In this excerpt from Chapter 1 of Data Protection and Lifecycle Management, author Tom Petrocelli addresses the importance of data protection as it pertains to regulatory compliance and outlines the five components of a data protection strategy.
[An] important business driver for data protection is the recent spate of
regulations. Governments throughout the world have begun imposing new regulations
on electronic communications and stored data. Businesses face dire consequences
for noncompliance. Some countries hold company executives criminally
liable for failure to comply with laws regarding electronic communications and
documents. These regulations often define what information must be retained, for
how long, and under what conditions. Other laws are designed to ensure the privacy
of the information contained in documents, files, and databases. Loss of critical
communications can be construed as a violation of these regulations and may
subject the corporation to fines and the managers to legal action…
 |
| MORE INFORMATION |
Download Chapter 1, Introduction to data protection
Visit our resource center for tips and expert advice on storage security
Read more book reviews, excerpts and chapters |
|
|
|
|
Data protection is just what it sounds like: protecting important data from damage,
alteration or loss. Although that sounds simple enough, data protection
encompasses a host of technology, business processes and best practices. Different
techniques must be used for different aspects of data protection. For example,
securing storage infrastructure is necessary to ensure that data is not altered or
maliciously destroyed. To protect against inadvertent data loss or permanent corruption,
a solid backup strategy with accompanying technology is needed.
The size of an enterprise determines which practices, processes or technologies
are used for data protection. It is not reasonable to assume that a small business
can deploy expensive, high-end solutions to protect important data. On the
other hand, backing up data to tape or disk is certainly something that any enterprise
can do. A large enterprise will have both the resources and the motivation to
use more advanced technology.
The goal is the same no matter what the size or makeup of the company. Data
protection strives to minimize business losses due to the lack of verifiable data
integrity and availability.
The practices and techniques to consider when developing a data protection
strategy are:
- Backup and recovery: the safeguarding of data by making offline copies of
the data to be restored in the event of disaster or data corruption.
- Remote data movement: the real-time or near-real-time moving of data to a
location outside the primary storage system or to another facility to protect
against physical damage to systems and buildings. The two most common
forms of this technique are remote copy and replication. These techniques
duplicate data from one system to another, in a different location.
- Storage system security: applying best practices and security technology to
the storage system to augment server and network security measures.
- Data Lifecycle Management (DLM): the automated movement of critical data
to online and offline storage. Important aspects of DLM are placing data considered to be in a final state into read-only storage, where it cannot be
changed, and moving data to different types of storage depending on its age.
- Information Lifecycle Management (ILM): a comprehensive strategy for valuing,
cataloging and protecting information assets. It is tied to regulatory
compliance as well. ILM, while similar to DLM, operates on information, not
raw data. Decisions are driven by the content of the information, requiring
policies to take into account the context of the information.
All these methods should be deployed together to form a proper data protection
strategy.
Read the rest of Chapter 1, Introduction to data protection
