Today, Tuesday March 31 2020 is World Backup Day — the annual reminder of the importance of backups against data breaches, data loss and cyber threats. And as such risks have changed over the years, so has the approach to backups and how we should design an effective data protection strategy.
Major transformation ahead
Christophe Bertrand, senior analyst at ESG, sees changes ahead, “2019 was a year of innovation and change for backup and recovery with many new or improved solutions, new companies being launched, and some companies merging or becoming acquired. It was also a year of growth for traditional backup and recovery activity. However, this market is on the cusp of a critical change, one that will see vendors pivot to expanded capabilities and new use cases. The requirement for context and content about data is increasing as new regulations and the need for use of data to support digital transformation are changing the role of data in the enterprise. Data has to be more intelligent. It’s really about business outcomes and the notion of data as a true asset that can be leveraged to create a return on investment, or avoid costs and risks.”
The widespread adoption of cloud computing has undoubtedly had an impact on the way organisations protect their data. Moreover, today’s ‘real-time’ culture means that in the case of data loss, users expect it to be restored at once. Datrium’s CTO and co-founder Sazzala Reddy explains, “archiving data and shipping it off to a mountain top or basement vault, with the hope that it will never be needed again is a relic of the past. DR and backup have been fundamentally transformed by the public cloud. Organisations can no longer afford to wait weeks, days, or even hours to restore their data. Restoration must happen instantly.”
World Backup Day — why celebrate an all-year round consideration?
Data loss: counting the cost
What is at stake is not just data; it is customers’ business or your business itself: “Data is the lifeblood of today’s digital world. It can be deleted, corrupted, lost or ransomed. A natural disaster can wipe out an entire datacentre. If this happens, the organisation must restore its information as quickly as possible or risk losing customers and, often, its very business,” Matt Starr, CTO at Spectra Logic, tells Information Age.
This means that we are talking millions, billions of dollars in losses. For some organisations this spells the end. Because the impact of data loss for example is not only measured in downtime or loss of customers. It can involve significant fines which themselves can run into millions of dollars.
Paul Speciale, chief product officer at Scality, says, “the cost of data loss, in fact, continues to increase as we find new ways to mine the value of data, IDC* expects that the amount of data created in 2023 will reach over 100ZB and multi-petabyte backups are becoming more commonplace. All of that data, and the 24×7 nature of business today mean that backup windows have to be shortened, and fast restores are a top priority. Data managers need backup solutions that can scale throughput to support multiple backup and restore streams simultaneously, to ensure the least possible impact.”
Therefore, with substantial volumes of critical files at stake, successful data backups are a key aspect of data protection. According to Aron Brand, CTO at CTERA, “effective protection must meet two critical requirements: it must retain previous versions of your files for a specific retention period (minimum of 30 days) where those files must be in a read-only repository so they cannot be deleted by a malicious software. And the archived copy must be physically separated from the main copy.”
Why World Backup Day continues to be important
How GRC impacts backup and archiving
Besides keeping important data safe and available, organisations need robust backup strategies for GRC (governance, risk and compliance) reasons. Chris Eastham, director at law firm Fieldfisher, tells us, “compliance with data privacy rules is often a high priority for CXOs, and this encompasses backup and archiving. Organisations must be aware of the limitations of systems and how these impact on lawful data processing and retention and the enhanced rights of data subjects. They should also consider what contractual protections they need. For example, is the information easily accessible in a useful format whenever required? And to avoid vendor lock-in, it’ll be important to ensure that data will be returned in an industry-standard format on expiry of the contract.”
Eastham continues, “backup and archive systems satisfy different requirements. Deploying both in accordance with a sound information policy will yield benefits from a governance and compliance perspective.”
Brand adds, “there’s no one-size-fits-all for organisations’ retention policies; some must keep data for years, some for less. Most requirements will exceed 30 days depending on industry compliance/legal, and data type. As retention periods shorten, the risk of not being able to fully recover datasets increases; therefore, it is advisable to have at least 30 days’ worth of file versions.”
Speciale highlights the fact that regulations pertaining to various industries may differ, “a solid DR strategy is mandated in the case of regulated industries, as in healthcare and finance. Fines and penalties can result from non-compliance.” He adds, “But governance and risk management matters in regulated and unregulated industries alike.”
In some industries, organisations must supply compliance reports; Reddy advises, “CIOs should look for solutions that can deliver compliance reports out of the box.”
Data backup and blockchain, is this a game changer?
Data backups: top tips
Enterprises today need to simplify their IT environments to keep pace with data growth and limited budgets.
Molly Presley, global product marketing leader at Qumulo, comments: “Organisations can no longer afford the expense of many different applications, processes and storage systems for data backup, or the manpower to oversee that it is properly carried out. Best practices are to invest in data storage solutions that can both store and backup data with a cloud-native option to enable the target to be either in the datacentre or in the cloud without additional applications or processes.”
Presley further suggests CIOs give consideration to: “the automation of new folders, directories and workloads being included in the backup as they are added; tight integration with primary storage systems so that when backing up unstructured data there are no waits for long-running file system scans and tight integration of the primary storage with the backup software to reduce cost and complexity. Ideally a single solution solves both.”
Reddy disagrees with the deployment of a single solution here, “anyone that selects a standalone backup solution is going wrong.”
Though he supports the importance of backup and DR being tightly integrated to achieve instant recovery time objective (RTO). He adds, “sometimes backups go wrong without anyone even knowing. How do you know whether backups are good unless you validate the content every so often?”
Starr exposes a flaw in the traditional backup process. “A backup consists of creating a copy of all primary active data. But many organisations retain up to 80% of data on the wrong storage tier, meaning that inactive data is being unnecessarily backed up. By offloading this inactive data from the ‘Primary Tier’ to a secondary or ‘Perpetual Tier’ utilising storage management software, backup windows and associated costs can be significantly reduced,” he says.
The CIO balancing act
“Intelligent data management or the intelligent reuse of data will become more pervasive in 2020 and beyond,” states Bertrand.
‘Vendors that successfully include instrumentation and workflows in their platforms to make the sharing of compliant data easy will stand out in the market. CIOs should look for ‘insights’ features, data classification, compliance modules, data analytics-friendly workflows, and better BC/DR. Our research shows that this is the future of backup and recovery, and we believe 2020 will confirm it despite the current levels of uncertainty.”