What Does “Data Loss” Mean To You?

The word “loss” only has one meaning with physical items, but can have multiple meanings when talking about digital assets. When you say, “I lost my iPhone,” I know that you don’t have it. Maybe you just misplaced it, or maybe it was stolen (did you leave it in a taxi?). Based on the last time that you saw your iPhone, you probably have a good idea whether or not it was actually stolen from you. If you knew you had it after you arrived home but cannot find it an hour later, the chances are high that it was not stolen (and as long as it’s not set to vibrate and it’s still charged, you can call it to help you find it).

On the other hand, if you left it on the table with your laptop at Starbucks while you picked up your double grande latte with low-fat milk and extra syrup, maybe someone did take it.

But what do you mean (and what do others think you mean) when you say, “I lost the names, postal addresses, and passwords of my customers.” Do you mean that the actual data became corrupted, or that it just isn’t on the disk anywhere? Maybe the data is there but the power went out and it’s lost to you for some period of time? Or did disaster strike, and destroy the equipment (or even the building)?

Perhaps you mean that it was stolen by a hacker or otherwise disclosed? Could it have been purposely deleted, perhaps maliciously, in violation of company policy or government regulations? If it was corrupted, destroyed, or simply disappeared, do you have a backup? How old is the backup and how much data could you be missing if the backup is too old?

In my last blog post, I asked you to write a short paragraph on what data loss means to you, and enter it into the comments. I got one answer that I was not expecting, but it makes a lot of sense. Randall Becker said, “Data loss also occurs when your information is stored somewhere on the [Inter]net (call it The Cloud), and your provider is no longer accessible.”

No matter what “data loss” means to you, planning ahead can help keep you covered. Let’s assume that the data just isn’t on the disk or has been corrupted. Planning ahead, you should have worked with your business units to determine their RTO and RPO. (Recovery Time Objective – how long can they do without the data, Recovery Point Objective – how “fresh” the data is when you get it back).

Separating RPO and RTO

Once armed with the business unit’s requirements, you select from many of the technologies being offered by vendors today. Here are just a few of your choices:

  • Snapshots with an RTO of seconds and RPO of zero to seconds
  • Synchronous data replication, with an RTO of seconds to minutes and RPO of zero
  • Asynchronous data replication, with an RTO of seconds to minutes and RPO of seconds
  • Disk-to-disk backup with an RTO and RPO of minutes to hours
  • Tape Backup, with an RTO and RPO of hours to days

Is there a reason for both backup and replication? Absolutely. A replicate is not a backup! If a person or application goes rogue and corrupts or deletes your primary data, the corruption or deletion will be replicated as well. They only way to recover is to go to a pre-corruption or pre-deletion backup. If, on the other hand, you mean that your data was stolen, there are several steps that you could have taken, and many of these have been discussed in earlier articles.

Encrypting your data is one way to mitigate data disclosure, but it is not a panacea. Encryption alone cannot protect your data without many other controls such as access control lists (ACLs) and separation of duties. But, as Randall point out, what happens if your data is “lost” because it is stored in the Cloud and your cloud provider, or perhaps your local service provider, either has a temporary failure or goes out of business entirely. What did you do to mitigate this situation? I’ve asked Randall to write a guest blog on the topic of data loss in the Cloud so please watch for it.

Post a Comment