A false sense of security
Most organisations routinely backup their data with good intentions, innocently believing that they have robust processes in place. However, it often proves to be a false sense of security. Unfortunately, a variety of issues can hinder data retrieval and those issues are often not discovered until it is too late.
Today, an organisation has – quite rightly – a duty to preserve data. This data could be called upon at a moment’s notice by industry regulators. Managing data in a manner that makes it difficult, if not impossible, to recover will not excuse a corporation from its duty. This is leading to some organisations putting their heads in the sand and gambling that their legacy data will be accessible and usable if needed.
There are many potential threats to data accessibility. Some of the most common include failure of the backup software or the storage media, the intense volume of the data held by the organisation, archaic backup systems, forensically unsound methods, human error or natural disasters such as those caused by fire, water damage, mud, extraordinary cold or heat.
Four Tips for Mitigating the Data Accessibility Gamble
Within the larger context of information life cycle management, organisations are looking to data management experts to help them manage stored data more efficiently and reduce the load on IT infrastructure and their teams. As part of a robust solution, it is important to consider the following four tips:
Define the project
The success of a project involving the manipulation of stored data depends on the ability of those tasked with the work to identify and understand the project scope and challenges so they may plan accordingly.
Recording the type of media and its condition is just as important as clarifying the suitable target medium. Even with devastating damage (such as through water and fire), there is usually some sort of recovery possible, offering the opportunity to arrange the company’s long-term backups better at the same time. In this scenario, time is generally of the essence. It is important to work quickly before the media become unusable. It is important to consider what data protection requirements exist. If data cannot leave the premises, conversion will have to be done on-site.
Analyse the data
An organisation must identify the contents of the media to make informed decisions about data retention, destruction, or suitability for compliance or litigation readiness. Depending on the
business needs; scanning, cataloguing or indexing the media can help an organisation narrow their focus to the relevant media.
It is important to remember that enterprise backup software is designed for managing large quantities of data, not for identifying and accessing specific content. It is complex and requires a relational database to manage backup parameters, sessions, schedules, errors and other statistics.
Without the original backup software and/or the specific tape machine or equipment that recorded that data, content identification will be the biggest hurdle and one of the higher costs of the project. “Cataloguing” and “indexing” have different meanings among many long-term backup media software vendors. A long-term backup’s catalogue usually refers to the backup sessions on a media set. Some backup vendors save this identification metadata on the tape itself. However, there are a growing number of backup software vendors that put the Media ID, Backup ID, or Session ID on the media, which references back to the software’s relational database.
Manage and refine the data
Most organisations have become used to completing incremental backups on a daily or weekly basis, and full backups at the end of the month. Although this is industry best practice, it does result in the creation of multiple copies of the same data.
Based on the previous analysis and knowledge of an organisation’s backup procedures, the relevant data set can be culled further and assuming there is no active legal hold on the data, the duplicate data can be deleted. If the data must be retained, backups can be consolidated by restoring them to higher capacity tapes.
Review data conversion or manipulation needs
It is important to understand the degree of complexity involved to keep the project on schedule and within budget. Some conversions are straightforward, such as copying files from one computer system platform, so they are readable by another platform. Other conversions may require more technical expertise. For example, consider how digital content specifications differ between mainframe, midrange and desktop systems. IBM and AS/400 computers use the EBCDIC code to represent the alphabet, while in most instances the ASCII code is the norm. Maintaining data accessibility for this type of project requires translation work, including the conversion of an AS 400 database in EBCDIC format of a fixed length into an ASCII code of flexible length or a .csv file for PC.
A more complex conversion may involve the manipulation of fields in a database. For example, the Payment Card Industry (PCI) requires disguising cardholder data when storing credit card numbers. In this scenario, a data management expert would need to expand and extract the contents, find the cardholder numbers, and apply masking characters (such as “X”s) to the appropriate data.
How to remain protected
A project involving the management and manipulation of stored data can be triggered by a variety of regulatory, compliance, or e-discovery needs. It is important to get ahead of the problem. Planning for long-term data accessibility streamlines the effort required in the future to meet those needs. It also mitigates the associated risks.
Historically, it has been time-consuming, technically difficult, and cost-prohibitive to incorporate legacy data into an organisation’s information life cycle management plan. After relying on IT to restore the data, Legal would work with IT to analyse the relevant data required. Yet, restoring potentially tens of thousands of tapes was simply not feasible.
Luckily, technology can now be used to streamline the process. Make sure you don’t gamble with your data. Rather than rely on a false sense of security, seek expert consultative assistance from those that have proven experience in the current legislative landscape to ensure you remain protected should the worst happen.