The ramifications of changing data protection practices
By James Forbes-May, VP, Arcserve APAC
Data protection practices are changing. Organisations today deal with a far broader and more complex range of data types than five or even three years ago. The IT environment is also changing thanks to trends such as virtualisation. To keep up, data protection practices and tools have had to evolve leading to the rise of new vendors and new backup technologies.
One of the most noticeable changes during this period has been a shift in the choice of primary backup tools, with the old fashioned tape backup beginning to make way for more modern backup methods. According to Data Protection Trends and Transformation in Asia Pacific, a recent survey of IT managers throughout Asia Pacific commissioned by Arcserve, disk has finally overtaken tape to become the single largest primary backup target, used by more than half of the region’s IT managers and backup administrators.
This doesn’t mean that tape has completely disappeared, nor should organisations start shelving their tape systems. More than one-third of organisations continue to rely on tape
as their primary backup target. This places it well ahead of cloud and optical alternatives, both of which have yet to make any serious headway in the business backup market as primary backup targets. The study suggests the reasons disk and tape are so popular include a history of past use of the technologies, long-term cost benefits and ultimately the advantages of portability and offsite capabilities.
The changing practices have important ramifications for organisations considering their future backup needs. While it’s clear there’s no need for current users of tape to immediately change their practices, as existing solutions reach retirement, organisations will need to consider updating to one of the newer technologies. For businesses that are looking to make a first-time investment in a backup solution, the most prudent advice is to go for one of the latest technologies available, such as disk or cloud solution.
Complexity of backup: RPO and RTO
Having established the types of technologies organisations are using for backups, the study then turned to the question of backup complexity – and more specifically, the use of Recovery Point Objectives (RPOs) and Recovery Time Objectives (RTOs).
An RPO measures how much data a company is prepared to lose in the event of disaster while the RTO looks at how long the company can function without that data. Although the metrics may seem similar, they serve very different functions and backup regimes must be carefully constructed to reflect the two needs.
The study found many organisations tend to cling to their traditional data protection practices and that consideration of data protection tends to occur after main systems have been implemented. Therefore the amount of thought that goes into data protection practices isn’t always as detailed as it should be.
Pleasingly, over one-third of organisations indicate they do classify their data in terms of differing RPO and RTO requirements and they also adapt their data protection practices accordingly. However, this leaves just under two-thirds of IT managers who don’t distinguish between different levels of data requirements.
There is a huge opportunity for these latter organisations to improve their data protection practices and reduce the time required for backups by differentiating between critical data that requires ultra-fast RPO and RTO, and less critical data that can be protected by a less stringent RPO and RTO. As the report suggests, given “the non-disruptive options available today it seems that IT departments are missing out on developing more cost-effective ways to improve their overall recovery capability.”
Compliance and archiving
Aside from the need for recovery, compliance is one of the most important factors influencing backup routines. Whether because of industry or government regulations, most companies are expected to retain certain records – such as financial data – for periods of five years or more.
Despite this, just over half of all IT managers said they maintain a backup retention regime of less than one year. In more than one-third of these organisations, IT departments retain backup data for less than six months. Such short periods are a relatively new trend and seem to be related to the adoption of disk as the primary backup target, as well as acknowledgement that while organisations hold a huge volume of data, relatively little of that data is of long term value.
The thinking goes like this: backups and recovery using disk are much faster than backups and recovery using tape. I can therefore use disks to back up more frequently, recover faster and I won’t have to hold on to my backups as long. Therefore an archive of 12 months is sufficient.
Such an approach is fine providing the IT department identifies and fully protects any data that falls under retention requirements. If they fail to do so, the risk of penalties due to non-compliance is high.
The short term view
There is another kind of archival practice rapidly gaining favour among IT managers and that is “Any Point in Time” recovery. With a typical backup, recovery is restricted to the time the backup was made. If a backup was made at 7am today, that is the time your systems will be restored to. With any point in time recovery, the system tracks every change at every moment, so an IT manager can choose to restore to any particular date and/or time, such as 6pm the previous evening, or midday three days ago.
Typically “any point in time” capability is achieved by implementing Continuous Data Protection (CDP) technology. Because this is a resource-intensive approach to data protection, organisations tend not to keep any point in time archives for months or years. A little under half of all organisations suggest that the ability to recover to any point in time within the last 24 hours would be sufficient for their needs. Another one-quarter would like any point in time recovery within the last week.
Make the changes work for you
Data protection technologies are not immune to the IT industry’s desire for improvement. New tools and solutions are always emerging. The shift in media formats is simply the latest in a long line of advancements. Given the changes, IT managers should consider their strategies for cost-effective, long-term data protection.
Whatever approach an IT manager chooses, the key to getting a data protection strategy right lies in the ability to match regulatory demands and strategic business objectives, such as RTO and RPO, with the appropriate data protection and recovery solutions.