DELETE. It's a button we hit every single day. But normally, we are comforted by the fact that if we need to get something back that we accidentally deleted, backup software can save the day. But what happens when you delete data within a SaaS application? In some cases it is as simple as pulling up the virtual trash can and retrieving it. Sometimes, however, its not so simple. While the majority of the enterprise-grade SaaS offerings have robust methodologies for backing up and restoring data to protect against data loss or disaster, they may or may not make this technology available to you as the user. In cases where data is deleted accidentally or maliciously, tied to the account of departing employees, wiped out by rogue applications or lost during a migration, the vendor may or may not work with you to retrieve data from its backups.
How well do you know your SaaS provider's SLAs for retrieving data? Chances are, this isn't something you've spent much time thinking about. In a recent report, we dug through the backup and restore policies of dozens of SaaS vendors and found the results extremely variable. Some vendors will help restore data, but only for a hefty fee, others will take no part in assisting you with restoring data, and the vast majority, simple don't disclose their policies. Here are excerpts from several SaaS provider's restore policies that we found particularly interesting:
Have you heard the big news? Data is growing at an insane pace. Ok ok, this isn't really news, I hear this almost every day. But what many people don't realize is that one of the guiltiest culprits behind data growth is actually backup data. Between 2010 and 2012, the average enterprise server backup data store grew by 42%, while file storage (which is often the scapegoat of data growth) grew by 28%. And with more and more mobile workers, it's no surprise that PC backup storage is also growing at an explosive rate, almost 100% over the past two years.
Backup data growth being what it is, it's no surprise that a lot of people are re-evaluating their enterprise backup software. That's why I recently embarked on Forrester's first Wave on Enterprise Backup and Recovery Software. As part of that report, I developed a list of key criteria that are necessary to evaluate your backup and recovery software. At a high level, here is what I came up with:
Data reduction capabilities and scalability. What data reduction techniques does the product support, and how well do these techniques scale?
Backup targets. What targets and backup methods does the solution support?
Advanced backup options. What advanced backup options does the solution support?
Encryption. What are the native backup encryption and encryption key management capabilities? What encryption solutions does the product integrate with?
I've got backup on the brain. I guess this isn't an unusual occurrence for me, but it's also been bolstered by a week at Symantec Vision, a week at EMC World, as well as backup announcements about IBM's data protection hardware and CommVault's PC backup enhancements not to mention the flurry of cloud backup news this week from Trend Micro, CA Technologies, and Carbonite. All of this has gotten me thinking about the future of backup... we've come a long way from simple agent-based backup and recovery. Backup is just one piece in an ever-increasingly complicated puzzle we call continuity. If backup software vendors want to stay relevant they're going to need to offer a lot more than just backup in their "data protection" suites.
Recent outages from Amazon and Google have got me thinking about resiliency in the cloud. When you use a cloud service, whether you are consuming an application (backup, CRM, email, etc), or just using raw compute or storage, how is that data being protected? A lot of companies assume that the provider is doing regular backups, storing data in geographically redundant locations or even have a hot site somewhere with a copy of your data. Here's a hint: ASSUME NOTHING. Your cloud provider isn't in charge of your disaster recovery plan, YOU ARE!
Yes, several cloud providers are offering a fair amount of resiliency built in, but not all of them, so it's important to ask. Even within a single provider, there are different policies depending on the service, for example, Amazon Web Services, which has different policies for EC2 (users are responsible for their own failover between zones) and S3 (data is automatically replicated between zones in the same geo). Here is a short list of questions I would ask your provider about their resiliency:
Can I audit your BC/DR plans?
Can I review your BC/DR planning documents?
Geographically, where are your recovery centers located?
In the event of a failure at one site, what happens to my data?
Can you guarantee that my data will not be moved outside of my country/region in the event of a disaster?
What kinds of service-levels can you guarantee during a disaster?
What are my expected/guaranteed recovery time objective (RTO) and recovery point objective (RPO)?
It's been a little over a year now since it was announced that Oracle would buy Sun, and in the intervening time, there has been a great deal of speculation over what would happen to Sun's storage division. I know I've been waiting with bated breath (ok, that might be a BIT strong) to find out what the future of Sun storage would be, and now we have at least a small nugget of information (Oracle has been frustratingly mum on the topic since the acquisition). As you might have guessed, there is good news and there is bad news for Sun storage customers:
During Interop, I attended two sessions on disaster recovery and backup in the virtual world, topics that are near and dear to my heart and also top of mind for infrastructure and operations professionals (judging by the number of inquiries we get on those topics). First up was How Virtualization Can Enable and Improve Disaster Recovery for Any Sized Business which was very interesting (and very well attended). The panel was moderated by Barb Goldworm, President and Chief Analyst, FOCUS, and the panelists were: George Pradel, Director of Strategic Alliances, Vizioncore; Joel McKelvey, Technical Alliance Manager, NetApp; Lynn Shourds, Senior Manager, Virtualization Solutions, Double-Take Software; and Azmir Mohamed, Sr. Product Manager, Business Continuity Solutions, VMware.
Barb kicked off the session with some statistics on disaster recovery that can help people build the business case for it: 40% of business that were shut down for 3 days, failed in 3 years. She also cautioned that you have to test DR regularly and under unexpected circumstances.
Despite the availability of multiple backup appliances supporting deduplication, Data Domain has continued to win customers at a steady pace. As of March 2009, the company had more than 2,900 customers and recruited hundreds of value added resellers. Its proven deduplication technology, integrated replication, and aggressive campaign to eliminate tape garnered it a tremendous amount of mind share and put it on most customers’ short lists. So it comes as no surprise that they were acquired by a major storage vendor.
That it was acquired by NetApp does come as a bit of surprise. NetApp does have its own successful VTL that supports deduplication. But then again, NetApp didn’t introduced deduplication in its VTL until the Fall of 2008 (the last of the major storage vendors to do so) and it typically sells its VTL into its own customer base. With Data Domain, NetApp now owns one of the toughest competitors in the backup appliance market and it gives the company a system that it (and the hundreds of NetApp channel partners around the globe) can sell into non-NetApp environments.