7-Backups of security Devices-03-06-2023.ppt

Editor's Notes

• #13: Your desktop or laptop computer should store only your current working copy of your data. Your master copy should be stored in a safe environment, and it should be copied in another location as well. Data redundancy is very important. Your laptop can break down, the hard drive can crash, your computer can be infected with a virus, your laptop is stolen. What happens if it is the ONLY copy of your data? Removable media are vulnerable to temperature and humidity fluctuations, poor handling, air, moisture, and light conditions. The program you used to generate or analyze the data could be upgraded by the manufacturer, and it might no longer work with your data. The software has changed, and no longer runs on your computer. Removable media should be migrated to new media every 3-5 years. Hard drives should be migrated every 5 years. The consistency of the recorded data should be checked yearly. Cloud storage providers are providing a service for a fee. They are a business, and as such they can go bankrupt, be bought out, or be legislated out of existence. Cloud storage is simply storage. What you put in is what you get out. Don’t make the mistake of thinking of them as a long-term storage solution, like an archive. Have another option available, because if they go out of business, you may have a very limited amount of time to move your data to a new provider. You will not be able to move it directly from one service to another.
• #14: Plan for the future at the start of any data collection activity. You may need your data in one format to analyze it, and another to visualize it. You may want to share it with a collaborator who needs it in a specific format. Perhaps the software tool you need to use requires a format that only it has. Being aware of these requirements will make the later stages of your work easier and more productive. Think about how software and hardware change over time. Proprietary software often has a short “shelf life”. Microsoft has changed Word quite a few times over the years. If you try to open an old 1989 copy of a Word file with the 2010 version, you will get nothing but gibberish. (The first Word program was released in 1983. It was in MS-DOS). Later versions are not always backwards compatible. The same holds true for many proprietary software products. Hardware also changes over time. Operating systems change, hard drive file formats change. The mechanical bits of computers change and break down. The data may be still on an older hard drive, but if the software that reads it is no longer available, or the bearings that spin the disc are frozen, you will never be able to access that data. Access for your collaborators is something you need to be aware of. If they are at UVa, they are probably using the same systems as you, or the data can be migrated to a format you can both access and use. But if they are in Europe, or Asia, they may not have access to the same equipment or software. This is especially important if you are working with highly sensitive data, such as personal identifiers or HIPPA regulated data. Do your collaborators have access to your data storage environments? Many funders, especially US government ones, require data sharing as a part of your funding. They may specify specific formats for data sharing and data storage. Data security is an important consideration. Can you move the data easily? Consider factors such as size, security level, format. What are the requirements imposed by the funder, the institution, or collaborators?
• #15: You will probably need to keep your working data in a proprietary format until your data analysis is finished. It is always a good idea to have your primary data file backed up in both the proprietary format you are using for analysis, and a non-proprietary one. Data redundancy is a simple but effective deterrent to unimagined software and hardware failures. For long-term data storage (archiving) and sharing, you want to select a file format which is non-proprietary for maximum reuse potential. Open formats are best. Convert your data from proprietary formats to open or discipline-defined standards. The following list comes from the UK Data Archive, the preeminent authority on digital research data in the social sciences and humanities. [http://www.data-archive.ac.uk/create-manage/format/formats-table] Quantitative tabular data: SPSS portable format (.por), comma-separated values (.csv), tab-delimited files (.tab), text files (.txt) Geospatial data: ESRI Shapefile (.shp, .shx, .prj, .sbx, .sbn), TIFF (.tif, .tfw), Cad data (.dwg) Qualitative data: XML, rich text format (.rtf), plain text data (ASCII .txt) Digital Image data: TIFF (.tif) uncompressed Digital Audio data: Free Lossless Audio Codec (FLAC) (.flac) Digital Video data: MPEG-4 (.mp4), motion JPEG 2000 (.mj2) Documentation and scripts: Rich text format (.rtf), PDF/A or PDF (.pdf), HTML (.htm), Open Document Text (.odt) Don’t forget the metadata! Comprehensive and complete documentation is essential so that all future users can understand the data.
• #16: The PI, or an assigned team member, should be responsible for maintaining the master copy. Restrict write access to specific members of the team. Document and update your guidelines (include responsibilities) so if team members change, new members will know the requirements. Record changes with your working data with Version control. Network security: Keep highly sensitive, confidential or IP-valuable data off internet-connected servers (or behind firewalls). Physical security: Who has access to your office and to the data files? Be careful of allowing repairs by an outside company. Computer systems and files: Keep virus protection up to date, and active. Be sure your computer has a login password. Do not send personal or confidential data via e-mail or FTP. Encrypt your data prior to sending. If you have IRB requirements, be sure to follow them. You may need to address data storage when acquiring consent and confidentially agreements for data users. Many IRB’s require 2 levels of security when working with sensitive or confidential data. This can be a password-secured computer in a locked office, or password-protected data files on a password-protected computer. Encryption is another option to ensure the security of data.
• #17: Data redundancy is very important. Regular back-ups protect against disasters and accidental or malicious data loss. Types of problems: Hardware failures Software problems Virus infection Hacking Power failures Human errors Ideally, your backup should be stored in a different zone: you want to be able to recover your data if something bad happens. If you keep your backup on the same device/media as your primary, or master, then in the case of a disaster you will lose all of it. 3-2-1 Rule: Keep 3 copies of your data. 2 different media (for example - hard drive and optical media). 1 copy stored offsite, ideally in a different threat zone. Here-near-far: Keep 3 copies of your data. 1 here (your working copy), 1 near (your primary backup), 1 far (your primary data, kept in a different threat zone) What is a threat zone? A different geographical location from the one you are working in. If a natural disaster occurred in Virginia, and all of your data files are here, then you will probably lose everything. Put your primary, or primary backup, on a media that is secure, and send it to a friend or family member in another state for safe keeping. Can the cloud be considered a different zone? Yes, but only if the servers aren’t in the same zone you are in. Backup your data frequently. Copy that backup frequently. Don’t touch the primary unless you need it. Ideally, create a schedule for backing up your data, and follow it. Have someone be responsible for the backup schedule. Follow-up. Periodically test your backed up data for accuracy and consistency. Your schedule should include this. Your schedule should also include the dates when data files are created, so you know when you should migrate to fresh media. Disaster recovery: If the worst happens, recover your data from the primary backup. You may have to start your analysis again, but it is better than having to collect the data again. If you have been saving and backing up your data on a regular schedule, you should lose no more than your work between backups. This is a great reason to do those backups weekly.