Posts

Picking a Backup Solution is Missing the Point!

/in ,

Data Protection
A 2013 study by The 2112 Group titled “”2013 State of Cloud Backup” found that small and mid-size interest in robust backup solutions more than triples after a significant data loss event, only 54% of SMBs felt that improved data recovery, business continuity, and IT reliability were sufficient motivators to deploy a new or improved solution.

Our perspective, is that focusing on backup misses the point entirely!

As we have blogged in the past: backup is easy; recovery is hard.  More accurately, the ability to recover and restore defines the value proposition.  Everything else about “backup” solutions — including the technology and methods — is irrelevant until you define the value of recovery and restore.

Stop thinking about Backup!  Instead, think about:

Continuity:  The ability for you company to continue to operate at an appropriately effective level during events that disrupt normal operations.   For some businesses, this means zero downtime.  For others, answering the phones and access to email may be sufficient for hours or days, or as an interim state until line of business systems come back online.  Still other businesses may need all systems up and running with 1 or 2 business days.

Recovery:  The ability to gain access to data and systems that became unavailable due to damage or failures.  Whether your disk array fails, a pipe bursts above your servers, or a virus eats through your files, recovery requires repair or replacement before systems and data can be restored.

Restore:  The ability to retrieve a prior version of data or a system.  Most restores are a result of user action or minor system issues.  How far back you need to go and the availability of past versions defines how long it will take to both retrieve the information and for the user to replace lost work, if any.  For some, a daily version meets the need.  For others, going back a day means resource-consuming rework so multiple versions each day are appropriate.

Focus on a building a Data Protection Solution and your required “Return to Operation” (RTO) time.  Remember that different parts of your business, different systems, may have different RTO requirements.

  • Assess your continuity, recovery, and restore needs and priorities
  • Understand the likely and not-so-likely risks to your systems and your business and create a “use case”.
  • Looking at each use case:
    • Identify changes to your IT infrastructure that could mitigate risk
    • Identify the type of solution that can provide the needed continuity, recovery, and restore services
  • Collate the use cases and solution types as your requirements

With requirements in hand, evaluating data protection solutions, technologies, and services becomes a manageable process.  Keep in mind, the data protection solution may include a mix of backup/restore, backup/recovery, archiving, disaster recovery, and other components.

 

Cloud Backup/Recovery: The Same, Only Different

/in


This blog post is the second in a series on Data Protection issues and practical solutions.

Data Protection Series

Backup and Restore, the most basic form of data protection, has been a standard IT practice since teams or Operators managed racks and rows of tape drives and tapes for early mainframe computers.  Borrowing from proven audio technologies, tape backups protected programs and data from the fickle failings of early disk drives.

As computers became more interactive, and more personal, the need for backup and restores services expanded.  Yes, your hardware might fail.  More likely, however, an assistant would “save as” over the boss’ most recent masterpiece.  Computers were new, and human error was inevitable.  Then came viruses, poorly written applications, spyware, bots, and the Internet (the ying and yang of all things good and evil).

As we move into the cloud, some of the reasons for backup/restore remain, and some new ones emerge.  

For those of us running Google Apps for Business, Education, and Government, Google’s highly redundant, multi-tenant infrastructure protects us from nearly all risk of data loss or corruption due to hardware or system failure.  Understanding the other risks to our data lets us decide when and how to better protect ourselves.

Third Party Applications

While domain-level access for applications is usually restricted to administrators, users often have the ability to run and connect third party applications to accounts.  Whether global or individual, poorly written third party applications can wreak havoc with your data.  Applications that need write access to docs, email, calendars, or contacts, can overwrite or delete content.  Determining the scope of a problem, and recovery, can be nearly impossible without reviewing all of your data.

User Error

Recent research shows that data loss within Google Apps is due to user error 63% of the time (0% is caused by Google).  As with any new system, unfamiliarity can bring unintended harm.  Ill-placed pastes, mistaken deletions, and save instead of “save as” are some of the ways data may be lost.   Even more complex, mistakes using Manage Revision settings, and permanently deleting items, can make recovery impossible.

Willful Misconduct

Protecting your data from the employee (or soon to be ex-employee) intent on doing harm is nothing new.  In Google Apps, as well as any other system, employees with access to sensitive information often have the ability to damage or destroy that information in ways intended to harm your business.

Security Breach

Google Apps is one of the most secure public cloud services in the world.  Even so, no system is ever completely safe from user identity theft or corrupt systems with access. A mal-ware infected computer running Google Drive can allow damage to data in Google Apps as easily as with a computer connected to a Windows server down the hall.  If a user — knowingly or as a result of social engineering — shares his or her identity, hackers and others can damage your data.

Google Error

While Google has never had errors resulting in permanent data loss, and Google’s systems are designed to withstand multiple points of failure, a very, very small chance still exists that a software or hardware error could corrupt data.

All of these cases are, and have been, reasons to run a backup/recovery service.  But at what point do you add backup/recovery to your?  For most, the answer is as simple as the answer to the following question:

If you had this data on a server in your computer room, would you back it up?

If the answer is “Yes”, than you should protect the data where it lives — even in Google Apps.

For others, it is one of critical mass.  When the cloud is considered a secondary data store, some wait for usage to reach a level “significant” enough to warrant the additional cost of backup/recovery services.  Unfortunately for some who “wait and see”, the significance is often measured by the pain of a data loss event.

—–

Read more