If you’ve read any of my data protection books, even the most recent one, you’ll probably notice that I’m a big fan of processes. In fact, it’s fair to say that one of my core attitudes is this: process matters more than technology in IT. You can have the best tech in the industry, but if you don’t apply the appropriate processes to how you use it, you’re at best wasting money, and worse, inviting disaster.
Data protection exists for “what if” scenarios, usually involving cascading failure situations. What if we need to recover the core business database and the primary backup storage is unavailable? What if we need to recover a mission critical application server but the only people person on-site is the receptionist? What if the cloud provider deletes our account and all the backups in that account?
What if X and Y? That’s what so many questions in data protection boil down to. And sure, there’ll be a technical aspect to the answer, but wrapping around that technical aspect every time should be a process. What’s the process for recovering something when the primary backup copy is unavailable? What’s the process for facilitating a recovery if only untrained staff are available? What’s the process for restoring your cloud infrastructure if everything in that cloud provider has been erased?
These sorts of scenarios require forward planning to be able to address properly (well, to be able to address without sheer luck guiding the outcome); you also need to make the conditions as generic as possible so you’re not developing detailed yet highly specific processes. Every What if X and Y scenario you can envisage should be able to be boiled down to two distinct processes:
- How we will…, and
- How to…
“What if we need to recover the core business database and the primary backup storage is unavailable?” Your processes to address this generically yet usefully will be:
- How we will ensure all backups have copies? and
- How to restore from the non-primary copy of a backup.
Sometimes those processes can be a bit choose your own adventure depending on the potential fault, and the resources available to the company. Take the second scenario: “What’s the process for facilitating a recovery if only untrained staff are available?” In an enterprise environment for instance (particularly one with rules preventing all team members from travelling together, etc.), this might be deemed a situation that can’t happen for the datacentres, but maybe it is something that’s more than possible at a remote site. So the processes might be:
- How do we protect data at remote offices, ensuring both local and remote recovery options are available?, and
- How to rebuild and ship out a replacement server to a remote site.
Or, in a smaller business, that might be:
- How can we ensure successful operations at remote sites without the need for local data?, and
- How to rack and cable your replacement office server sent by head office
This is where we meet the companion topic to processes: documentation. In the same way that the best tech in the industry is useless to you if you don’t have good processes for using it, the best processes in the world won’t mean a damn for your business if they’re not written down and accessible by the right people at the right time.
Processes (and documentation) enable the use of technology to achieve the necessary business outcomes. Processes help you overcome the delta between what technology can do and what you need done, and (just as importantly), they help you manage the people aspect to problems. RACI matrices, escalation points and all manner of other people-related challenges can be captured in processes to streamline solutions.
I’d love to know how processes have helped you in your data protection work — either to make sure something was protected in the first place, or to help ensure recovery. By happy coincidence, I have some additional copies of The Busy IT Manager’s Guide to Data Recovery, and I’m going to give them away to the best answers. (Up to 5.)
I’ll later do a follow-up blog about those answers, but all details will be protected, anonymised and no names, companies or any other identifying information will be revealed.
Competition will run until July 31 and winners will be contacted after.