One of the tough things about data growth isn’t necessarily turning data into intelligence or finding a way to store all the information a business creates and gathers. Instead, it’s finding smart ways to store data. It’s not that data storage is necessarily expensive, it’s that data loss and poor data retention policies can be costly, and if the wrong data is deleted for whatever reason, a business can be in big trouble. To make this easier, it’s wise to think of types of the types of data your business creates, and policies that give an extra layer of protection to critical information.
Here are some categories of data, and how you might want to protect them.
Mission Critical Data
This is data you can’t operate without – if it’s lost, your company could be out of business. For mission-critical data, it’s wise not only to back it up on-site but to back-up to a secondary location and even mirror for extra redundancy. Mission critical data might be:
- Customer information
- Intellectual property
- Current tax and accounting information
- Critical client or user records
- Cat photos (just kidding)
On-site backups are great, but many cloud storage solutions offer a way to mirror your data to disparate locations, so you’re covered even if a regional disaster wipes out a data center housing your information.
People create data every day, and while plenty of it is essential, lots of it can be re-created if it’s necessary. Even still, it’s wise to keep at least one backup of end-user data and consider how retention policies might give users a quick way to recover individual things if they mistakenly delete files or folders. End-user data might be things like:
- Marketing collateral
- Word docs
- Excel spreadsheets
- Project files
- Other day-to-day files
Data you don’t frequently use, but might need at some point, should be archived. Whether you choose to store archive data on hard disks or in the cloud through third-party services, it’s still wise to keep more than one copy. Services often give you the option to replicate data to a different data center for extra protection. A few things you might archive include:
- Tax records
- Previous years’ receipts and account info
- Old versions of active documents
- Anything you might need later, but not now
Software-as-a-Service (SaaS) Data
Most businesses use a handful of cloud-based software to get their jobs done, whether it’s a customer management system, accounting tools, or what have you. It’s easy to forget that the data in these tools are just as essential as things you might create on-site, so they’re often overlooked when it comes to backup and retention strategies.
While there are ways to backup data inside services like Office 365 and G-Suite, there are some SaaS solutions that you can’t back-up yourself, which means you’re counting on the vendor to handle backups and create redundancy for your data. However, how do you know they’re doing their due diligence? As part of your evaluation process for new tools, be sure to understand how SaaS vendors handle data redundancy. Ask them how they store and protect all the data you create inside their systems, and whether they’ve ever had a significant data loss event.
A Note About Recovery Point Objectives
Anyone familiar with backup and disaster recovery best practices knows a thing or two about recovery point objectives. As you think about various types of data and how you back them up, it’s wise to think about how retention policies come into play. As we note in a more detailed article about RPO, Calculating RPO allows you to set up your backups in a way that accounts for both your data and your budget, because you’re only storing what you need. If systems went down now and employees lost everything since the last backup, with how much can you part? 15 minutes’ worth? An hour? A day? Answering this question helps you determine what your retention policies should be.
Identifying the data is the easy part, finding a way to make sure end-users store the right kind of information in the right places is another. Be sure to create and communicate concrete policies that give critical data gets the attention it deserves so that if something should happen (hardware failure, ransomware, disaster, etc.), you’ll save everything essential to keeping business up and running.