The Debate About Disaster Recovery in the Cloud
- Published on January 6, 2011
- Written by BRIAN VANDEGRIFT
According to Forrester analyst Andrew Reichman, there are six factors that limit the spread of hosted cloud storage, which include: guaranteed service levels, security, chain of custody, shared tenancy, long-term pricing, and vendor lock-in. While these factors are considered to be liabilities for those weighing a move to “the cloud,” these are the exact strengths companies find in evaluating vendors for backup-as-a-service (e.g. online backup).
This array of logic provokes a number of questions: Why does hosted backup-as-a-service continue to grow in popularity in spite of similar factors that appear to be stalling the widespread adoption by SMBs and larger enterprises from moving their stored data into the cloud? Is it really fair to drop online backup and recovery into the same “bucket” as hosted cloud storage? Perhaps cloud storage simply has neither the cachet or deep roots among users as online back-up solutions which have evolved in their lineage and breadth of services. At this point in its maturity, it can be argued that “cloud” simply does not have the structure, usability, or clout of online back-up solutions.
How could these two domains be mutually exclusive? Is this a matter of semantics, a “get with the cloud program” mindset, or is something else going on? With implications for business continuity/disaster recovery (BC/DR), maybe there’s more to this debate than meets the eye.
The Genesis of Disaster Recovery: Why We Do It
Consider the following industry taken-as-gospel findings:
- A single incident of data loss can cost a company an average of $10,000
- 93 percent of companies that lost their data for 10 days or more filed for bankruptcy within a year
- 40 percent of businesses that suffer a loss of data fail within 5 years
Being able to retrieve data as you need it and when you need it are not only dependent on the continuity, strength, and scope of your backup-as-a-service activity, it also enables BC/DR to get into the hands of virtually any organization, large or small. Based on the size of the BC/DR industry alone – growing from $24.3 billion in 2009 to more than $39 billion in 2015 – businesses find BC/DR a valuable investment.
The Cloud as Data Store
For IT professionals versed in BC/DR, the importance and value of the “cloud” as a facilitator of restoring and recovering data would be nearly undeniable based on its media attention alone. While definitions for “cloud” may vary widely, most would agree that the potential benefits are compelling: reduced complexity, added flexibility, increased reliability, and reduced costs. Think of cloud as backup-as-a-service on steroids and you only begin to scratch the surface of its potential long-term impact on datacenter utilization, uptime and end-user satisfaction.
Still, there is the matter of the Forrester Research survey. If cloud is a natural evolution or technical corollary to backup-as-a-service – an activity that is only now reaching its prime and popularity – why the hesitation by such an overwhelming number of respondents to put off, even considering cloud storage in the first place?
Perhaps it comes down to the six gating factors cited in the study, which not only deserve to be addressed, but dispelled as myths.
Myth No. 1: Guaranteed Service Levels
There’s no getting around it. Whether you manage and maintain your own infrastructure or outsource it to a service provider, you’re paying for uptime. That was true when your paid staff had to meet internal service level agreements (SLAs) to your company and it’s doubly true when you and your provider agree on an SLA that makes sense for both of you.
The questions you ask your provider are the same you would ask your paid staff: how will you quantify uptime? Who is responsible for that, how are they accountable, and what remedies do I as a user (or your boss) have when you can’t meet your SLA?
Take it at face value that service providers are in the business because they know what it takes to meet your requirements. Their business literally stands or falls on meeting the theoretical “five nines” equation. It’s in your best interest to hold their feet to the Proverbial fire to ensure the transfer of data from your datacenter to your provider’s storage servers results in uptime and an SLA that is explicit, detailed, and unambiguous.
Myth No. 2: Security
The well-regarded Ponemon Institute which tracks security-related statistics recently disclosed that the average global total cost of a data breach in 2009 was $3.43 million, with an average cost of $142 per affected record. In the United States alone those figures jumped to an astounding $6.75 million total cost per breach, with an average cost of $204 per affected record.
Arguments about security as a barrier to cloud storage adoption are well-known and many work overtime to produce products and solutions designed exclusively to allay end-user trepidations. Taking steps such as end-to-end encryption (in-flight data or at rest), 256-bit AES encryption, and secure sockets layer (SSL) technology, as well as a digital “handshake,” ensures a client’s data is in the same “state” as it was when it was initially stored on-site (accessible only by authorized personnel and impermeable to external threats).
