Bouncing back: Disaster recovery and data protection during a pandemic
Even organizations with solid disaster recovery (DR) and data protection plans in place now need to re-visit their strategies due to the significant changes levied by COVID-19. However, the fact is, most companies were unprepared to begin with, and data protection and DR -- already a tricky proposition -- became even more difficult and complex during the pandemic.
Overnight, companies of all sizes went remote. Initially, IT handed out laptops to staff as they left the building or relied on employee-owned devices. Many users connected to the corporate server via virtual private network (VPN), which were complex for IT to manage, difficult to provision, hard to scale and often providing poor performance.
As time passed, restrictions loosened, but many companies decided to continue with a predominantly remote workforce. Further, leaders and employees alike have realized there are real benefits to remote; the work-from-home genie won’t be going back into the bottle.
As a result, companies are turning to the cloud and, increasingly, to service providers for software and infrastructure (SaaS and IaaS). That means IT management is spread thin across areas that include the corporate data center, cloud (often more than one), user endpoints and multiple SaaS providers. To pull it off requires an all-encompassing plan to ensure DR, data protection and availability.
Most SaaS providers operate under the shared responsibility model; they make sure their infrastructure is secure, apps are available and data is safe in case of a disaster. But the responsibility for long-term and granular protection of data belongs to the customer. And as analysts from 451 Research discovered, nearly half of all participants in a related survey mistakenly assumed data protection was entirely the SaaS providers responsibility.
For example, if someone in a company mistakenly trashes a Microsoft Office 365 document that is vital for a quarterly board report, and it’s not noticed for a couple months, that’s a big problem. Microsoft automatically deletes recycle bin data after 30 days, so unless it’s backed up, all that information is gone for good. Worse, should an employee under investigation delete incriminating emails and it, too, goes unnoticed for more than a month, a company could find itself in a serious legal and image battle when discovery begins. And what if the provider suddenly cuts your company off over a billing disagreement or shutters its doors? How will you access your data?
Find a solution for protecting SaaS data, but if one isn’t available for a critical service, make data protection part of the service provider’s contract and insist they regularly send copies of your data. And when it comes to IaaS, realize cloud providers also use the shared responsibility model: They watch their infrastructure, you handle the data. There’s no shortage of vendors offering cloud backup, so there’s really no excuse for accepting this exposure.
A Means to an End?
Remote employees will store important data on their machine if given a chance.In 30 plus years of personal computing we still haven’t gotten past the Desktop and My Documents as the predominant workflow data location. If employees are using a company-issued machine, there are strong endpoint protection options readily available. Deploying and configuring clients for each machine will likely be tedious, but it’s nothing compared to recovery, let alone explaining why data was unprotected to the c-suite in the first place.
Here’s a few recommendations to help.
With a robust and correctly configured platform, end-users won’t be able to store data in a Cloud SaaS provider you are backing up. Virtual desktops could also prevent the cutting and pasting of data to the device itself for further protection. And if using such a clientless solution, be sure to set firm credentials for access and use multi-factor authentication.
The Road to Recovery
Recovery can get very difficult, very quickly in highly distributed environments, especially when it comes to a large-scale disaster. Where will DR and backup data be stored? The cloud seems obvious, but there are a number of things to keep in mind and here are just a few.
- The big cloud providers make it easy and cheap to upload data, but the price rises dramatically for retrieval, particularly with large-scale recovery efforts.
- Recovering to the cloud requires specialized expertise for virtual machines (VMs), end-user access, and networking is entirely different from on-premises.
- If IT is using the cloud directly and encounters issues, it’s going to be a task itself getting a hold of someone for assistance.
During an event or full out disaster, the last thing you want to be doing is creating a backup and DR plan on the fly while the c-level waits. You want to bounce back fast. So, re-evaluate your data protection strategy, plan out recovery for each app, track all dependencies and test repeatedly.
While employees and data may now be in new and varied locations, and though backup and DR have been made more complex, the right solution and plan will put you on the road to recovery much faster.
Jim Jones has more than two decades of experience running and operating IT environments for large organizations, and today is a senior cloud architect with OffsiteDataSync.