Define, deploy and maintain
With a growing mobile workforce, what's a company to do about valuable company information being sent from and stored on employees' laptops while they work from home or from a local Internet cafe? How do they ensure that information is secure so it doesn't wind up in the wrong hands? How do they ensure that it is stored properly so your company can retrieve it? Companies must implement a proven process for distributed data protection. In order to do so, they should follow this six-step process that will help to define, deploy and maintain a strong data protection program.
Step No. 1: Organize and determine scope
Companies should first look to understand their data; specifically, where it resides and how important each piece is. Then they should identify the processes and responsibilities associated with protecting and recovering that data.
Step No. 2: Assess the risks
After companies determine the scope of their data, they should then assess the risks associated with it. Business-critical data should be handled with a higher security level than less important data. For example, in a medical practice, patient records have more value than routine documents such as the invitee list to the office holiday party. Companies should treat different kinds of data according to the value they have to the business, and perform a risk analysis of their entire backup process to identify any potential problems.
Step No. 3: Develop a formal plan for the protection and recovery of data
Companies must also think about how quickly different kinds of data need to be recovered. They need to consider the relative importance of older data, and decide how far back in time they need to be able to recover data. Companies should be mindful of security to ensure that neither the backup nor the recovery process exposes sensitive data to people who shouldn't have access to it. And, of course, having gone through the trouble of developing a plan, companies must document it and be sure to review it with people who have a role or stake in the process.
Step No. 4: Implement the program
As part of the rollout, it's important for companies to communicate the plan to everyone who has a stake in the process. They should also make sure everyone, including executives and individual contributors alike, understand why it's important to have a plan and to follow it.
Step No. 5: Manage and enforce
Companies should keep their program current, automate whenever possible, and make sure employees are reminded of their responsibilities in relation to the plan.
Step No. 6: Audit and test the plan
Finally, an untested plan isn't worth the paper it's written on. Therefore, companies should test the process once it's in place, and use people who are less informed so they're ready to jump in if the expert isn't around when a disaster hits.
For companies in many industries, information is their most valuable asset. Before employers allow their workers to conduct business from home, they need to consider their data storage and protection policies. As the number of mobile workers continues to increase, it will become even more of a priority for companies to adopt a process for consistent data protection. This will help to ensure that both centralized and distributed data is protected at all times. It will also aid companies in controlling their exponentially growing information, which is increasingly regulated and can be called upon at a moment's notice.
David Asher is Director of Product Management at Iron Mountain Digital. David joined the company as director of product management in June 2007. He is responsible for product management for the company's data protection offerings. David was previously director of product management for NMS Communications, where he was responsible for a portfolio of complex telecom hardware and software products, and the development of a new line of telephony server products. At NMS, David also served as the director of engineering operations, leading many improvements in the software development process. David had also been employed with Lewtan Technologies and Banyan Systems, Inc.
David holds a Bachelor of Science degree in Physics and Computer Science from SUNY Albany, a Masters degree in Business Administration from the University of New Hampshire, and a Masters degree in Electrical Engineering from SUNY Stony Brook. He can be reached at [email protected].