Even if you’re not a regular Bible reader, there’s a good piece of advice relevant to data backup contained in Matthew 25:13: “Therefore keep watch, because you do not know the day or the hour.”
Well, OK, the Apostle Matthew wasn’t exactly thinking about data protection way back then; he was referring to the end times. But when it comes to backing up personal and business data, we also do not know the day nor the hour when a server or PC is going to suddenly seize up and die. And it could indeed be the end times for some people if they were to lose valuable business information, personal photos and/or other documents in such a catastrophe.
In the past few years, we’ve seen an exponential increase in the amount of data being produced. With more and more businesses undergoing digital transformations, the amount of data they generate continues to grow each day, which is creating new challenges for organizations of all sizes. This data not only needs to be managed, but also protected and securely stored.
In the era of digital transformation, having a data backup and disaster recovery plan in place ensures that downtime is not an issue as applications and workloads are being moved across different infrastructures. In light of today, March 31, World Data Backup Day 2020, the reliability and speed of data recovery is at the forefront of cloud data management.
As it does each year, eWEEK collects valuable industry information from experts and passes it on to you, our cherished readers. In that tradition, here is a list of best practices for successfully backing up data in cloud, hybrid cloud, and physical server and array environments.
From Paul Speciale, Chief Product Officer of Scality:
Why is it vital for organizations to create a data backup strategy? “Data is vital to the success of business, so losing it—even losing access for hours or days—affects productivity and profitability. In the last few years the rise of security and especially ransomware threats to businesses and governments have been highly prominent and visible. Studies have documented that the cost of data loss can reach millions of dollars per incident, and this impacts over 9 million compromised data records per day, with large-scale losses of over 100 million records that can cost businesses up to $15 million. In addition to the practical matter of keeping important data safe and available, though, many organizations are compelled to have a robust backup strategy for reasons of regulatory compliance (healthcare and financial services, for example). IDC expects that the amount of data created in 2023 will reach over 100ZB (one trillion gigabytes) or 10 times more than the amount of data created in 2014.”
How does backup differ from archiving? “A backup is typically a copy of data or applications that are being actively used. The purpose is first of all a to create a discrete copy of a data set at a specific ‘point in time’ (PIT), such as a daily backup that is captured at midnight (or other less impactful time), or weekly or monthly backups. These backups are used to restore that data in case it’s lost, corrupted or damaged in some way. An archive is usually data that is not being actively used, moved to a location for long-term retention, where it can be retrieved if needed. The key difference is that a backup is to be used in case there’s a need to restore data; the archive is there in case there’s a need to retrieve data.”
What are the key considerations CIOs need to be aware of to ensure reliable backups? “The most important consideration around backup is to think about data recovery, rather than the ‘backup’ itself. The whole purpose of backup is so that data is available—can be restored—in case of loss or corruption of working copies of data. Ensuring that data is easy to find and recovery is fast and efficient is key. With that said, as businesses and government services are now by nature 24×7, the notion of well-defined backup ‘windows’ (i.e., time of day where business has stopped or slowed down), has in reality disappeared. This means the impact of backup on production systems (servers, networks and storage) must be extremely minimal, and therefore the backup must itself adhere to very tight performance criteria.”
From Diana Salazar, Quantum’s Product Marketing Manager, Enterprise Backup & Archive:
Back it up on the regular: “Backups should be done daily. If you suffer corruption, a breach or complete data loss, how useful is a restore of incomplete data? Sure, you’ll have a starting point. But if crucial data isn’t backed up regularly, your restored data will be missing critical activity that took place since it was last backed up. This can cost countless dollars to repopulate, not to mention human resources that could be spent on critical data and applications vs. backups.”
Follow the 3-2-1-1 rule: “Rule as old as time is proven true time and time again. Keep three copies of your data, using two different storage media types (object, flash, HDD, tape) one offsite (physically separate from the building such as DR site), and one offline (completely disconnected from your network). Keeping a clearly defined data copy offline and air-gapped to protect against malware attack will enable you to retrieve that data and get back up to speed faster and back to business sooner in the case where your network connected copies are compromised.”
Tier your backups: “When evaluating data backup needs, understand your organizational SLAs to help you define which data needs to kept on a hot tier (urgent, must be able to restored close to zero down time) vs. cold tier (not as urgent, can restore gradually). This will help determine which type of backup technology is best for your needs. Defining the data’s temperature can uncover both economical and operational benefits that weren’t feasible before including savings on soft costs such as power and cooling.”
Revisit your backup plan quarterly or biannually: “Revisiting a backup plan once a year used to be enough. With the increase in current threats and market conditions, it’s best to revisit your backup plan more often. Cyberattacks, human error and natural disaster can occur unexpectedly. Today, cyberthreats are becoming more audacious so IT professionals need to step it up to mitigate this risk and ensure their backup plan is reliable and well tested.”
