For the record
I make no apologies for the fact that I’m becoming ever more hard-core in my views on data archiving. Far too often, I’m called out to help with some sort of disaster-recovery scenario – often it’s a PC Pro reader who just drops me a line, their email usually starting with a gambit like, “I’ve been reading your column since the Jurassic Era and know you do consultancy for your real work. We appear to have this problem…” Then the email goes on to describe some data-security situation that’s enough to make you wince, cross your legs and grab for a nearby religious artefact.
A recent example went, “I can’t restore our Exchange Server, and now no-one appears to be able to log in. My assistant said he’d try uninstalling Active Directory to see if that would help.” Sometimes, I don’t know whether to laugh or cry. My new habit of telling people that data lost to a hard disk crash can’t be anything to worry about “because if it had been important, you’d have backed it up”, usually results in the threat of a black eye. In short, it’s become increasingly obvious to me that very little thought goes into the proper archiving of data, especially in the SME space.
This isn’t a problem in large organisations, because they’ll have procedures in place already, or at least they ought to. There are some obvious business examples where you’d expect long-term archiving to be a done-and-dusted solution, especially for those who work in a regulated environment, such as drugs and pharmaceutical companies, banks, financial houses and so forth. But the number of organisations that need such an archive strategy is growing. If you trade with any large American organisations, you might already find that you’re required to follow the requirements of American accountancy and tax legislation such as Sarbanes-Oxley and withholding tax. The rate at which these things are creeping in is quite worrying.
Now roll the vision forward five years and take a broader view. Will there actually be any company that won’t have a need for a true archive in that timeframe? I’m afraid the answer is clearly swinging towards a “no” – it will become mandatory, or as good as mandatory. And if that’s the case then the time to start thinking about this problem is today. After all, if you’ll need a four-year archive in five years’ time, the time to start thinking about is well before 2012. You don’t get an archive by wishing for it, only by doing it, starting from now.
So what exactly is a non-repudiatable archive (NRA)? It is an archive that lets you store information in a format that’s physically robust, and which is indelibly time-stamped so that you can’t deny it ever existed. Being able to stand your coffee cup on the media for an hour or two is a good start. Or popping it into the washing machine and letting the dishwasher do its worst. Or burying it in a sandpit for a few days – are you getting the idea yet? In this context, “robust” takes on almost military, tank-like requirements.
So here’s a requirements list. The store must be optically based, because magnetic tape is simply too fragile. The media must be extremely robust and adhere to some clearly designed and prescribed format – ideally, a drive made today will be able to read all the previous versions of the disk, with guarantees that this will remain the case into the future. It will be a WORM (Write Once, Read Many) medium, because it’s imperative that the archived data can’t be altered, and any attempt to tamper with the data must be visible so it can be seen and proven in a court of law. The media must remain readable for at least 50 years, best tested using some kind of accelerated ageing regime. Oh yes, and it can’t rely on proprietary backup and archival software technology: there will obviously be a need for some sort of device driver for the hardware, but this should be simple and straightforward. Proprietary storage formats aren’t acceptable. At this point, the list of real-world choices dwindles to a few fingers of one hand.