Read an Excerpt
Chapter 1: Evaluation Corporate Data Requirements
Before you begin to implement any data protection strategy, you'll need to evaluate the real purpose for backing up your information. Most people will probably say that the primary reason to back up data is to protect against its loss. This is a good reason, as it encompasses all of the various scenarios that can cause a loss of data. These situations range from the accidental loss of some information due to user error to the failure of mission-critical server hardware. Regardless of the reason for protecting data, the question still remains: What should be backed up, and how often should it be protected?In this chapter, we'll start looking at the real issues involved with developing a data protection policy. First, we'll discuss the real reasons for protecting information-a few of which you may not have considered. Next, we'll look at what you can do to protect information in an ideal world. Because we don't live in an ideal world, however, we'll also review the types of constraints we normally work within. Based on this information, we'll look at data protection concepts.
The most important step in creating a data protection plan is to evaluate your organization's current environment. After all, without knowing what you currently support (and why), you have little chance of addressing all of your business concerns. Having gathered all this information, we'll be ready to form a business requirements document. I'll provide information on how you can apply this document to the real task at hand: developing a data protection strategy for your business.
If you have a very technical background and are expecting to hit thetechnical issues right away, you'll have to wait a bit, because Part I of this book doesn't include any SQL Server-specific commands, screenshots, or code. On the other hand, if you are responsible for managing business processes, you should feel right at home discussing the details of planning for the implementation of data protection. Regardless of your background or your position without your organization, I urge you not to skip this chapter. It presents some important points that you'll need to understand thoroughly before you can get the most out of this book and your data protection strategy.
Why Protect Your Data?
The fact that you've made it to the second section of Chapter 1 probably means that you have an idea of the importance of protecting your organization's information. A cynic n-dght say that you're protecting data so that you can save your job in case anything goes wrong with your organization's system. That's not a bad reason (especially if you like your job), but it doesn't really explain the business purposes for protecting that data. Although many of the reasons for protecting data might be obvious, taking some time to review these reasons is worthwhile, before we dive into the details of evaluating your business requirements. In this section, we'll look at some good reasons for protecting information.
Information Is Valuable
In many companies, information is one of the most powerful assets of the company itself. Employees may come and go, but traditional businesses survive based on the powers of their products. For example, a company that makes, packages, and sells soft drinks might undergo many changes, but its basic knowledge must remain a part of the company if it plans to survive. A less obvious example might be a consulting organization. Although the people are the product, the success of the company depends on many other factors. In this case, the infrastructure of the company, along with lessons learned from past projects, can be of immense value. A company's data not only is important, but it's also very difficult to replace if lost. Although this alone is a compelling enough reason to perform adequate backups, many other reasons exist.
Several studies have been done to estimate the costs of data loss caused by various factors. One such study is the Computer Security Institute's "1999 CSI/FBI Computer Crime & Security Survey," which states the following:
- Financial losses due to computer security breaches mounted to over $100,000,000 for the third straight year ... 163 out of 521 respondents in the 1999 CSI/FBI survey reported a total of $123,779,000 in losses.
- The most serious financial losses occurred through theft of proprietary information. Twenty-three out of 521 respondents reported a total of $42,496,000 [an increase from $33,545,000] in the '98 survey and $20,048,000 in the '97 survey, a rise of over 100 percent in only three years. Theft of proprietary information is perhaps the greatest threat to U.S. economic competitiveness in the global marketplace.
Re-creating Data Is Difficult and Costly
Restoring data is much easier than re-creating it. Statistics show that over 80 percent of businesses that experience significant data loss never reopen their doors. Why is this a potentially disastrous event? We already gave examples of why information is important. Anyone who has ever had to re-create information knows how difficult a task it is. I cringe at the thought of losing my grocery list. Imagine losing a day's worth of sales information from 20 stores! In some cases, the data can't be re-created, while in other cases, it can. In either situation, however, the process takes time and a lot of patience. The time itself is costly, because we all have more productive tasks to do than to redo something we have already completed. The difficulty and cost associated with re-creating information should provide strong motivation for protecting it.
Downtime Is Expensive
Businesses and consumers alike have become extremely dependent on computers. Even ordering a meal at a restaurant often depends on computer technology. The proliferation of new "dot com" companies and application service providers demonstrate this point. For these businesses, the machines are the product. The Dell Corporation website (www.dell.com) reports sales of more than $20 million per day on web-based orders. You can imagine what the downtime would cost if this system were unavailable for even a few minutes. Orders could not be placed (or might be lost), thereby causing lost revenue. Bad enough, but then consider secondary damages that could result due to customer frustration and a tarnished business reputation!
Public Perception Can Make or Break Your Business
Although public relations might not be the primary reason for why you want to protect your information, it should be considered an important factor, because your customers expect some assurances that they are safe doing business with you. The reasons for why they expect such assurances are obvious with respect to institutions such as banks and online trading services, but these expectations affect all companies to some degree. For example, how many times would you have to re-register your information on a company's website before you would give up and go to one of its competitor's sites? If you're like me, the answer is not many. Often, companies that allow online retail sales come into the limelight when they have technical failures that prevent their customers from placing orders. This is especially true during times of high activity or when data loss prevents consumers from receiving the products they have purchased. Clearly, this is a situation that no company wants to be associated with.
Finally, looking at all the potential problems related to the recent Y2K panic underscores the importance of computers in everything we do. People and businesses now rely more than ever on computers and the information they store. If they're unavailable, people will know about it and complain.
Threats To Your Data
Some concepts related to data protection are quite obvious, but others may be less evident. For example, we're all very well aware of the effects of hardware failures. Whether it's a hard disk or a power supply, the failure of these parts can cause a lot of headaches. However, your information can be compromised in other, less obvious ways, and although you may not think of these breaches as readily as other failures, they are, in some cases, much more likely to occur.
As an example, consider the chapter that I am now writing in Microsoft Word. I could easily lose all the information in this document simply by pressing CTRL-A (to select all the text), hitting the DELETE key (to delete it all), and then saving and closing the document. In this case, none of the standard recovery methods (the Windows Recycle Bin or the Microsoft Word Undo feature) would bring the information back.
On a database server, it's even easier to wreak havoc. I could enter a SQL DELETE query (covered later in this book) and forget to enter a WHERE clause. This would delete all the information in one of my database tables, and it would be time to start digging out MY backup tapes...