But now, with the computerisation of so much more of what we do and the
tougher regulatory environment, many companies are being forced to revisit their systems. by Correy Voo
Three or four years ago, backup wasn't really something people talked about. It was just a backroom operation that was pretty much business as usual.
But now, with the computerisation of so much more of what we do and the
tougher regulatory environment, many companies are being forced to revisit their systems.
In addition, public awareness of data protection has grown, based, in part, on recent high-profile incidents involving theft and loss of personal information. Bank of America, Time Warner and Citigroup all lost backup tapes containing sensitive customer or employee information during 2005, for example, attracting bad publicity.
Other companies found themselves in the spotlight too. They either found they couldn't retrieve data requested by courts from their systems or recover successfully from disasters, or do so at an acceptable cost. Bad backup, it seems, can seriously damage your reputation.
So given this environment, what action should a business take? Experience suggests there are four things to do,
The first can be revealing. For example, a client once called us to say they were running out of space on their backup systems and wanted us to buy them more. When we looked more closely at their systems, we found that 90 per cent of the data they were backing up was not relevant to the business. It was largely people's personal files. One employee, for example, has his personal photo album on the system because he thought it would be a good idea to backup his home PC to the company's servers.
Given situations like this, it's no surprise that we're seeing the re-emergence of roles such as the data manager - a person whose sole responsibility is to trawl through billions and billions of files on a daily basis and identify activities that shouldn't be being undertaken and data that shouldn't be there.
But policing can only ever be part of the answer. It isn't practical for the IT systems involved to look at every file and check whether or not it should be backed up. What's important is to stop files that shouldn't be on corporate computer systems from being there in the first place. To do that, you need to involve everyone in the organisation.
Employees need to understand they too have a responsibility for data protection - one that's vitally important. And they must be clear what is permitted, and what is not. Typically, organisations will choose to prohibit the storage of personal MP3 files, photo albums and other data on corporate systems. Many will also limit the amount of email users are allowed to keep.
Backup solutions tend to be 'fire and forget'. IT managers set them up and leave them running. As long as they see row upon row of green lights when they walk past their tape drives every day, they are happy. The data has been successfully copied to tape ... or has it?
It's essential to be sure, and to be confident you can recover a specific file or batch of files quickly should you need to do so. To achieve this, you need to conduct simulated file retrieval and disaster recovery exercises on a regular basis, document your performance and act on any weaknesses.
You also need to be certain that your backup processes are operating in a way that really does protect your organisation against disaster. For example, how long is it before data gets backed up? This is a situation where one 'size' may not suit all - backup intervals may need to vary depending on the type of data involved and its importance to the organisation.
To give a simple example, imagine you have 10 servers, each equipped with a terabyte disc drive. You won't want to risk overwriting one backup before you have recorded a new one, so you'll need at least 20 one terabyte tapes to fully backup your servers every night. You'll use 10 one night and the other 10 the next. And if you want to keep weekly or monthly backups for archive purposes, you'll need even more tapes.
Incremental backup reduces the amount you need to store considerably. The majority of what's stored on servers and personal computers doesn't change from day to day, so performing a full backup every night is a waste. If you just record the changes, you can easily reduce the amount of storage you need by 75 per cent or more.
It sounds simple and obvious because it is, so why don't organisations do it? Often it's because the savings weren't as significant when their backup policies were defined and they haven't reviewed the situation as disc capacities have increased, removing the pressure on people to clean out data they no longer need.
Another reason is that organisations know they have some data that needs regular full backup and some that doesn't, but aren't equipped to treat it differently. The more intelligence you can apply to your backup the better. Daily backup might be essential for your finance and CRM systems, but servers holding other documents may only need to be backed up weekly. The more you know about your data, the more targeted and efficient your processes can be.
Some companies have rooms full of tape, the majority of which hasn't been touched since the data was recorded. Others find they can't recover data because the tape technology they used to make the backup isn't available anymore. So if the ability to recover data months or even years downstream is important to you, you might want to consider something else.
And finally, it's important to look ahead. Right now, the different technologies used for replication, archiving and backup are converging into a single set of tools. So while today a company might choose a technology for archiving email and another for document management and another for backup, in the future one system will do all three.
Backup and recovery processes will also benefit as intelligence is built into both the infrastructure and applications that create the data. If you look at, say, Microsoft Office documents, metatags will in future be included in each one that can tell a backup system what the document is about, why it was written and who by. Such tags will place the document in a context. For example, if the person works in finance, the document could be rated as more critical to the organisation and in need of special handling. Because the financial aspects of business are regulated, the document could automatically be archived in accordance with the relevant regulations.
But that's in the future. If you have backup problems today, the good news that it probably won't cost you a great deal of money to resolve them. In many cases, the technology in place today will be sufficient if applied more effectively.
What's important is to elevate backup from the backroom and give it appropriate attention. It's critical to your organisation's survival, not something to be ignored.
Correy Voo is head of business technology at BT Global Services. BT are sponsoring the seminar programme and will speaking at a number of seminars at The Business Continuity Expo and Conference held at EXCEL Docklands from 28 - 29 March 2007 - the UK's definitive event for managing risk, resilience and recovery. This event will explore the solutions and best practice to ensure operational continuity and protect a company's interests before during and after an incident. For further information visit www.businesscontinuityexpo.co.uk.
Send a comment about this article to editor@itwales.com.