With data breaches making headlines worldwide, CIOs concerned about the security of their companies’ digital assets – and whether their organisations will recover if their data is stolen, lost or damaged – Bill Mansfield, Solution Architect, Data Protection and Availability, Logicalis US, suggests IT pros should assume their data is at risk and plan accordingly.
The scariest thing about data loss isn’t what you do know. It’s what you don’t know. You never know what kind of attacks might come in, so you can’t rigorously plan for them or entirely protect against them, and that means your data is vulnerable.
It’s an uncomfortable truth for most CIOs – no amount of scenario planning and testing can put an organisation completely out of harm’s way. Rather, steps to prevent and defend against attacks must be coupled with being prepared to mitigate the impact should the worst come out of left field.
In effect, then, there are two key principles to master when it comes to protecting digital assets: First, keep the bad guys out. Second, bad guys are infinitely ingenious, so assume they will get in, and create – and maintain – an environment that allows you to recover when they do.
That requires a sophisticated approach, for instance coupling enterprise backup solutions like HP’s Data Protector, with a dedicated team of internal storage professionals or with a managed services provider – specialists that can monitor and manage both the software and the entire business continuity/disaster recovery process 24/7.
In the end, it all boils down to taking a proactive approach, and recognising that protecting a company’s digital assets means focusing on three important areas: confidentiality, integrity and availability – the CIA approach:
- Confidentiality: The confidentiality focus protects data from unauthorised users both physically and digitally. Start by keeping digital assets from leaving the company’s hands with a layer of physical security that encircles the data centre - including everything from locks on data centre doors to secure passwords on storage arrays. Next, encrypt the data so that, if it does fall into the wrong hands, it will be useless to them. Be sure to encrypt both data at rest (like that stored in disk subsystems) as well as in motion (like tape that leaves the data centre for off-site storage).
- Integrity: The integrity focus protects against authorised users who make a mistake or applications that fail and lead to data loss. In this phase, the IT pro’s job is to use backup, snapshots and replication to create recovery points and a forensic view of the environment. This will enable the company’s storage administrator to rewind to a time when the data was good and start fresh from there.
- Availability: The availability focus refers to ensuring uptime and access to data when it’s needed most. When designing a storage solution, it’s crucial to match storage systems to the availability needs of the organisation. Equally important, the storage must be managed 24x7x365 - whether by on-site personnel or remotely by a solution provider partner. IT will also need to decide whether or not off-site data replication is necessary to give the organisation the ability to withstand a large-scale disaster; in this instance, disaster recovery-as-a-service may be a cost-effective option to consider.