Asked about his organization's data protection strategy, Dan Zinn pauses for a beat before responding, "guns."...
And because he's the CIO of the 15th Judicial Circuit of the Florida State Attorney's Office, that's partially true.
"It's kind of interesting, because we've always been very careful with data protection," Zinn said seriously. "Physically, our location is a perfect target for a car bomb. I've always kept that potential in mind -- that someone could roll in a van and take out the building."
And because he also can see the ocean over the flat terrain of West Palm Beach, Zinn is well aware that a tsunami or hurricane could be a big problem. "A Category 5 will empty this building," he said, explaining that, facing such natural and unnatural threats to data security, he looks at two levels of data protection: from extreme disasters (a tsunami or an explosion), and from hurricanes, "which you have time to plan for." "That is our worst-case scenario," he added. To cover both levels, he recently switched from a weekly tape backup service provided by Iron Mountain Inc. to cloud-based storage offered by Iron Mountain and CommVault Systems Inc.
"Next in data protection is, how do you protect it with encryption? -- not so much on the servers, but any time tapes or data is in transit," Zinn said. So the cloud -- not guns -- is his real data protection strategy. The solution has its challenges, however: In the 15th Judicial Circuit, an increasing number of cases are being prosecuted, leading to more individual files and larger files; and those in turn have a drastic effect on the throughput of information.
"When you have to attach a 10 MB file, and you have 3,000 or 4,000 of them going on, it tears up the system. There's not a pipe big enough. I have a gigabit to the desktop, at least two to four gigs to the server," Zinn said. "And yet, I'm experiencing some bottlenecks. Is the cloud going to be a solution for that level of business?"
It may be, and it may not be. The cloud approach to data protection "requires proper bandwidth for peak data transfer, so if there is too much data to squeeze through the available pipe, jobs may fail or take a long time to complete," noted Lauren Whitehouse, senior analyst at The Enterprise Strategy Group Inc. in Milford, Mass.
"There are a lot of different approaches" to data protection, Whitehouse said, including end users backing up endpoint devices locally, backing up data to a network, automating a server backup, subscribing to cloud storage, and virtualizing the data center to maintain centralized control. There are so many choices, in fact, that Whitehouse advises CIOs to "have someone in the IT group manage that."
Hair-raising concerns about data protection
For such businesses as Bosley Inc., a hair restoration company based in Beverly Hills, Calif., the data protection strategy isn't focused on bandwidth as much as on network security. "We're in the process of merging with multiple companies," said Mark Davenport, IT director at Bosley, which, with its sister company Aderans Research Institute Inc. conducts research into cellular hair regeneration (loosely called "hair cloning"). Another company with which Bosley has a strategic relationship, Intercytex Ltd., is conducting research into cellular-based hair multiplication biology and tissue engineering in Manchester, England.
"There are different ways, processes and computer systems," Davenport said. "My concerns are security, network security and ensuring that the [disaster-recovery] site remains viable."
There are best practices, nevertheless, that businesses of all sizes can adopt to protect the valuable data in their systems, according to Aberdeen Group Inc., an analyst firm in Boston.
Next in data protection is, how do you protect it with encryption? -- not so much on the servers, but any time tapes or data is in transit.
Dan Zinn, CIO, 15th Judicial Circuit, Florida State Attorney's Office
Aberdeen's fourth annual study of data loss prevention revealed common features in the data protection strategies of businesses it deemed best in class, a description based on the number of data loss incidents, noncompliance incidents and help-desk calls they experienced. Of note:
• 67% of the best-in-class data protectors assign a "responsible executive or team" to ownership of data protection initiatives.
• 60% discover and identify their data, and 46% classify it as a function of risk, compliance or audit requirements.
• 72% establish consistent policies for data at rest in back-end systems; 59% for data in flight on the network; and 65% for data in use at the endpoints.
Four tasks are equally important for companies to carry out, according to Aberdeen: Invest in training for end users so they'll fully understand their responsibilities; select and deploy such content-aware technologies as email and Web monitoring and filtering; assign clear ownership and accountability, providing the needed resources; and finally, measure and monitor the system regularly, tracking down and eliminating causes of exceptions, security events and audit deficiencies.
Let us know what you think about the story; email Laura Smith, Features Writer.