Data is the lifeblood of all organizations today. Its value is beyond measure, which is why protecting that data from loss, outages, theft, human error, malware, ransomware, and natural disasters has become paramount. Threats to organizations’ data has been multiplying exponentially. Consider there are new ransomware variations every 18 seconds, 100-year disasters such as floods, fires, hurricanes, typhoons, and highly destructive tornados are happening multiple times a decade because of climate change, and exploitable system vulnerabilities are happening far more frequently in our always connected IT world.
Protecting the organization’s data has also become more complicated than ever. Data is everywhere. It’s in the physical (PM) and virtual machines (VM); containers; the data center, remote offices, branch offices (ROBO); databases; laptops; cloud services such as Microsoft Office 365, Google Suite, Salesforce, other software as a service (SaaS) applications; and cloud service providers.
That wide data dispersion makes it exceedingly difficult to protect with a single product that meets the requirements and needs of all users. Some provide near instantaneous recovery but fail to meet new privacy compliance regulations such as GDPR, PDPA, APPI, CCPA and dozens more in process across the world. Others provide near “0” recovery point objectives (RPO) and recovery time objectives (RTO), but are vulnerable to ransomware that attacks them. Few data protection products can protect all or even most of these disparate data localities, meet new compliance regulations, and are resistant to malware and ransomware attack vectors. However, the user requirements remain regardless of whether a single data protection system can fulfill them. It generally necessitates the implementation of several point products. This has become clearly evident with backup as a service (BaaS) and disaster recovery as a service (DRaaS) managed service providers and Enterprise IT organizations. It has even reared its ugly head with many mid-tier organizations.
Compounding the multi-data protection/backup system problem is the way different data protection products are purchased by different parts of the IT organization. Even though they are purchased for a specific purpose, they frequently overlap in protecting some or quite a bit of the same data, often unintentionally. This may and likely will occur without the knowledge of the other administrators. The hypervisor administrator may subscribe to a hypervisor specific data protection. The storage administrator may purchase (or it may come with the system) a license for their storage system’s snapshot and replication. The backup or data protection administrator typically subscribes to a vendor or service that covers most mission critical data regardless of where it was created. The application owner may license the application specific data protection such as that which comes with a database or a SaaS license. Much of the same data is protected by multiple data protection systems.
This can have a devastating effect on backup processes, recovery processes, budgets, compliance, and security. Here’s how.
Each system has its own unique backup process, user interface, management requirements, troubleshooting methodologies, functionality, and training requirements. Some are agent-based whereas others are agentless. Where this gets increasingly complicated is when there are multiple products.
Take the example of multiple agent-based products protecting the same data on the same sources. Each agent queries the file system to see what files and/or blocks have changed then copies them out. The process is server resource intensive. Multiple queries from different data protection software systems requires the process be scheduled at different times so they do not conflict. If they conflict it causes each backup to slow to a crawl or stop completely missing the backup window or even corrupting the backups.
Another example comes from backing up virtual machines via the hypervisor’s API instead of agents. The hypervisor API typically allows the data protection software to initiate a hypervisor snapshot (a.k.a. image-based backup) of the VM or changed blocks in the VM. The data protection software then copies the snapshot out. Hypervisor snapshots are noticeably resource intensive. Avoiding conflicts that slow backups to a crawl or stop necessitates each image-based data protection system querying the same hypervisor API be sequentially scheduled. Otherwise the backups will not complete and just as with the previous example, backup windows are more likely to be missed putting data at increased risk of loss from an outage.
There are many consequences to multiple data protection and backup system deployment complexity. Consequences such as:
- More licenses to acquire and manage;
- More operational and management training;
- More personnel to be trained and cross-trained;
- More data protection software to manage;
- Potentially more server hardware to run the data protection software;
- Or the VM percentage of resources utilized by the software;
- More storage consumed;
- More storage to manage;
- Upfront and ongoing;
- More supporting storage infrastructure (switches, cables, transceivers, conduit, rack space, etc.)
- More supporting storage infrastructure to manage;
- Upfront and ongoing;
- More patches to schedule, implement, and manage;
- More hot fixes to schedule, implement, and manage;
- More upgrades to schedule, implement, and manage;
- More trouble shooting;
- And multiple headaches.
These consequences are budget busting. And yet, they are relatively minor comparatively to recovery processes.
Part 2 of this series will reveal how recovery processes are severely compromised by multiple data protection systems. Based on the backup consequences alone, too many data protection systems are a complicated and risky proposition. The best way to prevent these consequences is to implement a comprehensive data protection system.
To learn more contact us at: firstname.lastname@example.org
Asigra Software v14.x
The Asigra Software is architected from the ground to meet the very large-scale requirements of managed service providers delivering backup as a service (BaaS) and disaster recovery as a service (DRaaS). Asigra continually leads the market in comprehensive solutions. From file to image backups; instant or single file recoveries for any hypervisor, physical, virtual machines, cloud instance, SaaS, and Docker containers; laptops – protect, geo-locate, and remote wipe; repurposing of backup data for DevOps, TestDev, Search, and analytics; intuitive management interface; variable RPOs and RTOs; deduplication, compression, encryption, and more.
More importantly, Asigra Software is the first and only data protection/backup today that prevents malware and ransomware from being backed up or recovered. It stops attack-loops in its tracks. Several others detect detonations and notify that an attack is in progress, but do not detect or prevent infections in the backup and recovery streams. Asigra Software additionally prevents malware, ransomware, or disgruntled employees from deleting backups without proper multi-factor authorization. And Asigra Software is the first to enable the “right-to-be-forgotten” PII compliance for GDPR, PDPA, CCPA, and others in backups with documentation of what, who, when, etc.