The Neglected Art of Data Protection
Being in business for 20 years, and in the IT industry for 30, it is clear to me the art of data protection is sorely neglected in the majority of organizations from large to small.
A report by US cyber-security firm Recorded Future published in May highlighted a spike in ransomware attacks targeting US cities. Previous victims include Lynn, Massachusetts, Riviera City, Florida, and Baltimore, Maryland, just to name a few.
The fact these organizations were crippled by Ransomware or forced to pay a ransom, shows data protection was obviously lacking. Backup and recovery are the last line of defense against ransomware and other disasters.
Why does this happen so frequently when the repercussions are so profound? Here are a few simple reasons:
- IT admins are not focused on data protection – they have many other jobs to do and backup is easily neglected.
- IT admins are not well trained or certified in data protection.
- Often the most junior employee manages the backups – because no one else wants to do it.
- Staff turn-over often impacts the monitoring and management of backups.
- Top management does not put emphasis on data protection or recovery testing.
I often ask management this question:
If you had to choose between all of the money the company has in the bank or all of your data, which would you choose if you could only keep one?
Maybe in some cases, it would make sense to keep all of the money, but in most cases, data is what allows the business to stay running and to keep making money for years to come.
So the questions boils down to would you want to keep the money you have now, or keep the money you will be making over the next 5, 10, or 20+ years? This question allows management to see data as being even more critical than the money in the bank, yet their safeguards for data protection are also far less than how money is protected.
Getting top management to appreciate and demand comprehensive and professionally managed data protection is key. Without buy-in from management the appropriate funding levels will most likely never be met, nor will it be communicated as a priority to IT staff that data protection is a highly valued objective. Management can demand that certain controls are followed and reported.
IT staff needs training, and have the time to focus on data protection even when other high priority IT initiatives invariably arise that often distract IT admins, from the daily grind of verifying and testing backups. IT staff needs to be redundant with others trained and experienced so that when someone takes a vacation, or takes another job, the data protection system is not neglected.
Once management realizes more emphasis and resources are needed then the question becomes how to balance the additional resources to meet the objectives. Do you train your existing staff? Do you hire additional staff? Do you bring in outside assistance? Do you outsource the management of your backups to professionals?
Consider the following:
- Backups will not increase revenues
- Backups will not increase market share
- Backups will not increase brand recognition
- Backups will not improve customer satisfaction
In short, backups are not “strategic” to the business even if highly critical. Lack of backups (and the ability to restore data) can certainly lead to shrinking or even destruction of the company, but they do little to help an organization grow.
IT people should be focused on technology which does add value to the organization. IT people should be dedicated to strategic tasks enabling the organization to be more competitive, more profitable, and increase customer satisfaction. So, does it make sense for IT staff to spend effort on data protection, or would this key function be better addressed by engaging outside resources with more focus and expertise?
Managecast’s goal is to provide expert-level backup and recovery service that improves current data protection methods while freeing existing IT support staff to focus on being more strategic to their organization.