Video Series on Data Protection Appliances – Part 4, Failover BC/DR Appliances

The last installment in our four-Friday video series, based on the recent ESG research report on the Shift toward Data Protection Appliances,   

Part four covers what might be the most interesting, albeit nascent category – failover or BC/DR appliances. While the other three categories are predominantly based on or designed for the same “backup/restore” type methodology, BC/DR failover appliances are more often designed around a replication-centric data mover coupled with some hypervisor or compute-cloud means of “resuming services” instead of “restoring data.”

Topics: Data Protection PBBA DPA business continuity disaster recovery BCDR DRaaS BC/DR (business continuity/disaster recovery) High Availability data protection appliances backup-to-cloud

A Replication Feature is NOT a Disaster Recovery Plan

A few years ago, I blogged that “your-replication-is-not-my-disaster-recovery/index.html" target="_blank" title="Jason's previous blog post on "Replication vs. Disaster Recovery"">Your Replication is not my Disaster Recovery” where I lamented that real BC/DR is much more about people/process than it is about technology.

To be clear, I am not bashing replication technologies or the marketing folks at those vendors … because without your data, you don’t have BC/DR, you have people looking for jobs.

Topics: Data Protection JBuff Information and Risk Management Jason Buffington business continuity disaster recovery BCDR

New Math: Virtualization plus DPaaS = BC/DR!

Maybe that is overly-simplified, but not by much. Virtualization makes servers (and their associated storage) portable, while Data Protection Services provide alternate locations and expertise that many organizations of all sizes have been desperate for.

Topics: Data Protection Information and Risk Management Jason Buffington business continuity disaster recovery BCDR

The Spectrum of Data Protection

It is interesting to me how marketing folks and technical purists banter IT terms around in hopes of sounding fresh and compelling to their customers. While “backup” is often thought of as passé or the bane of IT operations, “data protection” is perceived as more strategic, with other lofty terms such as “business continuity” and “information management” being thrown around as adjuncts. And that doesn’t include some of the classic debates, such as snapshots-vs-backups-a-great-debate-no-longer/index.html" target="_blank">Snapshots versus Backups … or Disk vs. Tape.

A few years ago, I wrote the book “Data Protection for Virtual Data Centers,” where the first chapter described the Landscape of Data Protection, as a range of methods that could be categorized by RTO and implementation layer, with a key focus being the differentiation of solutions focused on Availability of data versus Protection of data:

Topics: Backup Replication Data Protection Information and Risk Management Jason Buffington business continuity disaster recovery BCDR

vBlog: Regulatory Compliance vs Operational Readiness (part 4 of 4): Government CO-OP

This month, I am taking a look at the differences between ‘Regulatory Compliance’ and ‘Operational Readiness’ through a series of videos.

Regulatory Compliance

The efforts to check the boxes before audits – often mandated by an industry (e.g. HIPAA), corporate (SOX) or legal (DOD 5.015.2-STD).

Operational Readiness

The IT efforts to ensure that key IT systems and data are resilient through high availability (HA), disaster recovery (DR) or business continuity (BC) technologies and services.

vblog-regulatory-compliance-vs-operational-readiness-part-1-of-4/index.html" target="_blank">First, I did an overview of the dichotomy between regulatory compliance and operational readiness (BC/DR/HA).

Then, I looked at regulations that affect vblog-regulatory-compliance-vs-operational-readiness-part-2-of-4-for-public-companies-and-financial-institutions-through-sarbanes-oxley-sox/index.html" target="_blank">US financial institutions (SEC) and publicly-held companies (SOX).

Last week, we looked at vblog-regulatory-compliance-vs-operational-readiness-part-3-of-4-hipaa/index.html">healthcare organizations and their regulatory mandates in HIPAA.

This week, we'll finish the series by looking at Continuity of Operations (CO-OP) mandates for Government agencies.

Week 4: Government agencies and contractors

I hope that you enjoyed the series -- and found value in the information. What should my next series be?

Thanks for watching.

Topics: Data Protection Information and Risk Management Jason Buffington business continuity disaster recovery BCDR regulatory compliance

vBlog: Regulatory Compliance vs Operational Readiness (part 3 of 4): HIPAA

This month, I am taking a look at the differences between ‘Regulatory Compliance’ and ‘Operational Readiness’ through a series of videos.

Regulatory Compliance

The efforts to check the boxes before audits – often mandated by an industry (e.g. HIPAA), corporate (SOX) or legal (DOD 5.015.2-STD).

Operational Readiness

The IT efforts to ensure that key IT systems and data are resilient through high availability (HA), disaster recovery (DR) or business continuity (BC) technologies and services.

vblog-regulatory-compliance-vs-operational-readiness-part-1-of-4/index.html" target="_blank">First, I did an overview of the dichotomy between regulatory compliance and operational readiness (BC/DR/HA).

Last week, I looked at regulations that affect vblog-regulatory-compliance-vs-operational-readiness-part-2-of-4-for-public-companies-and-financial-institutions-through-sarbanes-oxley-sox/index.html" target="_blank">US financial institutions (SEC) and publicly-held companies (SOX).

This week, we'll look at healthcare organizations and their regulatory mandates in HIPAA.

