RenovoData Weekly Articles

As the world stood still and focused on the historical inauguration of President Obama, there quietly came news of the largest single data infringement in history.  Heartland Payment Systems, which processes payments for over 250,000 businesses, may have compromised potentially hundreds of millions of credit and debit card transactions, making it one of the most significant data breaches ever reported.  After calling the U.S. Secret Service and hiring two breach forensic teams to conduct an investigation, it was found that malware planted on the company's payment processing network was the source of the data breach.

The decision to release the news of the breach could be viewed as a way to cover up the magnitude of what had taken place, or to avoid negative press.  Although this information was not immediately publicized when Heartland initially became aware of the problem in 2008, there will be lots of attention that brings it to light once the inevitable law suits arise.  In similar news, USAJobs.gov and Monster.com are two other high profile cases that were targeted by hackers, who stole large volumes of customer data via an automated and malicious Trojan-horse program. 

If these incidents are beginning trends indicative of 2009, data loss prevention and information security should be on the top of every IT to-do list.  A failure to secure the data of the customer is apathetic amongst enterprises and could be seen as gross incompetence, resulting in the collapse of the business following litigation and loss of revenues.  Data is the most important entity that can make or break a company.

Traditional methods of data storage using memory sticks, tapes, CDs, and hard drives are no longer secure.  Using tape (the most common) as a data backup or disaster recovery solution poses a serious threat; as tapes often have to be transported to an offsite storage facility.  While in transit, the tapes might be damaged, lost, misplaced, stolen or inadvertently discarded.  To make matters worse, most of the time the data is unencrypted.  Encrypting data ensures its safety and protection in the event of theft or data loss.

Use a remote backup service provider who has expertise in disaster recovery consulting as the most reliable solution for data breach prevention and backing up sensitive information.  The virtual management provided by a remote backup service provider allows for endless storage capacity and server consolidation.  Most importantly, data is sent directly to an offsite storage vault where it is compressed and encrypted and guaranteed confidential, safe and secure. 

Fact:  According to a report by TrendMicro, annual computer virus damages to U.S. businesses total $55 billion.  Even equipped with the latest antivirus software, viruses continue to pose a serious threat to your most valuable business asset.

Today, we are inundated with news of how the unstable economy is affecting businesses all over; from the subprime mortgage crisis to a prolonged global recession.  This has placed disaster recovery spending in the cost category of a mere luxury expense, causing cash and resources to be diverted away from disaster recovery planning as organizations focuses on survival.  Some businesses may allow their disaster recovery contracts to remain idle and business continuity activities to be cancelled or postponed.  Although these actions all save money for the business initially, they do away with cautiously planned defenses, leaving the potential for vulnerabilities such as theft, fraud and equipment failure to be heightened by the recession.

Many businesses are under the misguided assumption that making less money means there is a need to spend less on disaster recovery.   However, this is actually where the emphasis on IT security spending should be placed; as businesses are less likely to bounce back in the event of a financial crisis.  Neglecting this area can have detrimental consequences for businesses of all types.  Disaster recovery should be considered an essential methodology for ensuring business continuity and survival in these tumultuous times.  A comprehensive disaster recovery plan is critical now more than ever.

This is especially important for small and medium-sized businesses (SMBs) where streamlining and cutting back on expenses are inherent in business operations.  However, SMB owners must take into account that without any disaster recovery plan in place, they are at risk of losing revenue that could perpetuate their demise.  Major components that should not be overlooked are data loss prevention and continuous access to mission-critical data.

Disaster recovery planning is like car insurance:  you hope you never get into an accident or have your car stolen or vandalized.  However, if you fall victim to any of these scenarios, the insurance is priceless.  Likewise, no company should go without risk planning and safeguarding their IT resources through some sort of disaster recovery plan.  It makes good business sense to plan for the worst to ensure your business maintains operations in the event of a disaster.  Storing data at a secure offsite backup and disaster recovery location that is far away from facilities where your business primary operates is the best place to begin. 

Fact:  It has been predicted that the number of people affected by data loss is expected to increase this year.  KPMG's Data Loss Barometer stated that the global figure could increase to 190 million in 2009; a 98 million increase of those affected in 2008.  Malcolm Marhsall, partner at KPMG, explained that companies are set to become more vulnerable due to budget constraints brought on by the credit crunch.   KPMG's previous Data Loss Barometer found that half of the reported incidents were caused by internal sources, while 25% were the result of computer theft.

