IT infrastructure has evolved dramatically over the years, and alongside this, so too has the nature of disasters. Where once, a disaster was an infrequent event related to extreme weather or hardware failure, today’s disasters are far more granular in nature. There are also numerous new workloads that need to be accommodated, and recovery time objectives may have changed, given the criticality of data. The question enterprises need to ask themselves is, does disaster recovery (DR) meet these needs? The DR strategy needs to be updated with modern solutions for modern problems and ensure there are no holes that could leave a business unable to effectively recover.
You can’t recover what you aren’t protecting
Today, a disaster is more than just a data centre failure. A disaster could be a critical application becoming unavailable, a cloud provider being unavailable in a specific region, ransomware, an insider threat, or a classic event such as a flood or fire. Workloads too have changed and now include elements such as Infrastructure and Platform as a Service (IaaS and PaaS), cloud-native workloads, containers and more. Technology is all interdependent, and businesses are dependent on technology to function. A failure in one area could potentially cause a ripple effect through the entire organisation, and ransomware attacks are increasing exponentially year on year.
When the Covid-19 pandemic hit, the nature of the DR plan and strategy had to rapidly adapt, and there is no guarantee that such a shift will not happen again in future. Organisations need to effectively plan, monitor and test the DR strategy and ensure they have the ability to act and recover. DR needs to cover all of these areas, but it also needs to be agile and flexible and cater for many more sources of data, workloads and different disasters. In addition, it must do this from a single platform, so that it does not complicate matters by incorporating multiple vendors and solutions.
What’s missing from your plan?
Not all DR tools are alike, and not all of them will deliver absolutely everything the modern organisation needs to effectively protect their data and recover from an event. There is no such thing as a one size fits all approach, and organisations need to investigate thoroughly to ensure their solution will meet their needs. This should involve examining the functionality of the DR tools.
If there are no agents or appliances, are you getting the granularity you need to recover effectively? If you have array-based replication, will this cause extra infrastructure costs or vendor lock-in? Are you able to set different policies for different levels of criticality? Can anything be automated or are you stuck in the default parameters? Which clouds can you deploy to? How easy is it to burst into the cloud for a recovery? Do you need to have a permanent cloud infrastructure in order to recover to the cloud?
Mix and match complexity needs a single simple solution
The reality is that enterprises face challenges at all levels, with a variety of applications on different platforms from mainframes and legacy technology to modern solutions like containers and Kubernetes. This mix and match approach makes DR more complex, but fundamentally it still needs to cover four levels: the database level, the application level, the file system level and the hypervisor level. However, it is important to bear in mind that there are many flavours of this mix and match approach, with different cloud providers, arrays, databases and more. Any solution needs to be customisable, and abstracted to ensure that no matter which array hypervisor or cloud instance is in use, the DR solution can talk natively to it. This ensures the most cost-effective and optimised DR solution.
A secure DR framework needs to cover five elements. First, it must identify and mitigate risks to backup data, within a single interface. Then it needs to protect, by applying security controls based on industry-leading standards. The next step is to monitor for ransomware, insider threats and other dangers, and then respond by actioning on threats and continuously validating backup data. The final step is to quickly recover data across multiple endpoints, no matter where they reside, including remote, on-prem and in the cloud.
All of this should be catered for in a single solution that is capable of orchestrating across a mixture of services, applications, workloads and storage platforms. Importantly, the DR strategy also needs to be tested frequently and updated often to ensure it remains relevant in a changing world. DR is only as strong as its weakest link, so this weakest link needs to be strong enough to protect modern enterprises from a range of modern disasters.
- Kate Mollett, Regional Director at Commvault Africa