Iron Mountain

Iron Mountain

New Research

Taking Data Protection to the Edge
Digital Data Protection Must Cover Today's Mobile, Extended Enterprises

In today's information-driven world, many businesses are working within the reality that data increasingly lies at the heart of their success. At the same time, the workforce has become more scattered, a fact driven home by the explosion of mobile workers. According to a study by IDC, the global mobile work force is expected to grow to 878 million mobile workers by 2009. With that explosion has come a data migration, as business-critical data moves from the safety of the data center to local storage such as individual laptops, servers and PCs. Business leaders need to access, analyze and draw insights from their corporate data—all within a corporate environment that is increasingly driven by regulatory issues to closely track, monitor and protect business data regardless of where it lies inside—or outside—the workplace. "Companies are realizing that there's a whole lot of data out there, and a lot of it is outside of data center control," says Kevin Roden, CIO of Iron Mountain. "That risk to a business is magnified exponentially with the changes in privacy regulations and requirements." In this new world, it is increasingly obvious that CIOs must have more than a standard, centralized backup and recovery plan—they must build a strategy that protects data wherever it resides in an increasingly mobile world. The question is, how can they do so within the constraints of an IT infrastructure that may not be able to protect mobile data?

At issue is a basic disconnect between how data is used and stored and how it is protected. Many disaster recovery and data backup plans are written for data centers, and completely neglect the data that resides elsewhere, such as remote office servers or laptops and PDAs. That translates to huge business vulnerability, as much data—as high as 60 percent—is decentralized and lies outside of the centralized cone of safety. Such mobile data constitutes a huge risk factor. Tape backup methodologies outside the data center are largely undermanaged and unreliable. In fact, according to Gartner Group, more than 40 percent of such data is not properly backed up each night. Moreover, when those backups do occur, they are not conducted within the centralized control of IT, but rather by remote workers with little interest or expertise in backing up data. "The problem is that remote offices rarely have the resources to manage data protection and security services," says Brian Babineau, an analyst at Enterprise Strategy Group in Milford, Mass. With such an unreliable plan in place, it's small wonder that Storage magazine estimates 77 percent of companies that conducted a backup audit also discovered bad tapes.

At the 2004 Gartner Data Center conference, 69 percent of attendees said they were unhappy with their current back up solution for remote servers, and with good reason. The risk to data on mobile technology is even greater, as it represents a twofold danger." Mobile workers are taking critical information out on the road with them, but it's challenging to protect that data and recover as needed," says Babineau. "On top of that, you have to figure out how to secure that data if somebody loses their laptop." The business risks are huge, as failure to protect such a large quantity of business information puts both corporate reputation and revenue streams at risk. Many businesses cannot stand an extended disruption of business yet they continue to take daily risks with the safety of their data, through either outright neglect or overburdening an IT staff with tasks that take them away from their core mission to add business value through innovative technology implementations. The end result is sobering: a company that is vulnerable to disaster, fraud, exposure and potentially disastrous errors.

Smart CIOS realize that a standard, centralized backup plan is no longer sufficient. Rather, they must build a strategy to protect data that increasingly resides at the edge of the network in an enterprise, rather than in a centralized data center. "We're seeing the more forward-thinking companies and people who understand the value of information on the edge of the network, and are starting to build a strategy to address it," says Roden. Roden recommends the following as vital to success:

Here, CIOs should look for reliable, secure and automatic backup and recovery services that offer a breadth of options and choices, Web-based access and centralized control are vital. Look for the ability to access and manage media, control authorization levels, and initiate physical security on a laptop as well. The key is to automate here—users cannot be relied on to secure and protect their data and mobile devices. A service such as DataDefense™ is key. Data Defense™ provides automatic, intelligent encryption of all sensitive PC data, without requiring any special action by the end-user and regardless of whether a system is online or offline. When a system is reported lost or stolen — or Data Defense™ detects behaviors that are inconsistent with authorized use — sensitive data is automatically eliminated and the PC is disabled. "The approach is to take as much uncertainty out of the equation as possible," says Roden. "It's important to make sure that accountability lies with the data protection solution, not the users."

CIOs need coverage all the way to the network's edge, including data on distributed and remote servers, without the risks and failures inherent in tape backup products. By choosing reliable integrated backup, offsite data protection and recovery services, CIOs can build a strategy that encompasses each piece of the data protection puzzle without having to build a fragmented layer of services. The best solutions also reduce the overall TCO of data protection by reducing tape handling and maintenance costs and risks while simultaneously lifting work load from the IT staff. "If you're a bank, you want your best IT minds thinking about applying IT to financial services, not backing up data," says Roden. "You need to look for solutions that are automatic and reliable, and require no human intervention."

Data protection strategies must also maximize the business value of corporate data by providing timely recovery and assuring business continuity. Arriving at acceptable recovery levels means that CIOs must weigh business risk versus recovery costs, so it's important to be able to access an array of service offerings that can be chosen to match differing levels of business data." Having choices from a service provider to deliver various RPOs (Recovery Point Objectives) and RTOs (Recovery Time Objectives) is crucial, because not all data is equal, and not all of it should be protected equally," says Babineau. In the final analysis, CIOs must make a choice: Do they care enough to protect and secure data at the edge? And if so, how do they do it? "You can shell out a ton of budget dollars on tape drives and backup software for PCs, along with the labor involved in managing the backup and convincing employees that it's important," says Babineau. "The alternative is to use a solution that takes the responsibility, and does all that for you automatically.

© 2009 Iron Mountain Incorporated. All rights reserved. Iron Mountain and the design of the mountain are registered trademarks, and Iron Mountain Digital is a trademark of Iron Mountain Incorporated in the U.S. and other countries. All other trademarks and
registered trademarks are the property of their respective owners.

Published by

Digital Authority - Newsletter

Contact Us

800-899-IRON, Option #4


Data Security: What the Law Requires of IT
IT's legal duty to secure sensitive data is complex and continuously evolving. Here's how to avoid the legal ramifications of a data breach.

Data Protection Weighs Heavy on IT Execs' Minds
The average company's losses to fraud increased by 22 percent since last year, and the average business lost $8.2 million to fraud during the past three years (last year's figure was $7.6 million).

Busting the 10 Myths About Data Protection
Whether from security breaches or careless insiders, data protection is on the mind of every CIO these days. However, many don't know that it's steeped in misconceptions.

Best Practices or Best Effort?
IDG Research, featured in Digital Authority, reveals that IT professionals understand the fundamentals of managing and protecting data, but have questions and concerns about outsourcing those functions.


More Digital Authority stories found at