September is National Preparedness Month. This two-part blog details one possible solution to data management and recovery. To learn more about Protiviti’s Business Continuity Management capabilities, click here.
One of the most critical functions that enterprise IT departments are responsible for, as part of their business continuity and disaster recovery planning responsibilities, is data management, and specifically data backups. When disaster occurs, businesses want to recover their systems with the most recent data possible. Any loss of data could incur significant business cost due to loss of employee productivity, customer liability, regulatory penalties or reputational damage. So, businesses want to ensure their data backup and recovery systems are effective.
Most businesses rarely get to see the benefits of a robust, well-managed data backup capability, except in times of disaster. To keep costs low, many businesses often outsource backup capabilities, so that the ongoing management of data archives, and their timely recovery, is handled via third parties – i.e., backup-as-a-service.
In the past, backup-as-a-service (BaaS) capabilities were based around (physical) tape management, as tapes were (and still are, in many cases) the most cost-effective way to store extremely large amounts of read-only data. This can be especially important to meet data retention requirements, which often require certain data to be stored for 7 or more years.
Many providers began offering ‘backup-as-a-service’ for enterprises by managing their tape infrastructure as well as the physical tapes and, over time, moved more archived data online to disks as storage became cheaper and cheaper, creating a ‘tiered’ data archive service. Requests to fulfill data management needs (schedule a new backup or initiate a recovery) were generally handled by a customer service center.
With the advent of cloud-based storage infrastructure services, coupled with growing data volumes, increased data variety, increased data sources, more frequent and varied data access and recovery patterns, and ever-growing laws and regulations relating to data management, the concept of ‘backup-as-a-service’ is changing significantly. Is there still a role for BaaS in the traditional sense? What does BaaS mean in the new cloud-enabled world? Is BaaS still meaningful for enterprises with significant and complex on-premise data backup needs?
The Changing Role of BaaS
Data backups and recovery, while often the primary focus in the context of Business Continuity Management, are only a small part of the wider focus enterprises have on data management. As enterprises look to maximize the business value of data they have (which can often be petabytes of data tied up in hard-to-access archives), and to ensure their data management practices do not run afoul of regulatory requirements, these companies are under increasing pressure to have significantly more control of their data backups.
In the past, Backup-as-a-Service would have been centered on the commercial arrangements between the enterprise and a commercial backup service provider. However, with modern technology, the “as-a-service” concept applies to the consumption of a service via APIs (application programming interfaces). In essence, this means that all the services are consumed via automation rather than, for example, via customer call centers. This is a key requirement for a remote data management workforce; they do not need to be physically co-located with data storage infrastructure such as tape drives, etc. to be able to effectively manage their data.
The advent of cloud and the easy availability of on-demand, tiered cloud storage that has a transparent pricing model, is always available and can rapidly scale up at short-term notice provides significantly more options for enterprises willing to use cloud technology for this purpose. For firms sensitive about data security, cloud providers offer multiple means to secure data, including using key encryption technology to prevent cloud providers themselves from accessing data stored on their infrastructure.
Major cloud providers, such as Azure and AWS, provide API-based backup services (respectively, Azure Backup and AWS Backup). These services offer an automated means of backing up cloud-based data, as well as on-premise data, and for many enterprises these services can be a game-changer.
Because most organizations have (or are moving towards) a mix of on-premise and multi-cloud architectures, enterprises often look for a means to enable a consolidated approach to data management. Both established and new storage management players are employing API-based services to provide a much richer set of data management capabilities, with the intent of providing a single common data management platform for an enterprise that can manage data stored both on-premise and on-cloud.
A significant feature of BaaS is demonstrating compliance – for example, with data retention and privacy policies. Therefore, a BaaS service needs to be able to readily confirm to auditors that data is being managed in a compliant way, even for architectures which are inherently cloud-native and resilient.
While a cloud provider’s storage services may say they meet compliance requirements, a firm must ultimately take control of its own data and be accountable for its own compliance obligations. Services like Azure Backup and AWS Backup allow enterprises to define bespoke policies around data lifecycle, access, retention, scheduling, encryption, etc.
The ability to automatically define and enforce data management policy rules across an organization is a key requirement in regulated industries. Being able to do this across multiple cloud providers and on-premise solutions may be important for larger enterprises, and enterprise vendors are still needed to help bridge this gap, especially as there are currently no widely adopted standards for data management policy definitions.
In Part 2, we’ll wrap up our review of BaaS, including challenges to expect when using BaaS and BaaS as part of an enterprise cloud migration strategy.
To help organizations prepare and plan for disruptive events, Protiviti examines critical and pressing concepts about business continuity management and related practices in our Guide to Business Continuity Management and Resilience. Download the guide today!