10 March 2016

Dealing with the data deluge: a best practice approach to information management

By Robin England, Senior Research and Development Engineer at Kroll Ontrack

Data today is practically a living organism. Corporate-created data is emerging, growing and evolving at a rate of unparalleled proportions. As the volume of data multiplies, organisations are striving to glean actionable insights and value from it. But to do this effectively, a company must properly manage data to keep a record of information they can use now – or in the future.

Many companies are not increasing their data management capabilities at the same pace that data is growing. In fact, 30 per cent of 720 IT administrators surveyed by Kroll Ontrack said they do not have clear insight into what specific information is stored within their tape archives — and that's just one type of storage system. IT departments must address how they back up and store information to be able to garner value from data.

In short, companies must update corporate data management protocols to accommodate the explosion of data in the enterprise, implement technologies and services that support a healthy data storage process, and understand and apply data backup and recovery best practices.

Storage environments: how to maximise efficiencies and avoid data loss

Corporate IT departments continue to implement complex, high-end software-defined storage (SDS) systems. While these storage methods are efficient and flexible in allowing companies to manage an influx of data, they also hold a potential for data loss if not set up or managed correctly.

Many of these systems are unique or proprietary to specific vendors, so ensuring all data is backed up properly is key. The combination of complexity and customisation of SDS environments emphasises how important it is for IT staff to know how and where data is categorised and stored.

Be prepared to invest time and resources when implementing an SDS infrastructure. It is an advanced system that must be properly set up to deliver benefits and efficiencies.

Make sure the storage system is implemented by someone with the correct experience. If the appropriate person is not on-staff, consider hiring a third-party expert.

Research storage hardware to confirm it is compatible with the SDS software.  Some providers supply a list of compatible hardware and it's important to follow these recommendations to avoid problems.

Backup protocols

Establish backup protocols that fit your storage environment (and comply!). Kroll Ontrack receives over 40,000 data recovery requests each year –many from corporations that failed to properly back up their data. As organisations continue to adopt more advanced storage environments, backup methods need to advance as well. The following guidelines are a starting point for establishing effective backup protocol:

  • Audit all storage systems and applications to identify the systems that need to be backed up
  • Define the timeframe the organisation can reasonably be without each application or dataset and a timeframe for how long it will take to recreate each
  • Create a written backup plan (there may be insurance discounts for implementing this)
  • Train team members on the details and expectations of the backup plan, and test their skills (and your backup) on a regular basis to demonstrate backups were successfully created
  • Monitor the backup on a regular basis to catch something as it happens, rather than when it is too late
  • Create a written disaster recovery plan including contact numbers for individuals and companies that will assist in the recovery (there may be insurance discounts for implementing)

Backup schedule

Set a backup schedule that makes sense for your company. Daily data backups are recommended, but company stakeholders have to determine risk appetite. For example, how would business be impacted if half a day's worth of data is lost? What about a full day? Answers to questions like this should in part guide data backup frequency and procedures

Select the appropriate media and backup system. Many organisations use tape storage for archival of non-critical data backup, which can be ideal for legacy data that needs to be stored long term, but does not require regular access. But even with long-term storage, an organisation must be able to access data as needed to comply with regulations or respond to a legal matter.

Our survey of 720 administrators found that 30 per cent of IT departments receive a request from business stakeholders on a daily, weekly or monthly basis. If data is not produced in a timely matter in these instances, litigation, fees and penalties are likely. While other forms of data storage include the cloud, hard drives, SSDs, tapes and more, choosing the right method is determined by how long that particular data needs to be stored, how accessible it needs to be, and how large your budget is.

Review your backups on a regular basis

Monthly audits of data backup methods are highly recommended; including reviewing a sample of data stored on tapes, hard drives, SSDs and the cloud to ensure data is present and accessible. It is equally important to verify tape and disk data is effectively backed up as to ensure mission critical, cloud-based data is properly stored.

Get proactive about data recovery

Implement a data recovery plan before data loss occurs. Having a plan in place cuts down on response and emergency recovery time when an incident occurs. Start by selecting an expert, emergency recovery provider proactively. When making this decision, confirm the provider is able to recover from all media types in your organisation's environment.

Ask the provider to review their experience working with virtual systems, high-end enterprise systems or their success rate with tape media. Enquire whether they have the storage capacity to host all of your company's data, because in a worst-case scenario where an entire data centre is lost, the provider must be able to host an organisation's entire volume of data during recovery. Planning ahead can reduce downtime and increase your chances of a full recovery when loss occurs.

Data’s end-of-life process: know what and when to erase

Each industry and organisation has compliance standards and guidelines for moving data to end-of-life, and it is critical that IT departments have a clear understanding of those standards. Organisations may be opened up to unnecessary risk if data is categorised as end-of-life too soon or if it harbours data that should have been destroyed.

Securely erase data from a device

Imagine that an IT work order to purchase 100 brand new laptops was approved by corporate finance. Once up and running, older laptops will likely be repurposed, donated or sold. Does your organisation have a secure erasure plan in place for the data residing on the older laptops?

Data recovery experts will attest that a simple Google search can give malicious or criminal individuals access to software that makes it easy to recover data from used devices, and it is an organisation's responsibility to protect their client, employee and proprietary information by securely removing it from old devices.

The best way to do so is by using reputable erasure software specifically made for the type of storage media being erased. When choosing software, ensure the solution provides a certificate of erasure. This will help with compliance, if down the road the erasure process is audited. Finally, for media that isn't functional, consider shredding the media or using a degausser to magnetically destroy data.

Be patient with the erasure process

When using erasure software to securely erase data, patience is of the essence. For example, depending on the size of the drive and the algorithm used it can take hours to complete the overwriting of data from a 500GB HDD or SSD. If the program is not properly executed, it is possible the erasure method will fail.

Verify erasure

Ensure the erasure process is 100 per cent effective by enlisting a third party to verify the process. This adds a level of security that is growing in importance as corporate data handling practices are more and more being closely examined. When selecting a company to provide erasure verification, be sure it provides proper documentation of the process and results of the verification. This not only provides peace of mind for your company, but also to your clients.