RenovoData Weekly Articles

An effective data loss prevention solution can be seen by employees as a powerful tool for maintaining market leadership. It can protect irreplaceable research and development efforts, valuable intellectual property, and trade secrets. A sound data loss prevention solution can also give employees the added assurance of brand protection by potentially saving the organization from an embarrassing incident. However, if not managed correctly it can also create an environment of employee mistrust—or worse; expose the organization to fines and lawsuits for privacy violations. For example, some solutions violate United States and European Union regulations by collecting all traffic. Others don’t provide role-based access controls to determine which monitors can see what data. Without the appropriate safeguards built into their software, these solutions potentially expose an unprotected organization to violations.

An efficient data loss prevention solution needs to balance the requirement for corporate protection with the need for employee privacy. It should deliver on the following three requirements of Global Employee Privacy Protection:

• Targeted, policy-based monitoring that allows an organization to define specific attributes of confidential data

• Highly accurate detection technology that finds targeted data while simultaneously minimizing the risk of false positives

• Role-based controls that limit viewing of quarantined data to only those individuals who are approved to see it

Rising government mandates and intellectual property (IP) protection are the major driving forces of the high standards revolving around data loss prevention.  In today’s vulnerable economy, spending priority should be around enhanced data security.  Increased regulatory compliance requirements, layoffs and job insecurity have intensified concerns about employees sabotaging or running away with sensitive business information.

Most organizations fall under one or more state, federal or international regulatory mandates.  Compliance standards such as those within the Heath Insurance Portability and Accountability Act (HIPAA), Gramm-Leach Bliley Act (GLB) and Sarbanes-Oxley (SOX) are requiring corporations to take measures to safeguard private and personally-identifiable information.  There are currently thirty-five states within the U.S. which mandate companies attacked by data loss to notify individuals in the event that their personally identifiable information is breached.  

Data loss prevention is not only of significant interest to health care and financial industries, but also for nearly all companies that conduct business worldwide.  Organizations face several obstacles that make it difficult for them to maintain regulatory compliance.  Mistakes such as sending an email which contains unencrypted credit card data, or distributing a report revealing employee or patient medical information with an unauthorized person can be considered regulatory violations.

A down economy generates a more competitive business environment, making IP protection detrimental for all companies.  This is one of the most important assets belonging to any business and serves as a key motivating factor for data loss prevention efforts.  With there being so many forms of documented data that could be considered a trade secret (such as data pricing, marketing strategy plans and customer information), company insiders may not be fully aware they are handling IP.  It is therefore the company’s responsibility to take the necessary steps to protect critical IP.  This begins with an effective data protection and disaster recovery plan.

Fact:  U.S. businesses are losing approximately $250 billion annually from trade secret theft (United States Trade Representative).

Over the past decade, the world has gotten more electronically connected in a multitude of ways. Whether while traveling, in the office or at home - most people are never far away from an electronic medium that holds the capability of linking people to each other nearby or halfway around the world. The complexities of daily business have made instant access to electronic data more and more crucial, and increased the need to put effective data loss protection measures and potential disaster recovery solutions in place.

Take global alliances for instance: many companies have international offices, outsourced managed service providers and offshore development offices that each exponentially increase the chances for data loss. Communication practices as simple as sending e-mails can compromise confidential information that instantaneously travel across the world. Overall, the environment is ripe with opportunity for data loss.

Today's workers experience a far greater amount of flexibility in their work location and hours than those of previous generations. A May 2006 U.S. Chamber of Commerce report stated that 20 million Americans telecommute. This indicates that electronic communications have become the lifeline to the office, with important and perhaps sensitive company data transmitted back and forth throughout cyberspace. This is a prime target for hackers and criminals to hijack.

Throughout the years, organizations have spent an immense amount of resources on data protection for the purpose of safeguarding their mission-critical information. However, the bulk of their efforts have been centered on preventing outsiders from hacking into the organization. Ironically, studies have shown that the majority of information leaks are resultant from data loss inflicted by employees and company partners. There is some research which shows that more than half and as much as 80% of data breaches are caused by company insiders. A business does not need vastly dispersed offices or a staff which heavily telecommutes to be fertile ground for data loss. Employees can cause a data loss disaster for their company with the simple click of a mouse - whether done purposefully or accidentally.

Professionals within the medical industry are faced with new advances in technology that generate more electronic data than ever.  The obligation to meet strict patient privacy and government compliance standards surrounding data protection has intensified with the shift to electronic medical records.  This rapid advancement in digital data growth and government regulations calls for more accountability to protect patient confidentiality through administrative procedures, technology and a thorough offsite data backup and disaster recovery plan.  Consequentially, medical professionals are turning to managed service providers that offer secure offsite backup and disaster recovery consulting capabilities.  These remote backup companies provide the reliability, recovery time objectives and data security required to ensure patient privacy and business continuity.  

