Data, Security

Importance of Data Resilience

Data loss is inevitable; it happens that’s just the way it is. But there are ways to limit the exposure a company has to data loss and the likely hood of being a data loss statistic. Here is a run-down of some of the ways others have experienced data loss.

Intentional Deletion of Data

Perhaps surprisingly, intentional action data loss is a prominent source of data loss. A disgruntled employee or an ex-employee who still has VPN access can be a source of data loss. Jason Cornish was a former IT worker at the US subsidiary of Japanese pharmaceutical company Shionogi. In 2011 he installed a vSphere console which allowed him to delete multiple virtual servers after his employment had been terminated. The virtual servers held applications and data for running email, fulfilling orders and carrying out financial transactions. The cost of the data loss, which halted much of the company for days, was estimated at 800,000 dollars.

This type of data loss highlights the need for excellent password management to be put in place. On this occasion, a change in network passwords after the termination of Cornish would have prevented this type of data loss.

Furthermore regular audits may help identify software that should not be installed on a system such as VPN tunnels or unauthorised admin software allowing former IT staff to go rogue. Of course it’s not just the IT staff that are a danger to data loss. Another example of intentional data deletion is the case of Marie Lupe Cooley. She was worried she was going to get fired – wrongly as it happens – so decided to delete 7 years’ worth of architects plans at the Florida architect s firm of Steven E. Hutchins. This example however turned out to be one of good data resilience with the firm in question able to restore the deleted data. However it also highlights how non-current data could be archived with restricted permissions to prevent a potential data loss.

Unintentional Data Loss

Misplaced data can happen. Back in November 2007, two CDs containing 25 million records was lost by HM Revenue & Customs in the UK – the largest data loss ever recorded in the UK. In the aftermath the need for greater staff training on the needs to encrypt data before transportation and how it is transported was highlighted as solutions to prevent similar incidents. In this example questions were raised on why so much data was transferred together rather than split up into sections and also why a junior manager had the ability to export out so many records onto a portable format that subsequently could be lost.

Hardware Failure Data Loss

Hardware is the most common reason for data loss with inadequate resilience built into data storage. The use of RAID technologies has left no excuses for organisations not to have adequate redundancy on their disk storage allowing data to be replicated in the event of failure. However, many businesses are not moving with the technology and relying on systems that do not give the best of cover. For an in-depth discussion on the reliability of the different versions of RAID and the latest solutions read this piece on data resilience by Memset founder Kate Craig-Wood.

Data Loss from Natural Disaster

Natural disaster in the form of earthquakes, flood, tornado, monsoon or fire can be absolute in their destruction with little in the way to mitigate them when they happen. The only safe way to guarantee data resilience in those instances is to have dual or multiple locations for your data spread across a wide geography.

Written by Ben Jones a tech writer that specialises in online security. Follow him on Twitter or Google Plus.