Storage vendors are leading in today's data protection market with de-dup, single instancing, archiving, data dispersion and erasure technologies, as a natural extension of existing franchises. (see Compression and De-duplication key to EMCs data protection strategies) Data protection is a legacy term receiving new world definition in an effort by storage vendors to capture market interest and validate the technical offerings of their storage hardware or software product line.
However, data protection has a much broader meaning in business, law, and the information management industry in general. It is very important to understand this broader meaning and limits of the new world definition.
Here is an example of key principles of data protection (not an exhaustive list).
- Data may only be used for the specific purposes for which it was collected.
- Data must not be disclosed to other parties without the consent of the individual whom it is about, unless there are specific business, legal or regulatory requirements to share the information (for example, the prevention or detection of crime).
- Personal data should be kept no longer than necessary and must be kept up to date.
- Data protection requires that access be provided on a need-to-know basis
- Data protection requires that the use of data be audited and reported on a routine basis
- Data protection requires that unauthorized access to data be identified as a breach or violation of policy or rules
- Data protection can be achieved via mandatory, discretionary, or non-discretionary access control policies
- ....and so on
To understand the new world data protection marketplace, it's best to start with a definition of what is data protection. Although it's difficult to find consensus on an exact definition, some believe that data protection is the implementation of administrative, technical, or physical measures to guard against the unauthorized access to data. But unfortunately, the simple term "access" may not convey requirements for availability, accessibility, accessibility, identity management, and auditing and monitoring. And vendor storage platforms that tout only backup and recovery features fall short of satisfying the requirements of a more complete definition.