 |
|
|
|
|
|
|
|
|
|
Establishing data's value |
|
|
|
|
|
|
|
|
|
|
| Mission-critical data is the organization's most vital data. It's usually tied to primary business processes, primary applications and service-level agreements (SLAs). Losing access to this data means risking organizational death. Lost data almost certainly means loss of business and revenue and potential lawsuits. The organization must have access to this data regardless of the cost. Examples include online transaction processing (OLTP), order entry, customer service and current e-mail. If an application has a recovery point objective (RPO) of immediate or near immediate, and a recovery time objective (RTO) of immediate or near immediate, it's mission-critical data. |
|
|
|
| Essential data is very important to the organization. It's commonly used for critical, day-to-day operations. The data doesn't require instantaneous recovery to keep the organization running. Essential data may be classified by the organization as secret. Examples include engineering software development code, marketing plans, product pricing, sales forecasts, customer account lists, prospect lists, accounting, etc. Essential data usually has an acceptable RPO of seconds and, in some cases, even minutes. The acceptable RTO is typically minutes to hours. |
|
|
|
| Important data is used by many day-to-day operations and applications. RPOs of minutes or hours are commonly acceptable without severely hampering operations. RTOs can be from minutes to hours, days or even weeks. Examples of important data can be HR records, contact lists, calendars and schedules. |
|
|
|
| Less-critical data has relatively low organizational value. Corrupted, damaged, even irretrievably lost data can be reconstructed with nominal effort and cost. There are typically multiple copies of the data and security isn't paramount. RPO ranges from hours to days, weeks and, in some cases, even months. RTO ranges from hours to days. Less-critical data is the largest amount of stored data, and may include e-mail archives, personal data files and historical digital records. Much of this data can be kept off site. |
|
|
|
|
|
|
|
|
This is an incredibly scary time to be a disaster recovery (DR) manager. It's no longer if a disaster will strike; it's when, how often and of what magnitude. DRis your company's insurance against what might otherwise be a debilitating incident. DR prices are coming down and the options to protect your data are growing. Picking the right combination of options is the key to being cost effective. But before you can select the right combination of DR options, you must establish an application/data classification foundation (ADCF). The following describes how to classify data by its value and then pick the tools (replication, backup, mirroring, snapshot, etc.) that will protect the various classes of data while also keeping your company in compliance with regulatory requirements. The ADCF also lays the groundwork for a comprehensive, workable information lifecycle management process.
Risk-to-benefit actuarial analysis often shows the cost to meet an organization's DRobjectives for all applications and associated data. This leads to a budget-driven DR approach that may meet the DR requirements only for the organization's most vital application data. The rest of the data is either completely unprotected or relegated to a DR approach that falls short of organizational and regulatory requirements. This is also known as the DRGAP (gravely abysmal protection).
The DRGAP is the difference between the level of DRrequired and the level of DR that can be afforded, or the difference between the actual level provided and the level required.
What is cost-effective DR?
Depending on a company's needs, the definition of costeffective DR can vary considerably. For our purposes, cost-effective DR is defined as meeting the DR needs of the organization; the protected data is within compliance with regulations, and the DR process falls within the organization's budget. The ADCF is the key element to determining the proper balance between under- and overspending on DR protection.
Use the ADCF to determine the value of the data to be protected. One method that works well is to assign the data to four categories: mission critical, essential, important and less critical (see "Establishing data's value," this page). For each category, you must set the recovery point objectives (RPOs) and recovery time objectives (RTOs). Next, each application and its associated data must be prioritized and assigned to a category. This isn't as daunting as it might appear. Ongoing surveys suggest that assignment should be based on application availability requirements, regulatory compliance and elimination of business risk.
