In the modern world, information technologies and data are the foundation of running business. Data protection is crucial to ensuring normal business operations and reduce the likelihood of unplanned disruption. There are four objectives of data protection: data availability, data preservation, data responsiveness, and data confidentiality.
|Data Protection Objective||Observation|
|Data preservation||The consequences of not having all data complete and accurate have to be thought through very carefully.|
|Data availability||There is no utility in having data that cannot be accessed.|
|Data responsiveness||Slowness kills—if response is too slow, the usefulness of information can go to zero.|
|Data confidentiality||Confidentially has to be applied at all times|
To protect data and satisfy the four objectives, businesses invest heavily on data protection solutions. Some solutions, especially high availability solutions, are expensive because they involve additional data center, hardware, software, and data mirroring or replication tools. Data availability is vital to the day-to-day business operations.
The fundamental assumption is that a business needs to identify business data value to determine data availability needs. Simply put, if the data is deemed as critical then it requires higher availability. Storage Networking Industry Association (SNIA) forum published a data value classification to help identify data availability priority and five steps implementation guide. If the cost of implementing a solution is too high, the data value class and specific components need to be changed. In other words, if you cannot afford the solution, then the data value needs to be lowered.
SNIA Data Management Forum (DMF) Data value Classification
|Data Value Class||Data Availability||RPO (Data Loss Risk)||RTO (Max. Recovery Time)||DPW (Copy Data Time)|
|1. Not Important to operations||90%||1 week||7 days||Days|
|2. Important for productivity||99%||1 day||1 day||12 hours|
|3. Business important information||99.9%||2 hours||2 hours||10 minutes|
|4. Business vital information||99.99%||10 minutes||15 minutes||None|
|5. Mission-critical information||99.999%||1 minute||1.5 minutes||None|
Five-step Implementation Guide
- Identify data value class
- Determine best solution
- Select specific components
- Check system cost
- Confirm decision of change
Is this the best approach? According to David G. Hill, the author of “Data Protection: Governance, Risk Management, and Compliance”, the answer is: No. No statistical correlation has been proven between the value of data and the need for the availability of that data. For example, Amazon’s customer service site may not be deemed as business critical, but the availability is extremely important to the business and its customer satisfaction. On the other hand, an application is mission-critical may not require high availability. For example, a Business Intelligence (BI) system may deemed as mission-critical for the management depends on the reports to plan pricing strategy. However, the BI system does not require that downtime to limited to seconds or minutes per year.
The assumption that mission-criticality leads to high availability may direct IT to provide higher availability that it is really necessary.
Equating mission-criticality and high availability can lead to “straight-jacketed” IT, which means that IT may think it has to provide higher availability than is really necessary for key information, because it follows a formalistic approach rather than thinking through what availability each set of application data really requires. The revenue-generation, operational, and decision-making processes of a business may run only during normal or extended business hours or at specified times that can be known in advance.
Even if the applications that support those processes are scheduled to run 24 hours a day, 7 days a week, some reasonable amount of downtime, say hours in a year if absolutely necessary, may be acceptable if it can be spread out over time (say, once a quarter) and if it is planned.