The DataGuard Newsletter
May, 2004 - Premier Issue!
To subscribe: Click Here
Newsletter archives: Click Here
Suggestions, comments: Click Here

Welcome!

Welcome to the premier issue of DataGuard, the Data Protection Newsletter. I decided to create this publication because we have been noticing more and more that many organizations are not doing enough to protect their most valuable asset - their data. Since our IT firm is located in New York City, you might conclude that 9/11 played a role in this and I would be lying if I said it didn't. However, most of the data loss stories I have heard from our clients over the last couple of years are far less dramatic, but still had dramatic negative impacts on their organizations.

In a recent survey conducted by Enterprise Storage Group, it was found that 52% of the respondents felt that their current backup/recovery solutions leave their data somewhat exposed. I personally believe that this percentage is way too low, especially for medium and smaller sized organizations. My gut tells me that at least 75% of small to medium sized businesses are at unacceptably high risk of losing critical data. That is a very scary statistic, especially when coupled with these chilling facts:

  • 93% of companies without data protection and disaster recovery plans go out of business within 5 years of a disaster.

  • Of businesses that lose critical records, 44% never reopened and 30% of those that did failed to survive beyond 3 years.
In devising data protection solutions for our clients over the past 20 years, we have built up a certain amount of expertise and practical know-how. I hope to share this knowledge with you via this newsletter. Keeping the small to medium-sized business owner/manager in mind, I will strive to provide useful information that should help you reduce the risk of losing data.

So what took you so long?

That's a fair question. I don't want to make excuses, but I believe it is because it wasn't until relatively recently that data protection strategies became indispensible. Changes in information technology over the last 5 years have finally made implementing data protection solutions mandatory, not optional.

We have now come to rely much more heavily on data (notice I didn't say computers), especially since the rise in business use of the Internet that started around 1996. Email and the web have completely changed the way we work and communicate.

Storage device capacity has increased exponentially, both satiating and fueling our need to store more and more information. Like drug addicts, we have become more and more reliant on digital information. (How many emails do you have saved? Who even had email 10 years ago?!) Databases and even Microsoft Office documents have grown in size, complexity and importance to the day-to-day operations of our organizations. And events like 9/11 and the blackout in the Northeast have made us painfully aware of the bad things that can happen to critical information and the availability of that information.

Finally, do not discount the effect that fiascos like Enron and resulting legislation have had on the need to retain and protect data. I am sure that those of you in the financial services business have heard of Sarbanes-Oxley (SOX), just as those in the health care industry have heard of HIPAA. These two pieces of legislation are having a dramatic effect on how these respective industries handle data.

The days of having only a simple tape drive/tape rotation system to protect our data are over. Data protection has now become very complex. I will explore these complexities and try to explain them in simple, practical and concise terms in this and future issues.

Joe Tartaglia

Top

Bullet Points

  • Tape Backup is not dead yet

    There has been a strong trend towards disk-based backup over the last two years. After all, tape is tape. It is slow. It can break. Here at High Caliber we backup daily to a NAS (Network Attached Storage) device which is essentially a hard drive with some brains. But we still need to backup the NAS device to some removable media for offsite backup and archival purposes.

    Tape will continue to be the dominant media in data-protection implementations. For one, it is relatively inexpensive and drives can be purchased with an enormous amount of capacity. And tapes are easy to transport and store at remote locations. Compliance issues are forcing organizations to ensure that in the event of a disaster there are multiple copies of data available in multiple locations, accessible via multiple recovery methods. Additionally, some tape formats provide write-once read-many (WORM) capabilities that satisfy certain compliance requirements. \ Tapes and tape drives will be with us for some time to come.

    Top

  • "Your eBay Account Must Be Confirmed" Phishing Scam

    I don't know about you, but I have been getting a lot of emails like this one for the last few months:

      Update Your Credit / Debit Card On Your eBay File

      Dear eBay member ,

      During our regular and verification of the accounts we couldn't verify your current information, either your information Has changed or it is incomplete . if the account is not updated to current information within 5 days then , your access to Buy or Sell on eBay will be restricted

      Go to the link below to Update your account information :

      http://signin.ebay.com/aw-cgi/eBayISAPI.dll?SignIn&ssPageName=h:h:sin:US

      please dont reply to this email as you will not receive a response

      Thank You for using eBay!

      http://www.eBay.com

    These emails may even sport the official eBay logo and color schemes, but of course they are simply an attempt by low-lives to steal personal information from you. Next time you receive one of these, place your mouse over the link you are supposed to click and look at the status bar near the bottom left of your screen. Note that the link displayed there is not the same as the link typed into the body of the email and it is certainly not linking you to ebay.com

    "Phishing" is the term that is used to describe these types of attacks (e.g. attacks that involve the mass distribution of spoofed e-mail messages with return addresses, links, and branding which appear to come from banks, insurance agencies, retailers or credit card companies.) These fraudulent messages are designed to fool you into divulging personal info such as account usernames and passwords, credit card numbers, etc.

    Other recent examples of phishing email that we have noticed appear to come from PayPal.

    A great source of information on this dangerous activity as well as email and identity fraud can be found here:

    http://www.antiphishing.org

    Site resources include information on phishing, e-mail attacks, and identity fraud, along with links to anti-fraud, online privacy, and law enforcement resources.

    Top

So Where is Your Data, Anyway?

Before you can design and implement an effective data protection plan, you have to know where the data is. This seems so basic, you are probably wondering where I am going with this. Read on.

The refrain to Joni Mitchell's song "Big Yellow Taxi" always comes to mind when I get on this topic:

    Don’t it always seem to go
    That you don’t know what you’ve got till it’s gone
    They paved paradise
    And put up a parking lot

( My knowing that this song was written by Joni Mitchell and not by Counting Crows shows my age :)

Most everyone knows that important data resides on the hard drives installed in a file server and take at least some basic precautions (a tape drive?) to protect that data. But our experience has shown that most people have given little or no thought to protecting data that resides elsewhere. For that matter, many of those that have experienced data loss had no idea that the lost data even existed or was important until after it was gone.

Here is a list of places where data critical to your organization may reside:

  1. File server hard drives
  2. Workstation hard drives
  3. Laptop hard drives
  4. Home PC's
  5. PDA's, cell phones
  6. Firewalls
  7. Routers, switches, CSU/DSU's
  8. CD's (packaged software installation CD's, etc.)
  9. Backup tapes, Zip/Jaz disks, portable hard drives, memory sticks
  10. Phone switch / Voice mail computer
  11. Web server (web site/Intranet content)
  12. Email server (on or off-premises)
  13. Filing cabinets, desks, closets
  14. Papers taped to walls, monitors, etc.

Be honest, did you realize that critical data resided in all of these places? I am sure I missed a few, but you get the picture. Critical data is not just on your file server and you will need a lot more than a tape drive to protect it. But the real point is, you need to know where critical data resides before you can devise systems to protect it.

Top

To subscribe to this newsletter: Click Here
DataGuard archives: Click Here
Related Services from High Caliber Solutions:
    Data Protection Services
    Disaster Planning
    Email Archiving