Data Debate: 4-Part Episodes


1. How do you manage complexities of compliance?

Christian Toon: It’s important that organisations realise the legislation that’s relevant to their business - whether it be data protection, IT security, or day-to-day business regulations that they need to make sure that they’re compliant with. And it’s important that they be held to account, and they are being held to account. So it’s important they get it right.

How do you manage data security with the complexity of compliance regulations?

Global IT director: Regulations… are there too many? Every person who deals with regulations is going to say yes. Are they fit for purpose? Some of them are and some of them aren’t. (…) compliance should just be good Data Protection Act compliance because you’re not keeping data for longer than you need to, you’re securing your internal firewalls (people getting into your systems and leaking data that way), you’re preventing people internally from escaping data that way. You’ve got internal audit, external audit…so the audits will go from password policies to retention of data, to making sure your year-end backups are secure, all the way up to quarterly penetration testings, to ethical hackers trying to get into your system, to making sure your internal servers are being backed up on a daily basis. So it covers the full spectrum.

Christian Toon: When organisations make the decision to set about and do something with their information, be it a data recovery strategy or a management objective, instead of just considering how long it’s going to take and how much it’s going to cost them and what’s it going to give them at the end. They really need to start thinking about security. How do we protect the project? How do we protect the outcome? But more importantly, how do we protect the content?

What are the biggest threats to your data security?

IT Director: People tracking to hack your environment, people trying to send you Trojan horses via email—all those things that you need to prevent from the parameter in. But also, there are lots of studies out there that your greatest security risk is your own internal people. So preventing people from taking data from inside your company and taking it out is also a very important point.

Head of IT: It’s really theft of property. I’m sure that a data data backup and recovery specialist has every possible means in place to protect that information. I don’t see that as a problem, but it’s the theft of information by other third parties that I would consider more of a risk. That would be more my concern than the backup company doing some daft with it and breaking it or whatever.

IT Director: I think our biggest […] because all of our reliance is on email. That is our medium of communication, email. And that’s where our biggest threats lie. So we’ve got three-factor authentication coming inbound, but we still have issues. We’ve still got a lot of resource time going into emails. I like to think that I could sleep at night if something happened, but unfortunately when you work in IT, you can never sleep at night, because there’s always something that’s going to be bothering you.

Christian Toon: Another unfortunate statistic we’re seeing is that security breaches are increasing—not only with our customers, but with the industry as a whole. You can’t seem to load five webpages without bumping into a story about a negligent data breach or an organisation that has faced a data breach, and that’s quite worrying. And if you actually look into the details behind it, it’s more to do with negligence—lack of employee care and ownership. And there the real big challenge is. The technology’s fine; the technology works to protect information. Unfortunately, we’ve got humans operating it. It’s always we’re the problem. So we need to look at this, addressing it with ethics programmes, with training and awareness packages that are fit for purpose—that we’re not sitting somebody in front of a screen and expecting them to become an expert in 30 minutes. Because, at the end of the day, it’s the employees at the front line of an organisation, that will make the difference.

Learn more about data privacy and protection. Download the here for 5 tips from the experts.

Regulations change and data protection with them. What keeps IT professionals up at night? This episode looks at the issues that threaten compliance and security as well as how to tackle them. Rather read the book than watch the movie? Download The Road to Know-Where

2. How do you ensure your business continuity plan will work?


Christian Toon:When we look at business continuity planning, it’s important that we have the necessary performance and risk indicators in place, to not only measure the effectiveness of the plan, but also to measure its value and worth to the board and stakeholders within that organisation. Whilst there’s a common set of indicators across risk and performance, it’s important that you choose the right ones for your business, that actually get the better return or to demonstrate the best return for your organisation.

Business continuity is a priority. Are there KPIs that are prioritised above the rest?

Head of IT:If some business critical data or application is down or you need to recover systems, whether it’s one file or an entire system, you don’t want to be messing about if it’s business critical. You need to be able to document a recovery procedure, even if it’s not directly to follow and even if you’re not responsible for its recovery… if it’s management and someone else is responsible for its recovery, you do need all of that in place to recover your business as quick as possible.

Global IT Director: KPIs are kind of driven by the criticality and the business needs, so the data they’re working on. So the business uses immediate 15 minute disk-to-disk replication, so we can always guarantee a 15 minute SLA and KPI, going down to the tier 3 legacy data, which is a 48-hour KPI on that. All of your ERP information may be interfaced into your CRM solution, and your CRM solution is very important, you’ve got all your VIPs on, all your customer data, etc., but feeding that is your legacy information. So your legacy has to be kept going.

How do wake up calls impact the business continuity strategy?

