Alastair Molyneux, Kroll Ontrack: Cradle to Grave – data recovery 2.0
Data continues to grow at an incredible rate. At the same time, so does our reliance on archived data to ensure the smooth day-to-day running of business functions. In excess of 30 billion emails are now sent worldwide every day – an example of just one strand of electronic material that organisations have to be able to access on demand.
However, when it comes to data protection many companies are shutting the stable door after the horse has bolted. The stream of high-profile cases of laptop thefts from leading companies, or major security breaches of public information demonstrate how easy it is for confidential data to be lost – or worse still, get into the wrong hands. Add to this the raft of compliance regulations that companies have to adhere to, and the swift retrieval of information could be a major headache for IT managers attempting to work with unreadable, corrupted or damaged files, which may have been lying dormant for years.
Companies need to start taking a cradle to grave approach to their data – ensuring it is protected at every step.
Making data accessibility the first priority
IT managers need to change employees’ mentality on data protection from the outset. As soon as a document or file is created, users need to ensure that the information is saved centrally, not just on the desktop, to enable rapid indexing and searching, now and in the future. Many users take the attitude that as long as they can access their files, data is protected, however, this approach can lead to major gaps in audit trails, which may not be identified or corrected until many years down the line. A centralised store of corporate data is a critical source of information for companies of all sizes – and an effective archiving system should be on the top of any IT manager’s list.
Accessing archived data in a rapidly changing storage environment As we move into a ubiquitous digital age, thoughts turn to how we access data in the future. Some information, held by organisations such as libraries or public records, could need to be accessed hundreds of years in the future. Data availability now has to have a long-term lifecycle, so that future generations can access information no matter what developments technology takes.
Clearly most companies also have retrospective work to do with older files already created, indexed and archived. In this situation, records management has to play a part in deciding what stored information will need to be retained to meet future needs or regulations, and the format in which information needs to be saved for easy access.
Back up or pack up
Most companies worth their salt already have robust backup strategies in place, however it’s worth bearing in mind that with the move towards flexible and mobile working, backup practices may often slip down an employee’s priority list. Files saved on the desktop may not be protected centrally, and email accounts can quickly explode in size when large attachments are saved in .pst folders rather than on a central server. Indeed, weaknesses in data protection practices now could well lead to backlogs and delays in restoration processes in the future should a laptop crash or be lost.
An appetite for destruction
Data protection comes full circle when deleting electronic information. It is imperative that files that are no longer needed are securely destroyed to prevent information getting into the wrong hands. Our own research showed that only 18 per cent of IT professionals use data deletion products – which highlights the potential for a security disaster waiting to happen, as well as a potential breach of the WEEE (waste electrical and electronics equipment) directive.
IT teams face two challenges. Firstly, ensuring the products being used to ‘clean up’ old hard drives are up to the job – some deletion tools only clear certain partitions rather than the entire drive. The key to a guaranteed safeguard is ensuring any product used has a Government standards accreditation, and that the organisation retains responsibility for data when working with asset or recycling companies.
Secondly, IT teams have to get the message through to employees that delete doesn’t really mean deleted – emails and files can easily be accessed from trash folders or reformatted disks. It may appear to the average user that the information is gone, but if a drive gets into the wrong hands, its entire contents can be retrieved and read unless a specialist erasure product is used to permanently delete the data.
The future of data recovery
Despite the best-laid plans, we all know things can go wrong, and this is where professional data recovery comes to the fore. There are major advances being made in the market such as remote recovery services, where experts can access computers or servers over a secure connection – removing the need to ship drives and devices which may contain sensitive information or are too big to move offsite. Assessment tools are also advancing to provide customers with more information about the types of files stored on a computer before a recovery is executed. Data availability tools also enable users to bring data ‘back from the grave’ from unreadable electronic formats, defunct drives or old-fashioned tape backups.
Taking a cradle to grave approach to data requires a disciplined and robust data protection strategy, which has to be understood and implemented by staff across the organisation. While it may appear to be an initial challenge, implementing pragmatic and effective data management practices now will reap future benefits of quick, secure access to data, which will be priceless for companies of all shapes and sizes.