Best practices for data protection

With total enterprise data volumes projected to exceed 2.02 petabytes by 2022, smart safeguards must be implemented to keep it protected. Those strategies themselves are changing in lockstep industry trends. Now that hybrid and full-cloud deployments are dominant, multiple external variables can impact how data is stored and preserved. Additionally, over one quarter of Cloud Vision 2020’s survey respondents could shift 95% of critical workloads cloudward by 2025.

Data loss can hurt organizations vary deeply — both internally and in terms of customer trust. So, what is data protection? Primarily, the goal of data protection is to protect crucial information from both corruption and loss. There’s also an argument to be made that this encompasses security and privacy, but more on that later. Instead, it’s more prudent to highlight the following:

  • Immutability – the notion that some data shouldn’t be altered following its creation
  • Preservation – the idea that safe data access should persist over extended, pre-defined periods of time
  • Deletion and destruction – the idea that certain data could either be retained, removed from servers and other access points, or be rendered unreadable due to various factors

Data quickly becomes useless if it’s corrupted or left vulnerable. There are some schools of thought that teams should embrace while protecting their persistent data stores.

Principles of data protection

Data protection principles guide professionals when managing their proprietary data. In order to extract value from data, it must remain accessible at all times to all employees with proper authorization. This has never been truer (or easier) due to the cloud’s ubiquity. Instead of leveraging on-premises hard disks, virtual solutions like Amazon S3 facilitate 24/7 object storage and access — from any location. Other vendors offer similar services to enable unfettered data availability.

A companion to availability is redundancy. It’s simply not enough to maintain one copy of mission-critical data. If anything were to impact that information, all would be lost. Companies should implement one or many approaches such as cloning, mirroring, snapshots, and replication to protect their data stores. Traditional backups are still immensely valuable as well. It’s beneficial to store identical data in multiple, independent locations — via multiple mediums — so that failures don’t cause trouble.

This can happen locally (drives, tapes, etc.) or in the cloud using a managed service. Relying on third-party providers can introduce questions of control or reliability. However, offloading management and disaster recovery tasks to those more qualified is a popular choice among teams. Choosing the right data protection solution will depend on budget, need, and technology stack preferences (pertaining to S3, Azure, Google Cloud, etc.).

Types of data protection

Speaking further on specific needs, not all data protection approaches are created equally. Different customers and organizations have their own methodologies. Industry regulations may also dictate how data is preserved. Similarly, both short-term and long-term data protection practices differ.

What is enterprise data protection?

While small-and-medium businesses (SMBs) typically maintain smaller data stores — and focus more on individuals as opposed to other businesses — the enterprise is another animal in itself.

Large companies are overseeing data for a number of corporate clients and business users alike. This data has intrinsic value (by being valuable and sellable to other customers), derivative value (combined value with outside data), and algorithmic value (relating to predictive AI and ML). They’re also common targets of cyber attackers. Enterprise data has immense value and is integral to many business operations at all organizational levels. The balance of personal data vs. big data favors the latter.

Enterprise data protection focuses on protecting data used by all within an organization. Recognizing the need for separate internal and external protection policies allows data to remain intact and in the correct hands. It’s the process of “delivering, managing, and monitoring security across all data repositories and objects within an organization.” The benefits of enterprise data protection extend to all locations and devices where said data is accessible.

Continuous Data Protection

As it may sound, continuous data protection is an ongoing process. Instead of committing a large number of dataset changes at once, the backup system will copy changes that occur in real time. This includes even the most minute alterations. At it’s simplest, you might think of Google Docs version histories as an example mechanism — or perhaps the macOS Time Machine functionality as more fitting. These continuous backups are committed to local or cloud drives.

These journaled screenshots allow admins to retrieve clean copies of their data from any moment in time. The practice therefore permits data recovery in mere seconds.

Differentiating between data protection, data privacy, and data security

While it’s easy to assume data protection includes privacy and security, the reality is a little more nuanced. There are some key differences that separate each element from the next:

Data protection vs. data privacy

While data protection is focused on retention and accessibility, data privacy is aimed at preventing data from being shared with unauthorized parties. A company simply cannot freely send data from its partners or users to other entities. The owners or providers of that data have some say in that process — and enjoy transparency over a data holder’s data practices.

How is data privacy determined and upheld? Typically, both legislation and best practices will dictate the steps that organizations should take when handling sensitive information. Contracts and relationships with third parties shape how data trades hands. Because many of these practices have legal implications, they’ll often vary by location.

One privacy caveat concerns the European Union and GDPR. While data protection has a fairly standardized definition (versus something like privacy), the terms are almost used interchangeably. Data protection in the EU encompasses personal data rights, personally-identifiable information (PII) safeguards for living individuals, and processing of data in both sectors. Protection and privacy overlap in regards to collection, use, and storage.