Today hasn’t been one of your best at the office…your SQL data is corrupt and you have to restore from a tape backup.  As if things weren’t bad enough, tape backups can take many hours - if not days to HOPEFULLY recover your data!  Let’s say that your SQL restored, but it’s the version of the last tape backup! Now your organization has to recreate the lost data that was not covered from the last full backup.  The ripple effects can impact the entire organization.  To add insult to injury, the data loss could result in compliance violations and heavy fines.  Now you are trying to figure out how to break this to your manager who needs critical information housed on the server prior to a client meeting in an hour!  

With this scenario, it would be safe to say tape-based solutions are not your safest method of preventing costly SQL data loss and application downtime.  The most reliable solution would be one that provides offsite disaster recovery while enabling continuous, on-demand access the moment a disaster happens – with minimal loss of data or productivity. 

When the SQL Server goes down, profits follow.  Ensure business continuity and rapid disaster recovery by avoiding these common SQL Server backup and recovery mistakes:

Mistake:  Writing backups directly to tape. 

Solution:  Use an offsite backup service provider to enable you to immediately identify where to find the file when you need it.  Doing so will make the recovery process faster and more reliable.  The virtualized infrastructure of an offsite solution has the capacity to identify the exact point the restoration needs to take place.

Mistake:  Failing to test backups.  

Solution:  It’s important to test your full, differential and transactional log backups on a standby or developmental server at least once a month.  Although it’s not necessary to test all backups that you create, you should at least go through the testing cycle for a full recovery just to become familiar with the process.   

Mistake:  Failing to check success of backups.

Solution:  Check your scheduled jobs every day to ensure they are successfully completed.  In the midst of doing so, observe the length of time the job took to finish and make sure everything is running according to baseline, and completed within the backup window.

Mistake:  Writing backups to the same disks as data files. 

Solution:  Create your backup files on a separate disk to avoid the chance of losing both your data and backup files.  The best option would be to hire an offsite backup service and disaster recovery company to backup your files on a virtualized server in the event of a complete server failure within your organization. 

Share some of your stories and lessons learned on backing up your data in the comments section below.  Also, be sure to download RenovoData’s SQL whitepaper. 

Fact:  According to the National Computer Security Association, without adequate backup it takes:

• 19 days and $17,000 to recreate just 20 MB of lost sales/marketing data
• 21 days and $19,000 to recreate just 20 MB of lost accounting data;
• 42 days and $98,000 to recreate just 20 MB of lost engineering data.

The online blogging service, JournalSpace.com, has learned a hard lesson on the importance of reliable backup after the drives that housed their entire database was destroyed.  It was reported that the bloggers behind JournalSpace depended on a dual-disked mirrored RAID (Redundant Array of Independent Disks) system as their backup solution.  The problem with this is:  their backed up data was never truly backed up.  The rationale was if the primary drive fails, the secondary drive was thought to recover the primary drive.  However, this was a risky way of doing business in that it only provides protection from one drive.  While the RAID mirror technology would prevent the company from collapsing in the event of a single disk failure, it cannot prevent data loss due to software malfunction or disaster caused by external forces.  In the case of JournalSpace, it is speculated that a single individual was responsible for the data loss, sabotaging key servers that caused other servers to follow suit (maybe this is where “redundant” comes in).  Once the data was gone it could not be recovered even by a data recovery company since through a RAID system, when a file is wiped out from one drive, it’s automatically deleted from the other.  And to think:  this company relied on this method as backup for 6 years!

JournalSpace learned at a very high cost the reasons why the mirroring capacity through one of the many RAID configurations is not a sufficient substitution for secure backup.  If JournalSpace would have used a disaster recovery and offsite backup provider, the data would have been saved  and the business would still be operating.  A major benefit of an offsite backup solution is that generations of backup are housed through the tiered architecture whereas if there is a corrupted file, the offsite solution will “rewind” the version of the draft before the damage hits.  In this instance, the company will not only have the benefits of full disaster recovery and business continuity, but also will be further protected from being a victim of data corruption.

Fact:  According to a report by the Gartner Group, 100% of disks and tape drives eventually fail.  Are you safe in knowing you have a reliable disaster recovery plan in place?  Share your thoughts and comment below.