Data Backup and Security Blog

Read Our Latest HIPAA-HITECH Compliance eNewsletter

Thursday, December 2nd, 2010

Dear Data-Diligent Reader,

In December of 2010, Data Mountain LLC was officially merged into Clearwater Compliance LLC. Clearwater supports and sells the Data Mountain line of data backup and recovery services.

Read the latest news about Clearwater Compliance.

Link to our acclaimed resources and educational site AboutHIPAA.com to access a vast array of HIPAA-HITECH data protection and security updates, alerts and tips of importance to everyone striving to protect their valuable business, client and patient data. Please enjoy our analysis and links to industry articles and white papers that we've researched and assembled for you. I'm confident you'll find a nugget or two among them!

Read our latest HIPAA-HITECH Compliance newsletter and sign up to subscribe and be the first to receive it each month.

Read about and register to attend one of our Upcoming Complimentary Live HIPAA-HITECH Compliance Educational Webinars. Or, view one of our Pre-Recorded Live HIPAA-HITECH Educational Webinars.

If you are specifically interested in learning more about data backup, you can review our latest presentation of The Truth About HIPAA-HITECH Data Backup Requirements.

We would love to hear your thoughts. Please comment below!

Benefit from our expertise… DOWNLOAD FREE ARTICLE: "The Truth About the HIPAA Security Rule, The HITECH Act and Data Backup".


bob.chaput@datamountain.com | (800) 704-3394 | Follow Bob on Twitter: twitter.com/BobChaput


 

How to Compare Server Online Backup and Recovery Service Providers

Thursday, November 18th, 2010

Dear Data-Diligent Reader,

IT professionals are increasingly looking to online backup and recovery (or “cloud storage”) services when it comes to server data protection. These solutions are especially relevant for small to medium-sized businesses and for the remote offices of larger enterprises. But with all the choices today, how do you decide what is right for your company?

The factors driving interest in online backup and recovery solutions include: workforce dependency on 24×7 access to business data; price and consistency of a Software-as-a-Service (SaaS) subscription model over costlier onsite options; and easier compliance with burgeoning requirements to protect distributed information (in all formats) and ensure business continuity.

The scope, strengths, and weaknesses of the various categories of online backup and recovery service provider should be evaluated in the context of the current and forward-looking requirements of corporate customers. Requirements range from full system (versus data only) backup and restore to comprehensive business continuity best practices and support. Understanding these strengths and weaknesses can help businesses clarify their server protection requirements and better align their selection criteria and focus with their business goals.

Unlike workstations and laptops, servers:

• Are usually left running, rather than frequently powered on and off, and are not mobile
• Require broader bandwidth requirements due to the volume of the data to be protected
• Store a wide variety of data types of varying importance and recovery or retention requirements

Category 1: Service Providers Leveraging Investments In Core Business Resources These service providers includes companies whose entry into online backup and recovery is driven by a desire to leverage pre-existing investments in core business resources. These include 1) business continuity and disaster recovery and 2) telecommunications vendors.

Category 2: Niche Developers and Service Providers Service providers in this category concentrate on niche solutions and market opportunities. These include:
1) “Point solution” backup and recovery services using their own software exclusively for backup and recovery and
2) Providers who use other vendors’ specialized solutions to address niche markets in specific verticals, company size, or geographic regions.

Category 3: Broader Spectrum Service Providers Like the point solution and licensed software developers, these service providers own and maintain their own software. Most obtained their backup and recovery technology through the acquisition of the original software developer, but the important point is they continue to invest in its maintenance and extension. These service providers typically offer most of the essential features for server backup and recovery.  Backup and recovery is offered as part of a broader spectrum of information management and data protection services

It is important to recognize the different categories of online backup and recovery service providers. Recognizing the basic differences in their business drivers and focus, potential resources, and core competencies is key when it comes to assessing their capabilities.  By understanding these larger business criteria, businesses can better focus and align their business goals with the right partner when it comes to online backup and recovery.

You should be able to compare the various providers against their ability to address your requirements for server backup and recovery functionality, administration and support.

We believe that that choosing a cloud storage vendor is an important decision.  Contact us to learn how we may be able to help you.

We would love to hear your thoughts. Please comment below!

