I recently took my family on a vacation to visit my parents in the town where I grew up. As we returned to some of my favorite childhood vacation sites, I was reminded of the first time my father took me swimming. I remember that warm summer morning as a five-year-old, trying to learn how to swim in a small river. My dad told me, “Swimming is a survival skill; you learn it once, and you’ll never forget how to do it.”

I didn’t question why I needed to learn how to swim; I just knew I wanted to, and that with some practice and patience, I could figure it out. I did eventually learn how to swim well, and I can still swim and would probably survive in a water emergency. (Never mind that it took me four years to learn – that’s another story.)

As the father of two beautiful children who I am now teaching to swim, I sometimes ask myself: did I learn to swim to survive, or to help others survive? The answer is both, because the basic skills we learn as children can be honed into strengths so that we can pass them on to others if we keep practicing them.

The same philosophy applies to data protection. A “survival skill” is a technique used to sustain yourself or your company in any type of environment. I’ve been in the data protection industry for more than a decade, and I’ve seen my share of successes and failures, but I can attest to this – data protection is indeed a survival skill in the modern world.

Today, everyone recognizes the importance of data and the reliance of an enterprise on its data and information. Tools and technologies help us protect all those ‘zeroes and ones’ we’ve created and accumulated, and most of us are well on our way to hoarding tons of it. But as I observe the rise in data loss and theft, I’m beginning to wonder if we’ve forgotten one of the basics of data protection. We all know the how, what, when and where of data protection, but have we forgotten the why?

Why we need to protect our data is simple: we can’t survive without it. We need to keep it, protect it, and preserve it. And when we need it, we need to be able to recover it. Data protection is, plain and simple, a survival skill. But it’s complicated.

As data protection professionals, how many of us can:

  1. Define our business backup requirements? We must make sure we’re not simply answering “what we are doing for a server or an application,” but what are we backing up this application/data for?
  2. Answer why we are using the forms of retention we use? The industry standard has been 30 days’ retention, but restore tickets tell us that 60% to 70% of restore requests are within seven to 14 days. So why pad a 50% extra buffer with a 30-day retention policy?
  3. Achieve long term retention? For every dollar you spend to backup software or hardware, are you protecting data that is worth four to five dollars to the business? Should you have that kind of ROI for data protection? Or should you have a target of 10% reduction in data protected every year, rather than 10% growth buffered while sizing a solution?

Many times, data protection is best left to the professionals who can comprehend every situation you may encounter on your way to data resilience. They can help you determine your Recovery Time Objectives (RTOs), testing and validation processes, compliance requirements, and business continuity plans. Getting it right is vital, because as we’ve seen in the last year alone, businesses have been affected by terrorism, cyberattacks, natural disasters and other events that compromise their operations.

In every other industry, customers ask the return on investment (ROI) question for an undertaking of this magnitude. Say you’re building a product on an assembly line with an expensive new piece of equipment. This is probably one of the first questions asked: how can we derive three to five times the return on the dollar invested? Is the assembly line flexible enough so that we can accommodate minor changes easily? Can we reduce defects or improve quality by X% year-over-year?

Drawing a parallel here, if we lay down a data protection and backup strategy, we should be able to yield three to four times the investment, or save the business twice the money. People often ask me what their ROI will be for data protection over the next five years. Others ask me what we’re protecting, how long we’re going to keep their backed-up data, and if it will meet their business requirements. The cloud presents an ideal opportunity for ease of access to a fully recoverable production environment at minimal cost and maximum speed.

Regardless, the bottom line is this: data protection is a survival skill, and no matter what it costs, sooner or later you’ll be glad you have it. And when that time comes, you’d rather be swimming laps than treading water.