Head of IT:Yes, I have had wake-up calls. Luckily, I have managed to fulfil our obligations and not have a huge mess on my hands. There are wake-up calls, and that stops you from keeping the management of that plan complacent. And that is very much the case. After six months of everything just working fine, you do tend to relax a bit. We’re always vigilant. It’s the first thing that we do every morning is review the previous day’s backup scenarios and everything to make sure that there are no failures, but you do tend to relax into a situation if it’s all going well. And the odd, minor wake-up call doesn’t do anyone any harm. It keeps you on your toes really.

Global IT Director:My role is to keep it from happening in the first place, not to mitigate any risk that does happen. I disagree that there’s an inevitability that it’s going to happen. I agree that there’s an inevitability that they’ll try to hack, you know, we have it every single day probably. But my role is to prevent it from happening in the first place and to put systems and processes and procedures in place to keep that from happening.

How can businesses ensure their business continuity plans will work?

Christian Toon: Organisations need to take a risk-based view on when they need to access their information. Is it two hours? Is it 24 hours? Is it two days? And plan those contingencies into the service level agreements for their services. The first thing we look at when it comes to business continuity plans around a business impact analysis, so this is about understanding the impact to the organisation.

If certain systems or areas are affected by an incident or outage, following that we’re then able to determine risk indicators, such as utility outage and power and the impacts that may have against performance and the ability to deliver information back. We then look at the locational thread of the organisation and where this information needs to be, where it’s going to get accessed from, through to who’s going to access it, where that information will be delivered—through the internet or to an actual server location. And then finally, the people that are involved. So looking at the skills and competencies of those individuals, but also to understand that they’ve had the necessary training and plans you’re going to be implementing. Where we really get involved is articulating in a risk language that people and their stakeholders understand. Once you attribute a financial value to something, that’s when people start paying attention.

For more information on safeguarding your mission-critical data, download the Data Recovery Workbook.

Your data is a critical business asset. In this webinar, IT experts share their priorities for data recovery, their approach to scenario testing and how they communicate the business impact of disaster in a way the board can understand.

Prefer a good book to a movie? Download the Data Recovery Workbook

3. What's your perspective on multi-tier protection?


Christian Toon:In my opinion, based on my experience in dealing with our customers, an organisation should have a multi-tiered backup recovery approach.

How are you using a multi-tiered approach to storage?

Global IT Director: With the explosion of cloud, the decision of where to store that data is very prevalent. You store in the Cloud; you store on premise; you store it at a third-party location. So those types of things are more at the front of your mind, and if you do store it in the Cloud, the guarantee of where that data is stored.

Head of IT: So the combination that we use is really geared round the critical nature of the data—not so much the availability of it, but more the actual nature of the data itself. When it comes down to our ‘crown jewels,’ we have historically always taken care of it ourselves. The quantity of it is not that great. We feel that it’s quite straightforward for us to manage ourselves and keep it for ourselves. So that kind of information tends to stay in-house.

The Cloud solutions that we use are predominately things like our Exchange backup and our non-critical file and print servers and the like—something where it’s not the last word in intellectual property.

And what about the role of tape?

IT Director: It has its niche because of its portability … tape. I remember a time that SSDs, are soon to be taken precedence over those. We use SSDs. A typical store, a server will be about 500 gig at the max. So at 500 gig, it’s feasible for us. We use SSDs. As opposed to using tape archives.

Global IT Director: Tape is not dead either. We still do (on purpose) a tertiary tape backup, and that is because […] So things like year-end backups, that you don’t want the data ever deleted, you put it on a tape. It sits in a humidity-controlled environment. You know it’s there. You can always get at it, and it’s yours. So no one’s ever going to take that tape and overwrite it.

Disk-to-disk, you can almost guarantee it’s yours and no one will overwrite it. But you can never really guarantee that it’s not your Cloud, it’s not your disk. It may be portioned off to your environment, but ten companies may have access to that single tiered hosted solution. And although the hosting company will say that yes it’s secure and yes, no one else can get access to it, yes that’s fine. But if it ever got overwritten, that’s not acceptable. Knowing that our really important, year-end financial data, everything like that is store offsite in a bank of tapes that you can always get hold of, in ten years’ time, for compliance purposes, regulatory purposes, tape is definitely not dead.

Christian Toon: Some of the other risks that organisations face when it comes to backup and recovery is where that information is going to be stored. Where’s the end location going to be? Is it going to be down the road? Is it going to be in the next city or state? Is it going to be in another country? And if so, where is it going to be? With a heavier reliance on the Internet and cloud providers today, it’s quite hard to understand where your information is going to be sitting. And, because of that, you need to make sure that your information is tracked down to the specific location, where it’s being held, the transit locations it may pass through to get to that end result, and then to understand the existing legal requirements, or where that information is being stored.

