Most Recent Blogs

Video Series on Data Protection Appliances – Part 4, Failover BC/DR Appliances

Posted: May 15, 2015   /   By: Jason Buffington   /   Tags: Data Protection, PBBA, DPA, business continuity, disaster recovery, BCDR, DRaaS, BC/DR (business continuity/disaster recovery), High Availability, data protection appliances, backup-to-cloud

Data_Protection_AppliancesThe last installment in our four-Friday video series, based on the recent ESG research report on the Shift toward Data Protection Appliances,   

Part four covers what might be the most interesting, albeit nascent category – failover or BC/DR appliances. While the other three categories are predominantly based on or designed for the same “backup/restore” type methodology, BC/DR failover appliances are more often designed around a replication-centric data mover coupled with some hypervisor or compute-cloud means of “resuming services” instead of “restoring data.”

Read More

A Replication Feature is NOT a Disaster Recovery Plan

Posted: July 29, 2014   /   By: Jason Buffington   /   Tags: Data Protection, JBuff, Information and Risk Management, Jason Buffington, business continuity, disaster recovery, BCDR

A few years ago, I blogged that “your-replication-is-not-my-disaster-recovery/index.html" target="_blank" title="Jason's previous blog post on "Replication vs. Disaster Recovery"">Your Replication is not my Disaster Recovery” where I lamented that real BC/DR is much more about people/process than it is about technology.

To be clear, I am not bashing replication technologies or the marketing folks at those vendors … because without your data, you don’t have BC/DR, you have people looking for jobs.

Read More

New Math: Virtualization plus DPaaS = BC/DR!

Posted: December 06, 2013   /   By: Jason Buffington   /   Tags: Data Protection, Information and Risk Management, Jason Buffington, business continuity, disaster recovery, BCDR

Maybe that is overly-simplified, but not by much. Virtualization makes servers (and their associated storage) portable, while Data Protection Services provide alternate locations and expertise that many organizations of all sizes have been desperate for.

Read More

The Spectrum of Data Protection

Posted: August 06, 2013   /   By: Jason Buffington   /   Tags: Backup, Replication, Data Protection, Information and Risk Management, Jason Buffington, business continuity, disaster recovery, BCDR

It is interesting to me how marketing folks and technical purists banter IT terms around in hopes of sounding fresh and compelling to their customers. While “backup” is often thought of as passé or the bane of IT operations, “data protection” is perceived as more strategic, with other lofty terms such as “business continuity” and “information management” being thrown around as adjuncts. And that doesn’t include some of the classic debates, such as snapshots-vs-backups-a-great-debate-no-longer/index.html" target="_blank">Snapshots versus Backups … or Disk vs. Tape.

A few years ago, I wrote the book “Data Protection for Virtual Data Centers,” where the first chapter described the Landscape of Data Protection, as a range of methods that could be categorized by RTO and implementation layer, with a key focus being the differentiation of solutions focused on Availability of data versus Protection of data:

Read More

vBlog: Regulatory Compliance vs Operational Readiness (part 4 of 4): Government CO-OP

Posted: April 30, 2013   /   By: Jason Buffington   /   Tags: Data Protection, Information and Risk Management, Jason Buffington, business continuity, disaster recovery, BCDR, regulatory compliance

This month, I am taking a look at the differences between ‘Regulatory Compliance’ and ‘Operational Readiness’ through a series of videos.

Regulatory Compliance

The efforts to check the boxes before audits – often mandated by an industry (e.g. HIPAA), corporate (SOX) or legal (DOD 5.015.2-STD).

Operational Readiness

The IT efforts to ensure that key IT systems and data are resilient through high availability (HA), disaster recovery (DR) or business continuity (BC) technologies and services.

vblog-regulatory-compliance-vs-operational-readiness-part-1-of-4/index.html" target="_blank">First, I did an overview of the dichotomy between regulatory compliance and operational readiness (BC/DR/HA).

Then, I looked at regulations that affect vblog-regulatory-compliance-vs-operational-readiness-part-2-of-4-for-public-companies-and-financial-institutions-through-sarbanes-oxley-sox/index.html" target="_blank">US financial institutions (SEC) and publicly-held companies (SOX).

Last week, we looked at vblog-regulatory-compliance-vs-operational-readiness-part-3-of-4-hipaa/index.html">healthcare organizations and their regulatory mandates in HIPAA.

This week, we'll finish the series by looking at Continuity of Operations (CO-OP) mandates for Government agencies.

Week 4: Government agencies and contractors

I hope that you enjoyed the series -- and found value in the information. What should my next series be?

Thanks for watching.

Read More

vBlog: Regulatory Compliance vs Operational Readiness (part 3 of 4): HIPAA

Posted: April 23, 2013   /   By: Jason Buffington   /   Tags: Data Protection, Information and Risk Management, Jason Buffington, business continuity, disaster recovery, BCDR, regulatory compliance

This month, I am taking a look at the differences between ‘Regulatory Compliance’ and ‘Operational Readiness’ through a series of videos.

Regulatory Compliance

The efforts to check the boxes before audits – often mandated by an industry (e.g. HIPAA), corporate (SOX) or legal (DOD 5.015.2-STD).

Operational Readiness

The IT efforts to ensure that key IT systems and data are resilient through high availability (HA), disaster recovery (DR) or business continuity (BC) technologies and services.

vblog-regulatory-compliance-vs-operational-readiness-part-1-of-4/index.html" target="_blank">First, I did an overview of the dichotomy between regulatory compliance and operational readiness (BC/DR/HA).

