September 9th, 2019 Read Time: 4 minutes
The Electric Helpdesk is comprised of experienced IT Professionals with the knowledge and expertise to solve any IT Support question one may have.
It’s more important than ever for companies to have a sound data protection strategy. A failed data recovery can lead to lost clients, revenue, and being out of compliance.
That’s why we recently partnered with Probax to host a webinar on this topic. Kevin Allan, Probax’s founder and CTO walked us through the process of building a data protection strategy, which we’ve summarized below.
Kevin began by outlining the five main steps in building a data protection strategy:
He noted that this process is ongoing and the steps should be continually reassessed.
The five steps above are a bit broad, so Kevin got into some specifics. He framed building a data protection strategy as asking the following series of questions:
One of the most common mistakes that businesses make is simply not knowing where all of the company’s data lives. Servers and local machines are one source, but these days, a huge amount of data — especially sensitive and critical information — is stored on the public cloud.
When using cloud vendors, remember that while they may have uptime SLAs and security protections in place, it is ultimately the business’s responsibility to protect company and customer data. Kevin added that it’s crucial that companies don’t store all of their data “eggs” in one basket; storing backups in different places or with different vendors.
The safest implementation involves some combination of local and cloud backup, taking into consideration each option’s pros and cons.
The short answer is yes, always. Kevin also mentioned more specific recommendations:
Kevin recommended that businesses follow the “3-2-1-0” rule:
In addition, partner with a reputable company that you can trust to be around for a long time. Many laws require data to be stored for at least 7-10 years.
According to Kevin, just knowing where your data is and having a simple view of it is half the battle. Next, be vigilant with monitoring and use some level of automation to streamline the process.
There are a growing number of data privacy and security regulations on the books. To stay compliant and ensure that it is safe from insider attacks, archive data to low-cost, air-gapped long-term storage.
Test every quarter by either restoring the data or turning on the environment. Ensure restore times are acceptable for your business based on your ideal restore time objective (RTO) and restore point objective (RPO).
This will depend on how much downtime your business can afford. Thinking back to the second step of classifying data, consider the importance of your data and how the business would be affected if it wasn’t accessible. Businesses that cannot afford to be without their data for less than 15 minutes should consider working with a disaster recovery as a service (DRaaS) provider.
Kevin ended the webinar by noting that data protection is more than just backup and disaster recovery. The best way to manage risk is with vigilant monitoring, management, and automation with the help of outsourced support.