There has been a lot of talk lately about resiliency with regards to data protection – business resiliency; application resiliency; IT resiliency. And it is a natural concern. The fact of the matter is, things happen with our data that causes change, and we want to return to the original state, be it of our business operations, our application functionality or our IT environment. Resiliency indicates good business practice. Common sense, right?
But in a recentTechnology Adoption Profile by Forrester, commissioned by Dell, we found that resiliency strategies are still relatively immature, with more than one-third of respondents indicating they have not taken the crucial step of assigning different backup strategies to data of different criticalities for disaster recovery. Similarly, 34 percent do not have different strategies for everyday backup.
The result is that many organizations are either wasting money by over-protecting certain applications and data, and/or exposing themselves to risk by underprotecting truly critical systems.
Our previous posts outline some excellent tips on how to begin building your disaster recovery plan and strategy, so I need not rehash those here. Given the numbers from the Forrester paper, however, one point needs to be repeated: before you develop any tactical plan, know your data.
Every business is different and every organization has different ways of doing things, so there is no broad brush stroke to instantly and effectively classify your data. But if you don’t know how critical your applications and data are on more than a binary scale (mission critical/”other”) then you are doing yourself a disservice, and whatever system you implement will fall short.
The key to any assessment, including a data criticality assessment, is honesty. Be honest with yourself on what is mission critical and what can absorb a slightly less stringent RTO. Some applications are really useful and help everything run smoothly, but should you sacrifice recovery time on a more critical application for convenience?
Also, you may be beholden to certain regulatory constraints when it comes to data protection and recovery. If so, be keenly aware of these regulations, and, where possible, make compliance the minimum threshold.
Resiliency doesn’t happen overnight and maintaining it is a constant effort. But if you know your data and are honest with yourself about what you need, you will be on the way to making mature decisions regarding your entire environment and ensuring your own organization’s application, IT and business resiliency.