In the course of my consulting practice, I receive hundreds of emails and phone calls about a vast array of storage issues. I can usually determine what the vendors are saying to the users by the consistency of certain questions. Lately, I have been asked the following question repeatedly:
As wonderful as archiving is, it is not data protection. If a disaster occurs, the organization could not effectively recover their data from the archive. All of the data they recovered would be obsolete and out-of-date. Any current data would be lost. It would be very ugly.
If an individual user lost a file, had a corrupted file or one infected with a virus, they would be apoplectic when they found they could only recover a very old version of that file, if at all. (Ugly in that case would be an understatement.) Hyperbole aside, the differences between archiving and data protection reveal that the IT organization must have plans for both.
The data protection plan must take into consideration the needs of the organization and the individual -- as well as regulatory and legal compliance. It needs to be broad enough to protect data inside the data center, the remote office/branch office, or ROBO, and the mobile user. Different types of data have different value. The age of the data affects its value. A data set's value is affected by how frequently it is accessed. The higher the value, the better (which typically means more expensive) the data protection must be. Lower value data sets can have less data protection. Each type of data set must have rules that define how much data can be lost in case of a loss event (recovery point objective or RPO) in order to return to the normal course of business. Also, each level must define how quickly the data must be recovered back in production (recovery time objective or RTO.) The data protection plan should take all of this into account.
Archiving too must have a comprehensive plan if it is to be used effectively. All data sets have a life expectancy to them. The archival plan must take into account the length of retention, the value of the data sets, the type of data sets, whether it needs to be encrypted and even if it needs to be destroyed digitally at the end of its life with a certificate of destruction.
The point to remember is that an IT organization must (and I do mean must) have separate plans (typically separate products) for their data protection and archiving. Failure to do so puts the organization at significant risk.
In my next blog, I will walk through the steps of setting up a data protection plan.
About the author: Marc Staimer is president and founder of Dragon Slayer Consulting in Beaverton, Oregon. He is widely known as one of the leading storage market analysts in the network storage and storage management industries. His consulting practice of six plus years provides consulting to the end-user and vendor communities.