Subscribe

The backup battle

Joanne Carew
By Joanne Carew, ITWeb Cape-based contributor.
Cape Town, 16 Sept 2015

Good governance

It would be impossible to have the backup and recovery conversation without discussing compliance and governance, says Sumash Singh, country manager at CommVault SA. These requirements are forcing all businesses, large and small, to better understand their data, assess this information in terms of importance, and ensure the storage, backup and distribution of this information is compliant with current legislation. In some cases, notes Singh, legislation requires that sensitive data is stored in-country, making it important for businesses to save this data on the appropriate platform and in the right place.

"These businesses should, therefore, be considering what data should be stored on-premises, what data can be stored in the cloud and what type of cloud model will meet compliance requirements."

Organisations should be thinking about managing data from a centralised, single system that is able to store and handle data in a simple manner according to retention policies, which also assists businesses to meet compliance requirements, he adds. "Not only does this approach improve the availability of data, it also enhances productivity while reducing overall costs."

The ongoing evolution of data environments and the ever increasing amount of data being generated each day by both individuals and organisations present various conundrums. Where does it all go? Is it secure? And how do I manage it all?

For Riaan Gouws, product manager for Backup at Vox Telecom, there's no simple answer. But he believes business both big and small should start the discussion around backup and recovery by acknowledging that not all data is equal. "Simply put, business needs to categorise its data," he notes. Once it has done so, suitable data management strategies can be put in place. These are designed to ensure the security, accessibility and recovery of different groupings of information. This approach is even more appropriate when one considers that by 2016, 20% of organisations will have somehow abandoned traditional backup/recovery techniques. A figure that grows to 50% by 2018 and up to 60% come 2019. The sheer magnitude of the data we're currently dealing with makes it impossible to derive value from this information without having a clear idea of what is what, he states.

Mimecast senior sales engineer Giulio Magni agrees. In order for information to be utilised to its full potential, classifying data is vital. "Ifyou can't easily segment or search through data, this corporate memory cannot be exploited by the organisation. Once you know what to secure, you can use technology to define logic rules to protect the data," he says, adding that regular reviews of the data and rules are necessary to ensure everything is adequately protected. But you shouldn't think of data classification as being as simple as putting different bits of information in different boxes.

If an organisation allows users to classify the data themselves, there is always a risk of inaccuracy, but employing technology solutions tends to be expensive, Magni points out. "The best option is to apply a combination of solutions, enforcement policies and user education around security risks." He advises that organisations segment data into personal and business information and also group data by information type.

For small businesses, with limited budgets and resources, getting this data management dilemma right could be the difference between success and failure. Gartner analysts predict 40% of companies suffering a business interruption will fail within five years. "Unfortunately, many smaller businesses don't have the budgets of their larger counterparts, and as such, make use of fragmented approaches to storage and backup," says Sumash Singh, country manager at CommVault SA. These businesses are commonly using technology that isn't geared for ever-increasing volumes of data and they lack the internal technical resources and expertise to advise on the best technology and strategies to protect and back up their data.

Looking at data loss

Without wanting to weave tales of doom and gloom, Gouws stresses just how many different ways things can go wrong. "Data can be lost, corrupted, compromised or stolen through hardware failure, human error, hacking and malware. Loss or corruption of data could result in significant business disruption." From a security perspective, guarding against these threats involves establishing the necessary hardware and software firewalls, ensuring all software on individual devices is properly updated, encrypting information to keep it safe from prying eyes and even setting up password systems.

If you can't easily segment or search through data, this corporate memory cannot be exploited by the organisation.

Giulio Magni, senior sales engineer, Mimecast

According to Isaac Makoto, a consultant at Hitachi Data Systems (HDS), backups have been used as a last line of defence against data loss for many years, but given the exponential growth of data and more stringent legislation around handling this information, organisations have to employ different strategies. Data replication, disaster recovery, data archiving and backups should all form part of this multi-pronged approach to preventing data loss, he states. It all comes down to carefully managing the information at your disposal, he continues. Backup and data storage plans should allow users to access data when they need it and guidelines should be put in place to ensure different types of information are only available to certain departments or users. For Makoto, a data replication strategy is highly beneficial because once a copy has been created, it can be made available for use because it's online immediately. Thus, there's no need to search for it in backups or archives and multiple copies of the source data can be created and used for things like development and testing.

Into the clouds

Budgets and resources are the two key challenges that face SMEs. "They lack both, and as such, struggle to invest in the infrastructure to manage and protect their data," says Singh. These businesses commonly can't justify the costs of full-time resources to meet their IT requirements, and even if they do have a basic infrastructure (hardware and software) in place, they battle with support and maintenance. Having to outlay significant amounts of money on infrastructure has been and always will be a major deterrent, says Magni. "Budgets are a hot topic for all businesses, and trying to justify high expenditure on creating a data repository is challenging at the decision-maker level. It makes sense to pool resources to get a maximum return on the value of data," he says, adding this is why cloud is a great win.

Too hot, too cold, just right

Given the importance of data classification, Riaan Gouws, product manager for Backup at Vox Telecom, advises businesses to distribute their data into three groups.

* 'High' importance data is information that is extremely critical to the business' daily operational ability.

* 'Medium' importance data is less critical for day-to-day activities, but still required for long-term operations.

* 'Low' importance data is information that is not essential to the business, the loss of which wouldn't cause any long-term damage to the business' ability to function.

Many businesses, especially smaller ones, are fast realising the benefits of hosted and cloud solutions, notes Singh. In a cloud scenario, there's no need to invest in expensive hardware or to hire highly skilled IT staff; all the customer requires is a modest on-site installation and the backup as a service (BaaS) provider will do the rest. "BaaS options offer many benefits to smaller businesses as it puts them in reach of enterprise-class technology, without the requirement to invest in hardware and software. The pay-as-you-use model that many of these hosted platforms offer are affordable and the service providers behind the offering usually offer advice and support - two crucial requirements for smaller businesses."

The reality is cloud offersquick and simple deployment, it does not require any investment in infrastructure and enables customers to easily scale up or down depending on their varying business needs, says Makoto. And given that there are various cloud models - public, private and hosted - organisations have the freedom of choosing to store different types of data in different places, he adds, noting this again illustrates the importance of data classification. Magni points out that in certain instances, making use of a private cloud rather than a public one is the best way to store and manage sensitive data. When dealing with something like e-mail, for example, the public cloud is the obvious option. According to Gartner, as of 2014, 10% (67 million) of enterprise office system users had moved to cloud office systems and most focused on e-mail, not a broad range of capabilities. Gartner expects about 25% of the enterprise market will use cloud office systems and e-mail by the end of 2017, growing to 50% by 2020, and hitting 90% in 2027.

Because cloud is a popular choice for many businesses, it's important to be mindful when selecting a cloud provider. Singh advises organisations to choose a partner with a solid industry track record in the industry, extensive technological expertise and one that provides stringent security and redundancy. "It's also important to ensure the technology behind this service is backed by a reputable and solid brand. Reporting should also be available, providing businesses with insight into their data and cloud storage usage."

Whether it's cloud, replication, archiving or backups, organisations cannot afford to not have some sort of backup and recovery strategy in place, says Gouws. When talking about data management and backups, it shouldn't be a case of figuring out how to respond if something happens, but rather putting a plan in place to respond when it does happen.

Share