{"id":9301,"date":"2020-02-23T15:28:46","date_gmt":"2020-02-23T05:28:46","guid":{"rendered":"https:\/\/nsrd.info\/blog\/?p=9301"},"modified":"2020-03-04T12:04:53","modified_gmt":"2020-03-04T02:04:53","slug":"7-contentious-thoughts-about-data-protection","status":"publish","type":"post","link":"https:\/\/nsrd.info\/blog\/2020\/02\/23\/7-contentious-thoughts-about-data-protection\/","title":{"rendered":"7 Contentious Thoughts about Data Protection"},"content":{"rendered":"\n<p>Years ago, back in the days when TV shows would take months, if not years, to appear in Australia after first airing in the United States, I followed a Star Trek Voyager fan-page that would give a blow-by-blow account of each episode after it aired. I know, I know:<\/p>\n\n\n\t<div class=\"wp-block-jetpack-gif aligncenter\">\n\t\t<figure>\n\t\t\t\t\t\t\t<div class=\"wp-block-jetpack-gif-wrapper\" style=\"padding-top:56%\">\n\t\t\t\t\t<iframe src=\"https:\/\/giphy.com\/embed\/JG8tQ9D7hb8fC\" title=\"river song spoilers\"><\/iframe>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t<figcaption class=\"wp-block-jetpack-gif-caption gallery-caption\">Ah, River Song, I miss you<\/figcaption>\n\t\t\t\t\t<\/figure>\n\t<\/div>\n\t\n\n\n<p>I think I got my enjoyment of reading spoilers from that Voyager fan-page. Now, this blog post isn&#8217;t about Star Trek Voyager or spoilers, but about a saying that I first read on that fan-page. Something along the lines of, &#8220;&#8230;Janeway came to chew gum and kick ass, and she&#8217;s all out of gum&#8230;&#8221; <\/p>\n\n\n\n<p>So this is a bit of a blog post where I came to chew gum and tell some home-truths, and I&#8217;m all out of gum. So buckle up.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Cloud is only cheaper if you don&#8217;t think about data protection<\/h2>\n\n\n\n<p>I get it, lots of people like the cloud. Hell, I like Cloud these days myself. I live a digital life \u2013&nbsp;I buy electronic books, I listen to electronic music, my photos are all taken on a smartphone and all of this, I know, comes from and goes to the cloud.<\/p>\n\n\n\t<div class=\"wp-block-jetpack-gif aligncenter\">\n\t\t<figure>\n\t\t\t\t\t\t\t<div class=\"wp-block-jetpack-gif-wrapper\" style=\"padding-top:56%\">\n\t\t\t\t\t<iframe src=\"https:\/\/giphy.com\/embed\/l3dj7abPl2k8GzaSY\" title=\"money money money\"><\/iframe>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t<figcaption class=\"wp-block-jetpack-gif-caption gallery-caption\">Money Money Money<\/figcaption>\n\t\t\t\t\t<\/figure>\n\t<\/div>\n\t\n\n\n<p>But I&#8217;ve also been working in data protection for almost 25 years, and if that&#8217;s taught me anything, it&#8217;s this:<\/p>\n\n\n\n<p class=\"has-text-align-center\"><em>If a system looks too cheap to be true, someone probably forgot about backup.<\/em><\/p>\n\n\n\n<p>There may be exceptions to the rule, but it&#8217;s my experience that once you start talking about comprehensive data protection, the &#8220;cheapness&#8221; of public cloud drops away. Of course, there can be advantages to the public cloud:  pay-as-you-go, convenience and for many businesses, access to IT infrastructure and services they might find too challenging to run on-premises themselves. Those are <em>all<\/em> strengths of the public cloud experience.<\/p>\n\n\n\n<p>But if you&#8217;re talking <em>cheaper than on-premises<\/em>, it probably means you need a data protection architect to help you review your processes.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">You&#8217;re not protecting enough data<\/h2>\n\n\n\n<p>OK, I&#8217;ll admit that when it comes to data protection, I&#8217;m a slightly paranoid person: I&#8217;m not fond of the idea of losing data. But something I hear regularly is <em>we-don&#8217;t-back-that-up<\/em>, usually regarding secondary servers, storage or systems. <\/p>\n\n\n\t<div class=\"wp-block-jetpack-gif aligncenter\">\n\t\t<figure>\n\t\t\t\t\t\t\t<div class=\"wp-block-jetpack-gif-wrapper\" style=\"padding-top:75%\">\n\t\t\t\t\t<iframe src=\"https:\/\/giphy.com\/embed\/D3OdaKTGlpTBC\" title=\"need more\"><\/iframe>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t<figcaption class=\"wp-block-jetpack-gif-caption gallery-caption\">Feed Your Backups<\/figcaption>\n\t\t\t\t\t<\/figure>\n\t<\/div>\n\t\n\n\n<p>Invariably that&#8217;s a <em>cost<\/em> decision, and I get it. But my recommendation always remains: if you&#8217;re <em>not-backing-that-up<\/em> and it takes you more than 15 minutes to fully recreate or repopulate a system from scratch, you should have been protecting it. And I&#8217;ll continue this line of thought in my next point.