Defining The Right Data Protection Strategy


Published on

This ISG white paper is designed to help IT organizations navigate the nuances
of data backup and recovery and select an appropriate data protection
solution that addresses business needs.

Published in: Business, Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Defining The Right Data Protection Strategy

  1. 1. DEFINING THE RIGHT DATA PROTECTION STRATEGYThe Nuances of Backup and Recovery SolutionsBy Cindy LaChapelle, Principal Consultant, ISG
  2. 2. INTRODUCTIONMost organizations have traditionally believed that having data backed upand stored offsite is sufficient to ensure data recovery and maintenance ofbusiness operations. In this environment, well-defined disaster recovery plansand regular testing have not typically been priorities. In recent years, eventssuch as the 9/11 attacks and the tsunami in Japan have caused manyorganizations to reassess their overall data protection strategies for databackup and recovery, disaster recovery and business continuity as well aslong-term retention and security of their data.However, most business downtime is caused not by catastrophic events ormajor natural disasters, but by hardware failures, data loss, power outages orUPS failures, network outages, security breaches, human error andapplication failures. These factors can do just as much damage to theorganization’s long-term performance and reputation.As data volumes and retention requirements grow in response to businessdemands and regulatory mandates, data protection strategies must ensurethat critical business data can be accessed and recovered in a timely fashion.Server and storage virtualization, data center consolidation, explosive datagrowth and new compliance requirements are major change drivers withinthe data center, but many IT organizations still employ data protectionstrategies from 5 or even 10 years ago. In a rapidly changing environment,determining the “right” data protection solution is no longer a black andwhite issue, but rather a grey area that involves myriad considerations thatimpact complexity, effectiveness, and cost.This ISG white paper is designed to help IT organizations navigate the nuancesof data backup and recovery and select an appropriate data protectionsolution that addresses business needs.DATA PROTECTION STRATEGIES ■ CINDY LACHAPELLE 1
  3. 3. GREY IS THE NEW BLACK FOR DATA  Legal time limits to recover data in e-discoveryPROTECTION requests  Changing compliance requirements for retentionThe right data protection strategy must ensure that thebackup and recovery solution goes beyond basic  The need to delete data once it is no longerrecovery of the occasional lost or mistakenly deleted file. requiredIt must also be leveraged to provide the right level of  Exponential growth in primary data that translatesdisaster recovery and business continuity capability. into unmanageable growth in backup data setsAt the same time, given the reality of flat or decreasing IT  Backup complexity due to requirements for morebudgets, the data protection solution must effectively frequent backups of some key business-critical databalance cost and risk factors. sets, different retentions, etc.Traditional “black and white” backup and recovery In this changing environment, organizations requiresolutions were typically implemented over a shared IP complex business-focused backup and recovery solutionsnetwork with data being backed up to physical tape and implementations. Each “shade of grey” solutionmedia in an automated library. Incremental backups requires considerations of cost, complexity, riskoccurred daily while full enterprise data backups were implications, recovery time and recovery pointconducted every week or two, normally during objectives, technology options, alignment of retention toweekends. Occasionally, backup pools were established changing business and legal needs, etc.with different retention parameters for different data Recovery point objectives (RPO) associated with dailytypes or file systems but many organizations simply backups may not satisfy targets defined in the disasterbacked up all of their data with a plan to keep it recovery (DR) plan, particularly for some business-critical“forever.” applications and data stores. In the latter instance,Backup was used to recover lost user files and as a basic alternate data protection strategies may be needed instrategy to provide some guarantee of business conjunction with backups as part of the overall DRcontinuity in the event of a major event or disaster. Full strategy. In a DR plan, the RPO and the RTO (recoveryrecovery of a critical environment from backups was time objectives) need to be defined based on businessrarely tested. Many organizations maintained older need and criticality. The plan should also define whatlegacy tape media formats without any reliable means to systems need to be in place (and where they should berecover the data that resided on them. The attitude was located) to get the key business applications up andthat, if asked, they could legally, and honestly, state that running again. Often, critical system and applicationthey