Using the evidence of hard drive failure from Backblaze to increase the value of security

How and why to leverage the public work of others to start conversations and support the decision making process to increase the value of security

When is the last time you personally experienced a hard drive failure?

A few years ago, thieves broke into our RV and stole the laptops, hard drives, and basically anything not nailed down.

At the time, I had a backup strategy - but pushed the backup and swap by two days (after the weekend). As a result of that fateful decision, I lost a few weeks of work and a few gigabytes of pictures. I recreated the work, but the pictures are gone.

I learned the importance of sticking to the backup plan, having multiple backups (in different locations), and never leaving a phone with a laptop. Never.

Last summer, as the hard drive on my roughly four year old laptop signaled it was failing, I was ready. I had a backup. And to be safe, I had a backup of my backup.

I was prepared.

And then I learned that part of preparation is the ability to recover -- including how long it takes. I had discounted the time, and it took nearly three days to get all the data back and sorted. Naturally, it happened when I didn't have three days to spend on it.

Now I have a combination of backup systems, and can recover quicker. Among those systems, I subscribe to Backblaze for online backup. It's saved me more than once with basic file deletions.

The benefit of evidence

When they recently published information about their observations on hard drive failure (How long do disk drives last?), my first impression was, "nifty marketing idea." I decided to read it later. I'm glad I did.

What I found was a reasoned, evidence-based approach to share real-world data about how long drives last. Better, in a follow-up post, they took on the topic of consumer versus enterprise drives (Enterprise Drives: Fact or Fiction?) - with an interesting conclusion.

They presented not only their data, but shared methods and reasoning. By itself, it's a useful model to consider how to measure what matters.

By sharing the data, they make it possible for other people and organizations to make better decisions. In security, it also gives us the opportunity to use the evidence to engage in conversations -- on a personal and a corporate level.

Using the evidence to increase the value of security

Minimally, incorporating the evidence of their findings into the procurement and decision-making process could lead to savings. Broader, the discussion of hard drive failures creates the opportunity to increase resilience.

The increasing role of security is to make it easier for the business to operate with less restrictions, while still protecting information.

Increase your value in these discussions with questions like:

  • How long should our drives last, and are we prepared with redundancy and replacements?
  • Do we really need enterprise grade drives, or would having more consumer drives be a better choice?
  • What information is important - and how are we making, storing, and protecting copies of it?

The advantage of Backblaze making their findings public is the opportunity to leverage it in these conversations. It's no longer opinion or conjecture. It's evidence. Since it came from someone else, it might even hold a bit more weight.

More, since Backblaze is in the business of providing backup solutions to consumer and enterprise customers, it serves as a convenient pivot to ask how those needs are met. It allows for a good conversation on backup strategies.

Maybe a cloud-based solution isn't right for the data. Maybe it's perfect. The point isn't the answer, but the conversation to get there. It's a chance to listen to the challenges, assess the needs, and explain the range of solutions.

Those conversations include the experiences -- personal and corporate -- of the inopportune failures of hard drives. Use my experience, share your own, or ask for others to share theirs. Let the stories give context to the evidence.

We need more transparent, public evidence

Whether you use Backblaze or not, we need more of this sort of transparent, empirical sharing of information.

This is their expertise. Great to learn from them. I look forward to more, too, since it makes our work in security just a bit easier. Read their work, consider how it impacts your efforts, and engage in valuable conversations to help others make better decisions (while protecting information). 

To comment on this article and other CSO content, visit our Facebook page or our Twitter stream.
Insider: Hacking the elections: myths and realities
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.