Protecting data is a fundamental responsibility for IT operations support staff. This task is not easy. Hardware fails and data is lost or corrupted. Security breaches can result in tampering and data leaks. Employees can accidently delete files. This guide discusses how to improve the ways you protect data, particularly for end users who access and inadvertently delete or overwrite files on network shared drives. This guide introduces the concept of a file server recycle bin to enable continuous data protection and self-service recovery, freeing IT from help desk calls to restore lost files.
This guide is organized into three sections, each covering an essential element of continuous data protection:
Windows features on the PC, such as the Recycle Bin, are important to data protection, but they are not sufficient to provide continuous data protection or protection for network files. As a result, IT administrators lose precious time fielding lost file requests and digging through backups. Fortunately, third-party tools exist to fill these gaps. Before delving into the details, it is important to understand data recovery in the broader context of IT operations and support.
It is hard to imagine an IT support group with too much time on their hands. The combination of changing business demands and the continuing need to monitor and maintain existing infrastructure can generate demands on IT staff faster than they can be addressed. This problem is not new.
Users have always needed support. Market conditions and business operations are constantly changing, so C-level executives are mapping out new strategies that often entail an IT component. IT support professionals and systems administrators have done their part to streamline these operations. The days when IT support staff were routinely interrupted with phone calls asking for support have given way, at least in some organizations, to help desk support systems that allow users to submit their own support requests. Rather than wait for an adverse event, such as running out of disk space or having an application attacked, systems administrators automate system health checks and run vulnerability scans to spot potential problems before they disrupt operations. Both the shift to help desk support systems and the use of automation have helped improve the efficiency of IT operations but still more can be done. Two ways at our disposal to reduce IT workload are implementing self-service procedures and reducing dependencies on time-consuming procedures.
The use of self-service in IT support is well established. Users can reset their own passwords in many applications. The Web has become a primary resource for answering "how to" questions with common desktop applications. Users who are familiar with the Windows Recycle Bin can recover some of their own deleted files. (But not all deleted files, as we will discuss in detail in the next article). You can extend the reach of self-service to include more extensive file recovery. The ability to self-recover files is particularly important for two reasons: This task is common and the recovery process is time consuming and often requires the help of IT support staff.
By reducing dependencies on time-consuming tasks, you leave IT support staff with more time for other operations. To be sure, recovering lost files is important and can be well worth the time invested. Imagine if the final version of a sales proposal is accidentally deleted a short time before it is to be delivered to a client. The value of potentially lost business could easily exceed the time invested by IT support staff to recover that file from backup—assuming the latest version existed when the last backup was run. Not all file recovery operations will be as valuable as the lost proposal scenario, but lost files are important to the employees that lose them.
Figure 1. The Windows Recycle Bin is a first-line recovery mechanism for accidentally deleted files. Unfortunately, not all deleted files go to the Recycle Bin.
When files cannot be recovered from a user's Recycle Bin, file owners turn to IT support staff to recover the file from backups. This process can be time consuming for all involved because the steps can include:
The actual sequence of events may be even more complicated. For example, if a number of files were accidentally deleted, then they may need to be restored from multiple incremental backups. The latest file may be restored before the user realizes the latest version of the file was not backed up and the user still has several hours of work ahead of him to reproduce his lost work. To avoid delays in restoring files, to mitigate the risk of lost work, and to reduce the workload on IT support staff, you can turn to self-service tools for file recovery.
Many users are accustomed to checking the Recycle Bin for accidentally deleted files. What many of them may not know is that the Recycle Bin does not always capture deleted files. For example, the Recycle Bin does not capture files deleted from file servers or network drives. Those files are not available for recovery from the Recycle Bin, so IT intervention is required.
Also, previous versions of Microsoft Office files are not copied to the Recycle Bin and therefore cannot be self-recovered from the Recycle Bin. It is possible for these previous versions of a file to be captured in a backup or snapshot operation, if the file was present at the time the operation took place, in which case a systems administrator could help restore the file.
Third-party tools can help fill the gaps in the Windows Recycle Bin functionality. Thirdparty tools allow systems administrators or the users they support to recover files from a repository of saved versions of documents. These third-party tools operate like the Recycle Bin in the sense that they preserve a copy of a deleted file and enable recovery, but unlike the Recycle Bin, they provide this capture functionality more broadly.
As with any self-service IT support tool, you have to consider the need for security. A thirdparty tool that enhances file recovery services must be able to support access controls comparable to those in place on the file system. For example, if a manager deleted a file named Salary_Projections.xlsx from a network share, it would be captured by the thirdparty tool and stored in the deleted file repository. Only the manager, or others who have been granted access to the file at the OS level, should be able to recover that file. A curious employee from the manager's department who does not have access to the document on the network share should not have access to it in the deleted document repository.
Third-party tools should ideally support two modes of recovery: systems administrator-based recovery and self-service recovery. Administrator-based recovery is appropriate when dealing with sensitive information or organization policies that require a systems administrator to perform recovery operations. Self-service recovery is appropriate when the recovery system maintains Windows File Security. Self-service recovery can help streamline IT operations and reduce the workload on IT staff.
File recovery can be time consuming for IT support staff and frustratingly slow for users. The Windows Recycle Bin is useful for recovering many, but not all, accidentally deleted files. The ideal third-party tool provides a broader range of features and abilities to capture deleted files from network shares as well as previous versions of files. When access controls within the file recovery application mirror the access controls of the underlying Windows OS, systems administrators can enable self-service recovery while still protecting the confidentiality and integrity of users' files.