Make Sure Your Data Recovery Process Is Secure

Slide Show

Five Disaster Recovery Tips for Businesses

New tips that can help businesses protect their data and recover quickly from disasters.

Security policies have to focus on what data you are protecting, where it is located and how to recover it when it is lost or compromised. For all businesses, data about their customers and vendors is critical. However, many do not have the resources, financial or staffing, to ensure that their IT is regularly maintained. Add to this the allure of cloud computing, and the promise of lower operating costs, and many companies, both large and small, have found themselves in the midst of data disasters. To better secure company data, SMBs would be wise to consider hiring a data-recovery specialist.


However, with the prospect of data going missing because of hardware errors or human error, many businesses are still concerned that their data will not remain secure when turning to a specialist. That's why it is vital to know you are hiring the right provider for your company's needs.


In my mind, of course, security is going to be a top priority on any third party I bring in to help store or protect or recover my data. Some questions to consider asking yourself before you go to hire anyone for any job should include things like will my data be encrypted, can the vendor maintain my internal security protocols, is the company certified to protect my data while in their hands?


But for specific advice on hiring a data-recovery company, I turned to Todd Johnson, vice president of operations, Kroll Ontrack. Johnson gave me the following tips on what every IT manager should think about when looking for a data recovery provider:


  • Not all providers are created equal. Do your homework before assuming that every data recovery provider has your organization's best interest in mind. Damaged data is bad enough, but losing it forever can be financially devastating. Make sure the provider you choose is trustworthy and has formal processes and standards in place such as a SAS 70 Type II Certification for the data recovery process. Additionally, select a provider that is authorized to handle highly sensitive information and adheres to U.S. government protocols.


  • Security goes beyond passwords. No technology is completely safe from compromise and lost data can usually be recovered regardless of whether the hard drive has crashed or been damaged. It's dangerous to assume that password protected, hidden or deleted information can't be recovered-it can. Choose a data recovery provider that can ensure the safety of your sensitive information, and always returns it in an encrypted format. They should also have a comprehensive information/data security policy in place that covers all access control, data handling and data security protocols/standards.


  • Know where your data is, day or night. Your data is critical to the success of your enterprise and any recovery provider that truly values you as a customer will give you transparency into the status and quality of the recoverable files. After the headaches of data loss, the last thing you need to worry about is where your data is going and if your enterprise will get it back. An expert provider understands the urgency of rapidly responding to all data loss incidences and gives you a deep understanding of where your data is and where it's going. Always know how much can be recovered before proceeding with a recovery provider.

  • Ensure data recovery environments are clean and certified. Expert providers have the best-in-class standard to safely open, repair and recover data to ensure it stays safe. Make sure your provider has ISO-5/Class 100 cleanroom environments.


  • Know the people behind the provider. Ensure your provider performs thorough employee background checks and requires signed confidentiality agreements for everyone that might come into contact with your data. Also, make sure the provider utilizes strict physical security measures, such as 24/7 monitoring by security cameras and personnel. Finally, make sure the provider isn't sending your data to a third-party data recovery specialist. Taking security just a few steps further can ensure your data stays safe and confidential.

Opening up your data to any third party is risky business, so knowing what questions to ask and what to look for - in this case specifically for data recovery security - is important for the security of the information you store.