Protecting Against Data Loss Has Gotten Even Harder

Currently IT and storage pros spend a lot of time sweating data loss.  They know that losing their company’s information would have a substantial impact on their business, not to mention in some cases, on their own career prospects. In fact, many folks have told me it is a resume generating event in a lot of cases.

These folks take heroic measures to assure they don’t suffer a data loss. One way they do so is by creating an environment where redundancy is everywhere. This relentless protection from data loss is why companies like Commvault and Veeam exist.  Heck not losing data is so important that people have been putting up with tape as backup for years as a way to make sure there’s never a total loss. This paranoia is exactly the right behavior. It was right in 1969 and is still right in 2015 and beyond.  However, for today and in the future, even this type of behavior is not enough.

The definition of loss hasn’t changed in all this time, yet the threats against the data have grown exponentially.  In the storage world, the definition of loss is in physical terms. Is the data where you left it or is it gone, can you read it?  This definition is absolutely correct but only tells a fraction of the story.  Data can now be kidnapped and held for ransom.  It can also be virtually stolen, which is sort of like identity theft.

In a data kidnapping case for example, a user may click on something that seems important and as fast as an IT Admin can say “No!” the damage is done.  The data can be crypto locked and pretty soon senior leaders of the company are learning to buy bitcoins to get the data back.  

Is this crypto lock example truly data loss?  Well it meets the criteria that the data’s not accessible, users are unhappy and the business can’t move forward until access to the data is restored.  An incident like this is similar to data corruption on a grand scale.  What makes it difficult is that some of the data is still good and some the data is locked.  It’s often difficult to tell what’s happened and what can be used.  Is it IT’s fault when an event like this occurs?  Certainly not, but then was it IT’s fault when a RAID set toasted and they spent the next three days restoring from back up, while you are wondering if you should check to see if Walmart is hiring?  When it comes to data availability, integrity, and privacy the buck starts and stops with IT.

In the case of virtual data theft, the ramifications are unknown at least to start.  It usually happens like this.  Someone breaches your IT infrastructure either illegally or someone working for the company gets curious.  They start wandering around in your network until they gain access a server they can start to sift through data on.  Once they have found the data they want, they either start downloading information to sort through it later to figure out what’s in it, or they are really bold and look for things they can sell or ransom on the live site.  With this type of breach it is difficult to know it’s happening and harder still to detect what they found and what the exposure is.  Another common practice, unfortunately, is people are confused about who owns the data within a company.  When they leave or if they’re asked by a friend, many folks simply download information for future use.  This could be critical IP, such as source code, trade secrets or customer lists.  This is also theft that can negatively impact your business.

All of these new types of data loss need to be understood and protected against.  If you ignore them, you put your company at risk and your job in jeopardy.

So I know what you are thinking, it seems like we have been trying to make protecting data against physical loss simple for a long time now.  This has been cumbersome, problematic, time consuming and frankly, for the most part, what you hate most about your job.  How can anyone expect you to protect against virtual threats too?  Well virtual threats are more likely to happen, and can be just as damaging to your company.  Many high profile executives have lost their jobs over virtual data theft.  It is a priority for them to stop this practice.  Can this happen to your company?  There are as many small and mid-sized companies where data has been stolen as there are Fortune-500 companies, they just don’t garner the headlines.  In fact, not all cases of virtual data theft are even reported at all, so the real numbers are significantly larger then you’d suspect.  One just needs to look at the report published by the Identity Theft Center to see a company that looks similar to yours.

So what is an IT organization to do?  First, IT must protect the data entrusted to it.  Second, IT must do this with no additional budget or staff.  Those two requirements sure make it seem like an impossible mission, but it doesn’t have to be.  Just as modern storage has automated most aspects of storage management, such as performance optimizations, capacity management and storage provisioning, a new generation of storage is emerging – data-aware storage.

Data-aware storage automates the process of protecting your storage from both physical and virtual data loss. It knows when the change rate of your data is higher than normal and proactively takes a DiscoveryPoint (intelligent protection point, think of a snapshot on steroids) before all the data is locked down.  It also helps you keep track of your information, helps determine if there is sensitive information in your unstructured data, also tells you who is accessing the data and when they are doing so.  It can alert you when site defined sensitive data is saved to your storage so you are in a position to protect it.  This is all done at the point-of-storage, without any additional complexity or cost to your IT infrastructure.

It’s time you started to be proactive about protecting your data from all the threats to your company from both physical and virtual data loss. What is your company doing to defend against all types of data loss?

  Like This

Paula Long

Paula Long is the CEO and co-founder of DataGravity. She previously co-founded storage provider EqualLogic, which was acquired by Dell for $1.4 billion in 2008. She remained at Dell as vice president of storage until 2010. Prior to EqualLogic, she served in engineering management positions at Allaire Corporation and oversaw the ClusterCATS product line at Bright Tiger Technologies. She is a graduate of Westfield State College.