My last article discussed how data has become to your business what DNA is to your body, defining how it operates and completely integral to its survival and growth.
It also argued that the incredibly small data, such as scripts and segments of code that enable critical systems, are just as important to the healthy operation of a business as the much more frequently discussed "big data."
The one thing that big data and very small data have in common is that they must both be carefully protected and preserved.
To lose them may mean the end of the business, just as the loss of the genetic coding material in DNA could lead to disease for the body.
Organizations are incredibly messy -- even the most well-organized and well-run among them.
They are composed of people who may exhibit incredibly poor judgment from time to time and often without warning.
These people may inadvertently or advertently clobber critical data entities and assets.
They may accidentally erase configuration files, operating scripts, whole databases or data storage devices.
They may become angry and irresponsibly perform these acts with malice.
What people do often depends on their interactions with other people, which is also completely unpredictable. The ultimate expression of this comes when two people blend their DNA to create a new person. It’s hard to know which attributes of each person will show up in the new one.
This is, unfortunately, a good metaphor for data.
Companies must increasingly mix their data with other company’s data in all kinds of ways. They may attempt to extract foreign data and add it to their own. They may attempt to introduce their own data into another’s data. They may attempt all manner of data mergers, any of which may have unintended and undesired effects.
Protecting Data Big And Small
Everybody knows that data is exposed every time it’s in transit from one place to another. Data gains business value when it is transported from one place to another, so we cannot simply keep data in one place at all times. Trying to centralize data to protect it doesn’t work because data is as vulnerable at rest (while in storage) as it is while in transit.
We need to be most concerned with several parts of the data management environment:
• Data at rest in storage
• Data when accessed by a device
• Data in transit between locations, data centers, clouds, on-premises servers, backup sites, etc.
• Data when it reaches its destination.
Data At Rest In Storage
At the end of any transaction, data is going to end up stored somewhere. Data must be encrypted at rest in storage and in transit between locations. Unbelievable volumes of data still remain unencrypted because people think a firewall is enough. It’s not.
When the data is encrypted, the thief who succeeds in copying it ends up with garbage -- jumbled characters. Without the decryption key, they’ve stolen nothing. Given that there is always a chance that a thief could access the decryption key, it makes sense to provide additional layers of protection.
Data When Accessed
"Access control" are two words that don’t get enough respect. When any device attempts to connect to a network and access its resources, access control is the system that first authenticates the user to make sure they are who they say they are and have rights to access the resources they seek to access.
Then, access control interrogates the device itself. Does it have sufficient security rights to safely access the data? Can it exchange encryption information successfully with the network? Is it free from viruses, worms, trojans and other malware?
Data In Transit
How do we protect the data and make sure it gets where its intended to go without interception or corruption? Encryption is a huge part of this. Firewalls and virtual private network (VPN) systems, hardened remote mobile devices and much more are also part of the strategy.
Data Reaches Its Destination
When data arrives at its destination, is it really intended for you? Is it from who it says its from? Is it safe to open and consume? Is there a chain of custody or an audit trail?
The last component is people. Fallible, inconsistent, sometimes easily fooled, the people who use your network resources are always going to be the most vulnerable segment of your network. They are much harder to protect against.
Backing Up Data, Recovering Quickly
If you’re going to avoid the kind of data disaster that companies seldom recover from, then you really must make complete replicas and backup copies of your entire data environment. Storage "snapshots" provide the ability to quickly roll back to a time prior to the data loss or infection event without having to undergo a time-consuming restore from backup and multiple backup replicas.
The challenges with data backups have always been the same.
How quickly can you copy everything, including open files, without disrupting operations, and how frequently must you update your backups?
The second question relates to the difference in time between the last backup and the loss of your data.
Even after restoring that backup, you’ll still have to rebuild the data entered or changed between the two events. How much of that can your operation tolerate?
Our modernized businesses are fueled by data, which is essentially a company’s business DNA. This data must be protected at all times, whether at rest in storage or in flight between locations, applications and users. Multiple layers of data security and protection are required, including authentication, access control, encryption and protection of encryption keys.
While these safeguards are nothing new, they’re increasingly challenging to implement as data has become highly distributed. With the right data protection, it’s possible to avoid the common pitfalls of cloud data management while taking advantage of powerful cloud technologies to compete more effectively and innovate to differentiate your business.