Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News

5/10/2010
02:45 PM
George Crump
George Crump
Commentary
50%
50%

Knowing That Your Data Recovery Will Work

Probably no single process has had more software, hardware and infrastructure thrown at it then the backup process. Despite this continual investment many of the IT managers that I speak with express doubt in their ability to recover the right data in the right amount of time. What do you do to know that your data recovery will work when you need it to?

Probably no single process has had more software, hardware and infrastructure thrown at it then the backup process. Despite this continual investment many of the IT managers that I speak with express doubt in their ability to recover the right data in the right amount of time. What do you do to know that your data recovery will work when you need it to?When there is doubt in the ability to recover data it often leads to an overprotection problem that we have seen for years now and as we first reported in our article "Solving the Data Protection Puzzle". Essentially if you don't have confidence in your current data protection tasks you try to protect the data in as many ways as possible. Similar to driving with two seat belts and a helmet. You are hoping that in the event of a failure one of the data protection tasks will bring you back up. As the book says, hope, especially when it comes to data protection, is not a strategy.

To know you can recover requires focus on two areas. First, make sure you have a workflow that keeps your eye on the right ball at the right time and second, trust your workflow but verify it often. The first area, workflow, is really about creating a data protection management system and ironically isn't as much about recovery as it is backup. While this conflicts with the popular phrase from backup software vendors, "it is not about backups its about recoveries" the truth is if you don't get that backup completed successfully, there is nothing to recover. Clearly both are important but in my mind completing a successful backup comes first.

This first step then, the evolution of data protection from a series of unrelated tasks to a smooth workflow, is critical given today's environment. The IT team has too much data to protect given the current staffing levels. They have to be able to have tools that will give them laser beam focus on the data that really matters. Laser focus on only the critical data sets requires a shift from the conventional thinking that every backup must work every night strategy to only the backups that really matter must work when they need to work. This is not advocating that you stop protecting data every night but that when you are faced with a list of failed backup jobs, along with your normal IT tasks, you need to know what to work on first. From a backup perspective this means knowing what failures put the most business critical data at risk and fixing those first. Essentially the data protection process becomes a way to help you prioritize what to do first each morning.

Developing a process involves knowing what data protection resources you have, what policies are in effect and probably most important establishing realistic service level agreements (SLA) with the owners of data. Once those are known then the focus shifts to managing the SLAs instead of tracking every single backup job. If the management system highlights not every failure but the most critical failures they are putting SLA attainment in jeopardy.

The next step is the verify stage. While there are many ways to verify backup jobs there is only one acid test; recovery of the full system. In our next entry we will talk about verification and how to accomplish full verification with requiring 100 additional IT personnel.

Track us on Twitter: http://twitter.com/storageswiss

Subscribe to our RSS feed.

George Crump is lead analyst of Storage Switzerland, an IT analyst firm focused on the storage and virtualization segments. Find Storage Switzerland's disclosure statement here.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 8/10/2020
Pen Testers Who Got Arrested Doing Their Jobs Tell All
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/5/2020
Researcher Finds New Office Macro Attacks for MacOS
Curtis Franklin Jr., Senior Editor at Dark Reading,  8/7/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Changing Face of Threat Intelligence
The Changing Face of Threat Intelligence
This special report takes a look at how enterprises are using threat intelligence, as well as emerging best practices for integrating threat intel into security operations and incident response. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-17478
PUBLISHED: 2020-08-10
ECDSA/EC/Point.pm in Crypt::Perl before 0.33 does not properly consider timing attacks against the EC point multiplication algorithm.
CVE-2020-15648
PUBLISHED: 2020-08-10
Using object or embed tags, it was possible to frame other websites, even if they disallowed framing using the X-Frame-Options header. This vulnerability affects Thunderbird < 78 and Firefox < 78.0.2.
CVE-2020-15649
PUBLISHED: 2020-08-10
Given an installed malicious file picker application, an attacker was able to steal and upload local files of their choosing, regardless of the actually files picked. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox ESR...
CVE-2020-15650
PUBLISHED: 2020-08-10
Given an installed malicious file picker application, an attacker was able to overwrite local files and thus overwrite Firefox settings (but not access the previous profile). *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Fir...
CVE-2020-15651
PUBLISHED: 2020-08-10
A unicode RTL order character in the downloaded file name can be used to change the file's name during the download UI flow to change the file extension. This vulnerability affects Firefox for iOS < 28.