BRIAN FAWCETT (BF): Backups protect sensitive business data from natural and manmade threats, making them one of your company's most valuable assets. However, those backups are essentially useless without a viable recovery plan.
I'm your host Brian Fawcett and this is IT Availability Now, the show that tells stories of business resilience from the people who keep the digital world available.
Most businesses treat backup and recovery as interrelated but independent silos with different technologies, processes and vendors for each. This ideology needs to change.
On this episode of IT Availability Now, Michi Schniebel, Principal Product Manager at Sungard AS will discuss why traditional backup and recovery plans are flawed, how companies should alter their approach to ensure greater success, and how Sungard AS can help you achieve a unified recovery.
Hey Michi, welcome back to the podcast.
MICHI SCHNIEBEL (MS): Hi Brian, excited to be here.
(BF): Yeah, so let's get right into it. If current backup and recovery models have worked for organizations in the past, why do they need to find an alternative now?
(MS): Right, so disasters have changed. In the past we had natural disasters and human error, but now we see these new cyberattacks that can linger for days or weeks in your environment and also actually target your backups.
Unfortunately, managing backups and keeping a constant eye on your recovery platform is a big ask for most IT teams, especially if they have other priorities. But the challenges don't end there. Traditional backup and recovery plans are typically too slow, risky, expensive, complex, and time consuming. This is where customers look for a change for a better protected environment at a lower budget.
(BF): So, you know, how should organizations then approach backup and recovery?
(MS): Backup and recovery solutions must go hand in hand. Too many organizations decouple or separate backup from disaster recovery because they see them as different use cases with different requirements, but instead organizations should look at backup-based recovery. The goal should be to use a single technology to address both scenarios for backup and recovery. This doesn't exclude specialized recovery solutions for more aggressive requirements, it would be just different investments for different outcomes, like getting a fast RTO if you invest more money.
On top of that, organizations should consider cloud-based solutions. Same as the local approach, but in a private cloud, with a secure service provider. This will give the extra protection against modern cybersecurity attacks and makes the company more resilient in cases of regional disasters.
(BF): Typically, what are the inflection points an organization experiences before deciding their legacy data protection is unable to keep up with the backup and recovery of their central data and applications?
(MS): Regulations and common sense requirements pushed customers to look at their recovery plan in the past. Now, businesses have to rethink every time there's a new story on the latest attack. They have to look and see how would they survive a certain cyberattack or deal with the bad reputation when their downtime is longer than the customer can tolerate?
(BF): Do hybrid environments influence the type and scope of backup and recovery organizations should use?
(MS): Yeah, absolutely. If you look only at your virtualized environment, for example, you will find a lot of providers in that space. But if you also need physical server protection, now the field shrinks. If you also have AIX, iSeries, or even public cloud, only a few service providers cover the whole environment.
You need a comprehensive solution that recovers all elements, in the right order, and they must be connected to each other. So it should be highly automated and sophisticated but, of course, there's not a single technology or software out there that covers all of that and automates on top. So, consider a service provider as a fully managed approach, and an actual operations team of experienced individuals that recovers your complex environment at time of disaster.
(BF): That makes sense. So let's talk about security. With ransomware becoming increasingly prolific, how can organizations use backup and recovery to mitigate exposure?
(MS): Backups are kind of the natural enemy of ransomware, right? You can’t ask for money if the victim just can fall back to the backup and ignore the threat. That's why the new cyberattacks actually target your backup data and try to destroy it.
So the best protection against ransomware is to prepare for the worst case scenario, which means your entire IT is compromised, it has been corrupted for some time, so not just a few days but maybe, you know, even a week or longer, and the network communication is limited.
So to increase your chances to quickly recover your business from that kind of scenario, you need to have a copy of your data off site, so that the ransomware cannot get to it, which you easily achieve by using a service provider. You need to have long term data retention from which you can fully recover. Like I said, if the ransomware lingered for weeks in your environment, you need to have data that goes longer than that time. And that is where cloud-based backup and recovery is a very cost-efficient solution.
And the last point was, you need to have a way to initiate the recovery without using your now unavailable resources, like network and people, right, they might be not available at the time. So, this is something you would get from a managed service provider where you just pick up the phone and call them and they manage everything for you.
Now there are also good disaster recovery as a service (DRaaS) solutions out there and they are needed. But ultimately, backup is more efficient when it comes to data compression and deduplication, and this way you can store more recovery points to have better flexibility at a good price.
(BF): So Michi, for organizations that are keen on reimagining their backup and recovery processes, what are some key metrics they should consider in developing a more cohesive backup and recovery strategy?
(MS): The first thing you need to look at are the dependencies. You need to look at your environment as a whole. What applicational server is needed to have another application working? So what is relying on each other? You need to identify all the elements, and then you need to understand what is your RPO, your RTO, what application needs to be up the fastest, how much data can I lose and afford to lose, and what has the lowest priority?
And a good way to do that is to tier your servers or applications into different tiers with different requirements, and then look for a solution that actually supports that kind of tiering in their DR plan, but also in their pricing. Make sure people are available at time of disaster. You might have no internet, people might not be able to enter the data center, so make sure whatever solution you're going with accounts for having people available with experience in that area.
And the last thing I like to mention is a good balance between business and technical objectives. What that means is that you should use SLAs to drive your approach to define objectives of what kind of RTOs, RPOs you need, but keeping the cost in mind, right? You can ask for super low RTOs, but they will come at a cost. So it needs to be balanced between what's technically possible, and what you can actually afford. Also look for features such as regular testing to get the assurance that your recovery will actually be successful. And don't rely on technology only.
(BF): Great recommendations on those key metrics, Michi, so thanks for going through that. Now Sungard AS partners with companies like Veeam and Dell EMC on data recovery. How did those partnerships help organizations achieve more confident data recovery?
(MS): So Sungard AS’ backup and data protection portfolio offers a comprehensive range of managed and unmanaged solutions. We work with product providers as you just mentioned to develop and design better services and solutions that are built on the most efficient platform based on best practices coming from these companies.
The results of that can be found in our offerings such as our cloud backup and recovery, where we partner with Veeam to offer an inexpensive cloud backup and recovery service, managed faulting for data domain with DLM capabilities delivering offsite data protection for x86 platforms and IBM mainframes with assisted and fully managed application of a recovery options.
And our last is a backup as a service that leverages our primary Dell EMC IDPA and Avamar investment, without the expense and burden of managing a secondary recovery environment for off site data protection.
(BF): Awesome Michi, thank you so much.
The survival of your organization relies on the confidence that backups are readily available, sound, and most importantly, recoverable. And that's why businesses can no longer treat backup and recovery efforts as two separate initiatives. Instead, you must change your approach and fuse them together. That way, no matter the disruption, you can feel confident that you have a unified recovery at your disposal.
Michi, I appreciate you joining us again on this episode of IT Availability Now.
(MS): Yeah, thanks for the invite.
(BF): Michi Schniebel is Principal Product Manager at Sungard AS.
You can find the show notes for this episode at SungardAS.com/ITAvailabilityNow.
Please subscribe to the show on your podcast platform of choice to get new episodes as soon as they're available.
IT Availability Now is a production of Sungard Availability Services.
I'm your host Brian Fawcett and until next time, stay available.