1 Introduction
Ensuring the reliability and security of IT services is an essential component of business continuity planning. This requires, amongst other things, protecting the data held in these services in a way that allows them to continue following various unwanted events such as physical or logical damage to the storage devices or the IT installation. Organizations typically use data protection solutions that take copies of the IT service data which is then securely stored and can be used to restore the service when needed. Most organizations now have a hybrid IT environment with a cloud first approach to choosing new applications, and data protection solutions need to support the multiple service delivery methods that this involves.
While this provides many benefits it also creates challenges around business continuity. Cloud services appear to offer improved continuity and there is a temptation to believe that their use removes the need for the customer to perform data backups. However, many cloud services’ contracts do not guarantee the availability of their customers’ data. Even where there are guarantees these may not meet every customers’ Recovery Point Objectives (RPOs) or Recovery Time Objectives (RTOs). Furthermore, where an organization is using cloud services from multiple vendors as well as on premises IT the need to use different tools to protect each service increases costs and risks. This creates a dynamic whereby a common solution that covers all the different use cases and service deployment models is needed.
Where IT services are delivered on premises it is not enough to make copies of the data and hold them locally. In order to safeguard against the additional risks of natural disasters, fire and theft it is important to store these copies in physically separate locations and the transfer of media adds delays and additional risks. The cloud provides a potential solution to these problems.
The cloud provides an alternative location in which to hold protected data. Since major cloud service providers usually have several highly secured datacentres in multiple geographic locations, using these to store the backed-up data with a high degree of resilience has the potential to reduce the delays and risks involved in physical transfers. This has led to the emergence of new data protection solutions as well as the adaptation of existing solutions to back up IT service data to the cloud.
In today’s hybrid IT environment data protection solutions need to accommodate a range of scenarios including:
- Backup and restoration of data for on premises services. This needs to accommodate not only physical servers, but also hypervisor-based virtual machines and storage as well as middleware and applications.
- Backup and restoration of data for a range of SaaS (Software as a Service) clouds. This must accommodate the varieties of data types that exist in different services. For example, the kinds of data held in shared file systems (such as Microsoft Office 365) are quite different to the form of data held in a CRM system (such as Salesforce.com).
- Backup and restoration of data for IaaS (Infrastructure as a Service) clouds including virtual servers, various types of storage, applications and databases.
The customer should always have control over the geographic location of their data – often very important for compliance reasons. In addition to protecting data held on premises, solutions should also provide the capability to protect backed up data held in cloud services. It should be possible to restore not only the data but also its structure and metadata such as permissions.
The protected data should be secured against unauthorized access during transit and storage, it should also be protected against changes and deterioration. This should include controls, such as encryption, to prevent unauthorized access during the backup process and while the protected data is retained. Deduplication to remove multiple copies of the same data is also useful to reduce the costs of transfer and storage as well as to reduce the attack surface.
For Software as a Service (SaaS) there should be a single control point and management interface for the range of SaaS services protected. The solution should cover at least the SaaS services most commonly used by organizations including productivity tools such as Microsoft Office 365, G Suite, and CRM systems such as Salesforce.com. It should include comprehensive protection for the range data held in these services. For example, it should typically include emails, Calendar, Contacts, Tasks, Shared Mailbox, In-place archive, OneDrive, SharePoint, Groups and Team Sites for Office 365 and equivalents for G Suite. For CRM systems like Salesforce.com it should include: Accounts, Contacts, Leads, Opportunities, Activities, Notes, Cases, and Custom fields.
For Infrastructure as a Service (IaaS) it should provide cover for at least the major cloud services including: AWS, Google Cloud, IBM Cloud, Microsoft Azure. It should support the protection of the units of service provided such as server snapshots and storage volumes as well as the range of DBMS such as: MySQL, Oracle, Microsoft SQL Server, PostgreSQL and others. It should be possible to protect data in one region service by backing it up to another region as well as from the services from one vendor to the service another vendor.
To reduce the management burden, the solution should support common processes for and provide a common administrative interface across all types of data and services being protected. It should include integrated reporting and centralized management capability for the full local and remote IT environment, with the ability to set and monitor SLAs, display a consolidated dashboard, and provide detailed configuration reports.