Last week, I looked at regulations that affect vblog-regulatory-compliance-vs-operational-readiness-part-2-of-4-for-public-companies-and-financial-institutions-through-sarbanes-oxley-sox/index.html" target="_blank">US financial institutions (SEC) and publicly-held companies (SOX).

This week, we'll look at healthcare organizations and their regulatory mandates in HIPAA.

Week 3: Healthcare Organizations

Next week, we’ll look closer at what IT professionals delivering data protection in government organizations, agencies and contractors that are regulated by CO-OP.

Thanks for watching.

Read More

vBlog: Regulatory Compliance vs Operational Readiness (part 2 of 4): SEC & SOX

Posted: April 17, 2013   /   By: Jason Buffington   /   Tags: Data Protection, Information and Risk Management, Jason Buffington, business continuity, disaster recovery, BCDR, regulatory compliance, High Availability

This month, I am taking a look at the differences between ‘Regulatory Compliance’ and ‘Operational Readiness’ through a series of videos.

Regulatory Compliance

The efforts to check the boxes before audits – often mandated by an industry (e.g. HIPAA), corporate (SOX) or legal (DOD 5.015.2-STD).

Operational Readiness

The IT efforts to ensure that key IT systems and data are resilient through high availability (HA), disaster recovery (DR) or business continuity (BC) technologies and services.

vblog-regulatory-compliance-vs-operational-readiness-part-1-of-4/index.html" target="_blank">Last week, I did an overview of the dichotomy between regulatory compliance and operational readiness (BC/DR/HA). For the next few weeks, I will take closer looks at specific segments of companies and their respective regulations.

This week, let’s take a look at the regulations that affect US financial institutions (SEC) and publicly-held companies (SOX).

Week 2: Publicly-held Companies and Financial Institutions

Next week, we’ll look closer at what IT professionals delivering data protection in healthcare organizations should know about HIPAA.

Thanks for watching.

Read More

vBlog: Regulatory Compliance vs Operational Readiness (part 1 of 4)

Posted: April 09, 2013   /   By: Jason Buffington   /   Tags: Data Protection, Information and Risk Management, Jason Buffington, business continuity, disaster recovery, BCDR, regulatory compliance

This month, I am taking a look at the differences between ‘Regulatory Compliance’ and ‘Operational Readiness’ through a series of videos.

Regulatory Compliance

The efforts to check the boxes before audits – often mandated by an industry (e.g. HIPAA), corporate (SOX) or legal (DOD 5.015.2-STD).

Operational Readiness

The IT efforts to ensure that key IT systems and data are resilient through high availability (HA), disaster recovery (DR) or business continuity (BC) technologies and services.

For the next four weeks, I’ll take a look at some regulatory mandates and try to glean some pragmatic IT ideas for data protection from them. So come back each Tuesday in April.

Week 1: Overview of Regulatory Compliance vs. Operational Readiness

The rest of the series (blog post edited):

vblog-regulatory-compliance-vs-operational-readiness-part-2-of-4-for-public-companies-and-financial-institutions-through-sarbanes-oxley-sox/index.html">Part 2: Publicly traded companies (Sarbanes-Oxley / SOX) and Financial Institutions (SEC)

vblog-regulatory-compliance-vs-operational-readiness-part-3-of-4-hipaa/index.html">Part 3: Healthcare organizations (HIPAA)

vblog-regulatory-compliance-vs-operational-readiness-part-4-of-4-government-co-op/index.html">Part 4: Federal agencies and contractors (Continuity of Operations / CO-OP)

Thanks for watching.

Read More

How do you back up SaaS? I'd like to know

Posted: December 21, 2012   /   By: Jason Buffington   /   Tags: Cloud Computing, Backup, Data Protection, Information and Risk Management, SaaS, Jason Buffington, business continuity, disaster recovery, BaaS, DRaaS, Public Cloud Service

You can’t have an IT “modernization” discussion without bringing up the cloud. And in the realm of data protection, that comes in a few obvious flavors:

Backup as a Service (BaaS) – where your data is backed up either directly to a cloud provider or first to a local appliance and then to that provider. The latter gives you faster restore and other performance-related benefits, but the end result is the same.

Disaster Recovery as a Service (DRaaS) – where entire parts of your infrastructure, usually whole VMs, are replicated to a cloud provider, with the ability for you to bring those VMs online and resume business services from the provider’s infrastructure after a crisis. Some DRaaS solutions even provide BaaS as a side benefit.

Cloud-Storage for your On-Premises Backup – where your existing backup solution is working fine, but you’d like another copy of your data outside of the building – and cloud economics are interesting. Great, add cloud-based storage as a target to your on-premises backup server …or back up (BaaS) your backup server to the cloud. Either way is okay.

But instead of talking about data protection AS a service … what about data protection OF a service?

Many of us put our data into SaaS (software as a service) solutions today – e.g. SalesForce. We assume that SalesForce (or any other SaaS solution) has multiple points of presence on the Internet, and that they have resiliency between sites. The assumption is that if a site were to have a crisis, the other site(s) would still be available. For some large SaaS solutions, that may be enough – though it can still be hard to document (or test) when doing a BC/DR audit.

But what about if the SaaS provider goes dark?

Maybe out of business? Perhaps a victim of Denial of Service attacks or broad data corruption (that is then replicated between sites). What is your plan?

Do you back up the data from your SaaS provider?

In what format(s) is the backup in?

Is the data readable or importable into a platform that you own?

How would you bring the functionality back online for your local users? for your remote users?

Most importantly, have you tested that recovery?

This is not a blog post where I offer you answers, but one that I wanted to pose some questions for discussion.

Read More

Posts by Topic

see all