclusion

The past few years have cast a new light on existing IT concerns and raised many new ones. This survey of IT operations suggests that the combination of increased regulations, the events of 9/11, and the increasing volume and value of electronic data has prompted changes in data backup and disaster recovery practices. These changes, while helpful, have certainly not resolved key and critical issues and mounting pressures that IT managers face today.