This post first appeared on Risk Management Magazine. Read the original article.
Whether it has been natural disasters or hacking incidents, recent crises have served as a dramatic reminder that it takes a lot to get back in business following a disruption. Complete disaster recovery means setting up a fully functioning physical or virtual infrastructure, establishing all necessary network connectivity and capability, and getting the enterprise up and running in the amount of time required by the organization’s strategy. One of the first steps to recovery is restoring data, applications and services from backups.
For many years, tape was the primary medium for backing up data and it remains an effective and affordable method, especially for lower-tier data that is less than mission-critical. It is also the most economical and secure medium for long-term preservation, archival and compliance requirements. Because they are offline, tape backups will be uninfected in the event of a widespread ransomware, malware or other cyberattack. And, when all else fails, tape is often a reliable backup. That was the case in 2011, when an update of Google’s Gmail storage went awry, erasing more than 150,000 user accounts while also rendering Google’s redundant cloud-based copies unavailable. Fortunately, Google was able to restore users’ data from physical tape backups kept offsite.
But the logistics of transporting tapes between production and recovery facilities, the one-to-one relationship of tape devices to data streams and the time delay in retrieving and mounting tapes to put them to work have sent businesses looking for faster alternatives.
This has led to considerable reliance on the cloud. However, a common and risky misconception has developed among executives that cloud backups alone will allow them to quickly resume operations following an interruption or disaster. Perhaps this idea comes from their personal, day-to-day experience with the cloud and the impression it creates of services and data that are always on, always available, and accessible from anywhere. Or maybe because providers of cloud-based backup-as-a-service products store multiple backups in different locations, it has given customers a sense that their data will be available immediately when needed, even if they have never taken steps to actually use the backup.
The risk in this thinking is that, while backing up to the cloud can be fast and automatic, recovering from the cloud may not always be. Just as with tape, a backup in the cloud can only help you get back in business if you have specifically planned how to use it in a recovery. In other words, you need to know exactly where that backup will go, on what media, and how soon it can be implemented to recover from a disruption.
Additionally, do you have the network capacity to download all of your enterprise data to your primary or recovery data center? Even if you can afford the monthly charge for a one gigabit-per-second internet link, retrieving just 10 terabytes of data would take more than a day. Absent such network capacity, your cloud provider may have to deliver massive amounts of data on disk or tape, either to your headquarters or to your disaster recovery services provider. This means that, even with the cloud, there could still be a delay of hours, days or weeks.
Another consideration is finding skilled support to carry out your recovery. If you rely exclusively on staff to execute a self-managed public cloud solution, what will you do if they are personally impacted by the disaster and unavailable to perform such duties on a timely basis?
Of course, today’s advanced cloud-based offerings include the comprehensive managed resilience of disaster-recovery-as-a-service, which allows customers to restore business operations in hours or even minutes, with minimal to no data loss. Cloud-enabled managed failover services that can enable the switch from primary systems to backups promise the fastest possible disaster recovery solution, increased resilience and near-zero downtime for mission-critical applications. It is a flexible approach, often outside the public cloud, that allows companies to design and frequently test separate backup and recovery schemes for different databases, applications and services.
While the cloud can do all this, there is tremendous risk in assuming that a contract for cloud-based software, infrastructure or backup is the same thing as disaster-recovery-as-a-service. There is also still a risk that an entirely cloud-based service could fail. In April 2011, for example, a network change resulted in the failure of a large number of Amazon EC2 cloud services that disabled some high-profile sites for days and left many customers with permanent data loss.
Whether you are considering or already using the cloud as a part of your strategy to achieve the fastest possible recovery from a disruption, you still need effective redundancy in your backup and disaster recovery solutions to assure that the data required will be available when you need it. The cloud has transformed much about the speed, flexibility and cost of doing business, offering new options for backing up critical data, replicating complete systems and helping to orchestrate a successful disaster recovery. But no matter how much they may improve, virtual backups alone are not enough. That is why tape should still play a role, along with on-site disk backup and physical or virtual cloud-based storage and recovery infrastructure, as part of a hybrid backup and recovery solution.
With this, companies can go from backing up their data to being back in business.