Better safe than sorry
For business owners there is no greater cause for sleepless nights than the possibility of their data being insecure. Thankfully ‘cloud-based’ services mean they can now sleep easier over their data storage and backup.
I once owned a business where the last job before heading home every night involved backing up the day’s transactions onto a series of floppy disks. It was onerous, it was minimal, and compared to what’s on offer today in terms of data storage, backup and disaster recovery technology, it was downright crude.
That was more than ten years ago, a lot has happened since then – not least of which the Canterbury earthquakes, which taught us the value of having data files backed up at a distance.
As KeepItSafe general manager Peter Thomas remarks, “The data must leave your office, and your city. It needs to go offsite daily, and preferably hourly”.
NZBusiness called on some of the major players in New Zealand’s online storage and backup market for an update, and Thomas was one of the first to contribute. He sees two distinctive value offerings continuing to emerge and divide the market.
“At the bottom end there’s a race to zero in data storage costs. Amazon, Google and Microsoft are the main players and are all now offering storage fees of less than US$10 per month for a terabyte of data storage – a price point unimaginable 12 months ago,” he says. “We expect that to continue as they vie for market supremacy, but eventually the need to profit from the service will cause prices to settle.”
But while those services appeal to home users and some small businesses, Thomas says he’s not seeing any movement in the rest of the business market.
“Corporate and enterprise businesses are heading in the other direction; demanding more service from their cloud backup/storage providers,” he says. “We’ve seen a surge of interest in disaster recovery and business continuity services. The average price point has risen too, as businesses recognise the importance of continuity and demand shorter recovery windows.
“With the availability of near real-time recovery, businesses are placing far more emphasis on this level of protection, rather than simply having their data ‘in
Greg Wyman, vice president Asia Pacific for StorageCraft agrees that companies of all sizes are starting to understand the value of leveraging offsite archival and cloud based backup/disaster recovery solutions for their data and systems – and they are now utilising the cloud instead of traditional tape-based products. He urges business owners to remember that not all cloud backup and disaster recovery products are created equal. “As with on-site backup products, it is essential to identify a solution that fulfils your requirements and expectations.”
His advice is to make sure you perform a FULL test recovery EARLY in the decision-making process. “Test the replication and recoverability of a live and critically important production server, for example an Exchange server, to ensure that the recovery solution works as advertised and expected.”
Waiting until you suffer a disaster to find out that the solution doesn’t work, or finding out that it takes weeks to restore your data instead of the expected minutes, hours or days, is a formula for disaster, he says.
“I would recommend having a local backup and a replicated instance in the cloud, rather than cloud-based backup alone, as most recoveries occur locally and are not disasters.”
Wyman says the key lesson learned from all StorageCraft’s case studies is that you can’t test your backup and disaster recovery plan often enough.
“Historically testing has been labour intensive and a major challenge. The reality is if it is too hard to test full recoverability – the server, operating system, applications and data and databases – it will be exponentially harder after a disaster to restore operations.
“New tools and solutions that leverage DART, or daily automated recovery testing, test your backups every night while you are asleep.”
The new normal
There’s no doubt that the cloud has become the new normal for businesses, and in the data storage and backup space it makes a lot of sense. Storing a copy of your backup data in the cloud is a very attractive option. As Don Williams, VP Australia and New Zealand for Veeam Software points out, it doesn’t incur the costs of new infrastructure.
“It also meets the offsite requirement of the 3-2-1 backup rule: keep three copies of the data, including the original, on two separate media. One of these should be offsite, and the copies should be checked to ensure that there are zero errors.”
For businesses, cloud based solutions are viewed as a way of saving both time and money.
This is certainly the view of Scott Meddings, technology strategist – information management, Pacific region, for Symantec. He says one of the biggest issues small businesses face when making information protection decisions is finding simple solutions that are built for small businesses, rather than a feature-sparse version of enterprise products. “Typically, cloud-based solutions are inherently simpler for small businesses to deploy, but they still need to do their homework.”
Meddings offers the following tips when evaluating cloud-hosted solutions:
Manageability. Is the management console simple, intuitive, and easy for admins to use with little training?
Reputation. How is the service provider’s reputation and how long have they been offering cloud services? This should trump size. Look for a cloud provider with reputable technology built for small businesses that knows the industry inside out.
Service. With cloud-based solutions the best way to ensure good service is to negotiate a favorable SLA that will ensure the most up-to-date protection. Small businesses should look for vendors who publish their performance and who have clear financial penalties for underperformance.
Cloud-ready when you are. Lastly, for small businesses that don’t want cloud just yet, look for on-premise solutions that also have a cloud-hosted option that you can easily switch to when you’re ready to move to the cloud.
Data protection best practice
Whether you have a cloud, on-premise or hybrid data protection solution, Meddings also offers some best practices for business owners to adopt to help better protect and manage their information:
- Treat all environments the same. Ensure that business-critical data and applications are treated the same across environments (virtual, cloud, physical) in terms of disaster recovery assessments and planning.
- Use integrated tool sets. Using fewer tools to manage physical, virtual, and cloud environments will help small businesses save time and training costs and help them to better automate processes.
- Simplify data protection processes. Embrace low-impact backup methods and de-duplication to ensure that business-critical data in virtual environments is backed up and efficiently replicated off campus.
