How to avoid critical business data being hit by disasters in the cloud computing era?

"51CTO" "There is no panacea for disaster recovery problems," said Jack Bailey, engineering manager at Cloud computing provider Iland.

"Whenever an outage horror story occupies the headlines of major media, managers often respond subconsciously, hoping to deploy the fastest disaster recovery product immediately," he said. "However, there are differences in the specifics of each business and its location, so rushing to choose a solution before a thorough assessment of a given condition often results in two major sequelae-either too expensive to waste resources, or very cheap to provide adequate security." ”

And while most IT managers and data management experts acknowledge that no failsafe solution can achieve the goal of data protection and recovery, they also agree that enterprise users should take a number of necessary steps to improve disaster recovery.

What precautions should companies take to ensure that important documents and applications are protected in the event of a disaster? Dozens of-bit data storage, data management, and disaster recovery experts share our insights. Here's a look at 12 recommendations for protecting data, including files and applications, from disaster.

1. Data assessment

"Understand which of the most valuable datasets you have--including where the customer information is kept, where other sensitive data is stored, what files are used frequently, who is using the data, and which departments they collaborate with," said David Gibson, vice president of Varonis. This is a comprehensive data management software manufacturer. "By using the smart and data classification scheme, you can quickly sort out the priorities of the data needed after a disaster and figure out who needs to access it in a timely fashion." ”

"In this regard, we can take 28 open principles," said Michael de la Torre, vice president of product management and recovery services at SunGard Availability Service Co. "The data produced in the business process is actually different. It's a bit absurd to make sure that all the data continues to be available--after all, a big chunk of it has nothing to do with critical business functions, "he explains. "By using this 28 principle, companies can select their own key data and applications at 20%, and provide them with the most reliable protection mechanisms." “

2. Work with trustworthy partnerships to achieve data and system disaster protection objectives

"Leveraging the rich experience of our partners to ensure that your storage and disaster recovery solutions meet the functional requirements of your business and IT departments," said Peter Elliman, senior manager of Symantec's backup and recovery business, a company specializing in online and mobile security solutions. "You may want to consider using integrated device solutions to reduce complexity and minimize the impact and risk of business operations through remote backup service management, as well as consider internal and cloud recovery options from disaster recovery vendors while building internal disaster recovery facilities." ”

3. Define acceptable recovery times and choose the ideal storage media for them

Seriously consider "how quickly we need to complete data recovery work," De La Torre points out. "The lowest-cost implementation is offsite, tape plus data de-duplication," he explains. But he immediately added, "But when it comes to disaster, a few days of recovery cycles are likely to make users cry." You need to find the right tipping point to figure out how much data recovery you're going to be able to handle, which can help you solve a problem that is clear but that has long plagued US-is it disk or tape? Cloud or interior? Only in this way, we can find a suitable solution for the actual situation of the enterprise. ”

"We must not be careless when it comes to the speed of data recovery," Jenifer Gill, director of product marketing at Zerto, an enterprise-level disaster recovery and business continuity software provider.

"Many enterprise users think that a reasonable recovery point objective (RPO, which is the maximum amount of data the enterprise needs to use) is 24 hours." If the enterprise loses this part of the work/data, the cost of the loss will be several times that of any disaster recovery solution, "Gill points out. "In this case, we can invest heavily in a product that provides continuous data protection and replication capabilities, and achieves recovery-time objectives within a few seconds, and restores in minutes." ”

4. Create a disaster recovery plan and test

"The first is a written disaster recovery program," Gill suggested. "That sounds like nonsense, but because of the complexity of traditional replication and disaster recovery mechanisms, people tend to forget the most important aspect of disaster recovery--a written solution," she cautions.

"Ideally, all elements from replication, management, protection groups, failover, and failover testing systems should be managed by the same set of interfaces," Gill said. "Replicate with a specified service level agreement, create a Virtual protection group, select a virtual machine to protect, and then have your solution take care of all the replicas in the background." ”

"Take a deep look at all the possibilities that might pose a threat to the enterprise, and focus on eliminating all human errors and component failures and natural disasters," says Alan R. Arnold, a Vision FX company. "This is a cloud protection and recovery, high availability, disaster recovery, Migration and Cross-platform data sharing solution provider.

"One of the most creative scenarios for the cost-performance of data protection is to protect the data at remote locations from threats." This may require access to a second data center or a cloud-based protection strategy, "Arnold points out. In addition, "it is important to accurately compute all the server devices in the infrastructure (such as Windows, Linux, AIX, and IBM, and the physical devices running virtual and cloud platforms)." Everyone's solution must be able to provide the ideal protection function and effect for all server types in an external way. ”

Next, "Test the plan over and over again to make sure it works," said Andrew Gilman, Actifio's data director, a replication data management solution provider. "Full testing can bring about completely different practical outcomes." It will help the CIO identify any flaws that may exist in the plan and make sure that it is ready to deal with data leaks or disaster events. ”

5. Ensure that sensitive data is properly encrypted

"To help protect data effectively from disaster, it's important to add encryption to the data backup process," says April Sage, medical it director of Online Tech, a vendor that specializes in collaborating, hosting servers, and cloud hosting solutions.

