Beyond Backups: Consider a Comprehensive Data Protection Strategy


As cybercriminals find new ways to attack, breach, and exploit, data protection has become an increasingly critical component of a company’s IT strategy. Compounding the problem, legacy IT systems, which often present compatibility challenges with newer storage and data protection technologies, are becoming a bigger risk factor for IT teams that need to safeguard critical organizational and customer data while meeting global and industry mandates.

Addressing common data protection gaps                      

Backing up your data is akin to having an insurance policy for your business. But far too often, technology teams literally treat backups like buying insurance. We know we need it, we hate paying for it, and we often don’t take the time to thoroughly evaluate if we have the right protection for our organizations until we are in crisis mode.

Data is the lifeblood of every organization. It is extremely important to a business’s success that employees and customers can quickly and securely access the data they need when they need it.  However, only 20 percent of businesses are confident their current data protection solution can keep pace with their storage needs. Regardless of whether your data is stored on highly redundant, fault tolerant, on-premises infrastructure or in the cloud, you need to make sure your IT team is backing up the right data and that you are confident you can recover it.

It’s also important to know how long it will take to recover lost or corrupt data. Today, one of the most common gaps in a company’s data protection strategy is not testing recoverability. This is problematic because if you cannot recover the data, you cannot confidently say it is backed up.

Another common gap is the process around failed backup remediation. Does your team know when backups fail? Is there an incident and remediation ticketing process associated with your backups? If your backup solution is hard to use or doesn’t integrate with monitoring and/or incident response tools, you likely have gaps in your data protection strategy.

Data protection is not just a conversation about backups

Simply having a tool for backing up your data is not tantamount to a data protection strategy. Backup solutions are not a “set and forget” technology. Your environment is constantly changing and so are your data protection needs. To begin building a comprehensive data protection strategy, you must consistently evaluate and revisit these four key questions:

1.       Do you know where all your mission critical data is stored today?

As our infrastructures have become more dynamic, elastic, and agile, we have created a situation whereby mission critical data can be stored just about anywhere—on-premise servers, endpoints, in the cloud, etc. If we don’t know where all the data is, how can we confidently back it up? If the data is not being backed up, your company may be at risk for data loss. Data loss can come from any number of sources, such as system failure, human errors, or security breaches. About 58 Percent of SMBs are not prepared for a data loss incident based on information gathered by Washington, DC-based research firm Clutch.

2.       Do you know that all your data is being backed up?

Once you know where all your data is, you can evaluate if you have the right tools in place to provide for backups. Ideally you have a single backup solution in place today that can backup everything. However, many companies use several different backup tools and methods to account for legacy solutions, which results in an even greater risk for data loss as it becomes harder to manage data backups across multiple systems.

3.       Do you know the backups are successful?

Once you are confidently backing up all of your critical data, you have to make sure those backups are successful. You don’t want to find yourself in a situation where you need to restore data during a crisis only to find out that the backups haven’t worked for a long time. Proper visibility, reporting, and remediation of backup issues in addition to regularly scheduled data recovery tests are all critical components to a comprehensive data protection strategy. 

4.       Do you know you how long it would take to recover lost data (Recovery Time Objective or RTO) and how old that data would be (Recovery Point Objective or RPO)?

These two measurements, RTO and RPO, are crucial to any comprehensive data protection strategy. There is no way to properly discuss disaster recovery, business continuity planning, or business risk and impact analysis without them. Being able to clearly define and discuss the RPO and RTO for your mission critical applications and business data will allow you to demonstrate the importance of investing in data protection.

As your data footprint continues to expand, a holistic data protection strategy increasingly becomes an important IT differentiator. Contact Burwood Group to begin a conversation about your data protection strategy.

Click here for Burwood Group’s comprehensive Cybersecurity Resource Library.


April 19, 2018