The EMC Global Data Protection Index, a study of the state of IT’s ability to protect and recover data, was recently released. The global index shows that 87% of businesses are rated behind the curve when it comes to protecting their data. The lack of confidence climbs higher when new data center initiatives like hybrid cloud, big data and mobile are factored into the equation. The net result? According to the survey a staggering 71% of businesses are not fully confident in their ability to restore their applications and data. These findings indicate that the majority of business data protection strategies are in data protection quicksand.
About the EMC Global Data Protection Index
To develop the EMC Global Data Protection Index 3,300 IT decision-makers were interviewed in three regions; the Americas, EMEA and APJ. A total of 24 countries are represented in the report. All organizations interviewed had over 250 employees and both public and private organizations were included. The research was collected by Vanson Boume.
How Mature is Your Data Protection Strategy?
An interesting facet of the survey was its “Maturity Index” which scored organizations on their ability to protect and recover data. Extra points were given for shorter recovery times, expressed confidence in the backup infrastructure, modernization of backup systems and the organizations’ ability to replicate data off-site.
A score of 50 points or more was required to get ahead of the maturity curve. Alarmingly the survey found that 87% of the organizations were behind that curve, this included 37% of the total that were significantly behind the curve.
Key traits of being behind the curve included relying exclusively on tape for backup and recovery operations, recovery times that were more than 12-24 hours and a general lack of confidence in the ability to recover data. Also, these organizations relied on backup as the key component of their recovery effort.
The Threat is Real
A key aspect of any protection strategy is determining how real the threat is. When it comes to the risk of disruption of IT services, the threat is very real. The report indicates that 64% of the companies surveyed suffered either data loss or unplanned application downtime, with 17% of those companies indicating that they had suffered both data loss and application downtime. Interestingly, companies that were ahead of the maturity index curve were far less likely to suffer data loss than those companies that were behind the curve.
Belts and Suspenders Don’t Work
Many IT professionals like to take a belt and suspenders approach to data protection, having multiple data protection processes protecting the same data or having data protection applications for specific use case. The index seems to indicate that conventional wisdom is wrong. As more data protection vendors were introduced into the environment the risk of data loss escalated; 24% of the organizations with one vendor suffered data loss, 33% with two vendors and 38% with three or more suffered data loss.
Is There Light At The End of The Tunnel?
These results from the survey clearly indicate that more work needs to be done to help ensure the protection of critical data. But there is light at the end of the data protection tunnel and it is not coming from a freight train.
This year Storage Switzerland developed a concept of a “service level driven” data protection strategy, where IT takes control and sets specific objectives for the recovery of key business applications and environments.
Step 1 – Set Data Protection Objectives
The first step is to gain confidence in your backup environment and that can only be done by setting measurable expectations for the underlying infrastructure. Like adjusting your golf swing, this may feel uncomfortable and may actually reduce your confidence initially but it provides an essential baseline from which to improve your backup operations going forward. The objectives include recovery point objectives (how much data will be lost), recovery time objectives (how long will an application be down), retention objectives (how long and how many copies of data will you need to maintain) and disaster recovery objectives (if you lose your data center, how long will it take to bring applications back online).
Step 2 – Modernize Your Data Protection Architecture
The good news about step 1 is that while it takes time to compile this information it usually doesn’t require spending money. Step 2, getting ahead of the maturity curve will require some spending. But if defined correctly, the objectives should help ensure that you only spend what you need to.
Getting ahead of the curve is not just about buying new software or hardware, it is also about changing the organizational mindset to the data protection process. There is more to data protection than just backups and DR is more than just replicating data. Getting ahead of the curve requires the use of standby or virtualized servers as a key component of the recovery process. This means implementing data protection software and hardware that can leverage the use of standby or virtualized servers.
As the index indicated, the more vendors in the environment the more likely there will be data loss or application downtime. Consequently, part of this modernizations process ideally should include a way to streamline and eliminate redundant data protection platforms. At the same time there will continue to be special cases where specific application protection processes are required. The rest of the backup architecture, however, should be flexible enough to consolidate these divergent backup data streams. For example, as we discussed in our recent article, “The Data Protection Network Gap”, advanced data protection appliances should be able to receive backups from multiple applications and in fact, be integrated into those applications so that data transfers between the application and the appliance can be optimal.
For example, a critical Oracle database system may require more frequent data protection “events” throughout the course of the business day, while it may be adequate to backup other, less critical applications only once or twice a day. Application owners and backup managers need the flexibility to customize the data backup schedule to meet the specific service level objectives of each application. But importantly, the back-end protection storage appliance should be capable of receiving all these divergent backup data streams to drive efficiencies and simplify operational management. This is an instance where less hardware can result in more data protection.
Step 3 – Continuous Recovery
To truly get ahead of the survey curve requires a continuous recovery mindset. In this model, applications are started in a remote DR data center or in the cloud, on a continuous basis. There is no recovery or DR testing to be done because the application is constantly being recovered.
This means that the application is designed to run in one or multiple, alternate locations and as part of normal IT practice, the application is shifted to the other location. It also means the data protection process makes sure that the most recent copy of the application and its data are in these multiple locations in an equally continuous manner. This active-active approach eliminates the IT DR planning fire drill and replaces it with a continuous operational mindset that allows applications to move seamlessly between these data centers. With this strategy, applications are moved to these alternate facilities as a matter of operational practice; rather than waiting for an unplanned DR event to occur. Once application are migrated, the data movement process is also updated, so the former primary facility now becomes the DR repository.
Interestingly though, this continuous DR strategy also requires that organizations implement archive and data retention strategies that move inactive data out of the DR path. Doing so reduces the amount of data that has to shift to the other potential locations. It also has the side benefit of improving an organization’s ability to respond to legal requests for data or to leverage that information for future monetization opportunities.
Protecting data and meeting the raised expectation of users and business line managers is more challenging than ever. And new initiatives like hybrid cloud, big data and mobile, promise to make these tasks even more challenging. The key is for data protection professionals to tackle the challenge in bite sized chunks. This includes establishing service level objectives instead of dealing with assumptions, upgrading and modernizing the backup infrastructure where appropriate and finally leveraging virtualization and the cloud to create a continuous state of recovery for mission critical applications.
Sponsored by EMC