So, it’s is safe to say that everyone “gets” backup – and pretty safe to say that most people “do” backup….to a greater or lesser extent and quality. But in the same way that regular stored data has no actual value (all that matters is when you actually reference and use the stored data, whereas simply having it recorded means nothing), even the world’s best backup is completely without value until it is needed; and at that point the crucial variable is recovery.
The two of us were chatting about this the other day and a casual chin-wag turned quickly from:
- ….stating the obvious (backup and recovery are inextricably linked but undeniably very different);
- ….to bemoaning the state of things (all too often we target and improve data backup, mistakenly assuming we can magically get from there to business recovery);
- ….to realizing that we need to have a new way of talking about different levels of recovery (setting RPOs and RTOs inherently assumes that there will be some delay, and maybe even some unrecovered data; when the proverbial hits the fan, while that may work for some data and some industries, it does not work for all. We need to have a new “ultra-level” of data – aka business - recovery).
To state it more formally, there are businesses and applications where the confluence of demanding 100% across 3 vectors - being digital, being secure, and being available – creates the demand for a level of “digital trust” that simply didn’t exist until recently. To apply rigor and specificity to this idea we decided to call this new requirement “Fiduciary Class Data Recovery.” It is the highest tier of what-we-shall-call the “Quality of Recovery” rankings; you can imagine rankings along the lines of “nice to have,” through “important,” and up to “mission-critical”–-with “Fiduciary Class” being at the top.
But why do we need this extra level? It is simple – “mission-critical” merely states an attribute of the data and a desire, whereas “fiduciary class data recovery” represents an ability to fulfill on the trust and expectations that--respectively--the users and providers of the data have. “Fiduciary Responsibility” is a weighty term--if you have ever acted as an estate executor, for instance, you will know that you have to be able to withstand scrutiny to show and prove that you did the absolute best. Data protection--and business recovery--is no less important for some applications and industries…..the financial industry is a prime example, but frankly any business where the data is the business can have the need.
The Merriam-Webster Dictionary defines “fiduciary” as “relating to or involving trust (such as the trust between a customer and a professional)." It goes on to more fully define it as:
of, relating to, or involving a confidence or trust: as
- held or founded in trust or confidence
- holding in trust
- depending on public confidence for value or currency
With all this scene-setting, let’s just walk through this in a little more detail using the financial industry as an example: After all, as individuals and as companies, perhaps our greatest placement of trust or confidence is when we allow someone else to be the custodians of our finances.
In the financial industry, almost every I/O transaction (within a computer) is a financial transaction (between two parties that trust each other). Quite literally, a lost transaction is a lost transaction; and so, data loss of any kind is inexcusable. And beyond actual data loss, even a moment of downtime--the lack of availability of data/applications--is a moment where one of two trusted parties is violating the trust of the other by being inaccessible, thereby undermining long-term confidence (which is the other key aspect in the definition of “fiduciary”).
This is the relationship between all buyers and sellers; whereby monies move throughout our financial networks with trust and confidence, so that the rest of us can have livelihoods.
This is ALSO the relationship between IT and the business units in organizations; data moves – or should! - throughout our technology networks with trust and confidence, so that the rest of the organization can focus on the business itself; in this case, serving the buyers and sellers.
As the IT custodians and facilitators of someone else’s data, grounded in others’ trust and reliance upon you, have you ensured that every transaction is reliably protected and rapidly recoverable? Consider databases as the foundation of almost every financial services firm. If every I/O directly equates to money, then your firm’s clients and partners (and their money) are relying on your business processes, which are dependent on your IT systems, which are entrusted to your care….and demonstrable best approaches and efforts.
So, the question to IT teams becomes this – are you “fiduciarily protected” and do you offer fiduciary class data recovery to the parts of your organization that demand it? We plan to write more around this concept and also challenge vendors to measure their offerings against this contemporary need. In the spirit of full disclosure, the Jason/Mark chat that we mentioned to start this blog was motivated by hearing what our colleagues in the ESG Lab had found when testing Oracle’s ZDLRA offering – we knew it offered “something” special but also realized there was no name for what it delivers. Now there is.
If you haven’t assured that every last transaction is adequately protected and suitably recoverable, then you are not fiduciarily protected and responsible. When your recoveries eventually fail (in timeliness or completeness), then the trust/confidence within your fiduciary relationship will be proven as misplaced. So, it is between clients and firms; so, it should be between business units and IT teams.