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">You&#8217;re protecting data too much<\/h2>\n\n\n\n<p>Note that I didn&#8217;t say <em>you&#8217;re protecting too much data<\/em>. That&#8217;s not my point, but yes, it goes hand-in-hand with my previous statement that you&#8217;re not protecting enough data.<\/p>\n\n\n\t<div class=\"wp-block-jetpack-gif aligncenter\">\n\t\t<figure>\n\t\t\t\t\t\t\t<div class=\"wp-block-jetpack-gif-wrapper\" style=\"padding-top:63%\">\n\t\t\t\t\t<iframe src=\"https:\/\/giphy.com\/embed\/2aIZfQdC2V7bBvU5t2\" title=\"too much\"><\/iframe>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t<figcaption class=\"wp-block-jetpack-gif-caption gallery-caption\">You&#8217;re protecting data too much<\/figcaption>\n\t\t\t\t\t<\/figure>\n\t<\/div>\n\t\n\n\n<p>Because here&#8217;s the thing: if you&#8217;re not planning data protection properly, you&#8217;re spending too much money (comparatively) on keeping <em>too many<\/em> compliance copies of your backups at the expense of not providing sufficient operational recovery to your business.<\/p>\n\n\n\n<p>Now, I know some say you should never keep any compliance copies (i.e., long term retention) within backup and recovery systems. They&#8217;re archive purists, and I love them and their commitment to the ideal. Still, I also think given the sheer number of platforms we need to use in IT it&#8217;s a perpetual pipe-dream \u2013&nbsp;because once you&#8217;re beyond standard files, every application requires a specific approach to archive. (To be fair, that means: &#8216;file serving&#8217; is an application as well \u2013&nbsp;so <em>every<\/em> application ends up needing a specific archiving strategy).<\/p>\n\n\n\n<p>Rightly or wrongly, we need to keep compliance copies \u2013&nbsp;long term retention \u2013&nbsp;within our backup and recovery services.  But do you really need to keep <em>all<\/em> those copies?<\/p>\n\n\n\n<p>For many businesses, I find the IT teams and business in general always reluctant to engage with legal counsel because of the apparent cost thereof. But this just has a flow-on effect. Rather than finding out what level of compliance retention would be required, knee-jerk reactions are often made to keep copies <em>forever<\/em> or keep <em>too many copies<\/em> for too long.<\/p>\n\n\n\n<p>So your business has a requirement to retain certain backups for 7 years: are you sure \u2013 are you <em>legally sure<\/em> that you actually need to keep monthlies for 7 years? Who asked, and who <em>legally<\/em> confirmed that this is required? Who <em>legally confirmed<\/em> you can&#8217;t just keep half-yearly backups taken at strategic times for 7 years? (For many Australian businesses, for instance, this would be the last monthly backup of the calendar year and the last monthly backup of the financial year.)<\/p>\n\n\n\n<p>It becomes a numbers game: if you&#8217;re starting at 500 TB of &#8220;compliance&#8221; backups in month 1 with a 10% per annum growth and keeping monthly backups for 7 years (84 months), you&#8217;ll be keeping almost 60 PB in logical copies of compliance backups over that period. Even when you apply deduplication \u2013&nbsp;good deduplication \u2013&nbsp;that&#8217;s still going to add up. Are you <em>sure<\/em> that&#8217;s still cheaper than getting legal counsel to review the requirements?<\/p>\n\n\n\n<p>And every dollar you save from keeping fewer long term retention backups you can plough back into offering more advanced operational recovery for the business. It&#8217;s a win\/win.