Home > Store > Certification > Other IT
Data Protection and Information Lifecycle Management
- By Tom Petrocelli
- Published Sep 23, 2005 by Prentice Hall.
- Copyright 2006
- Dimensions: 7x9-1/4
- Pages: 288
- Edition: 1st
- Book
- ISBN-10: 0-13-192757-4
- ISBN-13: 978-0-13-192757-5
Register your product to gain access to bonus material or receive a coupon.
The Definitive Guide to Protecting Enterprise Data
Your enterprise data is your most critical asset. If it's compromised, your business can be destroyed. Don't let that happen-leverage today's state-of-the-art strategies, best practices, and technologies and protect your critical information. In Data Protection and Information Lifecycle Management, leading industry consultant Tom Petrocelli presents a systematic, coherent approach to planning and implementing cost-effective data protection.
This book introduces Information Lifecycle Management (ILM), a powerful new strategy for managing enterprise information based on its value over time. The author explains emerging techniques for protecting storage systems and storage networks, and for integrating storage security into your overall security plan. He also presents new technical advances and opportunities to improve existing data-protection processes, including backup/restore, replication, and remote copy.
Coverage includes
- A complete, unique framework for considering and planning data protection
- Understanding storage technology from the standpoint of data protection
- Architecting more effective backup/restore solutions
- Using remote copy and replication to keep data synchronized and support immediate failover to hot sites
- Leveraging core computer security concepts and strategies to protect your most critical data
- Securing your entire storage infrastructure, not just servers
- Using policy-driven data protection and Data Lifecycle Management (DLM) to improve security and reduce cost
- Using ILM to identify your highest-value data and choose the right ways to protect it
Data Protection and Information Lifecycle Management is an indispensable resource for IT executives who must plan and implement strategies for data protection; administrators who must protect data on a day-to-day basis; and product managers, consultants, and marketers responsible for crafting superior data-security solutions.
Related Article
Praise For Data Protection and Information Lifecycle Management
Tom Petrocelli sums up that scenario perfectly in his book, "Data Protection and Information Lifecycle Management," when he says that "data protection is like buying insurance or executing a will: it's something we all know we should do but often put off." A major benefit of reading Petrocelli's book is that can help you, or your staff, to overcome the inertia that is associated with the lack of effective data protection. He has divided the contents of the book into eight chapters and three appendices, along with a glossary and a short bibliography. I personally felt that the bibliography was rather limited, and that it should have been expanded to contain more than just the seven entries that are listed there.
In the first couple of chapters of his book, Petrocelli provides an introduction to data protection as well as an overview of the latest developments in storage technology. But in order to protect information, it is first necessary to know about the different ways in which essential data can be lost. Petrocelli categorizes the reasons for data loss into the following four major categories:
- Natural and manmade disasters, such as floods, earthquakes, terrorist attacks, etc. Petrocelli reminds us that the "worst manmade disaster resulting in widespread loss of data (and life) was the September 11, 2001, terrorist attack on the World Trade Center in New York City." Resulting from that tragedy, Petrocelli reports that both the U.S. Securities and Exchange Commission and the Comptroller of the Currency jointly issued "policies requiring that data be adequately protected against regional disasters."
- Security breaches, either by personnel known to a company or from external threats. Protecting data from attack from both "insiders" and "outsiders" remains a major obstacle to overcome.
- Accidents or unintended user actions. Frequently, problems of this nature can be traced back to mistakes made by IT departments themselves. Common examples are backup tapes being erroneously overwritten, or sloppily performed database reconfigurations causing mission-critical applications to behave mysteriously and, as a consequence, result in lost or compromised data.
- System failure, resulting in corrupted data or total loss, from misbehaving disk array hardware, Fibre Channel and SCSI host bus adapters, network interface cards, and so on.
In the third chapter of the book, Petrocelli discusses the classic data protection strategies of backup and restore. And although backup and restore should be regarded as the "cornerstone of data protection," Petrocelli believes that not enough consideration is currently being given to specifically designing storage systems for backup and recovery.
That oversight often results in problems such as backups taking too long, the wrong data being backed up, essential data being overlooked in the backup process, and not having the capability to restore just a desired selection of critical data when it is most urgently needed. In the next chapter, Petrocelli puts the spotlight on remote copy and replication, and demonstrates how those processes represent an effective way of moving data to safe locations. He also explains how remote copy and replication differ from backup.
Before tackling the topic of storage system security in the sixth chapter of his book, Petrocelli uses the previous chapter to cover basic security concepts. Just some examples of the topics discussed in this part of the book include the concept of "least privilege," that is, the minimum "amount of access any user, host, or processor should have to system resources;" firewalls; intrusion detection systems (IDS); intrusion response systems (IRS); authentication and access control; encryption; denial of service (DoS); viruses; and Trojan horses.
The final two chapters of the book respectively investigate the two specialized areas of "policy based data protection" and "Information Lifecycle Management" (ILM). Petrocelli defines policy based data protection as "a way of defining data protection methods, tools, and procedures as policies and then deriving rules from those policies." He adds that a "policy is a set of best practices that the organization must follow. These policies are not simply guidelines or suggestions. Policies are a concrete expression of the data protection strategy."
An example of such a policy could be one that a company or organization adopts in order to protect email messages that it cannot afford to lose. In a similar fashion, the Information Lifecycle Management approach is also a strategic process that consists of policies and rules for protecting valuable information assets.
