Cloud storage has come under increased scrutiny as of late, thanks to several well publicized outages as well as an outright shutdown of one provider. As a result, enterprises are starting to re-think their cloud strategy, even when it comes to data protection. These outages reemphasize the importance of data availability. Availability of data is just as important with data protection as it is with any other process; after all when backup data is needed it typically is really needed.
Despite the recent negative headlines, a cloud enhanced data protection service is an ideal use of cloud storage. It provides off-site, geographically dispersed data protection so that in the event of a site or even regional disaster, an organization’s digital assets can still be recovered in a timely manner. The key for enterprises is to find a cloud data protection solution that will be able to provide consistently reliable service for years to come.
Requirements of Enterprise Cloud Protection
The single most important attribute of any potential cloud partner is their track record at providing the service in question. While a start-up may be OK for consumers, enterprises should consider cloud suppliers that have a multi-year, potentially decade long track record of providing cloud based data protection solutions. Making a solution work short term is relatively easy, making it work for an extended period of time is critical.
A track record also allows the provider to demonstrate that they can adjust to new trends and capabilities in storage. It is difficult to predict what the next trend in storage will be but the provider needs to be able to adapt to that to reduce costs and meet customers enhanced expectations. An excellent example of this is HP LiveVault solution. It has been available for over a decade and has had to adjust to dramatic changes in storage infrastructure like moving from tape as a target to disk or adapting to virtualization backup in addition to physical server backup.
Another key attribute is the ability for the provider to offer an end-to-end solution where they provide the software, any onsite appliances and the physical cloud infrastructure. While many organizations may outsource or simply resell the parts of the service, a complete end-to-end view of data protection allows them to provide better service monitoring as well as control all the variables in case something goes wrong. If for example code needs to be fixed, it is much easier to do if the vendor owns the code. In addition many software developers have “bolted-on” cloud support instead of having it integrated. This often creates another point of management in the backup process.
Physical and Data Security
The first thought when it comes to security is to determine if the data is encrypted or not. That should be the default consideration. Encryption is simply a fundamental requirement of any type of cloud based data protection. This encryption should include encryption of data from the moment it leaves the customer premise, to when it lands on the storage device in the provider facility. It should remain encrypted while at rest in that data center. This ensures complete protection from outside attacks as well as inside breaches.
But providing complete encryption goes well beyond simply scrambling data. An encryption solution also needs to provide complete key management, typically an escrow operation that allows for data to be secure but protects the enterprise from encryption key loss. This allows the enterprise to authorize the provider to access the keys but only when it is deemed necessary.
Beyond encryption it is also important that the enterprise understand what the provider’s policies are toward access. Does the provider’s data center meet the various data center standards to maintain controlled and secure access? Controlling access is a key to not only maintaining data security but also data availability. For example, if a non-authorized person gains access to the data center they don’t necessarily have to be an advanced hacker to cause damage. They could simply unplug machines to make data unavailable.
Encryption may protect the organization from data visibility during a physical breach but it may not protect them from data being unavailable. If a physical breach leads to hardware downtime then backup windows may be missed or worse, restoration may not be able to occur. For example an individual could breach the facility, not have access to data because it is encrypted but could power systems off, making the data unavailable.
Another key requirement should be the ability to have data geographically available across a number of different sites. For example, a regional disaster may threaten the cloud provider’s data center. Geographic availability makes sure that data is available for recovery even if the cloud provider’s primary center is down. This makes sure that companies not effected by the regional disaster don’t have their backup and recovery operations impacted and it makes sure that companies that were in the path of the disaster can go to another location and begin the recovery process. Geographic availability also ensures that multi-national companies can recover their data via the most efficient path possible instead of being bottlenecked into a single location.
The cloud provider should also have the ability to scale both physical operations and IT staffing to meet the growth of your data and other organizations data it is protecting. This means that their core architecture has to be designed to add additional processing nodes and capacity seamlessly as the demands change. It is important to spend time with a prospective provider to make sure their architecture can accomplish this.
Once again, track record is an excellent indicator of successful scaling. Has the organization been able to scale in the past, what impact if any has scaling had on customers? All are good questions to ask.
The provider’s solution should also have the ability to optimize the use of WAN bandwidth on local storage. The lack of bandwidth is the single biggest challenge facing a cloud backup strategy and the ability to optimize data before it is transported across that connection is critical. In addition, since most cloud providers charge per GB stored the ability to minimize the redundancy in the data stored is also critical.
There is no one-size-fits-all solution for data center backup. Some data centers want the security of owning it themselves while others are very well served by sending all their data to the cloud. Most data centers will be best served by a combination which leverages the cloud. Some servers will need to be protected 100% local with a copy to the cloud. Others will need 100% of the data in both locations for a while but then can have older data migrated to the cloud. Still others will have servers that can be 100% backed up to the cloud. Having the data protection and retention option that makes not only the most sense for your data center but for specific applications is critical to success.
While enterprises looking to the cloud for data protection are attracted by the opportunity to reduce the upfront cost of the storage investment, they are also looking to simplify operations. Some of that will come from having less storage to manage. But providers should also supply software that is simple to use and operate and that also enables the proactive monitoring and management of backup jobs. A key advantage with enterprise cloud backup is you are investing in someone or a system that is “paid to watch” all the backup processes to make sure the back up and recovery operations complete successfully.
Finally, the use of an enterprise cloud backup service should mitigate the risk associated with data loss. Essentially, there should be none. Data should be continuously replicated to the provider and the provider should be replicating that data again to mirrored facilities. Backup is often looked at as the recovery of last resort, the place you go to when all else has failed; it has to work. The provider’s technology and infrastructure should eliminate most of that risk.
Enterprise cloud data protection is a reality. Companies like HP with their HP LiveVault Data Protection solution have been providing protection of enterprises via the cloud for over a decade. It has a proven track record of providing complete protection of the environment while continuously scaling to meet demand.
HP is a client of Storage Switzerland