Effective data protection in a hybrid environment

Hybrid cloud infrastructure is the new normal – by next year, more than 90% of all organisations will be operating a hybrid model¹. The benefits of the cloud are well documented, but the hybrid model is extremely useful for organisations who rely on legacy applications or who want to put their workloads in the most performant, cost-effective location.

As is to be expected however, introducing additional infrastructure elements increases administrative complexity and overheads. Even though cloud providers assume responsibility for maintaining the underlying platforms, IT teams must still oversee much of the administration of how they use them.

This is where serious problems can manifest – particularly in relation to data protection.

1 - TechTarget Business still lax about SaaS backup

Cloud services and the shared responsibility model

Microsoft, AWS and Google Cloud Platform all operate under a shared responsibility model. This means that your provider manages the software and hardware that underpin their cloud: compute, storage, database and networking. If the platform fails, the provider must deploy the necessary resources to fix it.

When it comes to the systems running on cloud platforms, your organisation retains overall responsibility. This includes encryption, guest OS configurations, secondary applications and the actual data stored in them. The same is also true of SaaS offerings like Microsoft 365 – you are ultimately accountable for protecting the data stored in hosted applications. If you didn’t know about the shared responsibility model, you’re not alone – neither do 45% of SaaS users². Another survey suggests as many as 85% are labouring under the belief their data is protected³.

Under the shared responsibility model, you cannot assume that your provider is backing up your data. Because of the complexity of delivering configurable backup at scale, none of the major cloud vendors offer it.

Some do offer a very basic, limited recovery option, but it will not offer the granularity that modern data protection routines demand. These backups are also likely to be supplied with minimal SLAs or guarantees. However, 35% of organisations still rely solely on the SaaS vendor to protect their data¹.

2 - Tech Republic - Report: 40% SaaS application users have lost data
3 - Rubrik - Protecting hybrid and multi-cloud data

At least 40% of SaaS users report having lost data from the cloud at least once². Given that 89% of organisations rate data stored in SaaS platforms as “somewhat” or “very important”, this should be of serious concern².

Take Microsoft 365, which is becoming the email service of choice for organisations keen to retire costly in-house Exchange servers. Just 15% of organisations surveyed were able to recover all their data following an incident¹. This is because data deleted from Microsoft 365 is retained for just 30 days in a ‘recycling bin’ holding place before being deleted permanently.

Clearly this is a significant problem – and it would appear that many data protection strategies are underestimating the dangers of the ‘wait-and-see’ approach to SaaS data protection.

The multi-cloud factor

Currently, 82% of organisations are now using a hybrid cloud strategy – and 92% are pursuing a multi-cloud plan⁴. But while the cloud offers superior flexibility and agility, it also dramatically adds to the complexity of your infrastructure.

Every additional service reduces transparency – at least from a systems management perspective. It also makes the job of defining a comprehensive data protection strategy much harder. This means that ensuring availability for mission-critical applications is also more difficult because of the multiple touchpoints involved in backup and recovery.

4 - Flexera - Cloud computing trends: 2021 state of cloud report

Designing a hybrid-ready backup solution

Multi-cloud operations are here to stay. Going forward, organisations must invest in tools that help to break down barriers and consolidate management capabilities of the backup solutions. Whilst a single pane of glass would be the ideal outcome, in reality, this may not be possible due to choosing the right product at the right time. These tools must operate across the entire IT estate, including on-premises data centres and public cloud platforms.

With the right data protection solution, it is possible to lower costs and reduce complexity, thanks to integration between features. Cloud backup, DRaaS (disaster recovery as service), IaaS (infrastructure as a service) and SaaS data protection and cross-cloud operations will be essential for protecting your business in the multi-cloud future.

One size does not fit all, so you must carefully assess your requirements – and all available data protection offerings – to ensure you get the solution to meet your strategic objectives.

Number-box-1 Identify applications and workloads

Identify the key applications and workloads within your organisation to be backed-up and categorise them. Pay close attention to where your data is stored – on-premises, in the cloud, or spread across both locations. You should also define the relative priority of applications to your operations. This will help you properly prioritise data and applications for recovery in the event of a data loss event or major operational disruption.

Number-box-2 Build out the components

Next, you must build the components required to meet your strategic data protection objectives. Factors to consider, include:

For mission critical applications with a low RTO, consider on-premises disk arrays with all flash arrays (AFAs) populated by high-speed SSDs for maximum performance.
Secondary applications may be protected by a lower-cost cloud replication system or even a tape-based archive.
High priority virtual machines running in the cloud should be replicated using continuous backup.
Data stored in SaaS services, like Microsoft 365, will need a specialised plugin to deal with the various idiosyncrasies of the application and to ensure all information is captured.

Never forget the 3-2-1 backup principle, which remains valid and effective, even in the age of multi-cloud hybrid operations. Three copies of your data stored on two different media, with at least one copy held off-site.

You will also need a system to orchestrate backup and recovery across all your operating environments. The ability to view backup and recovery options centrally will be crucial to improving disaster protection outcomes.

Number-box-3 Test

Once your components have been assembled, you must test to ensure that they work. The worst time to discover an issue is in the middle of a significant system failure. One recent survey found that 37% of all backup jobs fail – as do 34% of all restores⁵.

As well as confirming that data can be successfully retrieved, you must also check that recovery can be completed according to your RPO and RTO objectives. If these targets cannot be met, your data recovery system is not truly fit for purpose. In 2019, 31% of backups failed to meet their SLAs – this rose to 40% during the pandemic as remote working became the norm for many businesses⁵.

5 - Veeam - Data protection report 2021

Number-box-4 Refine and improve

Testing is not a one-off checkbox exercise to confirm your data protection processes are working. Instead, it must become a regular aspect of your IT operations.

First, regular checks ensure that your backup and restore processes are working – particularly where physical media like hard disks or tapes are involved. Media failure is a significant risk to your operational integrity and could result in permanent data loss.

Second, testing will reveal where there are gaps in your strategy as your environment continues to evolve. This provides regular opportunities to refine and improve your provisions – to improve RPO and reduce RTO. The better you can manage backup and recovery in all locations, the less lasting damage and cost your business will incur in the event of a system outage.

Seamless backup and data protection 'as-a-service'

From a day-to-day management point of view, organisations sometimes lack the required skills or resource in-house to be able to manage and monitor a hybrid cloud-ready data protection solution. In situations like these, working with a partner provides an extension of your IT team with access to additional expertise, experience, and knowledge of these solutions. A good partner can provide a management wrap for your data protection environment and ensure that your data protection strategy is implemented and maintained with all SLAs met.

No two organisations are the same, which is why having a bespoke, tailored data protection strategy is key to your organisation.

Conclusion

Hybrid cloud operations are now the norm as a majority of organisations are running infrastructure on-premises and on hosted platforms. However, data protection strategies are not always keeping pace with rapid developments elsewhere.

Any organisation that cannot manage backup and recovery across their entire IT estate – including cloud-based assets – is running a significant risk of permanent data loss. As is anyone who assumes that cloud providers are backing up their data as a standard part of the service.

To avoid potential catastrophe, IT decision makers will need to review their provisions with some urgency. Otherwise, they may be a matter of minutes away from an unrecoverable disaster that threatens their very existence.

The shared responsibility model means that your business is responsible for protecting its own data – even in the cloud

Most cloud services do not offer backup for your data

Your operating environment may have changed, but your RPOs and RTOs have not

An effective hybrid backup strategy needs to account for data stored everywhere – on-premises and in the cloud

Testing must become a routine aspect of your data protection strategy, offering an opportunity to avoid failure and to improve overall backup and recovery performance