Benefit from our expertise… DOWNLOAD FREE ARTICLE: "The Truth About the HIPAA Security Rule, The HITECH Act and Data Backup" . Attend our Complimentary Live Webinars on data protection, online data backup and recovery and data security. Register today! Or, view one of our Pre-Recorded Webinars.

 

 

 


bob.chaput@datamountain.com | (800) 704-3394 | Follow Bob on Twitter: twitter.com/BobChaput


 

More Data? More Choices!

Thursday, November 11th, 2010

Dear Data-Diligent Reader,

Today most companies are facing challenges when it comes to protecting their data.  There’s more of it.  And protecting the data properly is more important than ever.  But there are also more choices.  How do you decide what is right for you? Start by understanding what your data protection strategy should be.

Your business relies on its data. There’s more of it than ever, but more important, its value keeps multiplying. Companies are putting their information to work in new ways as they connect systems, transform business processes, and extend their relationships over the Internet with customers, partners and suppliers. Unfortunately, the risks from data loss or exposure have grown, too. The always-on world of e-commerce and companies’ increasingly distributed and mobile workforces have made data more vulnerable. Moreover, senior executives have to worry about maintaining regulatory compliance while mitigating the risk of litigation.

Do You Have A Data Protection Strategy? How can you ensure that your company is embracing the right combination of technologies and processes for a complete data protection strategy? Unfortunately, it’s easy to make the wrong choices.  Some companies assume a do-it-yourself approach, which can leave them open to unidentified risks.

An outsourcing partner who provides online disk-based backup can solve a number of the issues that organizations confront when supporting their business continuity, data retention and security requirements. The key advantage is that the data, stored off-site, is protected from unauthorized access and will survive a disaster.

Online backup combines better cost characteristics with superior reliability and world-class security. The great news for smaller businesses and remote offices of larger businesses
is that online disk-based backup services have matured in technology reliability and decreased in cost.  Today, online backup is often less expensive than tape backup alternatives.

Get Ready For Your Annual Data Protection Physical! Companies have different requirements when it comes to their recovery needs, data sensitivity, retention requirements and cost.  And these can evolve and change. Deciding which backup solution, or solutions, to use is just the start of what should be an annual process of testing data protection and recovery strategies to ensure they remain in line with business requirements. A great plan, a great vendor and getting data off-site are a good start, but you need to test the whole process, not only to ensure everyone knows what they are doing but to identify potential gaps in the process that need attention. And as the business changes, your plan needs to change with it to meet any new requirements.  

We would love to hear your thoughts. Please comment below!

Benefit from our expertise… DOWNLOAD FREE ARTICLE: "The Truth About the HIPAA Security Rule, The HITECH Act and Data Backup". Attend our Complimentary Live Webinars on data protection, online data backup and recovery and data security. Register today! Or, view one of our Pre-Recorded Webinars.

bob.chaput@datamountain.com | (800) 704-3394 | Follow Bob on Twitter: twitter.com/BobChaput


 

Selling Cloud Storage To Your CFO (I know one!)

Thursday, November 4th, 2010

Dear Data-Diligent Reader,

Chief Financial Officers typically care about three things when it comes to assessing new investments in IT.  They are:  1) Speed, 2) Focus and 3) Affordability.   I know this first hand! The key is to understand how replacing your current server and/or PC data protection processes with a cloud storage solution would address these three areas of concern.

In today’s economic environment, every spending proposal needs to have solid justification.  Often just speaking about a shift to a “pay-as-you-go” model is enough to get the CFO’s attention.  But the appeal of cloud storage extends beyond its financial benefits.  Here are three key benefits companies are realizing today when adopting cloud storage:

Focus: Companies want to focus on their core competencies, and outsource the rest to experts.  Are you still doing your own payroll?  Using a cloud storage provider allows your IT department to focus on projects that drive the business, such as customer service or e-commerce applications.  And cloud storage providers have the expertise to optimize their operations for better efficiencies.

Speed: How often have you been involved in IT projects that took longer than expected?  Chances are your CFO has felt the same pain.  Quick ROI is everything, and when it comes to competing for funding, decisions are being made about when companies can expect to see valuable returns for their investments.  This theme is a key one driving the adoption of cloud computing today.

