Do you watch the TV series on NBC called “The Blacklist?” It’s pretty intriguing. Here’s the premise: For decades, ex-government agent Raymond “Red” Reddington (portrayed by James Spader) has been one of the FBI’s most wanted fugitives. He suddenly and mysteriously surrendered… and now the FBI works for him as he identifies a “blacklist” of politicians, mobsters, spies and international terrorists bent on mayhem and destruction. Each episode is filled with suspense and typically the villains are captured with creative apprehensions.
If we think about it, there is a “backup blacklist” for data storage. It has a lineup of villains that are bent on destroying your precious bits and bytes. It’s a long list, too, including:
Intentional data destroyers:
- Malicious viruses
In addition, there are a number of unintentional blacklisters in the natural disaster and accident categories that can wreak havoc on your company and business continuity.
Unintentional data destroyers:
- Electrical malfunction
- Water pipe breakage
- Accidental file deletion
- Hardware / software hiccups
- Administrative error
According to a Forester research study1 more than a quarter of the companies surveyed in the study declared that they had experienced a disaster in the previous 5 years. So don’t be complacent, these backup blacklist bandits can strike at any time.
The blacklist data mayhem can be costly causing:
- Lost revenue and market share
- Lost productivity
- Loss of reputation and customer trust
- Loss of the business
Whether data is destroyed by intentional blacklist offenders or unintentional natural and accidental means, a creative approach needs to be enacted to apprehend the villains or better said, to securely protect your company’s information and business continuity.
Prevent the Blacklist Attackers
How do you protect against these attacks and unexpected data destroyers? In simple terms, use a three step process of data protection best practices. That is:
3-Keep three or more copies of the data
2-Use at least two different storage media in case of a site wide media failure (use disk and tape)
1-Keep one copy offsite, offline and preferably out of region away from site-wide disasters (e.g. hurricane, flood, earthquake)
Estes Express implemented a best practices data protection plan after being hit by floods caused by a hurricane that destroyed all of their data systems. See their story and multipronged data protection plan.
The Last Critical Step
Let’s talk a little bit more about keeping one copy offsite and offline. Ok, offsite makes total sense, in case there is a site-wide attack or natural disaster that yields the prime site unusable. What about offline? A copy of the critical data needs to be offline, isolated from system accessibility. If electricity can’t get to the data then neither can blacklisters like a hacker, virus, system error, or even a disgruntled employee. David Hill, Mesabi Group, discusses these critical steps in detail.
Does cloud count as the offsite location? It can, but investigate the cloud storage location, recovery times and costs, and check to see that a copy of the cloud data is offline, that is, on tape!
1 “Building the Business Case for Disaster Recovery Spending,” Forrester Research, April 2008