Backup Compliance for the MultiCloud Virtualized Environment

SHARE

Corporations are entrusting more and more data to the cloud backup, and in many cases to multiple clouds. According to RightScale State of the Cloud Survey, the enterprise is the largest adopter of multi-cloud strategies. Counting all sizes of respondents’ businesses, organizations were using over 4.5 clouds. AWS and Azure lead in the enterprise multi-cloud portfolios, and Google Cloud and IBM Cloud are in the running.

This is not terribly surprising. At this point in the cloud maturation process, all multi-cloud means is that organizations are running applications and storing data on more than two distinct clouds. The most popular configuration is some combination of:

1) A hybrid cloud consisting of a private customer’s cloud and their environment on a third-party cloud.

2) One or two public clouds. 

3) An additional vendor cloud like IBM or Oracle.

But all this activity begs the question: Is IT protecting the data it stores in the cloud? To an extent. Cloud providers are generally trustworthy on building in redundancy and availability for active data.

But for efficiently backing up VMs, or protecting aging data, or version control, or granular recovery, or searching large volumes of data to fulfill eDiscovery requests? That takes backup, not failover. Never assume your cloud provider is doing that for you. The public clouds all offer backup services, but at an extra cost.

What About Traditional Cloud Backup?

Cloud backup has served both virtual and physical data for years. Two types are most common:

Backup Type

Notes

On-premises backup to the cloud

 

Depending on the backup application, IT can backup/replicate data directly to the cloud, or backup to a backup server and from there back up data to the cloud. (Most cloud backup vendors enable on-premises caching for priority active backup data.) Public clouds’ cool and cold tiers are common for low-price backup storage. However, recovery can be expensive and searching backup data for date ranges, custodians, or content can be a challenge. And restoring VMs from backup data may take time depending on your backup service.

Cloud-to-cloud backup

 

Cloud to cloud backup services copy cloud-based data to another region or cloud. For example, SaaS vendors rarely offer their customers data backup services, and if they do it’s at a premium. Data protection also depends on the tried-and-true 3-2-1 rule: keeping 2 local copies on different backup media, and at least 1 copy remotely. Cloud backup should do the same.

When you are only concerned about backing up on-premises to the cloud or backing up from your SaaS application, there are several available options.

But when your data is on multiple clouds and you do not adequately back it up, then you multiply the risk of losing data to deletion, intrusion, or corruption. And if an event compromises VMs, you might lose an entire virtual data center’s worth of data. Although corporations move to the cloud for Capex and Opex savings, savings won’t matter much if the data is gone.

The Challenge of Multicloud Backup

This is not a simple matter of deciding that you’re going to backup in the multi-cloud. There are challenges that are common to any cloud backup, and additional ones that are unique to multi-cloud and virtual backup.

Shared Cloud Backup Challenges

All cloud-based backup share some of the same challenges.

· Can you automate retention management? Does your backup environment allow you to automate retention periods for different data? Can you use policies to categorize different data types? Look for cloud backup applications that don’t simply use the cloud as a cheap backup target, but assign retention periods based on policies, and that alert you when retention periods are up. Extra points for simplifying disposal/move/retain decisions.

· How searchable is your data? Simple backup may be adequate for pointing to a single backup date and recovering that backup. But it’s insufficient for searching data for business needs. eDiscovery requests and investigations/audits all require IT to search backups in several dimension: structured and unstructured data, email and office files, date ranges, custodians, attachments, and content. Try doing this effectively in a non-indexed cloud backup environment. 

· How many resources are you consuming? Corporations move their data to the cloud for cost savings. But when IT backs up data across multiple clouds, their resource usage and costs may grow exponentially. Picture a large Office 365 account on AWS that grows past its maximum baseline storage. Costs immediately spike because now you are over the basic capacity agreement. You move to backup, so you can delete older files from the active Office 365 storage, but now you need to recover – and you find how expensive recovery from cold storage tiers really is.

· Hidden egress costs. Public cloud vendors don’t hide egress charges, but they would rather not total them up for prospective users. For example, vendor lock-in costs keep admins from being able to sync and backup from AWS to Azure, large eDiscovery projects become very expensive, and active archiving costs spiral up as users download archived data from the cloud.

·  Keep it compliant. Sending backups to cheap cloud storage and calling it good isn’t good enough. If your business must prove compliance, you need a lot more. Typical compliance offerings are redundant data centers, backup verification and reporting, encryption, strong user authentication, and WORM. Disaster recovery and endpoint protection are also an important part of the mix.

