What is Data Loss?
Data loss is an error condition in information systems that causes stored information to be destroyed by some critical failure or neglect while in storage, transmission, or processing. Most of these systems would implement some form of backup or disaster recovery equipment to both prevent or recover from data loss.
The nature of data loss makes it sometimes confused by many as data unavailability, which may arise because of network issues and not the destruction of data. The consequences for each are similar for users; however, data unavailability is temporary while data loss may be permanent. Data breach is also another term which is often used interchangeably with data loss however, it is distinct in that it occurs when data falls into the wrong hands through some intentional or unintentional means. Data leakage also falls into this confusion as well as both data loss and data leakage can lead to a data breach; but in reality, data leakage is the flow of information (usually sensitive and critical information to a system) from an organization to another party.
Types and Costs of Data Loss
There are quite a few types and causes of data loss, the most common of which are human error and hardware failure. Along with those, there exists procedural causes, intentional deletion, some unintentional action such as file or program deletion, administration errors, or misplacement of data, some type of failure such as a business failure, software failure, or data corruption, natural disasters, and crime such as theft, hacking, SQL injection, sabotage, etc.
The cost of a data loss event, however, is directly related to the value of the data in question and how long it is unavailable yet needed. As such, when implementing an information system, one should consider the cost of continuing their services without access to data, the cost of recreating data, and the cost of notifying users in the event of a compromise.
There are various methods of prevention against data loss; however, each method will not cover all types of data loss and as such, systems administrators should pay close attention when designing their systems. For instance, having some type of backup generator or battery will protect against power failures but not against natural disasters or hackers. And while having a journaling file system or RAID system will protect against certain types of software and hardware failure, they are vulnerable to everything else. An Uninterruptable Power Supply (UPS) may also seem like a great idea but it will only be helpful against power spikes while hard disk drives will need to be in a secure location so they do not move or shake too much which can damage their components; that is, they’re vulnerable to natural disasters. Because of this, while having a regular backup plan can go a long way for any system to recover from a data loss event, it is not a proper method of mitigating the events and as such; having a disaster recovery plan alongside it is optimal; albeit, not perfect.
Data recovery is usually performed by some commercialized service which has developed methods of recovering some damaged data from some damaged media. The cost of these services at data recovery labs are often determined by the type of damage and media in question. At the lowest level of this, file system deletion is something that the basic user or system administrator can rectify on their own; as a deleted file is not immediately overwritten on a disk but is simply removed from the file system index and thus, easily recoverable.
These services usually require some type of efficient backup plan in place to be successfully executed. In the cases which such a plan was not established beforehand, regeneration data programs would need to be installed on the system which can be quite costly when considering that normal recovery from some backup plan is typically considerably difficult.
In the event of a data loss event being noticed (as sometimes, the time between the event occurring and the event being identified can be far apart), the first step to do is to prevent any further write operations to that data. The data may not be present but it is imperative to prevent it from being overwritten by a program which means the data would then become permanently lost. This is because many operating systems create temporary files to boot which may overwrite the areas of the lost data. This is even a common thing when viewing web pages by having the lost-data area being overwritten with some HTML or image on a web page the user downloaded while browsing the Internet. The ideal response to avoid this is to shut down the affected system or storage unit and remove the storage media in question. Following that, take the storage media to a device with some write-blocker software attached to it and then attempt to recover the lost data.