This article can also be found in the Premium Editorial Download "Storage magazine: Using file virtualization to improve network-attached storage."
Download it now to read this article plus other related content.
Covering the right risks
We've all seen ads from insurance companies promising protection from an assortment of oddball circumstances for "just pennies a day." You can't beat the insurance industry for knowing the real odds and pricing its products accordingly. On the other hand, you don't buy insurance because it's cheap; you buy it to protect yourself against a given set of risks. If the right risks aren't addressed, then price is irrelevant.
Like other IT functions, data protection has become much more specialized. This is the direct result of an expanded awareness of the variety of risks, increased levels of user expectations and the growing range of technology options available to address specific problems. As a result, the way we approach risk and risk-related services also needs to evolve. We need to think about the likelihood and impact of various risks and the kinds of "coverage" we need.
Let's consider a subset of the various types of data loss and availability risks that require protection:
- Detectable file deletion or corruption. In this scenario, data is accidentally deleted or overwritten, and there's an almost immediate (let's say less than a day) realization that an error has occurred. There are lots of ways this can occur, and the data loss can be logical or physical.
- Latent (lingering) data deletion or corruption. This risk is rarely quantified, so there often aren't any policies to address
- it. It's when data is deleted or, more likely, logically corrupted in some way, but the loss can lay undiscovered for days, weeks or months.
- Storage device failure. This is a type of physical loss, usually of a significant quantity of data.
- Interdependency failure. This can be thought of as "effective" data loss due to lack of synchronization or data inconsistency across multiple application components. It's the "weakest link" effect. If one level of service is provided to a portion of an interdependent environment and a different level to another part, the overall protection level is only as good as the lesser of the two levels of service.
- Compound failure. Similar to interdependency failure, this is the risk of any combination of the above data loss scenarios happening concurrently.
- Site failure. Loss of a site, such as a data center, is usually considered a disaster and falls under the realm of disaster recovery (DR). It's yet another class of scenario that needs to be differentiated from more localized operational situations.
This was first published in March 2007