"A complete backup mechanism should be able to encrypt data that is idle and in use, thereby avoiding unauthorized users gaining access and effectively reducing the likelihood of data leaks," she explains. "This is also a necessary means of securing sensitive data for a security-conscious enterprise," he said. With the aid of encryption mechanism, enterprises can effectively prevent the occurrence of leakage accidents and eliminate the reputation and loss of profits caused by media coverage, "she explained further." If you are using a cloud-based solution, "Make sure the entire process is approved and the encryption key is inaccessible." ”

6. Regularly backup data and save snapshots

"If you do not set up an automatic backup mechanism, then none of the security policies will work properly," said Scott Harris, vice president of Egenera Inc., a provider of cloud management and disaster recovery software. "Whether it's one of the enterprise's data centers, disaster recovery facilities, or the cloud environment, it's important to ensure that all critical data is backed up correctly as scheduled, so that the business process is not compromised by a catastrophic event," he advises.

"There is a need to really take a snapshot backup mechanism in addition to a RAID mirror or a copy of the database," said Chris Camejo, director of Evaluation services at NTT Com Security company. "If someone intentionally or unintentionally makes a data overwrite or delete order for or an automation factor, everyone's RAID controller or database copy will also dutifully remove the corresponding content from the mirror," he explains. The advantage of removable media, such as tape, is that the data is unlikely to be accidentally changed unless someone sits on it with a bad butt. ”

7. Ensure critical applications are in accessible state

"If you want to keep the business moving in an accident that is enough to cause downtime, it's not enough to protect the data alone," Axcient CEO Justin Moore says, a provider of data backup and recovery, business continuity, disaster recovery, and cloud sustainability solutions. "It is important to ensure that critical applications are virtualized in a cloud environment so that enterprise employees can continue to maintain their productive capacity." ”

8. Do not neglect the notebook computer

"The main focus of most disaster recovery planning is on protecting the data center," says Peter Eicher, senior manager of CommVault's product marketing, a corporate backup and recovery, data management, de-duplication, data protection, archiving, and electronic discovery software vendor.

"While data centers are of course important, according to Gartner, nearly two-thirds of enterprise data exists outside the data center environment." For example, laptops are much less resilient than data center servers and disk arrays, and laptops can be easily lost or stolen, "Eicher said. Therefore, it is important to incorporate notebooks and other similar devices into disaster recovery planning.

9. Follow the 3-2-1 principle

"If a business wants to have a truly disaster-resilient data protection program, it must follow the so-called 3-2-1 principle: keep Three copies of the data, store it in two different types of media, and finally save one of them in the external environment," Data Protection Program provider Veeam, vice president of product strategy Doug Hazelman points out.

"With the guidance of the 3-2-1 principle, IT departments can completely eliminate the possibility of any single point of failure," Hazelman explains. "For example, if the enterprise relies on San snapshots, which are ideal for frequent backups, IT departments need to find ways to create backup data from within these snapshots, preserving multiple copies and retaining at least one set of them in the external environment." ”

10. Keep backup content in a secure external environment

"The distance between the external environment and the internal data center of the enterprise depends on the type of actual risk that you need to avoid," Camejo. "If everyone's data centers are located in San Jose and want to prevent the massive quake from wiping out all it assets through remote facilities, then keeping the backup in Santa Clara, a neighboring town, is certainly not going to do any good," he said. Please seriously consider the balance between the threat and the plan, do not throwing. ”

11. Keep data in a secure cloud environment

"In today's alternative environment, one of the most secure scenarios is to deliver enterprise data to the managed cloud environment," said Optimal NX CEO Heinan Landa, a company that specializes in IT services, support, and consulting solutions. "In essence, everyone is equivalent to transform their network system into a set of hosting cloud environment, and in the subsequent use of the requirements by a total of functional delivery." In this case, all responsibilities, including security, update, redundancy, failover, and business continuity, will be borne by the vendor. ”

"Cloud storage providers are now able to provide a secure and highly available service solution that is connected to these clouds through sophisticated cloud gateways," said Rob Whiteley, vice president of product marketing at Riverbed Marvell. This is an enterprise that specializes in providing a wide range of available computing platforms that are not related to location.

"Enterprise users can improve their disaster response capabilities with services from a number of cloud storage vendors and geographically redundant solutions," Whiteley said. "Cloud storage reduces backup costs, improves performance, and dramatically lowers recovery-point objectives (RPO) by eliminating stale tape and external storage scenarios. ”

12. Test and test the recovery effect

"Everything is about recovery," says Jarrett Potts, strategic marketing director at Storserver, a data backup solution provider. "No backup scenario in the world can save valuable data without testing the recovery effect," he said. So be sure to remember-test, test, and test, "he noted. "Test the entire package once it is complete. A random recovery test is performed every week. Start a disaster recovery test and audit your own data pool. All in all, it is important to ensure that your own data is effectively restored. ”

Original link: Http://www.networkworld.com/research/2014/030414-12-ways-to-disaster-proof-your-279391.html?robox

"Edit Recommendation"