Test, test, test: “Backup copies should not only be recoverable, but they should be predictably recovered. In other words, test, test, test the integrity of your backup recovery system and verify it. Not testing restores, underestimating time to restore/not testing time to restore, not having the appropriate backup schedules (frequency, backup types—incremental, full), and not having an endpoint break/fix process in place. The lack of testing leads to crisis mode management and possibly loss of millions of dollars.”
From Danny Allan, CTO of Veeam:
Use cloud-native technologies such as cloud object storage to reduce costs. “With cloud-native technologies, organizations benefit from near infinite data capacity while paying on a consumption model. This not only reduces the cost of storing data, but also improves efficiency by centralizing data management for companies with remote locations and offices. Hybrid cloud enables simple consolidation points for data backup in the cloud—no matter the location.”
Choose a cloud model that enables recovery both on-premises and in the cloud. “Success in digital transformation will ultimately be reliant on data and application availability in the hybrid cloud. A cloud model that enables fast recovery both on-premises and in the cloud is the best of both worlds: organizations get the speed of on-premises recovery with the low cost and scalability of cloud. Additionally, backup in hybrid cloud provides simple separation of duties with multiple accounts preventing a single point of control failure.”
Use immutability to ensure successful recovery from ransomware. “When looking to combat ransomware attacks, immutable backup functionality is a big factor for securing and protecting data. Not only does data immutability protect organizations from malicious activity and ransomware attacks, it also protects data from other common causes of data loss, including bugs and accidental deletion. Immutability on a third party infrastructure offers the greatest protection as it adds yet another layer of security.”
Design to minimize ingress and egress charges for most effective use of bandwidth. “Today, many organizations are looking for ways to reduce data management costs. One way to do this is by designing a cloud model where data flows can be predicted and minimized. While traditional data compression is essential, ensuring that metadata is available on both the source and target side eliminates unnecessary data traffic and reduces cost. It also prevents costly mistakes being made in moving data across cloud boundaries with unintended consequences.”
Use multiple role-based cloud accounts to ensure separation of duties. “Having the ability to separate duties within teams and grant specific teams access to certain areas of data ensures that those who are working with data are the ones who need it to perform their jobs. This also ensures that teams are aware of their duties and the roles they play in the data management and recovery process. Businesses are more reliant on digital infrastructure than ever before—with many organizations completely dependent on their IT systems.”
From Deepak Mohan, EVP, Enterprise Data Protection and Compliance, Veritas Technologies:
“While the digital transformation is great for businesses, it still comes with significant risk: CIOs and CEOs are responsible for ensuring business continuity and recovery from IT downtime whether it is related to user error, hardware failure, cloud complexity, or ransomware. Backup today isn’t just about storing and recovering information anymore—it’s about knowing where your information resides, if it’s protected, and if you can recover it in case of an incident. Digital assets are sitting in the data center, on virtual machines, in SaaS applications, and in the cloud—but unfortunately, many companies are still inconsistent in the way they backup and secure information while adhering to privacy regulations.”
From Adrian Moir, Lead Technology Evangelist at Quest Software’s Data Protection business unit
“Backup is being put into a new perspective with this year’s World Backup Day. In light of the current healthcare pandemic, not only a growing number of employees are working outside the office, but we’re seeing organizations enforce a work-from-home policy for all employees. Even if workers are using cloud applications that do not care where they are located, the files and data they share could be anywhere, and this puts a glaring spotlight on new backup challenges for IT teams.
“First, even though work has changed for many, ransomware propagators are still out there. In fact, we’re now seeing “ransomware as a service,” or in general much more systematic methods for infecting organizations. Ransomware’s impact on organizations is no joke, companies need to manage their files and data, and backup that data, in case ransomware causes a disruption.
“Second, having a growing distributed workforce puts any organization at risk when it comes to content sharing. If employees aren’t using applications that enable secure sharing (Microsoft OneDrive is an example), corporate content could be left in the open when shared through online services, creating gaps in data protection. Companies need to give their workforces a solution that can be controlled and that offers visibility into what is being shared, where, and with whom.
“Beyond challenges created by a distributed workforce, driven by the need to work remotely, we’ll start to see more attention paid to backup of data associated with containers this year, as containers continue to grow in popularity. Particularly, companies will learn the importance of backup in this space; yes, high availability can be built into container infrastructure, but what do you do when you need to recover from a disaster? The process for backing up containers and related data will be thought about differently than, for example, virtual machines.
“We’re set to see more challenges this year, certainly with the current conditions creating more opportunity for risk as much as changing technology landscapes. What will be interesting going forward, as organizations that have re-focused on their risk strategies in the current climate, will inevitably be ensuring that their infrastructure and data are kept secure.”
From Stephen Manley, Chief Technology, Druva:
“World Backup Day is an annual reminder for both individuals and businesses to back up important data like applications, photos and documents. Today is also a good time to assess your backup strategy for this changing data landscape. With IoT, an increasingly remote workforce, and SaaS applications, data center-based protection is no longer sufficient. A modern data protection strategy must incorporate real-time data from widespread locations, traditional workloads, cloud-native applications and SaaS data.”
