The legal profession needs no instructions on the value of data and the information that it represents. Information is, after all, the lifeblood of the profession. With the almost universal dependence on digital data, contained on PCs, notebooks, servers and now even mobile devices, the question which looms large is whether or not appropriate measures are in place to protect that information and prevent its loss.
Particularly with the growing mobility of workforces and the convenience of handheld devices – from notebooks to smartphones or PDAs – the risk of information loss is exacerbated. Not only is there the possibility of losing a device or rendering it useless through mishap, there is the unpleasant but unavoidable additional likelihood of theft.
South African legislation, such as the ECT Act, has focused on the need for data protection and retrieval at all levels. Businesses initially focused on the data centre, probably quite rightly so. However, the growing popularity of these mobile devices as well as the reality that information is more decentralised and resides on the devices assigned to individuals, necessitates appropriate protection.
As a result, there has been an explosion of interest around protection of the information contained on the desktop and the notebook. Research organisation Gartner is saying 60% or more of corporate data is going home at night. About the same percentage of data is, as a result, being less than reliably backed up.
An effective method to protect this information is therefore a necessity and not an option. Even if it is just for personal peace of mind, knowing that the data with which you work and which is pivotal in working with your clients, is essential.
But it goes beyond that. Compliance with business regulations is a core element of corporate governance and almost all regulations depend on the availability of information to verify that, for example, transactions took place or communications were made. Without information, it would be very hard to comply with regulations – and equally difficult to prove that governance measures were and are in place, especially in the event of an investigation. In the legal profession, there is the added risk of reputational damage should information be lost or corrupted.
With the necessity of backup widely accepted, a focus on the practice of making backups is next. From the largest of law firms to the smallest operation which may consist of an attorney working from a home office, the need remains the same. What does differ, however, is that the large firm is likely to have processes, equipment and even staff in place to ensure appropriate records management and retention, whereas the small office may have an external hard drive or similar device.
In each case, there remain fundamental weaknesses in the backup process. Primary among these is the human element. It is a well-known fact that despite the universal appreciation of the importance of backing up sensitive data, it all too often simply does not happen.
It’s a hassle for people to remember to make a backup. Following that, there are often problems with data corruption on the device to which the backup is made. Where mobile devices are concerned, the problems are magnified with the theft or loss of notebooks or other devices adding to the problem of administrators ensuring that data on these devices is copied and stored within the corporate technology infrastructure.
We’ve seen companies introduce clauses which describe failure to backup as negligence on the part of the individual, this is how seriously they are taking backup as a component of corporate governance.
It’s backed up. What happens with restore?
People can be forgiven for thinking that once their data is backed up, it is safe. But when the time comes for restoration of data when the primary copy is lost, the whole house of cards can come tumbling down. The ability to access or restore data is an essential element of a good backup. If legislators request documentation or proof of certain information, companies have to be able to provide that within a defined time frame. Not only that, but the company has to have confidence that the information which is recalled or restored can be trusted.
The recent ‘spy saga’ and intrigue in the South African political environment demonstrates that espionage, corporate and political, is not the stuff of James Bond movies, but actually happens. Therefore, the backup solution should allow not only for easy data restoration and access to authorised users, but it should also be protected by the highest levels of security to guarantee that what is backed up is a faithful reproduction of original documents or information.
What companies and individuals should seek is a solution which automates every aspect of the backup process for every device, whether it is a notebook, a desktop PC or a server. They should also seek assurance that no matter what happens to the device, the backup is secure and accessible.
When evaluating a backup solution provider, one should look for an automated backup solution, which eliminates the need for human intervention. It should take advantage of existing data connectivity infrastructure to automatically transmit information to a central data centre. Once configured, the automated backup should take place as scheduled by the user, without requiring any intervention. Then the data centre itself, in a secure location, should be mirrored, ensuring that if any event compromises one site, the other retains a complete and identical copy of the information. When that information is required, it should be accessed via the Internet from anywhere in the world and quickly restored with little or no assistance from a system administrator or technician.
With the value of data and the cost of flawed backup equipment and related processes, we believe a solution as described above would be ideal for any computer user, and a must for those in occupations such as the legal profession where information is your business. Please contact the author for more information.
Tel: +27 (0) 11 575 0134