Combine Fear, Uncertainty, and Doubt — and you get FUD, which has been on my mind lately because it so often involves attempts to thwart adoption of newly-emerging, better solutions. Consider these two tales of FUD:

The first tale, from the late 1880s, is often referred to as the War of Currents. It's about a powerful group of direct current (DC) supporters who fought fiercely against the new, more cost-effective alternating current (AC) with a range of FUD stunts, from electrocuting animals to building the first electric chair. DC's supporters eventually lost — because FUD can slow, but not stop, real progress.

The second tale is a contemporary one involving Cloud Services — and, sadly, concerns the same techniques used during the War of Currents: FUD.

Cloud can reduce IT spend without loss of capability (or security). Cloud can even streamline what IT can do for a business. That inexorable reality has some upset enough to try to scare folks away from Cloud Services so they'll stick with costly, arcane solutions.

If marketing chatter is making you unsure, talk to a trusted technology adviser to understand your options. Don't let your plans succumb to FUD.

This last of my backup/recovery best practices is far from the least of them:

#10 Conduct regular testing and reviews of your data recovery capabilities 

Backups can be corrupted (especially if they’re tape-based) and too often backups are performed incorrectly. Key files, directories, or components may have been excluded, especially if your infrastructure has undergone adds or deletes.

More...

As I see it, there are 10 best practices that can make the difference between backups that really do keep you in business and backups that seem to work okay — until you actually try to use them. Here are the first two:

#1 Understand your data so you can decide what needs to be backed up and how often. 

Base your decisions on the cost of loss, which you can get a sense of by noting the types of data your business relies on — emails, spreadsheets, databases, line-of-business apps, etc. — and determining the impact of losing that information for good and having to recreate it (if you can). Add in the cost of unhappy customers and potential regulatory/compliance violations — and do the math.

More...

I can’t emphasize this enough: All of the technology products and services an organization devotes to securing its data, applications, systems, and networks have but one aim — to protect the value of the business.

Conversely, every data breach reduces the value of the business — and there are more data breaches every year.

More...

It’s easy to tumble backwards into information security, to let yourself get sidetracked into arcane, hard-to-follow discussions about the innards of technologies and products when in fact you need to be thinking through higher-level strategy and policy.

If, for instance, you don’t actually know yet whether your business would benefit from using encryption, listening to the sales pitches of competing encryption product vendors is a waste of time.

So start with straightforward non-technical questions that your IT people should answer in a straightforward, non-technical way. When they backslide into techno-babble make them translate (they can use the practice).

1. What data is business critical? What data is sensitive? Who ‘owns’ or has access to our business-critical data? Our sensitive data?
2. What sort of assurances of confidentiality and integrity do we need to provide for each type of data?
3. How long do we want to retain data?
4. How do we want to control data access and permissions?
5. How do we want to authenticate users?
6. What kind of security training should we provide employees?

You’ll also want to pose questions about the security of your information infrastructure as well as how to cope with cloud computing and social networks. Check my next post for those 9 questions.