From Raj Dutt, Senior Director of Product Marketing at Cohesity:
“Over the past decade, we have seen data viewed as both a positive and a negative in terms of its contributions to society. Data has been described as both the new oil, but more recently also the new asbestos. And during this time so our relationship with backups has changed too. Once seen as nothing more than an expensive insurance policy, backups are now a source of business insight, test data for developers, a source for checking regulatory compliance, in some cases an antidote to ransomware, and more. Backups have evolved from simple data protection to a key enabler of data management on-premises and in the cloud; a much more strategically important role than its humble origins. So on this, the 10th anniversary of World Backup Day, it seems fitting to remind businesses that a backup is more than just a copy of a moment in time. Rather it is a positive foundation for a data-driven modern business.”
From Octavian Tanase, SVP of Engineering for ONTAP, NetApp:
“The two big focuses in backup in 2020 have been availability and usability. People need to be able to access and use their data anytime, anywhere. This is even more true given recent events that have driven most of the workforce to work remotely. Now more than ever, organizations need a comprehensive backup strategy to ensure they can recover and remediate from downtime, whether that come from a natural disaster, ransomware attack or other crisis.
“This World Backup Day, I encourage companies to consider innovative ways to protect data at its endpoints while minimizing cost, simplifying the process and leveraging additional manageability capabilities. The best bet on this is to focus on secondary data and the cloud. These assets will not only help reduce the load on production, but will truly make an organization’s data more usable, available and accessible, no matter where its workers are.”
From Ranga Rajagopalan, Vice President, Products, Commvault:
“Although recovery readiness should always be top of mind, World Backup Day is the perfect time to reflect on your organization’s backup and recovery strategies and re-evaluate its effectiveness. Stay vigilant in the fight against ransomware and other security-related events and work with vendors who regularly update the software with security fixes, expand their compliance certifications, bolster security measures and automate hardening rules to protect you. Be an active defender of your data.”
From David Ngo, Vice President, Metallic Products and Engineering, Commvault:
“World Backup Day is a great way to highlight how data management and protection are still so critical to everyone, especially when companies are digitally transforming their businesses. Data management and backup are ideally a significant consideration from the beginning of those initiatives, as it is far easier to do it in the planning stages rather than after the fact. Leveraging SaaS data protection services where it makes sense, like for Office 365 and endpoints such as laptops and desktops, can help ease the management burden moving forward as well.”
From Rob Eleveld, CEO, Ekata:
“World Backup Day is an excellent reminder about the growing role of data in our lives and the importance of regular data backups. At the same time, businesses should also consider this day an opportunity to devalue their unused data to better protect themselves and their customers. Companies often collect data for a specific purpose when they first interact with a customer (such as during new account creation), but as time passes, they may not need all those data elements to effectively serve that customer. Regularly devaluing data—by deletion, hashing, tokenization, encryption or a combination of several methods—is a prudent risk reduction strategy.”
From Matthew Tyrer, Senior Manager, Solutions Marketing, Commvault:
“This World Backup Day, it may be time to consider the best ways to address rising costs and increasing regulations. The ability for cloud to scale up AND down supports a much more cost effective disaster recovery strategy. The cloud can also help with regulation as it helps organizations have more visibility and therefore allows them to learn more about the data that they have under management. Where is the data that is important to governance and compliance being stored? Do you know what it is? Where it is? How to find it? Having a cloud-based solution that can easily assist in this will overall reduce your costs and stay compliant because it lets you manage your data SMARTER.”
From Nigel Tozer, Director, Solutions Marketing, Commvault:
“My three tips for our customers are:
1) If you haven’t already, investigate the AI tools that provide recovery readiness reports and ‘self-driving backup’ features—both are very powerful indeed;
2) Make sure you’re using the AI based anomaly detection features to help protect you against ransomware—especially if you’re using endpoint backup as that’s the usual point of entry; and
3) Finally, if you haven’t tried the VM conversion tools, give them a go. They’re a huge boost to your business agility and underpin processes such as cloud disaster recovery—you’ll be amazed how easy and effective they are!”
From Eugene Trautwein, Vice President, Worldwide Customer Support, Commvault:
“World Backup Day brings backup to the surface and reminds every CIO and IT manager that it must be a priority. This holiday allows us to share stories about backup successes and failures and to learn from them. To make sure you’re prepared this WBD, I would recommend making sure you are testing your DR plan for all scenarios, including ransomware, regularly. In addition, take advantage of software available to you—backup job validation, readiness reports and all the other learning materials that vendors offer!”
From Mark Jow, Regional Vice President, Technical Services, Commvault:
“World Backup Day is a great way to remind companies to pause and ensure that their relevant data is protected, especially as the backup solution changes to meet business requirements. As with all other disciplines within infrastructure, it imperative to keep pace with an ever-evolving infrastructure landscape, particularly due to the increasing adoption of cloud and container solutions. It is because of this that reviewing, testing and improving your backup solution should be a continuous activity all year ’round.”