had the data – and then pray that nobody actually RTOs are shorter than the typical 24-hour intervaldemanded it be restored. associated with daily backups, so other data protection technologies and strategies (such as remote replicationAs compliance regulations grew and e-discovery requests or mirroring, snapshots or point-in-time copies, orbecame more common, businesses recognized that the continuous data protection technologies) may bepolicy of retaining data forever could come back to haunt required.them. For one thing, attempts to migrate older legacydata were often largely unsuccessful as well as extremely The cost of DR solutions needs to be carefully balancedcostly. Standard backup strategies lacked processes to against the business risk and cost of downtime. Tomigrate relevant data as tape technologies were retired. address this challenge, many businesses are reviewingTo further compound the problem, many backup tapes cloud-based backup and storage options for disasterwith a “forever” retention mixed irrelevant data together recovery.with data that legally had to be kept for compliancereasons.Additional factors affecting backup and data protectionstrategies include the following:  Shorter or nonexistent available windows during which backups can run  Backup complexity associated with virtual server environments and multiple backup technologiesDATA PROTECTION STRATEGIES ■ CINDY LACHAPELLE 2
  4. 4. OPTIMIZING DATA PROTECTION Alternatively, some organizations enhance their existing backup solution with cloud-based backup and storageA business case for an enhanced data protection strategy services. When choosing this option, verify that SLAs aremust address all relevant costs and risks to ensure aligned to the business RPOs and RTOs for data recoveryalignment to business requirements for data backup and for the applications and data sets being backed up to therecovery. Design the backup and recovery solution to be cloud. In addition, make sure that all internal businessflexible. As business requirements evolve, modify the requirements for data security are being met and thatdata protection strategy to integrate new and emerging cloud service capabilities are reviewed on a regular basis,technologies which add necessary functionality and/or as compliance and regulatory requirements can changegreater responsiveness to the overall backup and with time.recovery solution. With virtual server environments that share the sameLeverage multiple storage technologies to provide the data store, backups must be fully integrated with theright level of flexibility and responsiveness while overall backup solution to avoid backing up the samebalancing cost and complexity. Virtual tape libraries (VTL) data stores multiple times. Leverage technologies likeand disk-based backup solutions leverage online disk deduplication to avoid redundant backups. Be sure tostorage to provide faster backups and faster recovery back up physical as well as virtual servers.times for key systems and applications and frequently-used data. To control costs, while still addressing A recent study by Kroll Ontrack (“Data Loss in a Virtualresponsiveness and compliance requirements, migrate Environment – An Emerging Problem”, 2011) noted that,disk backups to lower-cost tape storage as they age. Disk “if deployed or managed carelessly, virtualization canand VTL solutions also offer deduplication capability, itself create business disruptions or data disasters.” Thiswhich can significantly reduce the overall storage study reported that human error (vs. machine error)required by limiting backup to data changes. accounted for 26 percent of systems failures in traditional non-virtualized systems, but 65 percent inAn all-disk backup solution that eliminates tape virtualized environments.completely can become very expensive and introducedifferent challenges for data with long-term retention When adding new servers (virtual or physical), establish arequirements that exceed the lifespan of the disk check list to ensure that backups are mapped to thetechnology. New advances in tape technologies, such as appropriate backup pools, based on businesslinear tape file system (LTFS), may provide reasonable requirements.alternate approaches to disk-based technologies for both  Map incremental and full backup schedules andfaster access to backup data and for lower performance frequency to application and server RPOsstorage tiers for archive solutions. LTFS is a self-  Map data retention and deletion schedules to legaldescribing file system that makes files on tape directly and compliance regulationshost-readable, enabling tape to be used in the samefashion as a USB drive.  Choose the backup solution storage architecture and software (disk, virtual tape, physical tape, diskTo select the right mix of automated tape, virtual tape migrating to tape, etc.) that meet data andand disk-based technologies, consider business application objectives for available backup windowsrequirements for backup and recovery performance, and restore-time objectivesdata access and retention (both short and long term),  Leverage alternate, or additional, data protectionreliability, ease of management and cost. However, theright mix of disk and tape today does not necessarily solutions such as continuous data protection (CDP)guarantee that future business needs will be met. The technologies, snapshots, or local or remotebackup and recovery solution therefore must be flexible replication or mirroring for servers and applicationsand frequently reviewed and updated to reflect the with high availability requirementsevolution of the business and supporting technologies.  Ensure RPOs are met by confirming backup processes are in place to: • Redo or restart failed or missed backups • Guarantee new servers are configured for backup during the server build“SHADES OF GREY” DATA PROTECTION STRATEGIES ■ CINDY LACHAPELLE 3
