News Stay informed about the latest enterprise technology news and product updates.

Hope is not a strategy; preparedness is

Is your DR plan prepared for the upcoming hurricane season? Do you even have a data strategy plan in place? Jon Toigo gives some pointers on how to get your plan in order before it's too late.

This hurricane season, expect the airwaves to be filled with retrospectives about 2005's hurricane season and the toll taken by Hurricanes Wilma, Katrina and Rita -- three Category 5 storms that broke several of the records maintained by the National Hurricane Center. You can discount any doom-saying that 2005's hurricane activity is an indication of things to come; despite 120 years of hurricane tracking data, we really have no idea when or where a hurricane will strike. However, the pictures from that year's storms make for the kind of visuals that all the networks like to show. "If it bleeds, it leads," goes the old mantra.

More storage blogs
Read what all of our expert bloggers have to say on data protection, storage networking and more. Click here.
What we will all hopefully take away from the media hype will be increased resolve to do something to improve the resiliency of our businesses and their IT infrastructure against potential unplanned interruptions -- whether due to big events like hurricanes, or from day-to-day events like virus attacks, software patching problems, accidental data deletions or equipment failures. However big or small the disaster, when it comes to recovery, data is the key. Without a reliable copy of your data, you can't restore your company…period.

A data protection strategy is the lynchpin of any disaster recovery (DR) plan. As with most things, data protection is a lot more complicated than it sounds.

Formulating a data protection strategy starts with an analysis of the data itself. Since data inherits its criticality, like so much DNA, from the applications and business processes that generate and use it, it stands to reason that you need to do some up-front analysis to segregate data by its association.

However, data isn't self-describing and it isn't associative; it is mostly anonymous. That drives most companies -- those that are doing anything at all about data protection, which is about 50% by most accounts -- to make copies of all of their data, including the junk.

The fact that traditional tape backups have become so vilified in the tech media is more a reflection of our failure to sort data and to back up only what is necessary than it is an insight about any vicissitudes of tape technology itself. I have to question the veracity of a Gartner report from about year ago, which claimed that one in 10 tapes failed on restore. This is statistically absurd. The only way that this could happen is if the tape administrator is using the tapes as Frisbees.

Data can be mission critical in two ways: Either it is directly used by a mission-critical application serving a mission critical process, or it is produced and used by a secondary process or application but is necessary for a critical process to work. To identify these mission-critical-by-association data types, you need to do some work. In essence, you need to start doing data classification.

Classifying data for inclusion in a data protection scheme is very similar to classifying data for inclusion in a security strategy or a compliance strategy. (That gives you a good "kill several birds with one stone" story to tell to senior management when it comes to asking for funding to do the job.) As a rule, the front office doesn't like to fund DR; it's an insurance policy that measures its success in non-events, which makes it difficult to prove any real value in the activity. By broadening the focus of data protection to embrace data management, you begin to have a more fulsome business case to present to senior management.

Tools are appearing in the market from companies like Abrevity that can help you sort out the junk drawer of your data. You can do it just as effectively yourself with an Excel spreadsheet and a bit of chutzpah. Just do some interviewing of business and IT folks to nail down a hierarchical chart of business processes, their associated tasks, the workflows supporting those tasks and the applications that support the workflows. Then, on your handy-dandy spreadsheet, detail the data flows to and from the applications.

Arrange the data flows on the left side of the spreadsheet, and list your own criterion across the top. I suggest column headings such as:

  • Criticality
  • Retention period
  • Deletion period
  • Confidentiality
  • Anything else that pertains in your environment

For each data flow -- with the assistance of the relevant folks from the line of business, legal department, IT, etc. -- enter a value under each column.

At the end of this exercise, which is undertaken on a process-by-process basis, sort the spreadsheet by columns. Data "classes" -- at least rudimentary ones -- will magically appear like layers in a parfait or specialty bar drink. With this information, you'll have the basics that you need to begin selecting appropriate data protection techniques and methods.

When it comes to data protection, hope is not a strategy. Preparedness is. Your comments are welcomed at Also, check out an event I am running on DR.

About the author: Jon William Toigo is a Managing Partner for Toigo Productions. Jon has over 20 years of experience in IT and storage.

Dig Deeper on Data storage strategy

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.