The role of tapes in any backup or recovery strategy…they’re important today as they were years ago. And a lot of the time, organisations don’t realise that just because that just because the Internet, the Cloud, is all shiny and new, that just because that technology is online, doesn’t mean that it’s necessarily the best one for that organisation. A combination, perhaps, of both Cloud backup and tape backup will probably be best suited, instead of relying heavily on just one cloud solution or one particular tape solution.

One of the other benefits we see with tape is around the security—the protection of your long-term archive, because you an encrypt it, protect access and restrict access to individuals based on the readability of the media itself. And sending it offsite, you’re more likely to send it offsite somewhere in-country, so you know that you’re complying with the necessary data protection laws or local legislation that affects that particular legislation, and that’s really key. You compare that to using the Cloud for a backup service, and you don’t know where you information is. You may find it hard-pressed to tie down your provider, to locate your information in a particular jurisdiction.

An organisation should have a multi-tiered backup and recovery approach. This will take the best of both worlds, from cloud services, where information can be readily available within a few hours. It can be accessed from different locations throughout the globe, coupled with a long-time archiving solution with tape, which really does push the boundaries of long-term archival storage. This allows you to really sort of have a safekeeping place for that information that does require that longest retention period.

For more information on how to make tape and Cloud technologies work for your business, download Tape and Cloud: More than a Marriage of Convenience.

Cloud and tape solutions need not be mutually exclusive. In this episode the panel discusses how each solution adds value and how a multi-tiered approach can solve challenges of security, accessibility and storage.

Get the book. Download Tape and Cloud: More Than a Marriage of Convenience

4. Big data: obstacle or opportunity?


Christian Toon: The volume has really just gone on to explode across all platforms, different formats, and organisations are really challenged with managing different formats of information.

What are the challenges of Big Data?

Global IT Director: Well, basically, data’s exploding, so we need to find solutions on how to protect that data, where it’s being held. Is it better to have it on-premise, off-premise, the security of that data, the retrieval of that data.

Global IT Director: I’ve certainly been engaged over at least the last 12 months looking at outsource opportunities for data, just to improve flexibility. So I think that’s the way it’s going to go. Certainly for me and for our company over the next 24 months, it’s all about how flexible we can make things by putting more and more outside.

The Cloud solutions that we use are predominately things like our Exchange backup and our non-critical file and print servers and the like—something where it’s not the last word in intellectual property.

Head of IT: It has its niche because of its portability … tape. I remember a time that SSDs, are soon to be taken precedence over those. We use SSDs. A typical store, a server will be about 500 gig at the max. So at 500 gig, it’s feasible for us. We use SSDs. As opposed to using tape archives.

IT Director: Big Data is definitely a game-changer. Ultimately, all data is Big Data. But managing it is probably one of the biggest costs for us. Data is growing exponentially, so around this time, we are facing a decision. Either we buy our own internal storage systems, or we’re looking at putting it into the Cloud. So those are the two solutions that’s we’re currently looking at.

How is the role of IT evolving to cope with these challenges?

Global IT Director: Every part of what I do is important to some part of the business, so whether that’s security, whether that’s compliance, whether that’s data protection, whether it’s the strategy going forward for the next five years, how the IT department will support the business case and the business plans. They’re all as important as each other, so I wouldn’t single out one thing. However, wearing more hats going forward—undoubtedly, yes. So more things will come on board, I don’t know what they are, but I guarantee I’ll be the one put upon to do something about it—coming up with a solution and then to manage and strategise on that going forward.

Head of IT: My role, over the last five years, has become far more of a strategic planning role. My personal role is all about how we could innovate, how we could […] get a bigger bang for our buck, really.

How can you address these challenges?

Christian Toon: There’s three steps really, that organisations need to take when it comes to managing their information management problems. And, while they sound a lot simpler than they are in practice, they are the right steps, in the right direction that the organisation needs to take. First, always get a handle on what information they have and what they own. So identifying different data sets—where it sits, who’s got access to it, are all key important areas in knowing what that organisation has.

Secondly is to understand the business need for that information. Is it right? Is it relevant? And thirdly is to take it to the top. Get the board involved. Get a senior sponsor or a senior stakeholder involved in your organisation to support your information management cause. Because without that executive sponsorship, any future information management practices are pretty much dead in the water.

One of the biggest problems with Big Data goes without saying. It’s big. There’s a lot of it. There’s a lot of volume. And making sure that information is readily available and accessible at the same time, because you’re dealing with huge, vast quantities of information, it’s hard to pull that down from remote locations, and perhaps may benefit more from a physical site transfer. You’ve then got the volume of that information and the speed at which the technology can go through to analyse that information. So how quickly do you need that information? That speed of when you need that will have repercussions on how you store it and where you store it.

For more information on how to manage the oncoming sea of Big Data, download the podcast: The Upcoming Zettabyte Apocalypse.