Opinion: Protecting Essential Trucking Data
By Bob Helms
Chairman and CEO
Pegasus TransTech
This Opinion piece appears in the Nov. 15 print edition of Transport Topics. Click here to subscribe today.
Big-picture executives have the ability to see well beyond the day-to-day grind. If you’re in this category, you support an active safety department and insist on taking a variety of preventive measures. You deploy safe equipment, monitor performance and use technology to ensure results. You hire drivers selectively and provide ongoing performance analysis and training. You do everything you can to prevent accidents, protect your people and safeguard your investment.
It’s called “mitigating risk,” and CEOs generally agree it’s a fundamental responsibility of their job.
But what about areas of risk that go beyond accident prevention and other common operational risks? Does the company have a plan for protecting its key operating data and billing information after they leave a driver’s hands and before they are safely in your archives?
What about protecting your store of data after you think it has been put to bed in your own systems?
Does your company pay close enough attention to the data that are, if not the lifeblood, then certainly the neural network of your operations? Many companies fail to do this for the simple reason that things seem to be working as expected, with no cause of panic. “If it ain’t broke,” they tell themselves, “why fix it?”
The problem, of course, is that protection that was adequate, maybe even state-of-the-art, two years ago is now compromised by new threats that keep pace with — and sometimes outdistance — the technological evolution of our companies.
It’s also possible for a business to simply outgrow its systems or, in some cases, mitigate risks in some areas but not others.
To mitigate risk, whether from active threat or simple inattention, you need to monitor the well-being of company data constantly. You need to stay apprised of the latest threats and the best practices for avoiding them. And while you’re at it, you should review the key elements in place to protect all your critical data. That review should begin with frequent evaluation of up-to-date backup processes. Don’t be lulled by rote security checklists. Think beyond the routine.
For one thing, backing up files, say, once a day may not be enough. Ask yourself what would happen if you had a failure before backup time on a given day and lost all or most of that day’s data — delivery documents, driver logs, accident reports and applications — never mind critical banking and accounting documents? What would that mean to your business? What about a half-day’s worth? What about an hour’s worth? How long would it take to reconstruct those documents? How much data are you prepared to lose?
Once you decide how often to back up, consider exactly what your backup will include. Will it be just those working files?
What happens if your server (or one of your servers) fails? Even if its data are backed up, simply copying those data onto a new server doesn’t put you back in business. You might want to back up the entire server — operating system, network software, data and all.
That can involve the world of virtual servers — a complex subject we won’t get into here. What’s important from a risk mitigation point of view is that a complete server backup, a clone or snapshot, will enable you to install a new server, copy your backup to it and get back to work in a relatively short amount of time.
Next, where will your virtual backups reside? Ideally, your backups will be located in a place not subject to the same power grid or weather patterns of your primary servers.
This point brings us to the subject of remote backup over the Internet. The possibilities here are numerous and expanding. For example, some backup providers offer continuous mirroring — backup that eliminates the question of timing altogether. Your data are backed up almost as they are generated in a virtual mirror image of the original. Sometimes called real-time mirroring, it is data redundancy created even as transactions in your system take place.
For example, a company can make two copies of every document and data element that enter the system. Simultaneously, the data move to two other locations, each of which generates two copies. While the transaction is still alive, the company has as many as six copies of a document and its associated data in widely separated parts of the country. This dispersion is important to maintain because any data-loss problem the company might have in its systems — or that its customers might have in their systems — can be mitigated completely by recovering the information from one of these backup sites.
Depending on your resources, you may be able to achieve real-time redundancy within your company. It’s more likely, though, that you will use an outside IT vendor for a remote repository. Which brings us to another risk mitigation consideration: How do you know the outside company you trust with your business-critical data has the expertise and the resources to provide the service it promises?
The best way, of course, is to get recommendations from trusted friends in the business. You also should ask a potential vendor for a list of references related to your type of operation and then make sure to check them out.
Another good indication of quality service is a strong SAS 70 report. SAS 70 is an abbreviation of Statement on Auditing Standard 70 maintained by the American Institute of Certified Public Accountants and officially defined as a “Report on the Processing of Transactions by Service Organizations.”
Very often, those service organizations are providers of outsourced services critical to a company’s own operations. The service organizations can be data centers, credit processing companies or providers of document management and paperless services.
You’ll want to ask if a potential vendor has had an SAS 70 audit. If so, ask to see the most recent auditor’s report.
Most importantly, pay close attention to the risks associated with the digital side of your business. Talk with your IT people often, and independently educate yourself on the potential risks. It’s the best way to ensure your ongoing operations and protect the information that enables your trucks to roll.
Pegasus TransTech, Tampa, Fla., provides technology-enabled business process improvement solutions. Its Transportation Group specializes in services to improve the delivery-to-cash cycle.