For the IT sector, information is as valuable as any currency. But it can be easily lost or destroyed. Hard drives break down frequently and natural disasters can wipe out facilities and equipment. If your company loses valuable information, daily business operations will be interrupted and you may be at risk of failing security audits and falling out of compliance with regulations like PCI DSS (Payment Card Industry Data Security Standard), the Sarbanes-Oxley Act and HIPAA (Health Insurance Portability and Accountability Act). This can translate into costly legal fees and fines.
That's why it's essential for companies to configure their backup systems and archiving strategies carefully. For some growing businesses, choosing the right solutions can be a challenge, but it doesn't have to be an insuperable obstacle. Evaluate your options and choose the best methods for your storage strategy by using the information below.
Companies need to consider how accessible they want their data to be in order to select the appropriate backup-hardware solution. Some corporate data may need to be accessible at all times, while other information can be stored in a closet or storage unit and pulled out as necessary.
Data that needs to remain accessible can be stored in disk drives or attached to another system in a variety of ways. If you're trying to research how to arrange your storage drives , you'll find an alphabet soup of acronyms such as RAIDs (Redundant Array of Independent Disks), NAS (Network Attached Storage), DAS (Directly Attached Storage) and more. You can learn about the differences by vising IT Management's Storage FAQ , which can help you choose which system best meets your needs.
For data that doesn't need to stay constantly available, companies can use magnetic tape drives to store old archives. Tape drives are inexpensive alternatives to disk drives, and can also be stored off-site or in a storage closet when not in use.
The disadvantage of tape drives or cartridges is their file system is a simplistic, sequential medium, meaning that they are accessed by number and sequence rather than by file name. The situation is akin to the difference between winding through a VHS video tape to find the right scene, versus selecting the desired scene from a DVD menu.
Geography is an important consideration in data storage. If a natural disaster destroys your facilities, you'd better have your data backed up somewhere else and a strategy for recovering it in a reasonable amount of time.
You might solve this problem by storing removable disk drives or cartridges at various off-site locations — or subscribing to a hosted-storage solution . Hosted storage went out of favor for a while, but today it's coming back into the mainstream. Many SMBs (small- to medium-sized businesses) recognize the benefits of outsourcing their data storage, which include accessing data from any location with an Internet connection, placing the burden of buying and maintaining drives on the vendor and securing data in a different geographic location — just in case that natural disaster strikes.
Outsourcing naturally comes with some disadvantages too, which are worth considering. You must trust your provider and all of its associated contractors with the confidentiality and security of your data, and you must also trust that the provider will maintain its systems for a satisfactory level of up-time.
For more information on hosted storage, check out three additional feature articles on the subject — Hosted Storage , Top Online Backup Tools and 8 Datacenter Considerations .
With any storage solutions you choose, you will need to decide how to secure your hardware and data. This is a main consideration in many compliance regulations such as the Sarbanes-Oxley Act. Naturally, keeping physical drives and cartridges in a secure facility is important. Additionally, you'll want to consider using encryption and compression methods to keep data secure. For storage devices on a network, a security device can also be installed to help protect your backup drives from unwanted traffic and intruders on the network.
PCI DDS, Sarbenes-Oxley, HIPAA and other compliance regulations have requirements for keeping information available for transparency and accountability purposes. Your auditor or attorney can tell you more about how these regulations pertain to your specific business. Some are very precise, but others are vague and a bit tricky. For example, Sarbenes-Oxley does not actually specify which or for how long records should be kept. Companies will need to interpret the law and create an overall strategy for data storage that works for them, and then develop operations, procedures and policies around that strategy. In response to Sarbanes-Oxley, many companies choose to err on the side of caution and save all records and correspondence, or at least everything related to financial reporting.
However you choose to interpret the regulations, and whichever methods you employ for your data storage, you will most likely want to mix and match solutions. Think of storage as a method for record-keeping, business continuity and financial accountability, and not just a one-off problem. Then, design a strategy that takes into account all of the data you'll need to store and the best methods for storing each type of information. Don't forget to consider how to access backups in case of an emergency and how you'll get the information re-installed on your systems as quickly as possible.
If you take these steps, you'll be well on your way to compliance and protecting your company's most vital asset — information.