Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News

5/10/2010
02:45 PM
George Crump
George Crump
Commentary
50%
50%

Knowing That Your Data Recovery Will Work

Probably no single process has had more software, hardware and infrastructure thrown at it then the backup process. Despite this continual investment many of the IT managers that I speak with express doubt in their ability to recover the right data in the right amount of time. What do you do to know that your data recovery will work when you need it to?

Probably no single process has had more software, hardware and infrastructure thrown at it then the backup process. Despite this continual investment many of the IT managers that I speak with express doubt in their ability to recover the right data in the right amount of time. What do you do to know that your data recovery will work when you need it to?When there is doubt in the ability to recover data it often leads to an overprotection problem that we have seen for years now and as we first reported in our article "Solving the Data Protection Puzzle". Essentially if you don't have confidence in your current data protection tasks you try to protect the data in as many ways as possible. Similar to driving with two seat belts and a helmet. You are hoping that in the event of a failure one of the data protection tasks will bring you back up. As the book says, hope, especially when it comes to data protection, is not a strategy.

To know you can recover requires focus on two areas. First, make sure you have a workflow that keeps your eye on the right ball at the right time and second, trust your workflow but verify it often. The first area, workflow, is really about creating a data protection management system and ironically isn't as much about recovery as it is backup. While this conflicts with the popular phrase from backup software vendors, "it is not about backups its about recoveries" the truth is if you don't get that backup completed successfully, there is nothing to recover. Clearly both are important but in my mind completing a successful backup comes first.

This first step then, the evolution of data protection from a series of unrelated tasks to a smooth workflow, is critical given today's environment. The IT team has too much data to protect given the current staffing levels. They have to be able to have tools that will give them laser beam focus on the data that really matters. Laser focus on only the critical data sets requires a shift from the conventional thinking that every backup must work every night strategy to only the backups that really matter must work when they need to work. This is not advocating that you stop protecting data every night but that when you are faced with a list of failed backup jobs, along with your normal IT tasks, you need to know what to work on first. From a backup perspective this means knowing what failures put the most business critical data at risk and fixing those first. Essentially the data protection process becomes a way to help you prioritize what to do first each morning.

Developing a process involves knowing what data protection resources you have, what policies are in effect and probably most important establishing realistic service level agreements (SLA) with the owners of data. Once those are known then the focus shifts to managing the SLAs instead of tracking every single backup job. If the management system highlights not every failure but the most critical failures they are putting SLA attainment in jeopardy.

The next step is the verify stage. While there are many ways to verify backup jobs there is only one acid test; recovery of the full system. In our next entry we will talk about verification and how to accomplish full verification with requiring 100 additional IT personnel.

Track us on Twitter: http://twitter.com/storageswiss

Subscribe to our RSS feed.

George Crump is lead analyst of Storage Switzerland, an IT analyst firm focused on the storage and virtualization segments. Find Storage Switzerland's disclosure statement here.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
Unreasonable Security Best Practices vs. Good Risk Management
Jack Freund, Director, Risk Science at RiskLens,  11/13/2019
6 Small-Business Password Managers
Curtis Franklin Jr., Senior Editor at Dark Reading,  11/8/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-18986
PUBLISHED: 2019-11-15
Pimcore before 6.2.2 allow attackers to brute-force (guess) valid usernames by using the 'forgot password' functionality as it returns distinct messages for invalid password and non-existing users.
CVE-2019-18981
PUBLISHED: 2019-11-15
Pimcore before 6.2.2 lacks an Access Denied outcome for a certain scenario of an incorrect recipient ID of a notification.
CVE-2019-18982
PUBLISHED: 2019-11-15
bundles/AdminBundle/Controller/Admin/EmailController.php in Pimcore before 6.3.0 allows script execution in the Email Log preview window because of the lack of a Content-Security-Policy header.
CVE-2019-18985
PUBLISHED: 2019-11-15
Pimcore before 6.2.2 lacks brute force protection for the 2FA token.
CVE-2019-18928
PUBLISHED: 2019-11-15
Cyrus IMAP 2.5.x before 2.5.14 and 3.x before 3.0.12 allows privilege escalation because an HTTP request may be interpreted in the authentication context of an unrelated previous request that arrived over the same connection.