Important and Critical Data of Business - Term Paper Example

Information is the lifeblood of today’s business organizations, and loss of data means loss of business services and loss of revenue. Therefore it is necessary to backup important and critical data of business so that in case of disasters it can be used. Backup usually refers for the copying of data so that they can be restored after a data loss event. It is the last line of defence against the data loss, and consequently the least granular and the least convenient to use [Yosemite Technologies]. Many types of storage media such as magnetic tape, hard disk, optical disk (CD and DVD), and floppy disk are used for the backup purpose. Many types of plans such as DRP, backup plan and BRP are used for business in case of disaster. In addition SAN, DAS, and NAS are used for data storage on devices. Furthermore, backup sites such as cold, warm and hot sites are also used for data as well as hardware and software backups. Disaster Recovery Plan (DRP): DRP can be defined as a plan that helps a business recover data and restore operations after a disaster. It is a plan that is made before the disaster happens and it can be from a simple plan to create a backup of server every night to the kind of technological redundancies and procedures. The disasters can be of many types, which are given below: Natural disasters such as floods and earthquakes, which can not be predictable. Manufactured disasters such as terrorist attacks and criminal network intrusions Hardware failures or buggy software Accidental disasters (human error) A DRP contains the plan for guarding against the above disasters. DRP is essential for success of any company operations as it enables it to recover quickly after a disaster and restore normal operations. A good DRP begins with the risk assessment and planning. Risk assessment determines the likelihood and scale of potential disasters, which aids in planning for deciding technologies to implement and how much to budget. Planning involves determining which systems and data need to be backed up, how often they should be backed up, and where backed up data should be securely stored. Tape backup systems, recordable CDs and DVDs, backup to remote SANs over secure VPN connections or backup to service provider networks can be used as backup technologies. Outsourcing of backup needs can also be considered. Establishing suitable information service level agreements from service providers, security policies and procedures is essential for any DRP. After making DRP running it should be regularly tested and monitored (Tulloch 2003). Backup plan: Backup plans are an essential part of any company’s disaster recovery plan for backing up important business information. Backup plan specify when, which, and how data is backed up. According to Tulloch (2003) developing a backup plan involves determining answers to the following questions: Who is responsible for ensuring backups are done properly? What information should be backed up and how often? Which backup technologies, tools, media, and methods should be employed to ensure data can be recovered speedily after a disaster? Where can media be securely stored to ensure important business data cannot be irretrievably lost after a disaster? How can backups be properly tested to ensure the ability to recover from a disaster? Business Resumption Plan: It is also called as Business Continuity Plan. BRP is a detailed plan on how to resume normal business after a disaster. It is an essential part of disaster recovery planning and is designed to facilitate the speedy, orderly, and systematic restoration of normal business activity after a disaster has occurred. According to Tulloch (2003) a suitable BRP contains following activities: Determining critical business requirements Developing recovery strategies for different business elements Developing an emergency response team and problem escalation ladder Specifying those individuals who have the authority and responsibility for activating different portions of the plan Training staff in how to function in a recovery environment Testing the plan to ensure it works properly and keeping it current Backup Sites Backup sites are used for relocation of business from disaster, such as flood, fire, earth-quake or terrorist threats. This comes under Disaster Recovery Plan (DRP). Three types of backup sites are used for any business following a disaster are cold sites, warm sites and hot sites. The basic difference between all these are determined by costs and efforts required to implement each sites [Wikipedia: Backup Sites]. Cold Sites: It is the most economical type of backup sites used for operation of business. In this type of site, backed up copies of data and information from the original site and hardware are not set up. Therefore it requires minimal setup costs. However, it requires additional times during disaster for complete or capacity close running of business operations. Warm Sites: In this type of sites the complete infrastructure of business such as similar hardware and software are kept in location for relocation of business during operations. Here one thing is important that the backed up copies of data and information are not kept at warm sites. Hot site: Hot site can be said as duplicate/mirror of the original sites business as it contains computer systems as well as near complete backups of user data. During disaster a business can relocate with minimum losses to normal operations running within matter of hours. Because of complete mirror it is the most expensive to operate for business. These types of sites are normally used for stock exchanges following terrorist activity or bomb attacks/threats. Another term offsite is also used for data protection of business critical data to an offsite location in Disaster Recovery Plan. In this type of backup generally data is transported to off site using removable storage such as tape media. However now it can be also transported electronically (Electronic Vaulting or E-Vaulting) and then later at offsite stored on disk or tape. Some organizations manage and store their own backups off-site, but many organizations choose to have their backups managed and stored by third parties who specialize in the commercial protection of offsite data [Wikipedia: Off-Site Data Protection]. SAN, DAS and NAS Storage Area Network (SAN): A storage area network (SAN) is a high-speed special-purpose network/sub-network. It interconnects different kinds of data storage devices with associated data servers on behalf of a larger network of users. A storage device is a machine that consists of disk(s) or tape drives for storing data. As the requirement increases the storage devices are added in storage area network (SAN). Figure1: Storage Area Network (Source: http://www.pcmag.com) A typical storage system consists of storage elements, storage devices, computer systems, and/or appliances, and all control software, communicating over an Ethernet network. It supports disk mirroring, backup and restore, archival and retrieval of archived data, data migration from one storage device to another and the sharing of data among different servers in a network. In case of storage area network (SAN) all storage devices are available to all servers on the LAN or WAN. As the number of storage devices increases or added in SAN they will be also accessible from any server in the larger network. Here server only provides pathway between the end-user and the stored data. One important aspect of SAN is that the stored data does not reside directly on any of