Pillars of Technology Protection – Part Three – Preservation

We’ve discussed operational stability and the second pillar of operational stability is preservation.

We think about preservation as what you need to do to preserve the record of your business transactions and dealings for the long run. What documents do you have to preserve either because of regulatory or industry requirements?

Back in the day, people used floppy disks (removable magnetically coated, flexible plastic disks) to store data. They were made of Mylar, and affected by heat, by proximity to magnets; they could be pierced by pushpins, and generally rendered useless by being scratched. And to think this was considered state of the art at one time!

Today we have many alternatives for data storage. The ubiquitous USB memory stick, the ‘pocket sized’ external hard drive. There is also the removable hard drive (sort of like a cassette with a hard drive mounted in it that plugs into your PC or server chassis).

Depending on how you do your daily backups (and you are doing daily backups, right?) you can use them as part of your preservation scheme. Before you can say ‘yes’ to that idea, you have to consider some other things as well:

  • The important data, the data you need to have because of contractual obligations, accounting data for ‘big brother,’ key or critical correspondence between your company (not just you) and customers. Is that all on ONE computer or scattered across employee machines and laptops here and at home or in the car?
  • Are you in a business that requires permanent archiving of all e-mails, including the deleted ones?
  • Are you in a business that requires delivering emails in an encrypted fashion or manner?
  • And are you in a business that requires your data to be encrypted on your desktop or server?

Depending on the answers to these questions, your preservation strategy might be more complex, but it’s not ‘hard.’ You just need to understand the requirement. In the end, you are going to put data on some type of portable media, and hopefully, lock it up somewhere that is not too cold, too hot, or too easy to steal or misplace.

If you have a central shared file situation in your office or company you have a pretty easy job of collecting likely 80 or 90 percent of your data for preservation. That last 20 percent will be ‘annoying’ but certainly do-able. (Remember the 80-20 rule? Where 80 percent of the work in any project takes only 20 percent of the time, and the balance is what kills your averages? Same is true here.)

Once you have identified where that data is, the next task is to define a scheme to collect it into one place. This can be done using a combination of tools.
You can aggregate or collect all the files from the PCs in the office to a central PC and back that up. This could be a simple file copy utility or tool that does a scheduled copy each day, or something more sophisticated like a centrally managed backup mechanism.

You could implement a backup scheme that provides full backups of the PCs (great for recoverability which is our last pillar of protection), as long as you can individually pull our files from that recovery backup without having to restore everything.

You can also use a cloud service to aggregate data and then pull-down data en masse to a backup medium that you can remove and store away.

You have to decide how much storage you need, and how often you will collect and update these backups. Remember this is not your business recovery data; these are the data you have to archive and be able to produce or reproduce. There is certainly overlap or there can be overlap of these two functions. BUT your archive storage will grow faster than your day-to-day storage needs will. So it’s worth thinking about them differently.

Lastly, if you have email retention and encryption requirements, there are qualified third-party archiving services that are cheap and automatic and fully compliant with industry and/or governmental requirements. Full encryption and archiving can be as little as $15 or $20 a month per account depending on the vendor.

In summary, the process is not hard to enable and monitor. What’s challenging, but not difficult, is determining what data is necessary and where it lives, and how to collect it becomes pretty easy to decide.