Business Continuity and Resilience

The Resilience Benefits of a Backup-as-a-Service Solution – Part 1

Darragh O'Grady
September 22, 2020
5 min read

September is National Preparedness Month. This two-part blog details one possible solution to data management and recovery. To learn more about Protiviti’s Business Continuity Management capabilities, click here. 

One of the most critical functions that enterprise IT departments are responsible for, as part of their business continuity and disaster recovery planning responsibilities, is data management, and specifically data backups. When disaster occurs, businesses want to recover their systems with the most recent data possible. Any loss of data could incur significant business cost due to loss of employee productivity, customer liability, regulatory penalties or reputational damage. So, businesses want to ensure their data backup and recovery systems are effective. 

Most businesses rarely get to see the benefits of a robust, well-managed data backup capability, except in times of disaster. To keep costs low, many businesses often outsource backup capabilities, so that the ongoing management of data archives, and their timely recovery, is handled via third parties – i.e., backup-as-a-service. 

In the past, backup-as-a-service (BaaS) capabilities were based around (physical) tape management, as tapes were (and still are, in many cases) the most cost-effective way to store extremely large amounts of read-only data. This can be especially important to meet data retention requirements, which often require certain data to be stored for 7 or more years.  

Many providers began offering ‘backup-as-a-service’ for enterprises by managing their tape infrastructure as well as the physical tapes and, over time, moved more archived data online to disks as storage became cheaper and cheaper, creating a ‘tiered’ data archive service. Requests to fulfill data management needs (schedule a new backup or initiate a recovery) were generally handled by a customer service center. 

With the advent of cloud-based storage infrastructure services, coupled with growing data volumes, increased data variety, increased data sources, more frequent and varied data access and recovery patterns, and ever-growing laws and regulations relating to data management, the concept of ‘backup-as-a-service’ is changing significantly. Is there still a role for BaaS in the traditional sense? What does BaaS mean in the new cloud-enabled world? Is BaaS still meaningful for enterprises with significant and complex on-premise data backup needs? 

The Changing Role of BaaS 

Data backups and recovery, while often the primary focus in the context of Business Continuity Management, are only a small part of the wider focus enterprises have on data management. As enterprises look to maximize the business value of data they have (which can often be petabytes of data tied up in hard-to-access archives), and to ensure their data management practices do not run afoul of regulatory requirements, these companies are under increasing pressure to have significantly more control of their data backups. 

In the past, Backup-as-a-Service would have been centered on the commercial arrangements between the enterprise and a commercial backup service provider. However, with modern technology, the “as-a-service” concept applies to the consumption of a service via APIs (application programming interfaces). In essence, this means that all the services are consumed via automation rather than, for example, via customer call centers. This is a key requirement for a remote data management workforce; they do not need to be physically co-located with data storage infrastructure such as tape drives, etc. to be able to effectively manage their data. 

The advent of cloud and the easy availability of on-demand, tiered cloud storage that has a transparent pricing model, is always available and can rapidly scale up at short-term notice provides significantly more options for enterprises willing to use cloud technology for this purpose. For firms sensitive about data security, cloud providers offer multiple means to secure data, including using key encryption technology to prevent cloud providers themselves from accessing data stored on their infrastructure. 

Major cloud providers, such as Azure and AWS, provide API-based backup services (respectively, Azure Backup and AWS Backup). These services offer an automated means of backing up cloud-based data, as well as on-premise data, and for many enterprises these services can be a game-changer. 

Because most organizations have (or are moving towards) a mix of on-premise and multi-cloud architectures, enterprises often look for a means to enable a consolidated approach to data management. Both established and new storage management players are employing API-based services to provide a much richer set of data management capabilities, with the intent of providing a single common data management platform for  an enterprise that can manage data stored both on-premise and on-cloud.  

BaaS Compliance 

A significant feature of BaaS is demonstrating compliance – for example, with data retention and privacy policies. Therefore, a BaaS service needs to be able to readily confirm to auditors that data is being managed in a compliant way, even for architectures which are inherently cloud-native and resilient. 

While a cloud provider’s storage services may say they meet compliance requirements, a firm must ultimately take control of its own data and be accountable for its own compliance obligations. Services like Azure Backup and AWS Backup allow enterprises to define bespoke policies around data lifecycle, access, retention, scheduling, encryption, etc. 

The ability to automatically define and enforce data management policy rules across an organization is a key requirement in regulated industries. Being able to do this across multiple cloud providers and on-premise solutions may be important for larger enterprises, and enterprise vendors are still needed to help bridge this gap, especially as there are currently no widely adopted standards for data management policy definitions. 

In Part 2, we’ll wrap up our review of BaaS, including challenges to expect when using BaaS and BaaS as part of an enterprise cloud migration strategy. 

To help organizations prepare and plan for disruptive events, Protiviti examines critical and pressing concepts about business continuity management and related practices in our Guide to Business Continuity Management and Resilience.  Download the guide today!

Darragh O'Grady

Director
Technology Strategy and Operations

View all posts

You may also like

Subscribe to Topics

Protiviti Technology Follow

Protiviti leverages emerging technologies to innovate, while helping organizations transform and succeed by focusing on business value.

ProtivitiTech
protivititech Protiviti Technology @protivititech ·
18 Apr

Learn more about what GRC Managed Service is and what it can do for SAP S/4HANA and SAP cloud solutions in the latest #SAP Blog post. https://ow.ly/OMaL50RfsHw #ProtivitiTech

Reply on Twitter 1781035159438954997 Retweet on Twitter 1781035159438954997 Like on Twitter 1781035159438954997 Twitter 1781035159438954997
protivititech Protiviti Technology @protivititech ·
17 Apr

Protiviti is a proud sponsor of ServiceNow Knowledge 2024—a three-day conference all about #AI. Stop by our booth (#2503) to visit with our team and learn how the #ServiceNow platform makes business transformation possible. https://ow.ly/qa6p50Rh9wf

Reply on Twitter 1780627914964308382 Retweet on Twitter 1780627914964308382 Like on Twitter 1780627914964308382 Twitter 1780627914964308382
protivititech Protiviti Technology @protivititech ·
16 Apr

What is #DesignThinking? Could it help your organization? Find out how Protiviti uses it to help clients build net new applications and modernize legacy systems. https://ow.ly/fMK550Rfsoi #ProtivitiTech

Reply on Twitter 1780204913663873376 Retweet on Twitter 1780204913663873376 Like on Twitter 1780204913663873376 Twitter 1780204913663873376
protivititech Protiviti Technology @protivititech ·
15 Apr

Join our May 2 webinar designed for privacy and security professionals seeking to navigate the intricate nuances of data governance within the ever-evolving global regulatory landscape. Register today! https://ow.ly/hzrG50R4fTX #ProtivitiTech #DataPrivacy

Reply on Twitter 1779872392535212145 Retweet on Twitter 1779872392535212145 2 Like on Twitter 1779872392535212145 1 Twitter 1779872392535212145
protivititech Protiviti Technology @protivititech ·
12 Apr

The latest Technology Insights Blog post offers insight into the unique risks associated with Large Language Models (LLMs) and how to establish strategies to mitigate them. https://ow.ly/q3w550RfbXm #ProtivitiTech #TechnologyInsights

Reply on Twitter 1778890996282982442 Retweet on Twitter 1778890996282982442 Like on Twitter 1778890996282982442 Twitter 1778890996282982442
Load More