Modern data protection is vastly more complex than in the past, with data scattered across multiple platforms, services, and locations. Organizations need a comprehensive approach to identify, protect, and test their data protection strategies.
1. Data Location Identification
- Common locations include:
- Local servers and computers
- Cloud services (SharePoint, OneDrive)
- Online financial/accounting systems
- Customer Relationship Management (CRM) systems
- Website content and databases
- Network Attached Storage (NAS)
- Third-party specialized software
2. Critical Considerations
- Understand data sensitivity levels
- Identify potential legal/regulatory requirements
- Consider what data could result in lawsuits if breached
- Account for industry-specific compliance needs
- Map data to business functions (sales, operations, finance)
3. Data Protection Strategies
- Regular backup verification
- Multiple backup locations
- Access control and permissions management
- Shadow IT prevention
- Third-party service provider assessment
- Disaster recovery planning
- Manual process backups where digital isn't possible
4. Testing and Verification
- Regular backup testing
- Tabletop exercises
- Disaster recovery simulations
- Quarterly reviews of data locations and processes
- Regular verification reports
- Access control audits
Common Pitfalls
- Assuming cloud services automatically backup data
- Relying solely on RAID/mirroring for data protection
- Not accounting for shadow IT
- Insufficient access controls
- Lack of regular testing
- Overlooking website backups
- Trusting third-party services without verification
Best Practices
- Document all data locations and sensitivity levels
- Implement least-privilege access principles
- Regular backup testing and verification
- Maintain multiple backup copies
- Regular review and updates of protection strategies
- Employee training on data handling
- Clear policies on data storage locations
Notable Quotes
"If you get started today, nobody's expecting everybody to get everything right 100% on the first go around." - Bryan "Complacency is what will kill us." - Justin "A significant percentage of people who have critical failure of their data don't recover and they shut the doors." - Barinder
The episode emphasizes that data protection is an ongoing journey requiring regular attention, testing, and updates. Organizations need to start with basics like identifying data locations and implementing fundamental protections, then gradually build more sophisticated protection strategies over time.
