Many people associate data protection with GDPR or data security, but data protection is so much more.
Data protection illustrated
To visualize data security, the comparison is often used with protection against burglary in the house you live in. The house has locks on doors and windows to prevent anyone from entering. Many also choose to install an alarm system that warns if someone should break-in.
But is this enough? What happens if someone breaks in and damage or steal something irreplaceable? And what if the intruder does not intend to steal anything, but burn down the entire house? Or what if the house disappeared in a storm or a landslide? Then good locks and alarms do not help much.
To protect ourselves against damage and loss, we usually aquire house insurance so we can cover the costs of damage. But human injuries do not cover the insurance either, so it is very important to have good routines for what to do in such situations!
How to secure?
But how do we relate above example to 100% securing our company’s data? The answer is simple: Impossible! We can’t secure ourselves 100% against theft or damage to our data, but we can reduce the risk to a minimum.
There are two major protections that need to be in place to protect our data; security against data theft and backup to prevent data loss. It is important to remember both security and backup, we don’t want our data in the wrong hands, and we certainly don’t want to lose them.
Backup is simple to understand but very complex and difficult to implement since we have our data scattered around in various SaaS, Cloud-compute, and On-Prem systems. The same goes for general Security since we deal with the same systems and more or less the same issues protecting our data.
To build a comprehensive Data Protection plan we also need to look at additional methods on top of backup and traditional security measures to strengthen our data protection.
To reduce the risk of theft we should test our “doors and windows” with vulnerability checks that check our systems against know issues, dramatically reducing anyone from exploiting common vulnerabilities in applications and operating systems. Another important countermeasure is to educate our users in security best practices since most security issues are related to user unawareness.
Beyond these must-haves, a good Disaster Recovery plan is very important to quickly get back into operation when disaster strikes.
Why is Backup so good?
Unlike an insurance policy, which only gives us our money back, data recovery from a previous backup will recover all our data if a backup is performed correctly.
Therefore know-how around backup is essential to optimize recoverability.
First, it’s important to map where and how to protect your data.
Why is Backup so complex?
To be able to recover data we need to know how and if we can backup data. Data is stored in our variety of applications, but further down they are stored in databases and file or object stores.
To be able to read data from applications we need to access the data through a backup API or we can directly access them in the database or file or object stores.
Our application is a SaaS application or it’s running in the Cloud or in our On-prem datacenter.
Most of today’s SaaS solutions are without any backup feature or API, leaving us with manual data export since we have no access to the underlying databases or file/object stores, which is time-consuming and risky. Cloud and On-prem solutions are technically quite comparable but moving data in the cloud can be very expensive and needs to be limited.
Just like the house insurance immediately won’t rebuild our house, data recovery from backups can take a long time, days, or weeks, depending on the extent of the damage. Therefore, a Data Protection plan must also include a Disaster Recovery (DR) plan. A Disaster Recovery plan is a plan on how to rebuild the house (data and services) as well and as fast as possible. A good Disaster Recovery plan with associated recovery systems can rebuild and prepare data and services for full production in minutes.
Important notice when it comes to recovery, you will not be very efficient in large or complex recovery scenarios if you don’t practice.
Finally, it is important to have an overall Data Protection plan together with tools and routines to be able to protect against data theft and data loss.
This is what we at ZaveIT want to help our partners with!
We develop a platform for IT resellers, simplifying and automating data protection sales, deliveries, and operation.
If you want to know more or try out ZaveIT, get in touch