By the end of 2011, the number of worldwide mobile workers will reach 1 billion, including nearly 75 percent of the workforce in the United States. The portable computer market in the United States will also double, from 30 million units sold in 2007 to 61.1 million in 2012. With more business being conducted outside of a traditional office, the risk for data to be exposed or lost has increased. In addition, a hard drive crashes every 15 seconds and 2,000 laptops are stolen or lost daily. Given these statistics, it’s worrisome that a third of companies fail to test their tape backups, and of those that do, more than 75 percent have found tape backup failures.
Companies are also facing increasing challenges protecting their data-whether it is distributed or centralized-as information continues to grow exponentially. By 2010, digital data will reach zetabyte sizes (that’s a number with 20 zeros). Additionally, company information is increasingly being regulated at both the state and federal levels, and can be called upon at a moment’s notice. Companies need to identify their high-risk records such as personal data, customer data, intellectual property, proprietary information and trade secrets, and manage them for compliance, regulatory or risk purposes.
On average, companies lose 2.1 percent of their market value within two days of a breach, which means an average of a $1.65 billion loss in market capitalization per incident. Data drives business. Whether it’s intellectual property, human resources files, financial statements, customer data or even vendor information, data is the one thing that keeps business moving at a staggering pace. If company data is destroyed, lost or stolen, business continuity can be severely compromised.
It is critical for company executives to do everything in their power to ensure that their businesses can recover from any data disaster as quickly as possible-and with as little disruption to the business as possible. It has become essential for a company to implement a consistent data protection process that protects centralized, and equally as important, distributed data as business is increasingly conducted in non-traditional locations.
Define, Deploy and Maintain
Define, deploy and maintain
With a growing mobile workforce, what’s a company to do about valuable company information being sent from and stored on employees’ laptops while they work from home or from a local Internet cafe? How do they ensure that information is secure so it doesn’t wind up in the wrong hands? How do they ensure that it is stored properly so your company can retrieve it? Companies must implement a proven process for distributed data protection. In order to do so, they should follow this six-step process that will help to define, deploy and maintain a strong data protection program.
Step No. 1: Organize and determine scope
Companies should first look to understand their data; specifically, where it resides and how important each piece is. Then they should identify the processes and responsibilities associated with protecting and recovering that data.
Step No. 2: Assess the risks
After companies determine the scope of their data, they should then assess the risks associated with it. Business-critical data should be handled with a higher security level than less important data. For example, in a medical practice, patient records have more value than routine documents such as the invitee list to the office holiday party. Companies should treat different kinds of data according to the value they have to the business, and perform a risk analysis of their entire backup process to identify any potential problems.
Step No. 3: Develop a formal plan for the protection and recovery of data
Companies must also think about how quickly different kinds of data need to be recovered. They need to consider the relative importance of older data, and decide how far back in time they need to be able to recover data. Companies should be mindful of security to ensure that neither the backup nor the recovery process exposes sensitive data to people who shouldn’t have access to it. And, of course, having gone through the trouble of developing a plan, companies must document it and be sure to review it with people who have a role or stake in the process.
Step No. 4: Implement the program
As part of the rollout, it’s important for companies to communicate the plan to everyone who has a stake in the process. They should also make sure everyone, including executives and individual contributors alike, understand why it’s important to have a plan and to follow it.
Step No. 5: Manage and enforce
Companies should keep their program current, automate whenever possible, and make sure employees are reminded of their responsibilities in relation to the plan.
Step No. 6: Audit and test the plan
Finally, an untested plan isn’t worth the paper it’s written on. Therefore, companies should test the process once it’s in place, and use people who are less informed so they’re ready to jump in if the expert isn’t around when a disaster hits.
Conclusion
For companies in many industries, information is their most valuable asset. Before employers allow their workers to conduct business from home, they need to consider their data storage and protection policies. As the number of mobile workers continues to increase, it will become even more of a priority for companies to adopt a process for consistent data protection. This will help to ensure that both centralized and distributed data is protected at all times. It will also aid companies in controlling their exponentially growing information, which is increasingly regulated and can be called upon at a moment’s notice.
David Asher is Director of Product Management at Iron Mountain Digital. David joined the company as director of product management in June 2007. He is responsible for product management for the company’s data protection offerings. David was previously director of product management for NMS Communications, where he was responsible for a portfolio of complex telecom hardware and software products, and the development of a new line of telephony server products. At NMS, David also served as the director of engineering operations, leading many improvements in the software development process. David had also been employed with Lewtan Technologies and Banyan Systems, Inc.
David holds a Bachelor of Science degree in Physics and Computer Science from SUNY Albany, a Masters degree in Business Administration from the University of New Hampshire, and a Masters degree in Electrical Engineering from SUNY Stony Brook. He can be reached at David.Asher@ironmountain.com.