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Backup is Dead<\/h2>\n\n\n\n<p>Backup is dead. There&#8217;s no doubt about it.<\/p>\n\n\n\t<div class=\"wp-block-jetpack-gif aligncenter\">\n\t\t<figure>\n\t\t\t\t\t\t\t<div class=\"wp-block-jetpack-gif-wrapper\" style=\"padding-top:56%\">\n\t\t\t\t\t<iframe src=\"https:\/\/giphy.com\/embed\/ZEUH84UWWFGHhnCN35\" title=\"funeral\"><\/iframe>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t<figcaption class=\"wp-block-jetpack-gif-caption gallery-caption\">Backup is Dead<\/figcaption>\n\t\t\t\t\t<\/figure>\n\t<\/div>\n\t\n\n\n<p>It should come as no surprise to anyone who&#8217;s read <em><a rel=\"noreferrer noopener\" aria-label=\"Data Protection (opens in a new tab)\" href=\"https:\/\/www.amazon.com\/Data-Protection-Ensuring-Availability\/dp\/1482244152\" target=\"_blank\"><strong>Data Protection<\/strong><\/a><\/em> that I said <em>backup is dead<\/em>. I&#8217;ve been saying it for some time, and it&#8217;s actually the opening line on the back cover of the book. But, and there&#8217;s always a but&#8230;<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Backup is still Very Much Alive<\/h2>\n\n\n\n<p>Why yes, I do like to be deliberately contradictory.<\/p>\n\n\n\t<div class=\"wp-block-jetpack-gif aligncenter\">\n\t\t<figure>\n\t\t\t\t\t\t\t<div class=\"wp-block-jetpack-gif-wrapper\" style=\"padding-top:74%\">\n\t\t\t\t\t<iframe src=\"https:\/\/giphy.com\/embed\/YEL7FJP6ed008\" title=\"it&#039;s alive!\"><\/iframe>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t<figcaption class=\"wp-block-jetpack-gif-caption gallery-caption\">Backup is still Very Much Alive<\/figcaption>\n\t\t\t\t\t<\/figure>\n\t<\/div>\n\t\n\n\n<p>No, backup isn&#8217;t some shambolic zombie that chews through system resources. (That&#8217;s <em>Adobe Acrobat Reader<\/em> if you must know.)<\/p>\n\n\n\n<p>The point I made in <em>Data Protection<\/em>, and that I continue to make at every opportunity, is <em>backup as a standalone topic<\/em> is dead. Where once &#8216;backup&#8217; might have been the primary intent of &#8216;data protection&#8217;, it&#8217;s not any more. Just as your business will not survive if it&#8217;s <em>only<\/em> using on-platform protection methods, it&#8217;s not going to survive if it&#8217;s <em>only<\/em> using off-platform protection (i.e., backup). Both are needed in a modern environment. <\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Ransomware Snuffed Out Multi-Purpose Backup Servers<\/h2>\n\n\n\n<p>I&#8217;m using multi-purpose here to refer to a backup server running on a conventionally accessible operating system. I&#8217;ve been dealing with these sorts of backup servers for as long as I&#8217;ve been in data protection, and it&#8217;s time they&#8217;re put out to pasture.<\/p>\n\n\n\t<div class=\"wp-block-jetpack-gif aligncenter\">\n\t\t<figure>\n\t\t\t\t\t\t\t<div class=\"wp-block-jetpack-gif-wrapper\" style=\"padding-top:50%\">\n\t\t\t\t\t<iframe src=\"https:\/\/giphy.com\/embed\/xT9IgikSmd22NsGqQM\" title=\"survivor torch\"><\/iframe>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t<figcaption class=\"wp-block-jetpack-gif-caption gallery-caption\">Ransomware has snuffed out multi-purpose backup servers<\/figcaption>\n\t\t\t\t\t<\/figure>\n\t<\/div>\n\t\n\n\n<p>It&#8217;s too easy for these conventional servers to be rolled by ransomware. Backup administrators logging on as the OS administrative user to maintain the system represent a huge attack vector for malicious binaries and actors.<\/p>\n\n\n\n<p>So, every time you deploy a backup server in your environment, you should be asking, &#8220;Can I deploy this as an appliance?&#8221; That doesn&#8217;t necessarily <em>have<\/em> to mean a full-stack appliance (converged, or hyper-converged), but it does mean the backup server can be deployed as a functional appliance where you can administer the backups without having to be a system administrator. (Avamar obviously has done this for most of its life, NetWorker had the NetWorker Virtual Edition appliance released a few years ago, and PowerProtect likewise gets deployed as a virtual appliance.)