Unfortunately, many organizations don’t fully understand the risk of not having a comprehensive data recovery strategy before their data gets lost.
According to a 2020 survey conducted by OwnBackup, a data recovery provider in the Salesforce AppExchange, 88% of organizations said they do not have a comprehensive backup strategy. Even more concerning, over 50% said they were not backing up their data at all.
Why is this the case?
“The simple answer is, many organizations haven’t performed the risk assessment exercises needed or don’t understand the shared responsibility model,” said Rich Rose, OwnBackup’s Director of Solutions Engineering, at GovLoop’s Innovative Tech virtual summit.
Having a comprehensive plan makes a difference in a data catastrophe. For instance, after the Coronavirus Aid, Relief and Economic Security (CARES) Act was passed in March, many banks turned to cloud provider nCino for rapid administration of small business loans. But then, the cloud provider’s worst-case scenario occurred — 45,000 loan records were accidentally deleted.
If the provider had not established a comprehensive data recovery plan, it could have taken weeks to retrieve that data — if it was possible to retrieve anything at all. And by that point, there wouldn’t be any funding left for those small businesses to receive.
Luckily, the provider had understood its responsibility in protecting its data and had set up a recovery strategy, having conducted a risk assessment beforehand. It was able to retrieve all 45,000 records in under 24 hours.
When it comes to data backup, there is a difference between using a data recovery service and having a data recovery plan.
The former is hoping that data can be retrieved in the chance that it is lost, whether that’s due to corruption or human error. The latter is about acknowledging the agency’s responsibility to protect its data and being comprehensively prepared to understand and restore it in the event that is lost.
Many cloud software providers, such as Salesforce, operates on a shared responsibility model. That means Salesforce is like an apartment building that offers shared services to its tenants, or organizations. The upkeep of individual units — or the data inside each organization — is up to the individual tenants. This means agencies are responsible for the upkeep of their data, whether that is backup, storage, compliance, governance or management, Rose said.
“The most important thing is to understand your data,” Rose said. Agencies need to prioritize their data and assess the threat landscape according to an event’s likelihood and impact.
If an alien species were to attack an agency’s systems, it would be devastating for its data but relatively unlikely to occur, Rose pointed out. Agencies need to weigh both likelihood and impact when it comes to figuring out how to prioritize and categorize their data.
“It’s critical to think about worst case scenarios rather than hoping they don’t occur,” Rose said.
Don’t miss out on other virtual learning opportunities. Pre-register for GovLoop’s remaining 2020 virtual summits today.
This online training was brought to you by: