Server-centric
backup and disaster recovery plans are no longer effective says
Roelou Barry, CEO of Attix5.
Every business knows the value of electronic data. Most UK companies
are now heavily reliant on the confidentiality, availability and
integrity of their data for the smooth running of day-to-day operations.
So much so that, according to the initial findings of the Department
of Trade and Industry’s (DTI’s) Information Security
Breaches Survey 2004, 88 percent find it easy or very easy to
justify the cost of backup technology and disaster recovery facilities.
Indeed, 95 percent of UK businesses now have some form of backup
or disaster recovery facility in place.
So CEOs and MDs can sleep soundly at night, safe in the knowledge
that the business is protected from the potentially catastrophic
effects of a data disaster, right?
Wrong.
Most companies backup their servers (around seven in ten). Less
than 13 percent of UK businesses, however, backup data stored
on desktop PCs and laptops, yet around 70 percent of critical
business information resides on these computing devices. Rather
like an iceberg, only 30 percent sits above the server line. So
ask yourself, should a disaster strike, will your backup sink
or keep the business afloat?
Will the CEO be happy that she or he’s got e-mails back
but has had to write off the business plan he / she’s been
working on for six months which was saved to a local hard-drive?
The IT department’s priority is to ensure that operational
systems are kept up and running. Therefore, if the servers are
fully backed-up, then there’s no problem. What they don’t
often understand is the necessity and full mandate under rules
for good corporate governance to protect data no matter where
it resides. Equally, the board doesn’t necessarily understand
the intricacies of the distributed enterprise and will usually
take the IT director’s word that if the servers are protected
then everything’s hunky dory. And as a user, you just naturally
assume everything is backed up as a matter of routine…
The oft-found mis-communication and
lack of common understanding between the board and the IT department
has led to a false sense of security, evidenced by the almost
exclusive focus on server backup. This is compounded by the shocking
fact that less than 8 percent of UK businesses have actually tested
their recovery plan to see if it would work in practice and that
the vast majority of backup is still done to tape “despite
the well know reliability issues”[1].
Indeed, the DTI security survey found that
two-thirds of companies do not store tapes offsite, meaning they
stand a good chance of being lost along with computer systems
in a fire, flood, etc. A real recipe for disaster.
The amount of critical business information distributed across
the extended enterprise is only going to increase. The take-up
of wireless networking and the convergence of computing and mobile
devices will further decentralise the storage of data to local
drives. So a server-centric backup and disaster recovery plan
is going to become more and more ineffective and risky.
Businesses, therefore, need to look at implementing remote data
backup and recovery solutions which can protect any data, stored
on any computing device across the entire enterprise from servers
and desktops to laptops and mobile devices. Online disk-disk solutions
are automated, safe, secure and cost-effective, and can backup
data via any type of network connection be it LAN, WAN, DSL, WLAN,
etc, etc. Data really has no place to hide.
But backup is a little like being an alcoholic. First you have
to admit you’ve got a problem before you can solve it. Until
the board and IT department realise that only backing up (some)
servers is like insuring the engine of your car but forgetting
about the brakes, wheels, chasis, etc, then nothing will change.
Unless of course the company suffers a catastrophic systems crash
– but being wise after the event may be too late in any
case.
At the end of the day you can’t prevent disasters happening
(indeed, 93 percent of UK businesses have anti-virus protection
but half still suffered from virus infection or denial of services
attacks in 2003[2]). But you can prevent against disastrous data
loss. It’s just a matter of making sure that no sever, desktop,
laptop or mobile device is left unprotected.
To download a copy of a datasheet on the findings on backups and
recovery from the DTI’s Information Security Breaches Survey
2004 please go to http://www.uk.attix5.com/files/products/A5_dti_databackups.pdf
www.attix5.com
[1] [2] Source: Department of Trade and Industry, Information
Security Breaches Survey 2004
•Date:
25th March 2004 •Region: UK •Type:
Article •Topic: IT
continuity
Rate this article
or make a comment - click
here
