In our data protection research, we have discovered that there are quite a number of companies that say they do Disaster Recovery as a Service (DRaaS). Just what is DRaaS? What are the basic requirements? Is using a public cloud better than using hosted DRaaS? Are there any risks? Is DRaaS just a dump-and-go? Is DRaaS just another managed services play? There are many questions—now, let us look at some answers.
Data Protection is much more than verifying that you have a valid backup. While the recovery of your data is important, Data Protection also encompasses data life cycle management, business continuity, disaster recovery, and continuous data protection as they pertain to virtualized and cloud environments. This topic also examines how to secure and monitor the passing of data between disparate environments and how to increase the scale of data to be protected in shorter periods of time. (Read More)
How to manage the security and protection of your environment in order to safeguard your crown jewels has always been important. However, it has never been more so than today, when data-breach announcements are common and everyone from nation-states to teenagers in their bedrooms have access to powerful tools for breaking in.
Nothing quite changes like IT. We have gone from incredibly manual, thought-requiring human processes to handling petabytes of data to make a single decision. In essence, our requirements have changed to meet our real-world needs, whether such change has been to improve performance, capacity, or other needs. Requirements rule the world of IT. Recently, we have seen an additional shift in requirements. TVP Strategy is currently looking at a small set of IT: data protection. Our approach has been to produce a coverage graph. The graph gives us a nice visual on how vendors’ products match up. But that is not all. We recently did some analysis comparing products over time as our coverage graph requirements have evolved. The results of these comparisons over time are very interesting.
Nearly every time I turn around, a company is stating it can prevent ransomware! When I research it further, I see that it is not, in fact, prevention. Rather, it is recovery. These companies all make the same assumption: that ransomware can be detected long before it becomes a major problem. This is false reasoning. Ransomware is not detected until a person cannot open a file, or a system reboots and the screen shows a lovely ransomware message. How soon after ransomware hits does this detection take place? Moments, days, or months? Whether you can detect ransomware early enough depends on your practices, policies, and capabilities, not on storage or data protection that claims to prevent ransomware. What does it take to prevent, or even detect, ransomware?
Our data protection analysis focuses on the ever-growing list of requirements of the modern data center and hybrid cloud. We look for those requirements that address the future, not the past, and classify them into major categories, adding categories as needed. The categories are then graphed to form the basis of our coverage reports.
As we all know, data protection is not really about how we back up or replicate data. Instead, it is about how we recover our data. Recovery is not just about a disaster; it is also about files and continual testing. Data protection must not be “set and forget.” Our ever-changing hybrid cloud environments require proactive data protection. We need to detect changes to applications. We need software that adjusts backup or replication to pull in more and more of the application. In essence, data protection should not require a human to be involved. Where are we in relation to this goal?
This is the first of many comparisons and commentaries on data protection within the hybrid cloud. We are looking at the mechanisms used to achieve data protection. Mechanisms—how boring—yet from an architectural and data management view, mechanisms become increasingly important. The mechanisms available can impact the costs of your data protection. One example: it is often thought that data protection is instantaneous. It isn’t. It has a window of execution measured in hours, not microseconds. If you need microsecond data protection, you may need other tools to fill that need.
The first things to decide are what you need in the way of time to recover your application (recovery time objective, or RTO) as well as how much data loss you can stomach during recovery (recovery point objective, or RPO). RPO determines how often data protection should be used, while RTO governs how soon recovery will be completed once started. This pair of critical factors will control what mechanisms are important within your organization. Beyond those two, there are other, equally important mechanisms that influence the types of recovery mechanisms in use.