Data storage planning for a disaster of any sort used to be a relatively simple process: The IT staff would back up all important current business data onto extra disk drive servers every night or weekend; transfer older information onto archive tape once a week or month; then watch Iron Mountain or a similar service come take the cartridges away and store them in a cool, dark place where the data would likely never be seen again.
It's not so simple anymore, as recovery of that data is of greater concern. Planning, installing, deploying and testing disaster recovery systems is now a mandate for enterprises large, medium and small. Since the Internet began serving as a major business venue in the late 1990s, disaster recovery has become a heavily regulated part of a company's business due to increasing litigation and liability concerns.
In fact, data recovery is now a $20 billion-per-year sector of IT. Two key factors have driven this rise: an increasing number of natural disasters around the world and a number of new data-related regulations recently enacted in the United States and Europe.
The updated Federal Rules of Civil Procedure, the 2002 Sarbanes-Oxley Act and other regulations have changed the way enterprises retain their business data and control access to it. For example, the FRCP regulations, adopted by the U.S. Supreme Court in April 2006 and enacted in December 2006, say businesses must be able to quickly find data when required by the federal court in litigation. That means that every electronic document stored by a business-including e-mail, instant messages, financial documents, computer logs, voice mail, and all text and graphical documents--must be easily retrievable.
Enterprises also must be able to show auditors or courts that they have a repeatable, predictable system in place to handle this data--a high percentage of which is personal customer information, such as contact information, Social Security numbers, buying history and credit information.
Disaster recovery processes thus have become much more automated and security-oriented.