Data Center

Not Your Father’s Data Protection

Creating backups has been a key component in IT operations since the very beginning. Early on, backups were introduced as a way of preventing data loss stemming from hardware failure. Today, regulatory requirements and threats such as ransomware make backups more important than ever. However, as critically important as backing up your data may be, backups alone are becoming increasingly inadequate.

Today, organizations are largely shifting their data protection efforts toward disaster recovery (DR). Whereas backups focus on making recoverable data copies, disaster recovery is geared toward making sure that key business processes continue to function, even during a disaster.

In the early days of IT, backups were introduced as a first (and perhaps only) line of defense against data loss. Even at that time, businesses recognized that there were very real consequences to losing important data. Backups were one of the few tools that IT pros could use to put everything back to normal following a catastrophe.

Even back then, however, backups were anything but ideal. Even if you ignore the fact that backups often had reliability problems of their own, there were still two major problems associated with restoring a backup.

The first of these problems is that restoring a backup almost always resulted in at least some amount of data loss. Early on, it was common for businesses to create a nightly backup once all of the employees had gone home for the day. If a critical system were to fail in the middle of the work day, then all of the data that had accumulated since the start of the previous night’s backup would be lost. That data had not yet been backed up, and so there was usually no way to recover that data. Reliance upon a nightly backup meant that an organization could conceivably lose up to a full days’ worth of data during a recovery operation, even if everything worked perfectly.

The second major problem with recovery operations was the amount of time that it might take for a restoration job to complete. Depending on how much data needed to be restored, a recovery operation could take hours, or even days to complete. During this time, critical systems often remained offline and unavailable for use.

Over time, IT professionals began quantifying these two issues as a way of gauging what could realistically be expected from a recovery operation. The term Recovery Point Objective (RPO) loosely describes how frequently backups are created, and how much data might be lost in a recovery operation. Modern backup solutions generally have an RPO in the magnitude of five minutes or so, but even today restoring a backup generally leads to at least some data loss.

Similarly, the term Recovery Time Objective, or RTO, describes how quickly a recovery operation can be completed. Modern backup solutions commonly offer an instant recovery feature. While such capabilities are infinitely better than waiting for days for a restoration to complete, instant recovery isn’t truly instant. It usually takes a few minutes to bring the recovered resources online. While this might not sound like a big deal, The Rand Group estimates the average cost of an hour of down time to be $100,000. This puts the cost of a five-minute recovery at about $8,300, not including costs associated with data loss.

Given the extreme costs of even an expedited restoration operation, it’s clear that IT pros need to begin thinking of backup and recovery as a last line of defense rather than as being the first line of defense. DR is a far more effective tool for protecting an organization’s data.

Although DR and “backup and recovery” sound very similar to one another, the two technologies couldn’t be more different. Backup and recovery is based on making a recoverable copy of an organization’s data so that the data can be recovered in the event of data loss.

Conversely, DR is focused on true continuity of business. It works by replicating mission-critical workloads to a public cloud, or to a secondary datacenter on an ongoing basis. If an organization were to suffer a critical failure in its primary datacenter, the offsite replica could immediately take over. This approach completely mitigates the need for performing any sort of data restoration.

While there are obvious benefits to being able to keep mission-critical workloads online during a disaster, it’s also worth noting that because DR doesn’t involve performing a traditional data restoration, it essentially eliminates the hefty costs that are so often associated with a recovery operation.

More importantly, true DR shifts the focus from protecting data to protecting entire workloads. A well-thought-out DR plan can allow an organization’s workloads to remain online and functional, even during the most dire of circumstances. The workloads can be run in the cloud indefinitely, or they can easily be brought back in-house once the organization’s problems have been fixed. In either situation, a good DR solution should provide a nearly seamless transition to the cloud, while also allowing organizations to decide for themselves if or when to bring the workloads back in-house.

Because failbacks (or at least having the option to fail back) are such an important part of DR operations, it’s important to choose a provider that doesn’t penalize you for performing a failback. Some of the major cloud providers charge their customers a data egress fee any time they move data out of the cloud.

True DR capabilities are vastly different from your father’s data protection methods. Cloud-based DR lets organizations worry less about backing up and restoring data, and focus on keeping mission-critical workloads online.