More stringent regulations on the retention of email and other types of data will compel companies to revisit their data retention policies and strategies in 2008—as well as focusing on tune-up measures for their disaster recovery and business continuation plans.

While many enterprises invested in and upgraded DR plans in the Hurricane Katrina aftermath, many have also stopped there. In spite of this, the Aberdeen Group reported in September 2007 that 80% of best-in-class companies planned to make continuous improvement and investment in data protection over the next 18 months. These companies recognize that data protection is an ongoing task that is just as important as disaster recovery.

Data Protection versus Disaster Recovery

Data protection is integral to disaster recovery because it involves the systematic backup of data and the ability to recover data at all times, especially during disastrous interruptions that threaten business continuity.

However, it is also important to note that data protection goes beyond disaster recovery. It addresses other critical data needs—like archiving, the ability to retrieve data quickly from historical archives—and the safe and secure storage of historical data offline.

Without attention to data archiving and purging, companies are expending more resources and backing up more data than they should. These backups are also taking longer.

Recent regulatory pressures are hitting areas like data retention and archiving, especially with the growing importance of email and computer-based records in the compliance and litigation processes. Meanwhile, enterprises have major concerns when it comes to finding qualified persons on the IT staff in the areas of data protection that regulators are looking for, whether it is backup, recovery or archiving.

Adding Expertise

IT shops that look to train internal staff in the areas of data and storage management are usually challenged in finding what they want. One reason is the professional IT training market’s focus on training and certifications in network management and technical skills, database, communications, software development and Internet. Only a handful of storage vendors have responded to the dearth of storage training with their own internal programs. Beyond this; little else is available in the area of formal training.

There is a severe IT skills shortage in the data protection area. This is most evident in smaller and medium-sized companies, where individuals usually just “draw” the assignment of being responsible for the DR plan and its execution. They make their best effort, but they have no specialized training for it. In many cases, they may not understand all of the different areas that data protection should address….It’s a fact that most. SMBs are overloaded, and they are trying to meet their workloads with small, compact staffs. It is not hard to see how data protection and disaster recovery can be left behind in the race to meet every daily company priority.

Our company gets many calls from SMBs--and from large enterprises that are tackling the task of backing up, restoring and maintaining the data of many remote offices. These companies see outsourcing to an expert with specialization in backup, recovery and archiving as an immediate way to acquire needed expertise without diverting IT staff from other daily activities.

Developing a Comprehensive Data Protection Plan

The good news for most companies is that they can “build out” from their disaster recovery plan to include the other areas of data protection that are vital for the business. Here are several steps that businesses can take:

Understand the Risks and the Value of Data Protection

Many CIOs are hesitant to address the full spectrum of data protection because they know that they have other critical projects that they have to secure budget for, and that recent business investments have been made on DR.

The value proposition for expanded data protection, as with DR, may well rest with proactive prevention of that single misstep that could come in the form of data breach, data loss, litigation or regulatory needs. No one wants to be fighting to correct a data breach or compromise; or in a position where he is waiting in the wings to talk to a news service about what happened. Even more importantly, the customers and the stakeholders of the business rely on its officers and employees to safeguard the data. If a cataclysmic breach occurs, there is probably no price that would have been too high for prevention.

Fortunately, CIOs can usually find an ROI to justify the budgetary allocation for advanced data protection. It typically comes in the form of the number of hours that are saved from IT and business staff with a streamlined plan that uses automation in its data backups, recoveries and archiving—and eliminates human error along the way.

Define a Data Protection Strategy