Secure Data-Archiving: How to Protect and Store Your Data

by Ed Ginty

Out of sight doesn't mean out of mind when it comes to organizations managing their archived data. Just because data has been moved from primary disk storage to secondary disk, tape, WORM or remote sites does not mean that it's any less valuable to the organization now then it was when it was first saved.

If industry speculations are true, somewhere between 60 to 80 percent of all stored data has only been looked at once or twice. Yet, this same data is often stored more than once or it is being backed up several times. This has spawned one of the latest hot spots in the data management technology field, Data Archiving.

Typically, organizations don't really know how many times their data is being stored or exactly where it is being stored. Oftentimes data-archiving has been relegated to just moving data from an expensive source to another less expensive source to save money and then it's forgotten. That is until something comes up and it has to be found and recovered quickly. This is when that old data is business critical. Can your data be recovered quickly when it needs to be?

Ever changing government regulations and a highly litigious society make quick and thorough access to years of stored data a necessity, not an option. Not having evidentiary data available has become a Pandora's Box for executives, often placing them in serious trouble, legally, financially or both. Legal forensics and law firms alike continue to enjoy excellent revenue streams from their organization's data retrieval business units. This is because few organizations are able to recover all of their required data in time, if at all. And, now that many senior level executives are being held personally accountable and liable for their organizations inability to produce critical data for audits and the courts, the ability to deliver this data, in its entirety, is becoming even more critical.

The good news is that safe data-archiving technologies are now available at reasonable costs. Correctly selected, this technology is proving far less expensive to acquire and implement than is the overall costs of most single legal forensics data retrieval/reporting engagements. Implementing a proper data-archive technology can provide substantial savings to organizations not only in the form of hard dollars, but in time, operational, business disruption savings, and emotional cost savings as well. Many of these new technologies are non-disruptive to implement and are easy to learn and manage. And, best of all, they work well. They can make worrying about data being misplaced or being unavailable at a moment's notice a thing of the past.

A Typical Scenario
It's Friday morning and you just received a telephone call from your CEO stating that your organization is being audited, sued, or is named in a business partner's lawsuit. Your CEO has been instructed by counsel to provide every bit of information relating to the suit or audit by the following Wednesday. You opt for which of the following actions?

  1. Go home sick for a few days and hope the whole thing will blow over.
  2. Pull your staff in for a weekender and drop all your projects in an attempt to retrieve data from hosts, arrays, backup tapes, WORM disks, etc., hoping that you can find all required data.
  3. Place an emergency call to your favorite legal forensics firm and hope that they can come out and find all the data while you figure out how you are going to pay them.
  4. Enter simple search criteria, click the mouse button and like magic, years worth of select key data is all right there at your fingertips.

Although choice number four seems to be the favorite selection, unfortunately, surprisingly few organizations have the technology to implemented it.

Traditional Methods or Archiving: Which Is Your Organization Utilizing?
Back-up Tapes: This technology has been around for years. However,

  1. Cost: The same data being backed up again and again keeping tape media and media storage costs up.
  2. Reliability: When was the last time that logs were checked against actual data backups via hard testing? Is the data still on the tapes and readable? Was all the required data successfully backed up in the first place and on matching media?
  3. Management: Where are all the tapes kept? Which ones do you need? Can you get to them in a timely fashion? Are any missing? Is retrievable data still on them?
  4. Extras: What about all that information in those PST files? Have they been backed up?
WORM (write once, read many) Technology: Because it cannot be written over, most people assume it's safe. However,
  1. Reliability: The good news is this technology works and is highly transportable. The bad news is this technology works and is highly transportable. In other words, the media is light and can be carried off site for any number of purposes increasing the risk of loss or damage.
  2. Management: WORM media can be read by anyone possessing a reader. Most WORM media is not encrypted by default, leaving the data open to unauthorized eyes.
  3. Extras: Not all WORM technology offerings are backwards compatible over years of equipment upgrade paths.
  4. Security: Data is fairly easily accessible over the network to unauthorized, yet computer savvy persons.
Disk-To-Disk: This is a safe and reliable solution. However,
  1. Reliability: It's fast and it works. Excellent software is available. Very good when a similar or mirrored set-up is located at a geographically remote replication DR site which is tested often for data alignment.
  2. Security: Modern day, secondary disk drives, like primary disk drives, are easily hot-swappable, but it's so easy that one only needs to unlatch the drives from a shelf and walk out the door with them. Unfortunately, this is happening often, even in high security environments.
  3. Extras: Those who have already invested in large basic arrays which can support disk-to-disk technology can usually scale those arrays to keep up with growing data retention needs. However, those who have not yet invested big may be facing a pretty intrusive and expensive upgrade.
  4. Management: How do you know that your disk based archives were not wiped out by accident or on purpose, or were stolen? Who's checking on the integrity of the data on a regular basis, until it's already too late?
Purpose-Built, Secure-Archive Devices: The latest technology and nirvana for the "Archive Worrier."
  1. Reliability: Disk drives are sealed within nodes and are inaccessible. All data is mirrored and stored as objects spread across random drives. No single points of failure exist.
  2. Security: All data is encrypted. Because it is not stored as files it is unreadable to external sources, making it useless to the outside world. Stored data cannot be erased or destroyed until pre-assigned erase dates are met, regardless of password or admin rights.
  3. Extras: Reasonably priced technology. Utilizes IP for easy data replication to remote sites. Can be backed up in its encrypted format for tape backup supporters.
  4. Management: Self-healing for data corruption concerns. Nodes are easily replaced in hot mode and the data is useless to readers. Utilizes single-instance save mode, which reduces the amount of data that needs to be managed. No end-user intervention or changes to their operations required.

Secure Data-Archiving Can Be Simple and Cost Effective
Who says that moving data from one place to another lessens the value and or the criticality of that data? If organizations only secure their main data repositories, then who is protecting the secondary or archived site data? It's the same data, just stored in another place.

Things you should consider about your organization: Where does the responsibility for an organizations data sit? Who owns it - board members, executives, managers, all of the above? If unethical, disgruntled employees, or, anyone with malicious intent for that matter, wanted to steal or damage an organization's critical data, wouldn't it make more sense for them to go after the data in places where there is less attention paid to it, such as data archives, rather than in the better protected primary storage areas.

At Secure Data Group, we recommend that clients look at archiving as critical parts of a holistic and data security solution. We suggest that clients implement a global data protection solution which will protect all of their data anywhere it data resides. Whether it's at rest in primary or secondary/third repositories or while it's in transit across the LAN/WAN/Internet, all data should be treated as critical.

A key to remember is that data does not necessarily lose value with age. If five year old data is required for trial or audit purposes, that data is just as important as today's data. The bottom line remains that data needs to be well protected and highly accessible wherever and whenever properly authorized people require it. Technology is available to provide this and it's reasonably priced. There are few valid excuses left for executives facing courts and or auditors for why they cannot produce required data.


About the Author
Ed Ginty is with Secure Data Group.