Remote backup companies present a broad choice of various cost options according to the amounts and types of data files that need to be stored and protected.  A dependable offsite data backup provider should back up several variations of mission-critical documents and allow an organization to carry out a point-in-time recovery in the event of a disaster.  Even though there are some documents which change on a consistent basis, there are those medical records that are never altered once initially produced.  One case in point:  a radiograph or signed certificate will go unchanged years down the line.  Therefore, it would be unnecessary to store these files through a remote backup solution which backs up at multiple restore points intermittently.

A practical and low cost alternative would be to move all unchanging and infrequently retrieved data to a lower-cost tier within a tiered storage solution.  Consider using an offsite data backup company that provides tiered storage solutions within their disaster recovery services.  This data archiving system stores and protects files that never change, such as e-mails, pictures, signed documents, videos and static medical records like x-rays.  This is a less expensive resolution than storing data on a higher tier that is not essential for rarely-accessed and invariable data.

A reliable and efficient offsite data backup service provider should offer cost-effective data protection and disaster recovery solutions.  Excessive fees can be eliminated by reducing costs associated with agents, licenses and hardware.

Agent-based solutions are usually more costly because in most cases the software is proprietary to the service provider and needs to be installed on every computer in the network.  An agent is the software that resides on the network as part of the backup process that communicates which data from a particular machine needs to be transferred to a specific remote backup storage location.  The use of agents by remote backup companies could affect the success and cost of the backup and recovery process.  For example, when agents are set up on every machine in the business, physical hardware which was destroyed have to be replaced and agents must be reinstalled on each machine to recover data following a disaster or power failure where there is complete data loss.  

Leading offsite data backup service providers employ agentless backup technology.  Agentless backup is a backup and restore process that eliminates the need for individual software installations, or agents, to be installed on target servers requiring protection.   With an agentless architecture, there is no need to install software on any other machine to have them fully backed up. If the backup machine is lost in a disaster, a bare metal restore will quickly and easily replace not only the data, but also the system state, applications, registry settings and the agent software that allows the affected computers to be restored back to their last backup state.

There are some remote backup companies which charge licensing fees.  When it is all said and done, high costs incurred by many managed service providers revolve around the amount of data that is being stored at the offsite data vault.  Most of these companies charge a licensing fee for each additional computer that is added to the network to be backed up.  Choose an offsite data backup company that only charges for the amount of data which is stored, not how many machines are in the network.  This renders a “pay as you grow” scenario instead of paying for permission to install agents on each machine. 

Offsite data backup eliminates the need for costly tape-based hardware and other multi-media devices.  The premise with remote backup is to simplify the backup process by reducing the number of hardware devices.  A sound remote backup managed service provider will provide user-friendly, flexible software, removing the reliance on extraneous hardware.

When researching offsite data backup service providers, make sure they provide the most cost effective solution for the needs of the business.  Additionally, ensure they are focusing on cutting unnecessary fees by removing costs associated with agents, licensing and hardware.  This not only saves money, but also reduces the amount of resources needed for effective data backup and recovery.

The American Recovery and Reinvestment Act was enacted as an effort to boost the national economy out of a prolonged recession. The Act proposes a $787 billion economic stimulus package which contains a number of items that likely will offer grants for organizations that invest in green IT solutions. Below are specific areas that may hold potential funding opportunities for spend allocated to IT data recovery solutions.

Digitizing Health Records.  The medical industry is facing new mandates to make patient records more secure. $19 billion will be allocated for modernizing healthcare record-keeping and implementing health information technology to lower costs and improve quality. Doctors’ practices will receive between $44,000 and $64,000 in incentives to computerize medical records, and hospitals will get as much as $11 million each. A reliable remote backup company helps meet the critical need for secure offsite backup, server virtualization for disaster recovery remote backup storage solutions which the government mandates as a uniform, nationwide benchmark in patient record-keeping and compliance.

IT Energy Efficiency.  Energy providers will provide significant incentives for entities that
implement projects toward reducing energy consumption. $20 billion in tax rewards for energy
efficiency projects will be awarded out of the stimulus. An offsite data backup company that provides economic and ecological solutions through server virtualization and data deduplication helps reduce energy utilization and simplifies the IT infrastructure within an organization.

The proposed budget allocations from the economic stimulus presents a big move to areas such as healthcare, energy and the environment.  There is an underlying indication that IT solutions like those offered by an offsite data backup and IT disaster recovery services provider helps meet efficiency standards through providing more streamlined operations and meeting stringent security and governmental regulations regarding data protection.  The proposed benefits of the economic stimulus offers further encouragement that now is the time for “greening” IT practices and taking vigilant steps to ensure sound data loss prevention measures are put into place.

Data Deduplication

Key Benefits of Data Deduplication