Data protection vs. data security

We know how integral things like archiving, backups, and overall infrastructure are to data protection. These practices help companies hold onto critical data without fear of corruption. Meanwhile, data security describes sets of processes, both active and passive, which guard data against external and internal threats. Security is therefore passive and reactive — depending on access control, threat monitoring, encryption, authentication, and breach recovery.

Data doesn’t just remain stagnant in a database. APIs and other requests summon this data for users. While it’s important to fortify resting databases, companies must also encrypt data in transit while it moves between destinations. An important element of security is recognizing data as a living entity.

When turning to cloud vendors, a mix of external support and configuration management is essential in upholding security. Defining clear practices and aligning them with those from vendors is key.

Common data protection threats

When speaking to traditional data protection threats, we might point to drive failures, network outages, and similar events undermining redundancy or access. Should teams store data in the cloud, an outage or crash will temporarily prevent resource availability. Hardware maintenance is tricky. It’s important to keep abreast of device lifecycles and monitor an infrastructure as it ages; neglect can lead to data loss via failed backups and unverified restoration. In fact, 58% of data cannot be recovered according to a December 2020 survey.

Additionally, scattering data across multiple remote locations can complicate the data protection process. This is why some organizations with funding (and physical space) prefer to keep things in-house. Companies otherwise put a lot of trust in others to upkeep their data centers.

There are also security concerns. We’ve touched on the importance of access control and encryption. Without these measures, data might be exposed to prying eyes — while being plainly readable. This would be a disaster. You might’ve also heard of hashing and salting; these two practices algorithmically scramble pieces of data while replacing certain values while in storage. In the event of a data leak or breach, this data would be extremely difficult to decode and gain value from.

Additionally, the practice of snooping can also expose intercepted data to attackers. Users must now worry about stolen credentials, DDoS attacks, and improper key management — which can grant hackers access to sensitive data or prevent legitimate users from tapping into shared resources. The shift to remote work has magnified these problems. Accordingly, new bring your own device (BYOD) policies muddy the IT management waters. Overseeing such a fragmented ecosystem is challenging, and each employee device may serve as an attack vector that puts data at risk.

Data protection trends for 2021

The shift to telework has accelerated digitalization processes for many companies — and some were better prepared than others for these changes. The transition from on-premises to hybrid and cloud infrastructure has been a learning curve. Such experiences have meant changing how companies store data, govern access, and approach sweeping security measures. More than 1,500 companies from a 2020 survey reported undertaking notable transformation measures.

Legacy backups reliant on old technologies don’t mesh particularly well with modern deployments. Professionals have recognized a need for modern backup and storage solutions that are infrastructure agnostic. This will allow companies to preserve their data no matter where they are — or will be — throughout their Digital Transformations.

Data storage solutions and backups must guard against ransomware — a growing problem across the computing realm, where $6 trillion in cybercrime damages is expected this year. Companies face a growing security challenge. They’re also reporting difficulties in meeting backup-related service-level agreements (SLAs). Revamping procedures around data protection will help mitigate these concerns. Companies can only afford to lose so much data, and current backup frequencies aren’t adequate enough to combat those losses.

Look for data protection and security to become a standard part of many service offerings moving forward. Organizations are placing greater emphasis on workload portability and cloud disaster recovery. The maturation of these solutions alongside security procedures is needed to ensure sound data protection.

Best practices for data protection

Data protection is a complex puzzle. However, there are some general practices that companies may follow to grasp that low-hanging fruit, and improve data protection outcomes:

  • Back up often and to multiple locations (fully, continuously, and incrementally as necessary)
  • Leverage solutions that make data accessible from anywhere, by the right people only
  • Create a data usage policy that applies to all groups within your organization
  • Identify and classify sensitive data, to avoid confusion and understand which pieces are mission critical
  • Embrace database auditing and change management, to ensure accuracy and integrity over time
  • Implement RAID for better storage reliability and data access speeds across servers, while providing varied degrees of fault tolerance (based on disk numbers)
  • Harden systems against internal and external threats
  • Perform regular penetration testing to progressively catch issues before they grow

Additionally, companies can turn to data protection software for added peace of mind. These programs can simplify and accelerate data recovery. Disasters won’t be as crippling, and many services offer seamless file transfers to make data transport easy. The inclusion of an administrative GUI can make these tedious processes more user friendly.

Get weekly blog updates
By subscribing, you are agreeing to have your personal information managed in accordance with the terms of Veeam’s Privacy Policy
Cheers for trusting us with the spot in your mailbox!
Now you’re less likely to miss what’s been brewing in our blog with this weekly digest.
OK
NEW
V11

Eliminate Data Loss
Eliminate Ransomware

#1 Backup and Recovery

Leave a Reply

Your email address will not be published.