- Security TWENTY
- Women in Security
The top five data recovery myths; by Robert Winter, chief engineer, Kroll Ontrack UK.
Data loss is one of the biggest security risks faced by businesses today. Most often caused by user error, data loss can result in companies needing to call in the professionals: data recovery specialists that can work with them to find their missing information or documents. However, there are a number of myths that companies should be aware of before appointing a data recovery expert.
The most inexpensive data recovery quote will result in the same outcome as the rest: When dealing with business data loss, every client is looking for a cost-effective solution. But all too often organisations are swayed by the appeal of free evaluations, capped prices or the cheapest option, only to find out the service provider passed through hidden fees, charged for an unsuccessful recovery or could not address the issue. Look for a provider that offers a free consultation and provides access to an actual data recovery engineer. Choose a provider that gives you a listing of all recoverable files before you make a purchase decision, and obtain an actual price quote in writing based on how difficult the recovery is, what files can be recovered and if spare parts are needed. Additional, separate charges should not be incurred for work performed in a clean-room environment or spare parts. Finally, ensure post-recovery support is available to make sure migrating data back into your organisation’s environment goes smoothly.
My organisation has never experienced a significant data loss, so we don’t need a data recovery plan: Looks can be deceiving. If your business has never experienced significant network down-time or a data loss, it is possible to form the misconception that a proactive data loss plan is not needed. Implementing a data loss plan in addition to having a backup system that is up-to-date and regularly checked is as important as purchasing insurance. If a data loss ensues, it is critical to contact a professional data recovery provider that can answer specific questions about the affected storage platform, database, email system or virtual environment. Ensure the provider has the engineering capabilities and geographic locations to support a multitude of languages, currencies and data protection laws that your organisation requires. Investigate whether the chosen provider invests in developing proprietary data recovery software and tools and has customised or specialised services to ensure the latest technologies and subsequent data recovery challenges are addressed successfully.
If a data loss happens, my IT department can handle it: Few organisations are prepared for the worst. When a data loss occurs, everyone looks to the IT department. However, not every organisation has the staff or depth of data recovery expertise to address the recovery, impacting the speed and quality of the recovery. Further, not every organisation has a data recovery plan in place. Looking to a third party may be the next logical step, but not all data recovery providers offer an assessment of what can be recovered or access to the actual engineers working on your case. Make sure the data recovery provider is willing and able to work with you step-by-step, keeping you apprised of the process and what can actually be recovered. It is also sensible to find a data recovery provider that has the resources to perform emergency, remote or onsite recoveries and from systems that are proprietary or unique to your environment.
Data recovery is not possible in some situations and for some technologies: Not all data recovery jobs, and thus, providers, should be treated equally. It is a misunderstanding that data can only be recovered from hard drive failures, when in fact data recovery is possible when logical errors occur, from complex databases and virtual systems, and even when data is encrypted. Data loss is never a lost cause and should always be attempted with a trusted data recovery provider with demonstrated experience in varying situations with varying technologies. Because you may only have once chance to recover your data, it is essential to choose a provider that handles every job with the same level of concern, dedication and attention to cost-effectiveness, regardless of size, and can assist in prioritising the recovery strategy according to the most critical needs and locate specific data on the used areas of the drive.
Due to the nature of their business, all data recovery companies know how to keep my data safe: Data security is a key concern in the data recovery process. While some organisations believe that every data recovery provider offers the same trustworthy services, others are concerned about shipping a damaged or corrupted hard drive offsite to a data recovery facility. Not every data recovery provider adheres to the same security protocols, so transparency into the provider’s data recovery process, protocols and track record is key to ensuring data is protected. Ensure your chosen provider employs the highest security and process standards for the entire data recovery process, not simply the actual recovery phase. Look for a provider with a strict information security policy and a comprehensive annual SAS 70 Type II certification. Also ensure the provider has a secure ISO-5/Class 100 cleanroom environment and is authorised by both private and government entities to handle highly sensitive data. Finally, it is essential that the chosen recovery provider can recover encrypted data and return it safely in an encrypted form.
The risk of data loss is significant to any business, impacts productivity and may even affect corporate reputation. Making the right decisions about who to appoint to help recover that data is more important than ever.
About the author
Robert is responsible for all operations within the area of disaster recovery in the Kroll Ontrack labs, based at the UK headquarters in Epsom.
Robert started his career in the aerospace industry as a design engineer, moving on to become a risk analysis specialist for aircraft. He joined Kroll Ontrack in 1995 as a lab supervisor, specialising in tape recovery and computer forensics before being promoted to manager of engineering for data recovery.
At Kroll Ontrack, Robert coordinates data recovery and develops tape storage within the organisation. He is in charge of the day-to-day operations within the labs while also looking after the data recovery jobs that arrive in the Madrid and Paris offices. For more details visit krollontrack.co.uk.