  5. 5. Backup solution bottlenecks change over time depending SUMMARYon where throughput is limited within the data path. Backups are pointless if data recovery fails or isDefine a regular annual review process for the backup insufficient to meet business requirements andsolution to identify bottlenecks, or potential bottlenecks, objectives. Don’t over- or under-configure the backupand redesign the solution to eliminate or minimize the solution; rather, right-size the solution and leverage aimpact on backup windows and backup success. mix of backup technologies and platforms to ensure aBottlenecks within an end-to-end backup solution may data protection strategy that delivers the right balanceoccur in any of the following points in the data path: between risk and cost.  Network Bottlenecks – (IP or fiber channel) Revisit and redesign the backup and recovery solution as  Back-end Bottlenecks – (tape libraries and tape the business evolves and requirements change. Once drives, disk for backups, etc.) implemented, backup solutions should not be considered  Front-end Bottlenecks – (client servers and backup static and expected to run unmodified forever. Factors servers) such as exponential growth of structured and unstructured data, new and changing regulatory andMonitor all of these systems to ensure data throughputs compliance requirements, and a greater need for fasterare not being restricted. and more effective disaster readiness are driving ITMonitor and report backup capacity and performance organizations to embrace more complex and adaptableand leverage this information to perform proactive backup solutions to address business needs.backup capacity and performance planning. Make sure that the backup and recovery solution isEstablish a regular program for testing and validating flexible and responsive by reviewing and reconfiguringbackups by performing random restores of files and data backups as technologies and business needs change. Thesets. Integrate this testing with DR planning and testing days of a simple “black and white” backup and recoveryto ensure that data can be recovered from backups solution are over – today’s challenge is developing thewithin the required time frames. The worst time to right “shade of grey” backup and recovery solution thatdiscover that backups are failing or are unrecoverable fits your organization’s business needs.due to media failures or other corruptions is in themiddle of a disaster.Whenever possible, store backups at an alternatelocation or secondary data center, or create copies of keybackup data as insurance in the event of a major failureor disaster. If tapes are transported offsite encrypt thedata during backup to ensure security.As backup technologies age and refresh, migrate backupsto newer backup platforms and media to ensure thatlegacy backups with long-term retentions arerecoverable. Migrate existing backups on legacy formatswhere possible and, once migrated, retire legacy backuphardware and software. If a lack of compatible legacyhardware or software precludes migration, delete ordestroy backup tapes rather than store them if there isno chance for a successful restore. Make sure the backupdata retention schedules align to the business lifecycle,recovery access and availability of the data beingbacked up.DATA PROTECTION STRATEGIES ■ CINDY LACHAPELLE 4
  6. 6. Cindy LaChapelle is a Principal Consultant with ISG.Contact the author at or +1 416 571 5247.Information Services Group (ISG) (NASDAQ: III) is a leading technology insights, market intelligence and advisory servicescompany, serving more than 500 clients around the world to help them achieve operational excellence. ISG supportsprivate and public sector organizations to transform and optimize their operational environments through research,benchmarking, consulting and managed services, with a focus on information technology, business process transformation,program management services and enterprise resource planning. Clients look to ISG for unique insights and innovativesolutions for leveraging technology, the deepest data source in the industry, and more than five decades of experience ofglobal leadership in information and advisory services. Based in Stamford, Conn., the company has more than 700employees and operates in 21 countries. For additional information, visit 082212 © Copyright 2012 Information Services Group – All Rights Reserved