Week 3: Healthcare Organizations

Next week, we’ll look closer at what IT professionals delivering data protection in government organizations, agencies and contractors that are regulated by CO-OP.

Thanks for watching.

Topics: Data Protection Information and Risk Management Jason Buffington business continuity disaster recovery BCDR regulatory compliance

vBlog: Regulatory Compliance vs Operational Readiness (part 2 of 4): SEC & SOX

This month, I am taking a look at the differences between ‘Regulatory Compliance’ and ‘Operational Readiness’ through a series of videos.

Regulatory Compliance

The efforts to check the boxes before audits – often mandated by an industry (e.g. HIPAA), corporate (SOX) or legal (DOD 5.015.2-STD).

Operational Readiness

The IT efforts to ensure that key IT systems and data are resilient through high availability (HA), disaster recovery (DR) or business continuity (BC) technologies and services.

vblog-regulatory-compliance-vs-operational-readiness-part-1-of-4/index.html" target="_blank">Last week, I did an overview of the dichotomy between regulatory compliance and operational readiness (BC/DR/HA). For the next few weeks, I will take closer looks at specific segments of companies and their respective regulations.

This week, let’s take a look at the regulations that affect US financial institutions (SEC) and publicly-held companies (SOX).

Week 2: Publicly-held Companies and Financial Institutions

Next week, we’ll look closer at what IT professionals delivering data protection in healthcare organizations should know about HIPAA.

Thanks for watching.

Topics: Data Protection Information and Risk Management Jason Buffington business continuity disaster recovery BCDR regulatory compliance High Availability

vBlog: Regulatory Compliance vs Operational Readiness (part 1 of 4)

This month, I am taking a look at the differences between ‘Regulatory Compliance’ and ‘Operational Readiness’ through a series of videos.

Regulatory Compliance

The efforts to check the boxes before audits – often mandated by an industry (e.g. HIPAA), corporate (SOX) or legal (DOD 5.015.2-STD).

Operational Readiness

The IT efforts to ensure that key IT systems and data are resilient through high availability (HA), disaster recovery (DR) or business continuity (BC) technologies and services.

For the next four weeks, I’ll take a look at some regulatory mandates and try to glean some pragmatic IT ideas for data protection from them. So come back each Tuesday in April.

Week 1: Overview of Regulatory Compliance vs. Operational Readiness

The rest of the series (blog post edited):

vblog-regulatory-compliance-vs-operational-readiness-part-2-of-4-for-public-companies-and-financial-institutions-through-sarbanes-oxley-sox/index.html">Part 2: Publicly traded companies (Sarbanes-Oxley / SOX) and Financial Institutions (SEC)

vblog-regulatory-compliance-vs-operational-readiness-part-3-of-4-hipaa/index.html">Part 3: Healthcare organizations (HIPAA)

vblog-regulatory-compliance-vs-operational-readiness-part-4-of-4-government-co-op/index.html">Part 4: Federal agencies and contractors (Continuity of Operations / CO-OP)

Thanks for watching.

Topics: Data Protection Information and Risk Management Jason Buffington business continuity disaster recovery BCDR regulatory compliance

How do you back up SaaS? I'd like to know

You can’t have an IT “modernization” discussion without bringing up the cloud. And in the realm of data protection, that comes in a few obvious flavors:

Backup as a Service (BaaS) – where your data is backed up either directly to a cloud provider or first to a local appliance and then to that provider. The latter gives you faster restore and other performance-related benefits, but the end result is the same.

Disaster Recovery as a Service (DRaaS) – where entire parts of your infrastructure, usually whole VMs, are replicated to a cloud provider, with the ability for you to bring those VMs online and resume business services from the provider’s infrastructure after a crisis. Some DRaaS solutions even provide BaaS as a side benefit.

Cloud-Storage for your On-Premises Backup – where your existing backup solution is working fine, but you’d like another copy of your data outside of the building – and cloud economics are interesting. Great, add cloud-based storage as a target to your on-premises backup server …or back up (BaaS) your backup server to the cloud. Either way is okay.

But instead of talking about data protection AS a service … what about data protection OF a service?

Many of us put our data into SaaS (software as a service) solutions today – e.g. SalesForce. We assume that SalesForce (or any other SaaS solution) has multiple points of presence on the Internet, and that they have resiliency between sites. The assumption is that if a site were to have a crisis, the other site(s) would still be available. For some large SaaS solutions, that may be enough – though it can still be hard to document (or test) when doing a BC/DR audit.

But what about if the SaaS provider goes dark?

Maybe out of business? Perhaps a victim of Denial of Service attacks or broad data corruption (that is then replicated between sites). What is your plan?

Do you back up the data from your SaaS provider?

In what format(s) is the backup in?

Is the data readable or importable into a platform that you own?

How would you bring the functionality back online for your local users? for your remote users?

Most importantly, have you tested that recovery?

This is not a blog post where I offer you answers, but one that I wanted to pose some questions for discussion.

Topics: Cloud Computing Backup Data Protection Information and Risk Management SaaS Jason Buffington business continuity disaster recovery BaaS DRaaS Public Cloud Service