Backup is more than getting you “Backup”
Updated in May 2022 - When I first wrote this article in 2019 there was a big angle missing - the Cloud and businesses' ability now that their data has been set free to use it in new and exciting ways. COVID has sent this even further out with users often no longer in the office, but on laptops at home consuming data outside of the control of the typical datacentre. Vendors thankfully have risen to the challenge and are using external tools and AI to sanitize that data (from viruses and ransomware) as well as using the metadata to look into the data for reporting things like compliance, GDPR, and personal data. I am sure you can spot the additions below, but in simple terms, there has never been a better time to review your data protection strategy and take advantage of the tools and solutions that not only simplify the process but extend it to solve other business challenges.
Backup, it’s the invisible service in IT that’s a given in every organisation. It's like the bottom of the iceberg, it underpins the whole offering, but nobody can see it, everyone just assumes its there and in an OK state. They never ask if it works, they don’t want to know the drawbacks and in most of the environments I have worked in, the business has not dictated their expectations in terms of performance other than the unwritten expectation that if there is a disaster that data is safe somehow.
In around 2001, as a network manager in a publishing company I came into work to find out, I had a failed RAID unit that hosted our rights management system. Now in simple terms, publishing companies live and die by their content and the rights associated to them, that database was the crown jewels. It's fine, go get last nights LTO tape and let's just dump the data back out and rebuild the RAID. Last night didn’t finish the backup, the night before had also failed and the tape from the day before that had a read error…. Sound familiar? – this is where my love of the relationship about doing backups and my faith in them working started. You won’t be surprised in this case, my favourite DBA used seemingly a hundred repositories and tricks to get most of the data back. Apparently, he never trusted the data protection that system administrators referred to as backups. I must say, since that point, I ensured I was never in that position again, nor do I believe in making a million copies of data to protect against that failure.
So firstly, let’s look at the reality, three things that should be aware of right now;
-?????????The 3-2-1 rule, keeping at least three (3) copies of your data, storing two (2) backup copies on different storage media, with at least one (1) of them residing offsite. While Hyperconverged and VM level metadata copies have muddied this, the rule stands true. The very reason we make copies and backups is that systems will fail at some point and operating system attacks can lose all of the data exposed. The remote you should see as orphaned or air-gapped a safe distance. It might be our only safe copyleft…. But should never be our only copy! - There is plenty of evidence now that backup systems are so key to a company surviving a ransomware attack that the agents specifically target backup systems and repositories, often before starting the battle against the production data.
-?????????Testing, testing, testing. You get the picture, if you can’t restore, you don’t have a backup and I want to bet in most cases the business would actually be shocked that you are not testing more than 1-2% of backups once every 3 months.
-?????????Data Protection is more than backup. If you need to recover data, you want a copy from within the last couple of days (and that should read hours if it's digital transactions) and you need it within hours. Data loss is not an if, it’s a when.
These are concepts that we all talk about and should be happy with, the issue I find with most businesses is that the discussion around backup stopped 10 years ago, the way that its thought about is a backup every day overnight, on the presumption that the data integrity is being tested. I would say there are still less than 50% of businesses that I speak to that test their BC/DR capability once a year or more, so it seems we have some way to go and the key to this is that the data protection may well be an IT duty, but it’s a corporate governance responsibility.
To turn this on its head, I want you to
领英推荐
"separate data protection from backup and backup from governance"
-?????????Data protection is what the business expects, it’s business continuity. It encompasses virus protection, near-zero data loss and the ability to restore data in hours. That’s core infrastructure, business as usual, keep the lights on. It’s the core part of the strategy and is made up of multiple products, the simplification of which is essential both in terms of cost and the ability to maintain it.
-?????????Backup is what the business needs in terms of compliance. Its reference, its governance from finance to DR, but to be clear it’s not keeping the lights on and if we are using these copies then we are losing data.
-?????????Governance sits in the business beyond backups, but if your backups cover all of your data then extending the toolsets to scan that data for a central understanding of account and personal data, viruses and who has access to that data adds a value to our data protection environment way beyond business continuity and for the first time in a long time justifies a keener interest outside of the IT Service in the investment of those tools.
That’s why if you haven’t been having those conversations, its time to start. If you have been treating all of this as backups, then it’s time for a change. At ETWorks, we believe that there is not one vendor, one solution or even one answer to this problem. We want to help you build and maintain a strategy by uncovering the business needs, the environment and the future.
Why not add me to your team today so we can talk about what’s important to your business while we solve the urgent issues in the process?
If you’re interested to find out more or would like to see what time with one of team could bring in value why not contact me directly.
Email:[email protected]
Phone: +44 7507565440
Digital Business Leader. Advocate of cloud communication technology for better business results. Husband. Father. Granddad. Friend. Musician & music lover. Golf fanatic - is there any other type!
5 年Excellent commentary Jon - always been my philosophy too...backup; backup the backup; backup the backup of the backup. You never know how painful it is to lose your data until it happens!!
Global Atlassian Partners at HYCU, Inc.
5 年Nice and clear explanation of backup and data protection terms and best practices, Jon! No single vendor or solution is ever the answer, but at HYCU, Inc. we strive to come very close to that :) #HYCU #MultiCloudDataProtection