Myth No. 3: Chain of Custody
The discussions around security and the cloud dovetail into the argument known as “chain of custody.” Used most popularly in evidentiary hearings associated with criminal trials, it’s nevertheless becoming an important attribute and boils down to answering the following question: “Who in your organization is accountable for the transfer and storage of data?”
That’s a question everyone answers differently. However, every organization should audit the security of its data backup, especially if it involves physical tapes. There are many well-known instances of tapes being misplaced or stolen outright, compromising the chain of custody in the worst possible way.
On the other hand, backup-as-a-service (or cloud storage) providers constantly monitor and support an unbroken chain of custody through a series of best practices, including a “digital handshake” and detailed logs of who accessed its data and when. Try asking that same requirement of a courier service or tape storage provider and you will find no practical equivalent.
Or try stepping up chain of custody to meet legal or compliance obligations associated with e-mail archiving. Imagine, for example, having to pore over, extract, and archive what could be one e-mail among hundreds of thousands under the threat of subpoena. The shortcomings of doing it yourself become a study in frustration.
Myth No. 4: Shared Tenancy
Those reluctant to follow their peers into the cloud (or to a backup-as-a-service model) have cited shared tenancy as a reason to sit out this data storage and recovery dance. In reality, however, a service provider would have no reason to logically store or share dissimilar client data in the same server. What good could possibly come of a solution that invites data confidentiality breaches?
Ultimately, as long as there is a logical separation between individual clients and the server upon which it is stored, there is simply no reason to distrust a service provider to ensure your data doesn’t fall, either deliberately or carelessly, into the wrong hands.
Myth No. 5: Long-Term Pricing
When building your own DR facility, in addition to the upfront costs of servers, networking equipment, and software licenses, there are facility costs such as energy and cooling as well as pure-play infrastructure costs including IT administration, management, and maintenance.
As a rule, service providers as a community will work with end users to provide competitive monthly rates that are often pay-as-you-grow arrangements. Consider a term agreement as a way to amortize what would have been your capital expense costs, so they are absorbed instead by the provider, leaving you with both a level of comfort and leftover dollars that you can then reinvest in your organization.
Myth No. 6: Vendor Lock-In
There is considerable value in sharing the BC/DR stage with a vendor you believe is acting in your best interest and, more importantly, has invested in a physical plant and exceptional resources to ensure the best outcome.
To use a metaphor, when you reserve an airline ticket weeks or months in advance you’re relying on the carrier being able to fulfill the need for which it was intended – flying you from one part of the country to another. At that inflection point, you’re not only investing wholesale in the carrier, its convenience and its reputation for reliability, you’re also trusting that it has invested properly in equipment, fuel, trained pilots, experienced mechanics, flight attendants, ticketing infrastructure, and so on to satisfy that investment. In other words, both parties have something at stake in this relationship. It’s not “vendor lock-in” per se; rather it’s a future proofing of your own needs over the long-term. By negotiating a term agreement with a particular service provider, you’re enabling that vendor to provide you with the entire forward-looking, future-proofed infrastructure required (in this case storage capacity, high-end security, access and environmental controls, financial stability and more), all of which relieves you of taking your chances with your own infrastructure.
So who has it right, and who has it wrong? Is it the backup-as-a-service providers – with years of experience and practical know-how – or is it leading-edge services like cloud storage that administer and manage what they readily believe to be the ultimate BC/DR solution?
Wherever your loyalties lie or which instincts you trust, no one company can possibly keep up for long with the explosion of data that is already saturating servers throughout the industry. In fact, according to research and consulting firm IDC if every byte of digital data created were to be stored, there would be a 35 percent shortfall in available storage. By 2020 the gap will grow to more than 60 percent.
The key to making on-premise storage co-exist with an off-premise backup-as-a-service solution is not about ownership or giving up control to gain some advantage in the event of disaster. It’s not even whether you call it backup-as-a-service or cloud storage. It’s more about finding that holistic approach that enables your datacenter to both keep up with demand while protecting the intrinsic needs of your users and the extrinsic requirements of your organization.
In effect, whatever path you choose must be transparent to users and easy for your staff to administer. If you’re able to find that blend and integrate it into your everyday routine, you’ll not only solve the debate about disaster recovery in the cloud, you’ll also be ahead of the pack in watching out for “the next big thing.”
Brian Vandegrift, vice president at Venyu, is a problem solver. With more than 14 years in technology consulting, he has helped architect data protection, disaster recovery, and hosting solutions for just about every challenging scenario a business could face. He holds certifications from Microsoft, Citrix and VMware and has been with Venyu since 2000.