You arrive at the office early Monday morning only to find that hackers have infiltrated your network over the weekend and have destroyed your company's data for the sheer thrill of it. Quick, what is your recovery plan?
Perhaps more important, how much will it cost your company to recover the lost data and return to normal business operations? The combination of application downtime and idle staffers can cost your company thousands of dollars (millions, if you're a medium or large-size business). Moreover, customers can lose confidence in your company should downtimes be frequent or lengthy.
Your security policy must be tightly interconnected with your overall business-recovery plan. Data recovery is the trickiest part of any business recovery plan, but it needn't be. Developing plans to recover downed networks, servers, or desktops is a relatively straightforward process.
Identifying your data
The first step toward defining and implementing an economical storage-recovery plan is to identify just what data you actually have. Does this mean you have to comb through every machine at your company to identify every last piece of data? Hardly.
The best approach is to make a data map of your company, based on its business processes. Just as you might have a site map that helps your Web site visitors navigate your online content, a data map will help your company organize its internal and external data.
For example, your human-resources department might have a network share where it stores information on current employees. In addition, it might have another network share for company forms, such as payroll and insurance, plus tape backups of old employee data archives.
Likewise, your sales team might use a relational database to process existing orders while rolling completed orders to a customer-service database. In turn, your customer-service department might use a specific database to handle existing customers while maintaining long-term customer histories in another database.
It is crucial to identify all data sources and their locations. In particular, if data for a particular function is maintained by a single user on a desktop system (which often happens in smaller enterprises), it is especially important to identify this data source and plan for back up and recovery of these single-source data points.
Prioritizing your data
Once you have mapped out the data you have and its current location(s), your next task is to decide how important that data is to your organization. I usually use three priorities to designate the relative importance of data in a business environment.
"Priority 1" data (P1) should be reserved for data that your company must have available to do business. P2 data is useful, but not necessarily needed to conduct business--at least for a short period of time. And finally, P3 data is usually data you like to have on hand, but could live without for a longer period of time if you had to.
An example of P1 data might be your current customer database. Your customer-service reps certainly could not service existing clients without this data. Likewise, your inventory data would likely be considered a P1 because you need to know what you have on hand to sell.
The electronic forms your human-resources department uses to manage employees might be designated as a P2 data source. Certainly you would not want to be without these forms for an extended period of time, but you probably could do business for a short time while this information was brought back online.
Finally, historical data is quite often given a P3 designation. Orders that your company processed five years ago probably don't affect the critical processes of your business today. Archival data can typically be recovered once you have brought P1 and P2 data back online.
During the time that you are identifying and prioritizing your data according to your business process, you might also try to gauge how much your data storage needs increase over time. Examining the size of historical data sources every year can give you a good indication of how much storage recovery you need today--and beyond.
