Critical data: How to decide what's mission critical
You already know that some applications and data are more valuable than others. But if companies don't know what data they have and how to categorise it, they tend to value everything as imperative, just in case. When you're deciding how best to protect your data and applications – learn from these 4 easy steps.
You already know that some applications and data are more valuable than others. For example, customer profiles are much more important than past corporate photos lingering on the network. Meanwhile, a great deal of data is crucial to the long-term health of your business.
But if companies don't know what data they have and how to categorise it, they tend to value everything as imperative, just in case. When you're deciding how best to protect your data and applications, the key to success lies in identifying what's mission-critical—that is, what your business can't live without.
First, you need to determine all the types of information you have. After that, figure out which people, groups and business processes in your firm need which type(s) of information, and just how much they need it to take care of business each day. These best practices will help you break this seemingly huge set of tasks into some very doable steps.
Step 1: Enact filters. To start determining what data is mission-critical in your organisation, ask key stakeholders to identify what they need to stay afloat. Ask, "If this data was suddenly lost, could the company function immediately without it?"
In the typical organisation, mission-critical data is frequently used information that supports strategic business processes. Areas can include revenue generation, accounting, logistics, customer service and regulatory compliance. Impeded access to (or recovery of) truly mission-critical data in these areas could result in:
- Lost sales and/or customers
- Financial or regulatory penalties
- Damage to your company's reputation
Step 2: Set up and share your data hierarchy. Other data may be quite important to your daily business functions, though it isn't necessarily needed on a daily basis. This goes beyond the scope of IT. You need to call upon the insight and input of executives, business units, the legal department, compliance officers, and others who own and use the data.
All those newly engaged stakeholders you conferred with about mission-critical data should now be asked to weigh, classify and prioritise all types of information, based on these criteria:
- Impact on revenue and productivity
- Recovery time and recovery point objectives
- Role in application performance and data retention
- Security requirements
They can ultimately classify such data as:
- Vital: Its absence would be felt after a few hours to a day.
- Sensitive: It would be one to several days before its loss had any effect on the business.
- Non-critical: Even if it wasn't recovered for weeks, the impact would be minimal.
Step 3: Protect your data appropriately. Once it's classified, match data to different tiers of a backup and storage system. Disk storage, offsite tape storage and the cloud are your key options. A tiered approach lets your enterprise back up and store each type of data in the most secure, cost-effective and efficient way. What's more, you can access exactly what you need when you need it. Mission-critical data, for example, lives in the most accessible (and most expensive) first tier. Vital data resides in the second tier, sensitive in the next and so on.
Step 4: Don't stop now. Data classification isn't a one-time event. Nor should it be applied only to newly created information and records; even mission-critical data can change in value over time. Take accounting records, for example: You should hold them close this year, but by next year you can move them to a lower rung.
This continuous updating and decluttering will ensure that your business always has optimal access to up-to-the-moment data—and that those past corporate photos ultimately go where they belong. Mission accomplished.