 |
| Source: EMC infographic for the Singapore results of the EMC Global Data Protection Index. |
 |
| Source: EMC infographic for Singapore results of the EMC Global Data Protection Index. |
"The best intentions don’t always lead to the best outcomes," he said. "For a long time, we have talked about the dangers posed by the 'accidental architecture.' The study shows the increased likelihood of disruption with the increased number of vendors. It’s important for businesses to understand where responsibilities lie especially if there is more than one vendor and to ensure that there are no gaps in their strategy. Silos of data protection leave gaps where the business is exposed. This is why EMC recommends a comprehensive data protection strategy that balances consolidation on protection services architecture with appropriate levels of visibility and control for application owners. It allows the IT organisation to prepare for the unexpected in terms of routine problems such as loss of power or hardware failure to more extreme situations such as natural disasters."
EMC understands that businesses might not be confident of protecting their data today. Globally, 71% of businesses said they might not be able to recover from a disruption. The figure is slightly higher for businesses in the EMEA and Asia Pacific and Japan (APJ) regions at 73% each, though it is 70% for Singapore.
Gupta explained that there are many factors contributing to this finding. "Budget constraints implementing continuous availability, advanced security, and integrated backup and recovery solutions; poor planning, skills, resources and/or workload constraints are among the most common obstacles companies face when protecting their data. While their data is growing 50% to 60% a year, their budgets are flat. Key asks are how to do more with less," he said.
Specifically across APJ, there remains a heavy reliance on “prevention-oriented” security tools. "Companies are spending a lot to maintain status quo and not spending enough on proactive/innovative ways of protection," he pointed out.
"Most businesses face the lack of senior executive confidence that permeates organisations globally, specifically concerning readiness around the critical IT requirements of continuous availability; advanced security; and integrated backup and recovery. Reduced investment in these critical areas threatens the ability of IT infrastructures to withstand and quickly recover from disruptive incidents such as unplanned downtime, security breaches and data loss.
"Companies need to ensure that a proper process is in place to continually monitor and address new risks and threats to the enterprise. The trick is to balance risk by reducing the cost of maintaining legacy systems and operational costs, and investing in new strategies of data protection," he said.
EMC, with its history in the backup market and established portfolio of related products including Data Domain, Avamar and NetWorker as well as products for emerging data protection needs such as Mozy, Maginatics and Spanning, can share best practices on a data protection strategy, Gupta said. He advised Singapore businesses to take a holistic approach to data protection. "Choose advanced solutions that can work together with your existing data protection architecture. The risk otherwise is that cracks can appear in your protection solution that can ultimately lead to data loss," said Gupta.
"Although businesses understand importance of data protection, it also needs to show up in their strategies like what the banking and financial services industry (BFSI) is doing under technology risk management (TRM). TRM regulation was made compulsory this year for BFSI by the Monetary Authority of Singapore which focuses on data high availability, data loss situations, data leakage prevention, timely reporting etc and associated fines for non-compliance."
Gupta cautioned that there is no magic solution however. "One size does not fit all - data protection solutions need to match the requirements of applications/workloads. Each application workload is different, requiring different performance/capacity and service levels," he said.
"Not all data or applications are equal. Those that will halt the business, delay product development or result in revenue loss need a higher level of protection and continuous availability. In the survey we saw only a small percentage of organisations have an active-active* configuration. By tiering applications, organisations can apply the appropriate protection and availability based on the value of the applications and data."
Gupta observed that data protection should be part of day 1 IT strategic planning, and not an afterthought. Businesses about to embark on data protection can be guided by three 'Ps', he said. "First, look at all the Possibilities of various ways they can lose data, then look as what is the Probability of each type of data loss, then assign what is the Penalty to each data loss. Based on the developed data loss risk matrix, decide on data protection strategy for each data type," he suggested.
Gupta further provided a checklist of potential issues for companies reviewing their data protection strategy:
· Does it protect all of your critical data wherever it is, whatever happens?
· Does it span the continuum of applications and still provide a level of visibility and control for application owners?
· Are there gaps between disparate vendor solutions?
· Who “owns” data protection, particularly in the cloud?
"If a 'Data at Risk' matrix is done properly and gaps are identified, it will give a good start in data protection planning. Then, look at solutions to fill those gaps. Once implemented, do regular drills as environments are changing quite fast," Gupta advised.
"As the cloud is becoming more pervasive, the key is to ensure that data in the public cloud is protected by the vendor(s) and that clear ownership is understood between the cloud provider(s) and the business customer. Ownership of backup processes can be a grey area, especially when primary data is lost due to user error. The cloud provider(s) must have a backup procedure in place in the event that an issue in their infrastructure causes data loss."
Last but not least, businesses must take on the responsibility of testing their backups of cloud information and not rely on the belief that these are being done by someone else, Gupta concluded.
*In an active-active configuration, data meant for a failed destination is forwarded to an existing destination that is active, or spread across all available active destinations. An active-passive configuration, in contrast, would pass the data meant for a failed destination onto an inactive destination that would need to be switched on first.
Read the blog post of the survey results for Singapore here.
No comments:
Post a Comment