<\/p>\n\n\n\n<p>If your business is focused on reducing the risk of malware affecting critical systems, deploying your backup services on say, a conventionally accessible Windows install these days is just asking for trouble.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">You&#8217;ve Probably Got The Wrong People Running Data Protection<\/h2>\n\n\n\n<p>When I joined my first system administration team, I was told, &#8220;We just installed this new backup software, you&#8217;ll administer it&#8221;. That was 1996, and the product was <em>Solstice Backup<\/em>, the Sun OEM version of <em>Legato NetWorker<\/em>. Therein started my love of NetWorker.<\/p>\n\n\n\t<div class=\"wp-block-jetpack-gif aligncenter\">\n\t\t<figure>\n\t\t\t\t\t\t\t<div class=\"wp-block-jetpack-gif-wrapper\" style=\"padding-top:69%\">\n\t\t\t\t\t<iframe src=\"https:\/\/giphy.com\/embed\/iI6eeGjwScTCM\" title=\"too easy\"><\/iframe>\n\t\t\t\t<\/div>\n\t\t\t\t\t\t\t\t\t\t<figcaption class=\"wp-block-jetpack-gif-caption gallery-caption\">Too many businesses put junior staff in charge of data protection<\/figcaption>\n\t\t\t\t\t<\/figure>\n\t<\/div>\n\t\n\n\n<p>But here&#8217;s the rub: the team made a bad mistake. Yes, I&#8217;m grateful for it because it set me on a career path, but they shouldn&#8217;t have done it. If <em>data is the new oil<\/em>, as the saying goes, then you don&#8217;t put the protection of your data in the hands of the juniors \u2013&nbsp;certainly not without senior supervision.<\/p>\n\n\n\n<p>I genuinely believe that if a business is serious about data protection, it&#8217;ll have some of its most senior staff responsible for it. These are the veterans of the IT department who know systems inside and out, and who really are ultra-careful when it comes to systems functions \u2013&nbsp;because if you get data protection wrong (whether it&#8217;s on-platform or off-platform), the business can suffer disastrous consequences.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">So what do you think?<\/h2>\n\n\n\n<p>So that&#8217;s what I think, anyway. What about you? What do you think people get wrong about Data Protection? Feel free to leave a comment!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Years ago, back in the days when TV shows would take months, if not years, to appear in Australia after&hellip;<\/p>\n","protected":false},"author":1,"featured_media":9308,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2}},"categories":[13],"tags":[138,230,282,1348,770,830],"class_list":["post-9301","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general-thoughts","tag-backup","tag-cloud","tag-data-protection","tag-long-term-retention","tag-public-cloud","tag-retention"],"aioseo_notices":[],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/nsrd.info\/blog\/wp-content\/uploads\/2020\/02\/bigStock-Not-Understanding.jpg","jetpack_shortlink":"https:\/\/wp.me\/pKpIN-2q1","jetpack_sharing_enabled":true,"jetpack_likes_enabled":true,"_links":{"self":[{"href":"https:\/\/nsrd.info\/blog\/wp-json\/wp\/v2\/posts\/9301","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nsrd.info\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nsrd.info\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nsrd.info\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/nsrd.info\/blog\/wp-json\/wp\/v2\/comments?post=9301"}],"version-history":[{"count":5,"href":"https:\/\/nsrd.info\/blog\/wp-json\/wp\/v2\/posts\/9301\/revisions"}],"predecessor-version":[{"id":9325,"href":"https:\/\/nsrd.info\/blog\/wp-json\/wp\/v2\/posts\/9301\/revisions\/9325"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/nsrd.info\/blog\/wp-json\/wp\/v2\/media\/9308"}],"wp:attachment":[{"href":"https:\/\/nsrd.info\/blog\/wp-json\/wp\/v2\/media?parent=9301"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nsrd.info\/blog\/wp-json\/wp\/v2\/categories?post=9301"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nsrd.info\/blog\/wp-json\/wp\/v2\/tags?post=9301"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}