What kind of data governance thinking does the “database deletion incident” bring to us?

Not long ago, the news that a SaaS service provider "deleted the database and ran away" went viral in the IT circle. Although the data has been fully recovered and the platform has resumed operation, the 7-day data recovery time has caused inestimable business losses to 3 million merchants. This incident exposed a huge loophole in the allocation of permissions within the enterprise operation and maintenance management system, which is also a common problem in most enterprises.

Looking back at the endless database deletion incidents in the past two years, in addition to human factors, there are also reasons such as misoperation and media damage. Regardless of the reasons, they have brought huge economic losses to enterprises and their customers. After such incidents, many people have proposed that enterprises should accelerate their full cloud migration to ensure data security. However, in recent years, cloud platforms have also frequently experienced data security incidents. For example, in April 2017, a large-scale storage failure occurred on a world-renowned cloud platform, resulting in business interruptions for a large number of companies around the world; in August 2018, a serious failure occurred on a well-known domestic cloud platform, which directly led to the loss of all data of an innovative company, putting it at the threat of business suspension. Therefore, cloud migration is not a 100% solution to eliminate data loss incidents.

So, how can enterprises resist various man-made and non-man-made emergencies to ensure the security of their data assets?

Regarding enterprises moving to the cloud, Commvault believes that the cloud is just another form of the combination of infrastructure, applications and data, and the cloud should become a natural extension of the local environment. At the same time, the business systems and core data of enterprises should not be placed on "one cloud", but should create a multi-cloud and hybrid cloud environment according to their own needs. Data in the cloud also needs to be effectively backed up and disaster-tolerant. In this process, enterprises should follow the "3-2-1 rule of data backup", that is, three copies of servers, local storage, and off-site cloud storage, two media of local and cloud environments, and one off-site cloud storage data protection, so as to achieve cloud data backup to local, local synchronization to the cloud, and rapid recovery after disasters, ultimately ensuring business continuity and data asset security.

From the perspective of data management strategy design and implementation, first, enterprises should introduce external experts to conduct corresponding maturity assessments of their own IT environments, so as to design new or adjust existing data backup plans according to local conditions; next, enterprises must make good use of the backup system - understand the operation of the backup system in real time to ensure data visualization; regularly verify the availability and recoverability of data backups through automated data recovery drills; and connect the automated approval process to the enterprise OA or email approval process, so that any abnormal operation will automatically trigger an alarm mechanism to ensure data security.

Fundamentally speaking, the endless stream of data loss incidents can be largely attributed to the lack of data governance awareness and concepts in enterprises. As the saying goes, awareness determines thinking, and thinking determines behavior. Enterprises should establish reasonable data governance thinking and awareness, and take it as the core of the enterprise data management strategy, so as to formulate clear and clear operation and maintenance team organizational structure, authority division, approval process, danger warning mechanism, etc. in data backup, management, deletion, disaster recovery, drills, etc. For example, the enterprise operation and maintenance system should realize the "separation of powers" of backup, recovery and deletion, as well as the "separation of three members" of backup administrators, monitoring administrators, and audit administrators. With reasonable data governance awareness and thinking, enterprises can prepare for various predictable and unpredictable emergencies and ensure data security in all aspects.

Based on data governance thinking, Commvault's data management and protection solutions provide many advantages in terms of automated orchestration, cross-platform unified management, strong compatibility and flexibility. At the same time, Commvault has strong technical strength and a partner ecosystem, covering mainstream cloud service providers such as AWS, Azure, Oracle, IBM and Google internationally, and has joined hands with Alibaba Cloud, Tencent Cloud, EasyStack and other manufacturers in China, which can help enterprises easily achieve cross-platform integrated data backup, migration and disaster recovery. In the event of an emergency, Commvault's advantages in RTO and RPO can also help enterprises retrieve data as soon as possible while ensuring business continuity, thereby ensuring the security of enterprise data assets to the greatest extent.