But the key to understanding Information Lifecycle Management is, as Petrocelli says, to recognize that it is a "process by which information is managed according to a lifecycle. This lifecycle is defined in terms of the value of the information."
To help clarify the differences between a policy based data protection solution and an Information Lifecycle Management approach to protection, practical examples of both have been included in the book, with each of them expressed using Extensible Markup Language (XML) schemas.
The full details of the XML schemas are contained in the book's first appendix, while the second appendix lists other useful data protection resources such as the details of relevant organizations and conferences, Web sites, and government documents.
Finally, as you read through "Data Protection and Information Lifecycle Management," you will find yourself constantly referring to the list of acronyms and explanations, which have been collected together into the third and final appendix.
In conclusion, I believe that there are any number of IT professionals who are directly involved in technical type roles in their every day jobs who will benefit from reading "Data Protection and Information Lifecycle Management."
These people include system administrators, storage administrators, network administrators, database administrators, system analysts, and business analysts. But because the book has been written in an easy to understand style, anyone who has an interest in learning more about protecting data can benefit from the advice it offers.
Don't wait until disaster strikes before you read this book. Take action by reading it now. And most importantly, seriously consider putting effective strategies into place that will let you sleep easily at night, knowing that you have done everything possible to protect the vital corporate data that is your responsibility.
Tony Stevenson
mkdsoftware@trump.net.au
Windows IT Library Guest Reviewer
For more book reviews, visit the Windows IT Library Web site. http://list.windowsitpro.com/t?ctl=20E77:24FDE
Online Sample Chapter
The Changing Face of Data Protection
Index
Table of Contents
Acknowledgments.
About the Author.
Preface.
Who Is This Book For?
How This Book Is Arranged.
What You Will Take Away from This Book.
1. Introduction to Data Protection.
What Does Data Protection Mean?
A Model for Information, Data, and Storage.
Why Is Data Protection Important to the Enterprise?
Data Loss and Business Risk.
Connectivity: The Risk Multiplier.
Business Continuity: The Importance of Data Availability to Business Operations.
The Changing Face of Data Protection.
Key Points.
2. An Overview of Storage Technology.
A Quick History of Data Storage.
Storage I/O Basics.
The I/O Stack.
Direct Attach Storage.
Network Attached Storage (NAS).
Storage Area Networks.
Extending SANs over MAN and WAN.
Key Points.
3. Backup and Restore.
The First Line of Defense.
Designing Storage Systems for Backup and Recovery.
Recovering from Disaster: Restoring Data.
Things That Go Wrong with Restore Operations.
Tape Backup.
Disk-to-Disk Backup.
Disk-to-Disk to Tape.
Backup and Restore Practices.
Application-Level Backup and Recovery.
Case Study: Bingham McCutchen.
Key Points.
4. Remote Copy and Replication: Moving Data to a Safe Location.
How Remote Copy and Replication Are Different from Backup.
Remote Copy.
Design Considerations for Remote Copy.
Replication.
Case Study: PdMain.
Key Points.
5. Basic Security Concepts.
Least Privilege.
Defense in Depth.
Diversity of Defense.
Encryption.
Typical Attacks.
Key Points.
6. Storage System Security.
The Role of Storage Security in Enterprise Data Protection.
DAS Security.
SAN Security.
Internal and External Vectors.
Risk.
Security Practices for Storage.
Secure Fibre Channel Protocols: FC-SP and FCAP.
Case Study: Transend Services.
Key Points.
7. Policy-Based Data Protection.
Difficulties with Data Protection Strategies.
Data Lifecycle Management (DLM).
Key Points.
8. Information Lifecycle Management.
Information Assurance and Data Protection.
What Is Information Lifecycle Management?
Unstructured and Structured Information.
The Importance of Context.
Determining and Managing Information Context.
Location and the Information Perimeter.
The Information Lifecycle.
An ILM Schema.
Matching Information Value to Protection Options.
The Changing Value of Information.
Regulatory Concerns.
Protecting Information Using ILM Policies.
Controlling Information Protection Costs.
Automating ILM.
Case Study: MidAmerica Bank.
Key Points.
Appendix A: XML Schemas and Document Type Definitions for Policy Statements.
Appendix B: Resources.
Books Worth Reading.
Organizations and Conferences.
Web Sites Worth Visiting.
Government Documents and Resources.
Appendix C: Acronyms.
Glossary.
Bibliography.
Index.
Downloadable Sample Chapter
Book
$44.99
$40.49
Usually ships in 24 hours.
This book includes Instant Online Access with 
and free shipping!
Instant Online Access with Safari Books Online
With your book purchase you are entitled to free, instant online access to that book on Safari Books Online for 45 days. After you've completed your purchase, you will receive instructions on how to log into Safari Books Online. If you do not want to receive online access to the book, simply uncheck the box for Instant Online Access in your cart.
- Save more by becoming a member.
- Request an Instructor or Media review copy.
- Corporate, Academic, and Employee Purchases
- International Buying Options
Online access to books, videos, and tutorials from Addison Wesley, Prentice Hall, Cisco Press, IBM Press, O'Reilly Media and others - starting as low as $22.99. Learn more and start a free trial.
Account Sign In
View your cart