Within the last six months alone, hundreds of thousands of employees have been laid off from their jobs. Each one of those departing workers may have left behind important business data, applications or intellectual property-orphaned on desktops, remote workstations, mobile laptops or PDAs. Legacy backup approaches are not enough. The following are some important steps businesses should take to safeguard against orphaned data.
First, businesses should take steps to identify and locate all potentially orphaned data on distributed devices. Second, they should establish a comprehensive backup policy for that data. Third, businesses should establish centralized control over enforcing that policy. Finally, technology should be deployed that is able to reliably, flexibly and easily recover that data under any circumstances.
Let’s take a detailed look at all of these steps:
Step No. 1: Identify potentially orphaned data
Over half of all business data now resides on laptops and other distributed devices. These devices are often in transit or located at the edge of your network or beyond. They are at distant offices, partner sites or employees’ homes and not under the constant watch or control of IT. Even in the best circumstances, data can be orphaned if these devices are lost, stolen, broken, corrupted or simply never backed up. During work force turnover, even if IT manages to get distributed devices back, disk drives are often pulled, stacked on a shelf or left in a drawer forgotten, reformatted or recycled.
Before any work force turnover takes place-and while it’s still not too late to set up an adequate recovery process-IT should establish an inventory of distributed devices that likely contain mission-critical data and applications. Defining an inventory of distributed devices can help identify potentially orphaned data and ensure that data is regularly and thoroughly backed up.
Step No. 2: Establish comprehensive policy
Businesses with legacy tape or CD-ROM systems are often lucky to capture a reliable backup of their central server once a night. If they are really lucky, they might also back up shared folders from networked desktops that are actively connected to the server at that time. But even then, restoring the data is difficult and sometimes impossible.
Nightly backups are inadequate for retaining minute-by-minute transactional data. And versions of any business-critical file should be retained every time it gets updated. Worse still, remote laptops and other mobile devices usually only make contact with a central server sporadically (and not during backups scheduled in the middle of the night), so data residing on these distributed devices frequently fail to get included in collective batch backups on legacy systems.
Any effective policy to prevent orphaned data should require continual, multi-versioned backups whenever distributed, remote or mobile devices are connected to the network-even over dial-up or VPN connections.
Step No. 3: Centralize enforceable controls
For too many companies large and small, the policy for centralized backup control is like a faded note on the back door saying, “Remember to back up your PC files to the network before you go home.” A business owner might assume that data will be manually backed up at the end of the workday by a certain employee. But that employee, instead, actually intends to rush off to pick up the kids at soccer practice.
Backups are the responsibility of IT and should not be allowed to fail just because a user forgets or ignores the need to transfer files manually. To centralize control back into the hands of IT management, backups should be driven by established IT policy. IT should use technology that enforces backups to run automatically and transparently, without relying on the actions of individual device users.
Deploy Reliable, Flexible and Easy Recovery Options
Step No. 4: Deploy reliable, flexible and easy recovery options
Even successful backups have limited value unless the data can be recovered under any circumstances and with minimal burden on IT resources. Businesses should therefore deploy recovery technology and strategies that are reliable, flexible and easy.
Recovery must be reliable
For distributed organizations, turnovers might include closures of entire distributed work sites. Preemptive steps can be taken to establish that backups get replicated to secondary business-owned sites, hardened disaster recovery sites, third-party offsite portal services or hybrid combinations (for example, back up executive e-mail to a managed service provider (MSP) offsite and back up all other data to a secondary, business-owned site).
Recovery must be flexible
Businesses often deploy devices far beyond the intended or supported service lives of the hardware or drivers. During a major work force turnover or corporate restructuring, data may need to be restored to new or larger device platforms-even to virtual environments. IT should confirm any bare metal recovery solutions include the capability to restore data, applications and operating systems to dissimilar hardware.
Recovery must be easy
While all businesses should prepare for catastrophic data recovery, they must also weigh in factors of cost and complexity. While larger businesses struggle for optimal productivity from shrinking IT staff, and smaller businesses rarely even have a data recovery expert on site, nearly all daily restore requests are made by individual users for single files. Enabling user-directed restoration of their own individual files without administrative intervention can drastically reduce burdens on IT resources and lower recovery overhead costs.
A comprehensive approach to orphaned data is essential for best operating practices. And work force turnover is just one area to consider in data loss prevention. Natural disasters, a stolen laptop or simply a user saving the wrong file version can all lead to lost data. And any lost data can be very bad for business. In fact, up to half of all small businesses impacted by major data loss tend to shut their doors within five years. Additionally, business owners can be liable under regulatory mandates to ensure that certain data is backed up and recoverable for auditing purposes.
Chris Winter is the Director of Product Management for SonicWALL. Chris has managed data storage and security products for over 20 years. Working closely with customers and partners, Chris has architected innovative solutions that have delivered secure and reliable backup and disaster recovery to both small businesses and enterprise customers. Having lived and worked on four continents, Chris is finely-attuned to the differing needs of different geographies.
Prior to SonicWALL, Chris managed security appliance solutions for NeoScale Systems, which encrypted tape backups and disks for enterprise customers. While at NeoScale (first acquired by nCipher and then by Thales), Chris designed and architected an encrypting NAS server. In the process, he submitted five patents for security techniques that he developed. Chris is an expert in high availability computing and disaster recovery, and comes from a deep technical background where he managed teams of up to 30 leading-edge engineers. He can be reached at cwinter@sonicwall.com.