Enterprises may be over-investing in some areas of data protection
The publication states that enterprises may be over-investing in some areas of data protection, while exposing their IT assets to unacceptable risk by under-investing in other areas of data protection. For example, an enterprise may not understand the importance of logical data protection. An Ontrack study showed that nearly 40 percent of the causes of data loss or downtime are logical, not physical, problems. Yet enterprises may not have in place a high availability (defined as seconds or minutes of annual downtime) logical recovery approach for critical applications. (The tendency is to think in terms of physical solutions, such as mirroring, which are not the answer to logical data protection problems.) The report shows enterprises how to decide where they need data protection, as well the degrees of data protection that are required to meet those needs. They can then better determine whether or not they are over-investing or under-investing to be able to meet particular data protection needs. The old bromide ‘one size does not fit all’ applies to how enterprises fulfil their data protection requirements, but not for the basic principles of data protection. Some large enterprises can afford to have a triad of data centers to ensure a high level of availability in the case of a disaster, whereas other enterprises simply use tape vaulting for disaster recovery, trading lengthy application restores for lower cost. However, all enterprises have to take into account both the need for disaster recovery to a remote site and operational recovery for problems that can be corrected at a local site. Likewise, all enterprises need to take into account physical problems, such as disk failures, and logical problems, such as database corruption or a computer virus, for both disaster and operational recovery situations. The choice of individual data protection technologies is up to the enterprise — but overall data protection should fit within a common framework that applies to all enterprises. Enterprises want ‘high availability’ as part of data protection, yet virtually all use a ‘low availability’ tape solution as part of their data protection strategy. For true data protection, enterprises should use multiple levels of availability in their overall strategies. In an effort to ensure high availability for critical applications, many enterprises invest in additional, expensive disk storage arrays for an increased degree of physical availability. At the same time, they invest in tape automation solutions that add more levels of data protection, but that only deliver low availability (defined as hours or days to restore a particular pool of data). In fact, enterprises can segment applications into ones that require high availability and ones that can function with low availability. Thus, enterprises want and need multiple degrees of data protection. RAID on a production data array provides one degree of physical protection (as the failure of one disk drive can be tolerated without loss of data). A remote mirror can provide a second degree of protection. Where information cannot be lost, a tape solution provides a minimum of one (and generally more, through multiple-generation tape copies) additional degree of protection. Disk does not provide logical data protection; tape does (since the tape is outside the I/O ‘write’ stream that can make logical changes to data). Point-in-time copy capability and its derivatives can provide logical data protection on disk, but require understanding, planning, and investment that many IT organizations have yet to make. Enterprises should implement an overall data protection strategy based on a data protection ‘framework.’ Enterprises are attacking business continuity, backup and recovery process, and compliance as if they are unrelated problems, but they really all relate to one another in the context of data protection. The data protection ‘framework’ allows the correct allocation of investment and resources to these three areas, as well as other data protection investments. Business continuity is a key risk management function of any enterprise. Business continuity is about preventing or ameliorating disruptive impacts on the business that range from threats to survival to productivity drains. One of these disruptive impacts is data loss, and data protection avoids data loss. Temporary loss of data requires that the data be restored before further disruption can occur. Using backup and recovery software is one way of restoring the data. Compliance data is a special case of data protection to prevent disruptions that would be associated with non-compliance. Relating all three areas — business continuity, the backup and recovery process, and compliance — through their relationships with data protection is just part of understanding the overall framework of data protection. Understanding that framework is important so that an enterprise can put in place a data protection strategy that takes these three aspects — as well as many others — into the proper context so that the proper degrees of data protection and the proper levels of investment are in place. Fixed content stored in active archives has different data protection and data retention requirements than active, frequently-changed data. By implementing information lifecycle management (ILM) and coordinating it with a data protection strategy, enterprises can improve the cost-effectiveness, availability and performance of their storage. As information in the form of files or records ages, it tends to become fixed data that is unchanging data. That age varies from the time of creation (e.g., a check entered into the system) to a later time (e.g., closing a transaction in an online transaction processing system). When fixed content data is ‘distilled’ from its active changeable counterparts in an application to an ‘active archive,’ the implications for data protection policies and management are significant. The traditional backup process is not necessary for fixed content data. A piece of fixed content needs to be replicated after it is captured in an active archive, but no traditional backup process is necessary. Copying the data to a full backup on a regular basis is an unnecessary use of resources since the correct number of data protection copies is already available. The second major change is the ability to put in place strong data retention policies. Although data retention policies can be applied to a pool of storage where active changeable data is commingled with fixed content data, data retention management is most effective with a fixed content pool of storage. That is because data retention applies only to fixed content data. An open transaction cannot be disposed of and cannot be considered (at that stage of its lifecycle) to be compliant data, since all compliant data has to be unchangeable. The migration of data to an active archive will eventually have a significant impact on the active changeable side of the house as well. There will be less data to back up (and restore if necessary), so the burden on the overloaded backup/restore process will be reduced. If critical applications need to be remotely mirrored, the disk space for the remote mirror will be reduced. The upper boundary for fixed content could be as high as 80 percent or more, but even a movement of 20 to 30 percent of data could very well have a significant payoff. Enterprises should consider their compliance policies in the context of data protection. Compliance is related to data retention, which is part of data protection. Compliance data is fixed content information in an active archive. Data retention policies can be applied to this active archive. Compliance is simply a more restrictive set of data retention policies, such as chain-of-custody requirements and privacy constraints. Focusing on high availability and neglecting the other key objectives of data protection is dangerous. Too often high availability and data protection are considered synonymous. Data availability is only one of four key objectives for data protection — data preservation, data responsiveness, and data confidentiality are the others. An overemphasis on high availability could lead to underweighting the other objectives. If the necessary amount of data preservation is not in place, high availability of an application will not matter. If the correct controls for data confidentiality are not in place, serious consequences could result. If data responsiveness is not in place, data will not be usable. A sense that all the objectives have to be balanced properly is necessary. Obtain the report from: http://www.researchandmarkets.com/reports/c48009
•Date: 9th January 2007 • Region: World •Type: Article •Topic: IT continuity |
