|Page (1) of 1 - 11/23/10||email article||print page|
These days, even the most security-minded companies are not immune to costly data loss. In February, Bank of America lost backup tapes containing sensitive financial information for an estimated 1.2 million government employees. Time Warner suffered a similar loss when tapes holding records with details about 600,000 current and former employees went missing. Then the credit information of 3.9 million Citibank customers disappeared when a set of tapes disappeared while in transit via UPS. And that's just lost data. This year alone, tens of millions of credit records have also been compromised or stolen in highly publicized security breaches that affected MasterCard and Visa customers, among others.
Data loss due to disaster, terrorism, technical failure, viruses or worms, human error, or theft can unleash not only a barrage of bad publicity, but expensive cleanup and exposure to liability. And the mounting risks associated with data security are not just a problem for a corporation's public relations and legal teams. The responsibility for backup and recovery and business continuity strategies -- and complying with upwards of 15,000 electronic data regulations -- often lies squarely with the CIO. At the same time, CIOs also face pressure to keep storage costs down while improving the efficiency of backup windows and overall data security.
"The CIO owns all recovery operations -- backup and disaster," says Steve Duplessie, founder and senior analyst for The Enterprise Strategy Group. "The CIO must ensure that you can get data back under any circumstances, and most fail a large percentage of the time."
Amid this environment, many CIOs need to take a hard look at their current data storage practices and -- if there is need for improvement, as Duplessie and other experts contend -- build an ROI case in the boardroom for beefing up their backup and recovery plans.
Backing up the ROI case
For most CIOs, investing in better backup practices is not only a matter of being prepared for worst-case scenarios, it also involves avoiding financial disaster as well. Primarily, CIOs need to assess how well they protect data and can rapidly recover from -- and avoid -- downtime due to data loss. "If you live by data, you will die by not having it," Duplessie says.
In other words, keeping operations up and running smoothly is the main return on a solid backup strategy investment. An additional and significant incentive is avoiding regulatory penalties and consumer backlash. Companies also have a growing need to be able to efficiently recover documents or email for legal discovery, adds Larry Ponemon, founder of the Ponemon Institute, which works to advance ethical information and privacy management practices and surveys Fortune 500 companies on their policies and procedures.
When using ROI as a key tool in making the case for a new or improved backup plan, CIOs can begin by working with security specialists or their leading storage vendor to conduct a top-down risk analysis of each application and data class. This step should also include estimating the cost of loss and benchmarks for recovery time. The best strategy to present in the boardroom should focus on the ROI of both data retention and risk mitigation practices, including assessing:
- Downtime and losses Every CIO should quantify how much it would cost the company if mission-critical data were unavailable for a significant amount of time. This analysis should also include how long it would take to recover, and what it would cost if the data couldn't be fully recovered. Other regulatory costs to consider are mandates to notify customers when their data has been breached or penalties when data isn't archived for the required period of time.
- Recovery time How quickly can the organization recover from a data loss? What are the labor costs of a recovery effort? How successful are the existing backups? Has the backup and recovery process ever been tested? These answers can offer insight into whether more fiscal support is needed to improve preparedness. Or the analysis may show that the organization needs to invest in upgrading or revamping backup processes now to save recovery costs down the line. "Most shops are running at a recovery rate of 75 percent, it should be 99 percent," Duplessie says.
- Best practices Data center configurations can change by the minute, but if the backup strategy isn't keeping pace, it may be detected only when there is an actual disaster. "You need to think of your data protection schema in terms of a lifecycle," Duplessie says. "You need different tiers of infrastructure to keep different data at different points in time based on value -- and those values will change." Protecting data also means investing in a "chain of custody" protocol to encrypt and track when and how data is accessed and archived, essential for mitigating security risks. Experts also recommend that companies standardize storage purchasing processes and data backup procedures -- even when outsourcing -- and provide centralized management tools for administrators. Improving operational efficiency is another ROI bonus. The faster employees can access accurately maintained information from data archives, the better.
- Regulatory compliance At this point, most organizations have been forced to acknowledge their data security and retention responsibilities to safeguard investors, partners, customers, and employees. Regulations alone could be enough to support your effort for better backup and recovery.
- Future revenue When it comes to customer service or service-level commitments, it pays to have easy access to archived data. "There are ways to get a competitive advantage out of backup plans, such as charging a fee for access to six months of invoices," Stephanie Balaouras, senior enterprise computing and networking analyst at Yankee Group, says. Efficiently backing up data, Duplessie agrees, can create new revenue streams: "We are only now digitizing everything, and over the next 10 years we'll come up with tons of new ways to mine that data, in ways we can't even contemplate right now. If it was worth having ever, it's worth keeping forever."
Investing in the right media
Not all backup media is created equal when it comes to ROI. Given that an organization's backup approach should read more like a business continuity plan, many CIOs need to reconsider their data storage strategies, analysts say.
"It's important to choose the backup media that balances cost and efficiency considerations," Ponemon says. "For instance, magnetic tape may be the least costly source of backup, but can be grossly inefficient when recovery needs to be done quickly."
Disk prices, on the other hand, have come down, making backup on disk a more cost-effective and reliable choice. "Backup to disk can be 30 to 50 percent faster than backup to tape," says Balaouras. She also says organizations need to revisit the cost of long-term, offsite mirroring for backup as bandwidth costs have also decreased. All experts agree that the best insurance comes with continuous data protection because it maintains the most current version of a file and offers quick recovery.
In the end, making an ROI case to improve backup is about more than evaluating media, Duplessie says: "My suggestion would be to forget all that has come before, and focus on how to use backup and recovery as a value generating business process moving forward."
Courtney Macavinta is a Silicon Valley-based business and technology writer. Her articles have appeared in CNET News#IF($EnableExternalLinks).c#COMMENT#ENDCOMMENTom#ENDIF, Business 2.0, Red Herring, and The Washington Post.
Copyright (c) 2010 Studio One Networks. All rights reserved.>