The employees may be the brain of your entire business, but if you can’t supply them with the data and information they need – your operation will flat line.

When most people think of data security, they usually think of complex passwords and encryption which are forms of software based security.  What often gets over looked is the physical security.

Consider what it would cost your company if you were to arrive at work in the morning to discover that ALL of your data was gone, either due to physical theft of your servers or hard drives that have failed beyond repair.  If it helps, you may even calculate this cost based on a partial loss of data – but you should ALWAYS prepare for the worst case scenario.  In order to help you monitise data loss, consider the following factors…

  • Recompiling data (research information, client contact lists and correspondence)
  • Legal implications (credit card information, medical data)
  • Future income loss (patents, loss of client trust, company credibility)

If the implications of data loss still don’t scare you, then this article probably isn’t for you – perhaps you’d like to read about my play date with a drone instead.  Otherwise, read on!

Forms Of Physical Data Security

Hard Drive Failure Server Failure Building Disaster
Hard Disk Redundancy: FAST Recovery NO Recovery NO Recovery
Offsite Data Backup: SLOW Recovery SLOW Recovery FAST Recovery
Onsite Data Backup: SLOW Recovery FAST Recovery NO Recovery

Hard Disk Redundancy: Fairly simple, multiple copies of the data are stored on the same device providing a safety net in the event of hard drive failure.

Offsite Data Backup:

“Cloud Backup” – The advantage to this method is that copies of your data are encrypted and stored in a remote data center typically with rigorous physical security protocols in locations usually not prone to natural disasters.  The disadvantage of this method is you no longer have physical access and control over your backup which can be against some data storage laws when you’re dealing with sensitive medical information for example.  As a side note, this method may be cost prohibitive as you are paying for a data storage service as a opposed to a data storage method.

Physical Server – This is a server in your physical control that is also in a different physical location, optimally located in an area not prone to natural disasters such as a branch office.  Using this method, two servers are connected either via a secure connection over the public internet (VPN) or a private network.  This method has a moderate cost associated with it as an additional server has to be purchased or leased and a network connection between the servers must also be provisioned.

“Sneakernet” – While it is the most cost effective solution, I would never try and sell a client on it.  This solution is to literally have critical data copied over to an external hard drive and have someone take it home with them at the end of the day.  The reason I would never sell anyone on this idea, is that from past experience this method works for the first three to six months and after that complacency will ALWAYS follow.

Onsite Data Backup:

Cold Spare – This is an entire server without hard drives, that is configured and plugged in but turned off.  In the event the primary server fails, the hard drives can be removed from the dead server and placed into a cold spare and turned on.  This is the most cost effective onsite backup method, but may result in down time ranging from minutes to a few hours depending on the complexity of your setup and I.T. staff response time.

Hot Spare – This is an entire secondary server which is usually identical to the primary one, it runs in tandem with the primary server to work as one.  You may hear this being referred to as “highly available clustering”.  In the event the primary server fails, the hot spare server takes over without any hiccups.  While this method isn’t very cost effective, it is very efficient.  With cluster computing, you can use the law of diminishing returns to your advantage – since tasks assigned to your server cluster such as backups aren’t dependent on one server, they can run when one or more systems aren’t needed for critical tasks such as e-mail service.  This method negates the need for backup servers and saves power as it uses otherwise wasted resources for your backup needs.

Lock & Key

While locks and keys are not the focus of this article, they certainly deserves an honorable mention.  You can deploy the most expensive backup system in the universe, but it’s all easily defeated when someone simply walks in off the street and takes your stuff.


As you can see, physical data security is not a “one size fits all” solution.  Zero down time data recovery solutions are usually expensive, so you must decide how long you can afford to have your staff sitting around playing ping pong while the I.T. people frantically work to get the engine room running again.  If down time isn’t as important to you, then combining off site data storage with a little bit of hard disk redundancy for critical data may make the most sense.  However if you can’t skip a beat, then you may wish to deploy a rigorous hard disk redundancy regimen along with some on site data backup with hardware hot spares for your absolutely critical data.

Whatever methods you choose to protect your data, always remember to periodically test them!

Leave a Reply

Your email address will not be published. Required fields are marked *