Specific Challenges for Multi-Cloud and Virtual Backup

In addition to the challenges that cloud backup presents, some challenges are specific to the multi-cloud and to virtual environments: managing multi-cloud backup, rapid recovery over a WAN, efficiently backing up multipe data types, and keeping VM restores in mind when choosing a backup vendor.

· Management. Administrating multi-cloud backup can be difficult. Admins need to learn how to optimize backup on different clouds, how to efficiently recover from multiple clouds, and how to keep it safe with a cost-effective backup and recovery strategy purpose-built for complex infrastructures.

· Recovery. Backup is not the end game, recovery is. Even on-premises recovery can be a challenge: Can you quickly find the data you need to recover? Is it spread across multiple media? How fast can you recover it? Cloud recovery adds more complexity with bandwidth considerations and the complexity to keep it backed up in multiple clouds and recovering them to multiple locations (whether you want to or not).

· Double duty with VM backup. VM backup does double duty: file-based and image-based backup/replication for backup and DR (BDR). Although backup and DR are not the same process, they protect the same data: one against data loss, and the other against application unavailability. When you backup up VMs, be sure that your backup vendor shields you against virtual data loss and failover failure.

Answering the Challenge of Multi-Cloud Backup

You can efficiently and cost-effectively backup your multi-cloud portfolio. The simplest way is to work with an MSP and its backup partners who offer top of the line backup from multi-clouds, with the option to backup on-premises and from the cloud to a customized cloud service provider who is expert in the intricacies of multi-cloud backup and recovery, preferably and egress-free CSP.

Calculate the type of help that your partners will give you. The multi-cloud strategy is popular, but in the case of the on-demand cloud, it is also DIY. Even if you have cloud experts on your staff (and many companies do not), chances are they should not spend time continually optimizing and fine-tuning data on multiple clouds. For that, look to CSPs like KeepItSafe whose support is a competitive differentiator. Also find out if your CSP partners with expert MSPs, and works with top cloud backup software from ISPs like Veeam and LiveVault.

Once you have the data protection strategy and new backup platform in place, be sure that it grows with you. You can add more egress-free clouds to your multi-cloud portfolio, and simply choose which cloud data to back up to the CSP. Look for the following features and benefits before signing with an MSP:

1. Protect your backup and prove regulatory compliance with secure backup processes, geo-location specification, physical and cybersecurity, redundant backup copies, data monitoring, and actionable reports. Also look for version control, WORM availability for regulated data, data retention management, and expertise on regulations including SOX, HIPAA, FINRA, GDPR, and more. (Look for a CSP who provides a HIPAA BAA – DIY clouds don’t.)

2. Know how the backup vendor treats VM backup. For example, some backup vendors save their customers money by backing up data from AWS EC2 to cheap storage on S3. But the same application can take several minutes to convert S3 backup to VMs – not exactly what you want to hear when you’re trying to restore a VM environment.

3. Working with this efficient ecosystem lets you efficiently manage your resource usage. Instead of signing several different backup SLAs and learning different data protection processes on multiple clouds, your MSP partnership lets you efficiently backup using the same backup software to the same customized backup target.

4. Rapid recovery from the cloud depends on features like WAN acceleration. Also look for efficient backup deduplication so restore sizes are smaller, and make sure recovery has granular options as well as folder and volume recovery. Flexibility in the restore location are also important. If your data center is under water or your public cloud has lost a region, the last thing you want is to restore data to these original locations.

5. Your MSP should partner with backup vendors and CSPs who support a wide variety of virtualized backup including VMware, Hyper-V, and virtualized application environments like Microsoft Exchange, Windows, SQL servers, enterprise applications, and cloud applications.

Ensuring Compliance

Most businesses know they need to protect compliance in the cloud, but many of them have gone to opposite extremes. The first extreme is to assume that the public cloud providers oversee data compliance. The providers are not; the company is. The second extreme is accepting that data compliance on the megaclouds is DIY, so the IT team spends significant time and money on fine-tuning compliance.

Neither of these extremes cost-effectively protects stored data compliance in the cloud. The right balance stays in compliance and controls costs by partnering with CSPs who build their business on data security, compliance, and cost control.

By all means, run a multicloud data assessment and choose the clouds that optimize your workloads. Use AWS and Azure for cloud computing; just know that you will need to add extra backup protection. And when it comes to observing and protecting compliance, trust your data to CSPs like KeepItSafe who specialize in compliant data retention and availability.

NewsletterSTORAGE WEEKLY

Want the latest storage insights?