In the last three virtualization and cloud security podcasts, Mike Foley, Sr Technical Marketing Architect for vSphere Security, mentioned security disaster recovery plans. There is a growing need for such plans. The 174th podcast covered this need, as well as the why and the how of putting such plans together. Unlike traditional disaster recovery, security disaster recovery is just what it sounds like, recovering from a disastrous security event. How would your organization respond to such an event? Is it about incident response? It is more than this. While you listen to the podcast, consider these thoughts.
Data Protection is much more than verifying that you have a valid backup. While the recovery of your data is important, Data Protection also encompasses data life cycle management, business continuity, disaster recovery, and continuous data protection as they pertain to virtualized and cloud environments. This topic also examines how to secure and monitor the passing of data between disparate environments and how to increase the scale of data to be protected in shorter periods of time. (Read More)
How to manage the security and protection of your environment in order to safeguard your crown jewels has always been important. However, it has never been more so than today, when data-breach announcements are common and everyone from nation-states to teenagers in their bedrooms have access to powerful tools for breaking in.
In our data protection research, we have discovered that there are quite a number of companies that say they do Disaster Recovery as a Service (DRaaS). Just what is DRaaS? What are the basic requirements? Is using a public cloud better than using hosted DRaaS? Are there any risks? Is DRaaS just a dump-and-go? Is DRaaS just another managed services play? There are many questions—now, let us look at some answers.
Nothing quite changes like IT. We have gone from incredibly manual, thought-requiring human processes to handling petabytes of data to make a single decision. In essence, our requirements have changed to meet our real-world needs, whether such change has been to improve performance, capacity, or other needs. Requirements rule the world of IT. Recently, we have seen an additional shift in requirements. TVP Strategy is currently looking at a small set of IT: data protection. Our approach has been to produce a coverage graph. The graph gives us a nice visual on how vendors’ products match up. But that is not all. We recently did some analysis comparing products over time as our coverage graph requirements have evolved. The results of these comparisons over time are very interesting.
Nearly every time I turn around, a company is stating it can prevent ransomware! When I research it further, I see that it is not, in fact, prevention. Rather, it is recovery. These companies all make the same assumption: that ransomware can be detected long before it becomes a major problem. This is false reasoning. Ransomware is not detected until a person cannot open a file, or a system reboots and the screen shows a lovely ransomware message. How soon after ransomware hits does this detection take place? Moments, days, or months? Whether you can detect ransomware early enough depends on your practices, policies, and capabilities, not on storage or data protection that claims to prevent ransomware. What does it take to prevent, or even detect, ransomware?
Our data protection analysis focuses on the ever-growing list of requirements of the modern data center and hybrid cloud. We look for those requirements that address the future, not the past, and classify them into major categories, adding categories as needed. The categories are then graphed to form the basis of our coverage reports.
As we all know, data protection is not really about how we back up or replicate data. Instead, it is about how we recover our data. Recovery is not just about a disaster; it is also about files and continual testing. Data protection must not be “set and forget.” Our ever-changing hybrid cloud environments require proactive data protection. We need to detect changes to applications. We need software that adjusts backup or replication to pull in more and more of the application. In essence, data protection should not require a human to be involved. Where are we in relation to this goal?