Cloud-Powered Data Protection — Definitions and Clarifications

We continue to see a great amount of interest in combining “data protection” and “the cloud” – but also a great deal of confusion, in that there isn’t such thing as “the cloud.”

cloud data protectionIt is a misnomer to discuss data protection media as having three choices (tape, disk or cloud) because cloud services are not actually a media type; they are a consumption vehicle, whereby you trade CapEx for OpEx to a service provider that stores your data on their disk and tape, instead of yours.

It is also a misnomer that vendors offering solutions that utilize cloud-services are “cloud vendors”. They are smart companies whose products are compatible with and/or integration-ready with cloud-based services (with widely varying degrees of finesse), which is great! But they aren’t cloud vendors themselves, they enable customers to leverage cloud-services as part of a broader solution.

But if we look at cloud-based services that intersect with various data protection and availability initiatives, there really are at least six “data protection plus service model” scenarios that are interesting and worth investigating. I recently defined these for ESG’s upcoming Data Protection Cloud Strategies research project, so they are offered here for your consideration:

  • Managed backup services — third-party monitoring and management of your backup solution to provide expertise and oversight, regardless of whether the backup solution is on-premises or cloud-based.

    I firmly believe that much of the dissatisfaction with your current backup solution would be alleviated if you contracted out the management and monitoring of your solution to experts in data protection. This is especially true when you have more than one data protection solution within an environment.

There are three distinct ways to protect data TO the cloud (BaaS, DRaaS, and STaaS/dp):

  • Backup-as-a-service (BaaS) — a third-party service that includes software to back up data into a cloud-based repository, typically paid for using a capacity protected model. Along with the software/service, it may or may not also utilize an on-premises caching appliance or other onsite storage device for faster recovery, but the primary solution design is to ensure the data is stored via an Internet facility.
  • Disaster recovery-as-a-service (DRaaS) — a cloud-based service which may or may not utilize on‑premises technologies (e.g. failover or network-extending) appliance provides orchestrated and cloud‑based compute, storage and networking to enable virtualized servers and services to resume functionality within a hosted cloud-service, instead of within a self-managed data center.

    One key delineation between BaaS and DRaaS is that a backup service typically operates much like a backup application, using scheduled jobs before transmitting and transforming data into repository for long-term retention, from which the data must be “restored.”  Whereas a DR service will typically replicate (instead of backup) data on a recurring basis, with relatively limited ‘transformation,’ thus enabling the replicated servers to boot or otherwise resume operation from the alternate location.
  • Storage-as-a-service (STaaS/dp) — leveraging cloud-based storage as a tertiary repository and supplement to an on‑premises traditional data protection solution (STaaS/dp), so that traditional backups and recoveries occur onsite before the data is replicated to the cloud for longer-term retention and offsite protection. This is what folks who debate “tape, disk, cloud” are talking about as media choices.

The main distinction between STaaS/dp and either BaaS or DRaaS is that an outside backup/archival application interfaces with the production systems. The cloud storage is simply a supplemental repository, over self-managed tape or disk systems.

In addition, there are at least two ways to protect data that is IN the cloud:

  • Software-as-a-service (SaaS) — including Office 365, Google Apps, and Salesforce, whereby cloud‑based production services are used in lieu of traditional on-premises, data center‑centric servers; presumably with native resiliency between intra-cloud points of presence, but without data retention or previous version capabilities. Key point: even if SaaS platforms are assumed to be resilient to outage, your SaaS data still has to be backed up (by you).
  • Infrastructure-as-a-service (IaaS) — utilizing compute (VMs) and storage that is running within a third-party cloud platform or within a hybrid architecture, in lieu of or in complement with self‑managed servers within a more traditional datacenter. The key data protection consideration for Hybrid or IaaS scenarios is where/how does the organization back up the cloud-based data within a hosted environment -- and should that data be stored within the same cloud, a different cloud, or back to the organization’s self-managed facilities?

Let me know what you think about the definitions. And before someone asks, they are not mutually exclusive – so yes, your solution may fit more than category; but hopefully in function, not just in marketing.

data protection and the channel

Topics: Data Protection Information and Risk Management SaaS IaaS disaster recovery BaaS cloud-backup cloud storage DRaaS software-as-a-service (SaaS) Backup-as-a-Service (BaaS)