Business expectations for data protection have evolved more rapidly than IT can respond. Initially, CIOs sought to lower operational and capital cost and risk by covering the protection continuum (from availability to archive). Now, CIOs need protection to help accelerate the business and drive revenue.
Cost vs. Risk
A few years ago, the person who said, “It’s not about the backup; it’s about the recovery” was considered a king of insight (in the ‘one-eyed man in the land of the blind’ sense).
Today, customers recognize a continuum of recoveries:
- Disaster recovery: Re-create an application due to unrecoverable failure. Increasingly, customers prefer disaster avoidance with continuous availability.
- Corruption recovery: Rollback an application to a previous point in time, due to a logical corruption (bad database schema, etc.)
- Granular operational recovery: Extract a single object from a recent (90 days or less) point in time – (e.g., email, file) usually due to users’ ”oops”.
- Archival retrieval: Search and retrieve objects from a historical archive, usually due to compliance or legal need.
To meet these needs, customers deploy mirrors, snapshots, replicas, backups, and archives. The complexity creates a conflict between reducing operational cost and reducing risk.
Accelerating the Business
Business demands an agile, analytic-driven IT environment. Unfortunately, small data sprawl, geographically distributed applications and users, makes centralized analytics nearly impossible. There is another option, however. Data protection consolidates both data and metadata across the organization. It’s time for that data protection lake to evolve from insurance policy to business asset.
Over the past year, we’ve seen the following data protection extensions:
- Security: The line between “backup” and “security” blurs. Companies want protection from both accidental and malicious action, like “Has secure data leaked to unsecured servers?” or “Can we identify excessive data deletion because that may indicate an attack?” or “Can I put all information pertaining to this user and his contacts into a compliance/security case file?”
- Availability: The line between “availability” and “recovery” is also blurring. Teams prefer to deploy continuously available infrastructure for disaster avoidance rather than disaster recovery. Furthermore, they want to know – “Will moving this workload compromise the data protection/security?” or “Are the application users and data in different sites, compromising performance?”
- Cloud Compliance: Businesses will move some applications and infrastructure to the cloud. IT fears that the cloud solutions will not meet business and legal regulations, and that those shortcomings will be blamed on them. The data protection team needs to ensure that the application data in the cloud is protected, secure, and compliant – even when the business “forgets” to involve them.
The data protection discussion bears little resemblance to the “backup window” conversations of years past. Companies expect end-to-end data protection and availability solutions that deliver insight to help IT better serve the business.
Solving Use Cases
Despite the overwhelming demands, protection teams can redefine themselves. Metadata, the information about your information, is the key. By leveraging metadata, customers create unified solutions that span the protection continuum. The result is that IT becomes a data protection service provider that tracks, monitors, analyzes, and manages the variety of protection techniques.
IT then evolves to data management service provider by unlocking the next generation of use cases tied to the protection metadata.
- Security: Correlate infrastructure metadata (e.g., who is logging into what systems) with application metadata (e.g., what is running on that infrastructure) and content metadata (e.g. , what data are they accessing/creating) to flag security and compliance issues.
- Availability: Correlate application metadata (e.g., what applications are being created or moved) to the infrastructure metadata (e.g., where is the load going to run and be protected) to predict availability issues.
- Cloud Compliance: The flow is similar to on-premise security, with one additional requirement. IT must work with the cloud provider to access the infrastructuremetadata. Any cloud provider unwilling or unable to provide access to key log information is not mature enough to trust with critical application workloads.
By collecting and analyzing the metadata across the environment, the protection team can expand the sets of services they can offer to the business. They can protect the company from the full array of both intentional and accidental failures and attacks. Even more, with the right strategy, people, process, and technology, IT can become a data management service provider. The future of IT is in accelerating business revenue; the path is paved by central protection metadata.