The European Union’s (EU) General Data Protection Regulation (GDPR) is forcing IT organizations worldwide to pay careful attention to their backup and recovery processes. The problem is most of these processes are already fragile and adding more responsibility may cause them to break. IT professionals should instead look to primary storage to carry more of the load. The problem here is that with the continued advancement of all-flash, primary storage is not ideal for data protection and retention because the price premium of flash media. IT professionals need to consider a mixed all-flash and hybrid disk strategy to meet the GDPR challenge.
Can Primary Storage Meet the GDPR Challenge
The first question is can primary storage in general, meet the GDPR challenge? The answer is “yes…almost.” Modern primary storage systems can store thousands of snapshots with almost no impact on production application performance. These systems can also replicate data in near real-time to a remote facility and the system at the remote facility can take its own snapshots creating a secondary point in time. That secondary system can then be backed up or archived to meet the demands of even longer retention windows.
Ideally, the organization will have two systems on-premises and one off-site. The secondary on-premises storage system’s use is to protect against outages like cyber-crime, application or user error and hardware failure. A second on-site system allows for rapid failover and almost instant recovery. The third system placed off-site is to protect against a cyber attack that was not detected early, as well as a disaster that takes the primary data center offline.
Performing the first layer of protection on the primary storage system itself provides the organization with the ability to recover from unexpected outages caused by a cyber attack or a natural disaster as well as of course user error. For the most part, these are the outages that damage an organization’s reputation. When the organization needs older data, data that would be outside of the replicated snapshot window, that request will come from a known or less time sensitive event like a legal discovery motion or a big data analysis request of a batch of old data.
The All-Flash vs. GDPR Problem
Using primary storage as a major component of the GDPR compliance effort has one major hurdle – the popularity of all-flash. An increasing number of organizations are counting, as they should, on all-flash to meet the performance expectations of their users and customers. The problem comes when counting on all-flash as part of the GDPR strategy replication and snapshotting to a second and potentially a third system. While all-flash systems have become increasingly affordable, buying two, or three of them, especially when the data on the tertiary systems will be mostly inactive, is expensive.
An All-Flash + Hybrid + Hybrid Design
The solution is to continue to use all-flash as the primary storage system to keep users and customers happy. But instead of the second and third systems being all-flash have them be hybrid systems. Leveraging a hybrid system means, of course, that the potential vendor has to have a viable, intelligent data movement strategy that can automatically tier between flash and hard disk and, of course, they have hybrid systems in their product portfolio.
With these capabilities, the organization can design a storage architecture that actively participates in GDPR compliance. The primary all-flash system replicates to the on-premises hybrid system that is 30% flash / 70% hard disk mix. This system is then able to provide production quality performance in case of an unexpected outage and is in position (on-premises) to help the organization to respond to threats that are the most likely to occur.
The off-premises hybrid system can be as much as 5% flash and 95% hard disk drives since the likelihood of a data center failure is much less likely than an isolated hardware or software failure.
The value of a three-tier primary storage protection method is it provides rapid recovery from failure and excellent performance while in the failed state. It also keeps costs under control by leveraging less expensive high capacity hard disk drives instead of a 3X flash configuration. Finally, it reduces the pressure on perfect backup execution and more than likely reduces the backup software and hardware expenditure.
To learn more about how primary storage can help solve the GDPR challenge join us for our on demand webinar, “How to Design Primary Storage for GDPR.”