Is your data protection policy keeping up with the times? - Plan4continuity Blog

Is your data protection policy keeping up with the times?



Is your data protection policy keeping up with the times?


Data protection has been an ongoing concern for IT managers since the early days of the first client-server networks, to the first tape devices, to the modern cloud-based as a service platforms. Traditionally, data protection and backup solutions were taxing on IT budgets, with backup devices, media and off-site storage costs running up the bill continuously. Technologies have changed, however, and one that will alleviate many IT management headaches is the often misunderstood cloud technology.


Cloud protection looks at your data protection from all angles.


A cloud data protection policy doesn’t only hold fiscal benefits, but also provides more secure and robust data protection measures that also take into consideration data protection regulations. Think about legislation such as POPI and how a data protection policy that is cloud-minded can address many concerns at once:


  • Reduction in IT expenses:Virtual servers are a lot cheaper to run than on-site servers. The added benefit is that if your virtual server goes down, it can be replicated on another cloud instance almost instantaneously.


  • Less administrative overhead for IT staff: Cloud infrastructure is actively maintained by the cloud provider's staff, who are typically well trained and versed in the back-end intricacies of data center technologies.


  • Meets regulatory compliance concerns: Cloud providers have to follow strict regulatory guidelines regarding the safety, integrity, continuity and compliance concerns involving data management. For IT managers, this alleviates much of the regulatory headaches faced around data management, especially for those in heavily regulated industries.


  • Backups run faster and reliably with little intervention: Cloud providers use super-machines that most businesses would not typically be able to afford or possess the staff to manage. Automation of repetitive functions frees your IT staff up for more proactive duties, and also offers businesses payroll expense-reduction opportunities. Backup administration alone can be a time consuming task, often requiring an entire human resource dedicated to just managing a company’s backup requirements.


  • No task specific staff required:No need for a dedicated backup specialist as the provider does all the background checks and balances on data integrity and test restores, etc.


  • Easily scalable to meet new data demand: Cloud providers have systems in place to upscale and downscale as required with minimal effort.


  • Security:Cloud providers of note – like Azure and Amazon – have dedicated teams of security managers and white hat hackers working around the clock to make sure that your data is protected. They observe strict security policies and protocols that are regularly audited and tested. They themselves have watertight data protection policies and their staff is screened and has to sign non-disclosure agreements. They use the most advanced firewalls and intrusion detection software out there.


Take a leaf out of the book of cloud providers’ data protection policies and incorporate elements into your data protection policy. Find some key considerations below:


  • Password policy: Change passwords regularly and enforce strong passwords.


  • Confidentiality agreement:All staff to sign confidentiality agreements.


  • Privacy policies: How access to personal information is regulated and enforced.


  • Transfer of information:How mission-critical and other information is shared and viewed.


  • Keyholders:Who controls and manages access to data.


  • Software: Use reputable endpoint cloud antivirus software. Establish policies on management and security.


  • Regulatory compliance:Comply with applicable regulations.


  • Use of recording equipment:Regulate use of mobile cameras and other recording systems.


Data protection is an iterative process that requires constant evaluation and testing.


A fundamental part of one's data protection policy would be the disaster recovery plan. This needs to be carefully created and enforced. Regular simulations and audits with audit reports need to run and be compiled. Cloud-based software can help one keep track of when simulations need to be run.  A well-written data protection policy can bring fiscal benefits as well as protection to your organization. It needs to be written in conjunction and in line with your business continuity plan. Embrace and leverage cloud technologies and adjust with the times or be left behind.


Image credit: wikimedia