Helpful Tips
Get to the information you want quicker by selecting a category name or a popular tag.

If most everyone agrees that information, not data ( http://blog.engagedconsulting.com/?p=268 ),  is critical to the health of a business, why does information not get protected in accordance with this importance?  Cost containment is absolutely important ( http://blog.engagedconsulting.com/?p=356 ), but at the feet of enormous risk? I have seen  a lot of robbing Peter to pay Paul in enterprise environments big and small throughout my years; however, it seems to be getting worse instead of better.  For instance, one organization prioritizes their financial databases as mission critical.  In so doing, the operational recovery (backup) solution was designed with deduplication.  Sounds fundamental, right?

Well, the reality is the daily change rates for the financial databases are in excess of 40% and the capacity on the storage used to support the multi-month retention is only large enough for approximately 66% of the time.  In addition, there is no backup of the deduplication storage, nor is there replication for disaster recovery.  The storage array behind the solution is also physically limited to hold only 80% of the multi-month retention requirement.  The usage of tape is limited to 4 drives and 87 tape slots with no off-site vault.

If we have “classified” the database information as mission critical, why are we also storing test and development database information the same way?  Why are we storing the Polycom (telecom) system data the same way?  Given the asset constraints, why would we be backing up the databases twice; once hot and once off of a dump to a filesystem that then gets stored the same way as the hot images.  I understand the suspender and belt scenario for the database, if we were backing up the deduplication storage and replicating.  These two things are in direct conflict when considering the integrity, confidentiality, and availability of the information ( http://blog.engagedconsulting.com/?p=415 ).

A lot of things have failed in this situation:

  • Enterprise Capacity Planning
  • Information Security
  • Operational Recovery Capacity Planning
  • Information Integrity
  • Disaster Recovery
  • Information Availability
  • Enterprise Architecture
  • Service Management

This seems to be a reoccurring theme throughout organizations with which cost and risk reduction are top priority.  I may be missing something but does the cost of losing data outweigh that of doing things right in the first place.  In the insurance industry, there are repercussions of not being able to perform financial analysis for new business, lack of service for existing claims, exposure of private or confidential information, lack of audit for financial risk, and the list goes on.  While I do not mean to pick on insurance as an industry, it is the most recent of many industries where I have witnessed such gross negligence when it comes to protecting the information the same way it is classified for security, integrity, and availability purposes.

Leave a Reply

You must be logged in to post a comment.

Close
loading...