- Plan and automate to minimise downtime. Prioritise planning activities and tools that automate and perform processes that minimise downtime during system upgrades.
- Identify issues earlier. Implement solutions that detect issues, reduce downtime, and recover faster to be more in line with expectations.
- Don’t cut corners. Small businesses should implement basic technologies and processes that protect in case of an outage, and not take shortcuts that will have disastrous consequences.
“Benjamin Franklin once stated ‘an ounce of prevention is a worth a pound of a cure’,” says Meddings. “This statement cannot be more appropriate when thinking about protecting your data, especially for small businesses.
“Data recovery planning is essential for every business and should be part of an overall resiliency plan. And while no small business can guarantee 100 percent resilience, they can take appropriate steps to properly plan and help them quickly recover from any disruption, big or small,” he says.
Still on the subject of good practice, StorageCraft’s Greg Wyman says there’re three major elements to consider:
- RTO (recovery time objective). How quickly do you want your servers and systems back up and running, locally and/or remotely, after a server crash or disaster. Ideally, it should not take longer than 15 minutes to fully restore a physical or virtual server to full production.
- RPO (recovery point objective). How much data are you prepared to lose or re-key after a disaster. Most businesses want less than 15 minutes of data or database transactions lost.
- TRO (test recovery objective). How often do you want to test the recoverability of your backups? Technologies such as DART can test backups every night without user interaction or business disruption.
It’s interesting that one in six data recoveries fail, according to Veeam’s 2014 Data Center Availability Report, meaning data will be lost permanently at least twice a year.
“Proper planning and implementation are required to ensure that the backup data is available when it’s needed,” says Veeam’s Williams. “Business owners need to understand the risks and responsibilities they shoulder in regards to letting data out of their direct control. While the potential of the cloud is unlimited and the cost saving associated with storing data in the cloud is attractive, it can’t be a panacea.
“Caution is needed to ensure that the data is protected at all times yet easily accessible when required.”
Making that migration
If you’re contemplating migrating your data to the cloud for the first time, Wyman offers the following steps and advice to ensure it all happens successfully.
Step 1 – Identify which applications are suitable for migration to cloud/hosted services.
Step 2 – Migrate the live production systems, data, databases and operating systems without impacting your production environment.
Step 3 – Test the migrated systems to ensure they operate as expected.
Step 4 – Cut over from your production systems to your hosted environment.
Step 5 – Immediate roll-back to previous on-premise systems in the event that the migration has failed. (Note: some migration tools do not enable instant roll-back.)
There are next-generation technologies and solutions that leverage the benefits of real-time, image and sector-based backups, says Wyman. By utilising these technologies, all the migrations at the remote site are an exact state replica of production systems.
“Typically, the solutions back up the production physical or virtual servers in real-time, every 15 minutes. As only the sectors change (not the files), which are the smallest unit of measure on disk that change, backups are typically tiny and normally take just a few seconds.
“These backup images are then replicated to the remote site or cloud provider. Once the remote site has caught up with the production site and has all your current data, the migration process is complete. Simply log off all users (ideally at the end of the day, perhaps on a Friday), replicate the final very small backup, apply that last incremental to the backup images already in the cloud, finalise it – this turns it into an exact state replica of your production systems – and reboot the server. Log in and test. If it works, simply have everyone log in and the migration is complete. “One of the really powerful elements is that if for some reason the migration has failed, you simply need to restart the production environment,” explains Wyman. “The production system is unchanged as the migration is accessing image-based backup.”
Peace of mind
It’s true that most businesses don’t want their name broadcast when they have a data loss issue – after all, it’s not exactly good for one’s reputation. So there won’t be names mentioned here.
KeepItSafe’s Peter Thomas does have a nice case study with a happy ending though.
Thomas, who describes his company as a “fully managed backup provider”, recalls a property management company that managed to lose the critical data on their hard drive.
“Much of the information was on databases, which required specialised methods of backup and restore,” he says. “As well as lost databases, there were thousands
Following the recovery, the client sent Thomas an email, saying the support from KeepItSafe was “fantastic”.
“It made me feel better simply because the [KeepItSafe] team was thinking of ways to help us,” the client said. “Getting back on track and backing up our photos was really easy too. I didn’t have to do anything. I’m really glad to have this support; it really does give peace of mind.”
Everybody we spoke to predicts online backup and disaster recovery will become more accepted and deployed.
“Customers will become substantially more critical of recoverability capabilities, locally and remotely, and start to demand that their backup application performs daily automated recovery tests,” says Wyman. “After all, your next reliable recovery is only good as your last tested backup.”
More companies will move to monthly rental or subscription based licensing for complementary disaster recovery to their existing backup product, he adds. “The monthly rental concept helps to ensure that your selected solution delivers and continues to deliver, as it is easy to change.
“It ought to be possible to cancel the monthly subscription if recoverability cannot be tested, giving customers full control of the recoverability process.”
The last word we’ll give to Veeam’s Don Williams – whose company, he says, coined the term ‘Always-On-Business’.
Going forward he says the challenges will continue in terms of keeping a business up and running at all times, “with increased real-time interactions among stakeholders, accessing apps across multiple time zones, the adoption of mobile devices, staff working outside regular hours and the growing no tolerance for data loss or for downtime”.