Elements of a data protection strategy

In this excerpt from Chapter 1 of Data Protection and Lifecycle Management, author Tom Petrocelli addresses the importance of data protection as it pertains to regulatory compliance and outlines the five components of a data protection strategy.

[An] important business driver for data protection is the recent spate of regulations. Governments throughout the world have begun imposing new regulations on electronic communications and stored data. Businesses face dire consequences for noncompliance. Some countries hold company executives criminally liable for failure to comply with laws regarding electronic communications and documents. These regulations often define what information must be retained, for how long, and under what conditions. Other laws are designed to ensure the privacy of the information contained in documents, files, and databases. Loss of critical communications can be construed as a violation of these regulations and may subject the corporation to fines and the managers to legal action…

Data protection is just what it sounds like: protecting important data from damage, alteration or loss. Although that sounds simple enough, data protection encompasses a host of technology, business processes and best practices. Different techniques must be used for different aspects of data protection. For example, securing storage infrastructure is necessary to ensure that data is not altered or maliciously destroyed. To protect against inadvertent data loss or permanent corruption, a solid backup strategy with accompanying technology is needed.

The size of an enterprise determines which practices, processes or technologies are used for data protection. It is not reasonable to assume that a small business can deploy expensive, high-end solutions to protect important data. On the other hand, backing up data to tape or disk is certainly something that any enterprise can do. A large enterprise will have both the resources and the motivation to use more advanced technology.

The goal is the same no matter what the size or makeup of the company. Data protection strives to minimize business losses due to the lack of verifiable data integrity and availability.

The practices and techniques to consider when developing a data protection strategy are:

• Backup and recovery: the safeguarding of data by making offline copies of the data to be restored in the event of disaster or data corruption.
• Remote data movement: the real-time or near-real-time moving of data to a location outside the primary storage system or to another facility to protect against physical damage to systems and buildings. The two most common forms of this technique are remote copy and replication. These techniques duplicate data from one system to another, in a different location.
• Storage system security: applying best practices and security technology to the storage system to augment server and network security measures.
• Data Lifecycle Management (DLM): the automated movement of critical data to online and offline storage. Important aspects of DLM are placing data considered to be in a final state into read-only storage, where it cannot be changed, and moving data to different types of storage depending on its age.
• Information Lifecycle Management (ILM): a comprehensive strategy for valuing, cataloging and protecting information assets. It is tied to regulatory compliance as well. ILM, while similar to DLM, operates on information, not raw data. Decisions are driven by the content of the information, requiring policies to take into account the context of the information.

All these methods should be deployed together to form a proper data protection strategy.

Read the rest of Chapter 1, Introduction to data protection