Problem solve Get help with specific problems with your technologies, process and projects.

Archives and data protection: The important differences

While the two are both equally important, it's vital that you don't confuse archiving with data protection. Marc Staimer explains their differences.

In the course of my consulting practice, I receive hundreds of emails and phone calls about a vast array of storage issues. I can usually determine what the vendors are saying to the users by the consistency of certain questions. Lately, I have been asked the following question repeatedly:

If the user implements an ILM strategy that eventually migrates the data to some form of archival storage (usually tape), can they forego backups or other forms of data protection?

After I pick up my jaw off the floor, my answer is an emphatic, "No." Archiving does not protect the organization or user's data. Archival data is, by definition, aged and very rarely accessed. It's fabulous for providing long-term access for older data. Some vendors are even providing a very convenient method to search and retrieve archived data online (Powerfile, Archivas, EMC/Centera, Permabit, to name a few). This is incredibly important as eDiscovery becomes more imperative in our litigious society.

As wonderful as archiving is, it is not data protection. If a disaster occurs, the organization could not effectively recover their data from the archive. All of the data they recovered would be obsolete and out-of-date. Any current data would be lost. It would be very ugly.

If an individual user lost a file, had a corrupted file or one infected with a virus, they would be apoplectic when they found they could only recover a very old version of that file, if at all. (Ugly in that case would be an understatement.) Hyperbole aside, the differences between archiving and data protection reveal that the IT organization must have plans for both.

The data protection plan must take into consideration the needs of the organization and the individual -- as well as regulatory and legal compliance. It needs to be broad enough to protect data inside the data center, the remote office/branch office, or ROBO, and the mobile user. Different types of data have different value. The age of the data affects its value. A data set's value is affected by how frequently it is accessed. The higher the value, the better (which typically means more expensive) the data protection must be. Lower value data sets can have less data protection. Each type of data set must have rules that define how much data can be lost in case of a loss event (recovery point objective or RPO) in order to return to the normal course of business. Also, each level must define how quickly the data must be recovered back in production (recovery time objective or RTO.) The data protection plan should take all of this into account.

Archiving too must have a comprehensive plan if it is to be used effectively. All data sets have a life expectancy to them. The archival plan must take into account the length of retention, the value of the data sets, the type of data sets, whether it needs to be encrypted and even if it needs to be destroyed digitally at the end of its life with a certificate of destruction.

The point to remember is that an IT organization must (and I do mean must) have separate plans (typically separate products) for their data protection and archiving. Failure to do so puts the organization at significant risk.

About the author: Marc Staimer is president and founder of Dragon Slayer Consulting in Beaverton, Oregon. He is widely known as one of the leading storage market analysts in the network storage and storage management industries. His consulting practice of six plus years provides consulting to the end-user and vendor communities.

This tip originally appeared on

This was last published in July 2006

Dig Deeper on Data security technology and strategy

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.