network’s servers, therefore server power (capacity) can be utilized for other business applications and the network capacity can be released to the end-user. Direct Attached Storage (DAS): Direct Attached Storage (DAS) refers to a digital storage system attached directly to server or workstation. In DAS, the storage device is connected to an individual server. There may be more than one server but storage for each server is managed separately and cannot be shared. It is mainly used to differentiate non-networked storage from SAN and NAS [Wikipedia: Direct Attached Storage]. Fegure2: Direct Attached Storage (Source: http://www.pcmag.com) DAS uses SCSI, SAS and fibre channel as main protocol. It enables extension of storage capacity for servers at the same time keeping high data bandwidth and access rate. Generally, it is made of one or more enclosures holding storage devices and one or more controllers. The main disadvantage of any DAS system is its ability to share data or unused resources with other servers. Network Attached Storage (NAS): A Network Attached Storage is a dedicated server for file sharing, which can be connected directly to a computer network to provide centralized data access and storage to network clients. The main difference between NAS and the traditional file sharing and Direct Attached storage is that the NAS provide only the functionality of data storage, data access and management of these functionalities. NAS contains one or more hard disks arranged in logical manner in redundant storage containers or RAIDs. File based protocols such as Network File System (NFS) or Server Message Block (SMB) is used by NAS. Figure 3: Network Attached Storage (Source: http://www.pcmag.com) The main advantage of NAS is that availability of data can potentially increased because data access is not dependent on a server and users can still access the data during NAS server down. In addition, the performance of the NAS is more as the server is dedicated for file sharing activity only. The disadvantage of NAS is that if the NAS is occupied with too many users that are too demanding, then NAS reaches its limitations. In addition, NAS in most cases not up gradable as it is limited to its own hardware. Storage Security: It is basically a group of parameters and settings that make storage resources available to authorized users and trusted networks. The parameters can be applicable to hardware, programming, communications protocols, and organizational policy. The storage network must be available to authorized users and denies to unauthorized users and hackers. In addition, the storage network must be reliable and stable under all environmental conditions and usages. Important data should be encrypted and unnecessary services running on storage network should be disabled. Also this system should be protected from online threats such as viruses, worms, Trojans, and other malicious code. Regular updates should be done on these types of systems. More importantly the user of the network should be provided with usage policies. Advantages and Disadvantage of Data Backup: The main advantage of data back is that it provides the data in case of any disaster happens. Therefore the normal business operation or services can be restored easily. This can be applicable to any organizations whether it is small or large. Because of data backup the normal services to it customers is made in short time after the disaster. The disadvantages of backup are that any type of backup requires expense in terms of hardware, software, network bandwidth and labour charges. Any backup scheme has impact on the system that is backed up. The expenses for backup can not be easily afforded by small organizations as they have limited resource. Factors Influencing Shift of Data Backup There are many factors that can influence the shift of data backup for any business. The first one is the type of information/data that is backed up. It can vary from business to business depending upon the data backup and storage needs i.e. how frequently the data backup will be taken. For any small organization, it can be useful to take data backup weekly or monthly. However, in case of any retail shop having long chain of shops (Wal-Mart), the data backup frequency can be from hourly to daily. In addition, the type of data backup technologies, tools, media, and methods that are needed for the business can also influence the data backup. Contract and price of data backup and storage technology or services also has a major influence on data backup. Another factor that can have influence on data backup is type of disaster that can happen. Therefore, it is important here to where the data backup taken will be kept so that it can not be affected by the disaster. Data Backup Evaluation For this section, it is better to take some important findings that were taken from the Imation Data Protection Survey report, conducted on October 2004. In this survey, an online survey of network tape administrators at small and mid-size companies was conducted in the continental United States. All companies participated in survey, have a network or data center tape backup and storage system. Here it was found that E-mail viruses have the most profound effect on the data backup procedures. More than half of the companies have changed their data backup procedures because of this threat. In addition, an overwhelming majority of respondents indicated that their organization has a formal backup and storage strategy. In addition, it was noticed that Companies pay more attention to the human component of data backup and storage. The majority of companies test data backup and storage procedures and operations at least quarterly. Also larger companies test procedures and operations on a monthly basis. It was found that almost three/fourth of the companies have a formal Disaster Recovery Plan in place but majority of have no update plan for DRP. Regular testing of DR on-site and off-site facilities, processes, and people has not become a universal practice for most of the companies. Some of the key findings of survey are written below: “One in two companies have not implemented formal backup procedures for laptop networks” “E-mail viruses are the number one driver for reviewing or changing data backup and storage procedures.” “When it comes to testing the effectiveness of their disaster recovery plans, companies are being more proactive, but could be doing more.” [Source: www.imation.com] References: Tulloch, M (2003). Microsoft Encyclopedia of Security. United States of America: Microsoft Press. Backup – Your last line of defense, Yosemite Technologies. Retrieved on 4 April 2007 from http://www.technology-reports.com/report.asp?id=431&page=1 Backup Sites. Retrieved on 4 April 2007 from http://en.wikipedia.org/wiki/Backup_Sites Off-Site Data Protection. Retrieved on 4 April 2007 from http://en.wikipedia.org/wiki/Off-site_Data_Protection Storage Area Networking. Retrieved on 5 April 2007 from http://www.prompro.com/Storage_Area_Networking.pdf Storage Area Network. Retrieved on 5 April 2007 from http://en.wikipedia.org/wiki/Storage_area_network Direct Attached Storage. Retrieved on 5 April 2007 from http://en.wikipedia.org/wiki/Direct-attached_storage Network Attached Storage. Retrieved on 5 April 2007 from http://en.wikipedia.org/wiki/Network_Attached_Storage http://searchstorage.techtarget.com/sDefinition/0,290660,sid5_gci1008614,00.html accessed on 6 April 2007 Data Protection Survey: imation Report, October 2004. Retrieved on 5 April 2007 from www.imation.com/smb/pdfs/Survey_Report.ppt Read More