Affordability: In addition to the “pay-as-you-go” model, cloud storage is appealing because it offers flexibility.  As a company you aren’t paying up front, predicting your storage requirements and investing in the hardware and software to support those requirements.  Instead you pay for what you use.  As you scale or reduce your demand.

With capital at a premium, and companies looking for faster returns from their investments, another appeal of cloud storage services is that they typically can be funded from the Operating Expense (OpEx) budget, without sunken Capital Expenditures (“CAPEX”).  This approach allows you to match the cost of the service to the period in which it is consumed.

If you aren’t already outsourcing your data backup and recovery, then its time you took a look at the cloud storage model.  Today’s solutions can provide you and your company with the technical functionality to protect your data better than you can probably do it in-house, with none of the headaches.  The 1-2-3 message of “Focus + Speed + Affordability” is often enough to cause any company to evaluate cloud storage. 

Data Mountain has been providing world-class cloud storage solutions since 2003, through our service partner, HP/Autonomy, and we truly understand what it takes to securely protect corporate information in the cloud.  Contact us to learn more if you think we may be able to help you.

We would love to hear your thoughts. Please comment below!

Benefit from our expertise… DOWNLOAD FREE ARTICLE: "The Truth About the HIPAA Security Rule, The HITECH Act and Data Backup". Attend our Complimentary Live Webinars on data protection, online data backup and recovery and data security. Register today! Or, view one of our Pre-Recorded Webinars.

bob.chaput@datamountain.com | (800) 704-3394 | Follow Bob on Twitter: twitter.com/BobChaput


 

Establishing a Data Retention Policy

Thursday, October 21st, 2010

Dear Data-Diligent Reader,

Establishing a policy on how long data must be retained sounds easy enough. It isn't. For starters, not all data is the same.  If you are protecting everything, or are uncertain if data is being protected properly, then it is time to build and implement a data retention policy.

Some companies realize they need a proper data retention policy when they examine their storage costs.  Others realize gaps when they go through a litigation hold.

What happens if your company requires you to retain certain data forever? One company’s IT director related how for several years they had been forbidden to overwrite any data related to e-mail, home directories, financial systems and several other document repositories and systems. Being barred from overwriting backup tapes comes at a cost – they were spending about US$40,000 a month just for new tapes. More costs arose because they were prohibited from overwriting the hard drives of departed employees. At least that cost was alleviated recently with a new initiative to capture images of those hard drives before reassigning them to other employees.  It wasn’t until the IT director spoke to the company’s inside counsel that they created an appropriate retention policy that allowed them to move away from their “protect everything” policy.

Data retention policies are fairly straightforward documents that establish how long information must be kept on hand, unaltered. The problem is that different types of data must be retained for different lengths of time. Most data-retention policies open with a policy statement, followed by a retention schedule that lists every possible type of information that the company could have in its stores and the required retention period. There are also special instructions for archiving and for the ultimate destruction of the data, once the time limit has been exceeded. The policy is also likely to include procedures for retaining information when litigation is under way.

A comprehensive data-retention schedule requires a considerable amount of data-gathering. For example, you need to know the general nature of all data held in servers, in storage, on backup tapes and on individual PCs. That includes both active data — e-mail, chat logs, UNIX system logs, and firewall and VPN logs, for example — and inactive data such as documentation related to sales, service, legal and finance.

Another complication arises from being a global organization.  You need to look across the various markets that you serve and understand relevant data retention and privacy requirements. Some regulations extend to e-mail messages containing price negotiations. The key is to develop a policy to keep employees from deleting data that they think would hurt the company if discovered.

Creating a data retention policy is not easy.  Just identifying the various data custodians can be a challenge. But this shouldn’t be a task that you ignore.  Just like having a good disaster recovery plan, having a data retention policy will pay dividends, both when it comes to finding and presenting the data that you need in a hurry, and through storage cost reductions.    Here is link to a good article that can help you get started.

We would love to hear your thoughts. Please comment below!

Benefit from our expertise… DOWNLOAD FREE ARTICLE: "The Truth About the HIPAA Security Rule, The HITECH Act and Data Backup". Attend our Complimentary Live Webinars on data protection, online data backup and recovery and data security. Register today! Or, view one of our Pre-Recorded Webinars.

bob.chaput@datamountain.com | (800) 704-3394 | Follow Bob on Twitter: twitter.com/BobChaput