Recovery readiness: Getting back to business with complete data protection
Being ready for anything
Historically, backup and recovery has focused mainly on the first part: the backup. The admins in charge spend most of their time making sure overnight backups have completed and running any needed corrections. Meanwhile, data recovery tests get pushed off to quarterly, annually, or even not at all. The only time most people think about recovery is when they need to recover for real. That’s like finding out your fire extinguisher doesn’t work when the flames are already rising.
With so much riding on your environment, you can’t afford to wait that long to find out you have a problem with your backups. You can’t risk discovering that the recovery doesn’t work only when you need to do a restore. The consequences of getting it wrong can be severe:
- 53% of global IT decision-makers think it’s likely their company will experience a brownout or outage so severe that it makes national media headlines.1
- 93% of companies without disaster recovery coverage who suffer a major data disaster are out of business within one year.2
When there’s a disaster, outage, ransomware strike, or other events, you need to be able to get your organization back online quickly. That means always being ready — for anything. And given the constant change in today’s IT environments, readiness can’t be something you get around to quarterly or annually. Readiness must be a daily focus.
The scope of the challenge has expanded as well. It’s not just about on-premises applications and databases anymore. Now you must be ready to recover filesystems, virtual machines (VMs), containers, cloud apps — every aspect of the modern hybrid IT architecture. With today’s complex enterprise infrastructures, data ends up spread across environments, locations, staff, and stores your users might not even know or care about. All they know is, they want their data back. Fast.
Still, backups can be reasonably straightforward, given the relative stability of the environment. Recovery is another matter. You might be recovering data or an application to a new or different environment. An environment where the physical or virtual machine, location, or assigned user access rights differ from the one where the backup copy was created. That can get complicated.
What recovery readiness looks like now
To be there for your business, no matter what happens, you’ve got to modernize data protection as you modernize your infrastructure. Slow and complicated recovery can affect the availability of critical applications and workloads impacting your business, so recovery has to be fast and automated. At the same time, it’s crucial to meet the requirements for reporting and compliance. Given the scope of this potentially time-consuming job, you also need to make effective use of automation, APIs, artificial intelligence, and machine learning. And to make optimal decisions about your recovery priorities, you need complete visibility and data insights across your environments, from on-premises to multi-cloud.
- 1. LogicMonitor, IT Outage Impact Study: A global analysis of IT downtime and its impact on businesses, 2019 Report.
- 2. Hashedout, 80 Eye-opening Cyber security statistics for 2019. April 10, 2019.
In this white paper, we’ll explore the full spectrum of recovery readiness, including backup and recovery, ransomware recovery, and disaster recovery.
1. Backup & recovery
Data loss consumes an organization’s time, money, and resources — and puts its reputation and business at risk. Application and database recovery is a baseline requirement for every IT team. To avoid data loss, minimize interruption, and hit aggressive recovery point and time objectives (RPOs/RTOs), you’ve got to be able to perform granular, file, and system restores fast, any time they’re needed.
But just because on-premises app and database recovery is a fundamental requirement, doesn’t mean it’s simple. First, you’ve got to keep pace — data is being created at an unrelenting rate. At the same time, it’s crucial to stay ahead of threats and risks to data — internal and external — that are growing just as quickly. Human error, corruption, ransomware, and other forms of malware, lost or stolen devices, natural disasters, hardware failures — the list goes on. As if this wasn’t enough, you’re always under pressure to manage costs.
Here’s what your app recovery strategy has to cover:
- Enabling fast restores for enterprise apps like SAP S/4HANA, Salesforce, Oracle E-Business Suite, Microsoft Exchange, Microsoft SharePoint, Microsoft Active Directory, and more
- Ensuring availability by integrating business apps into your backup and recovery process
- Archiving application data in ways that minimize storage requirements without affecting production
On the database side, the challenges include dealing with a lack of centralized visibility across your entire enterprise database environment, as well as a lack of integration with vendor-native database backup tools, making it hard to work efficiently. Database bloat often leads to slower backup performance from backing up inactive data over and over. Processes for obtaining copies of production data for development and test purposes are typically slow and inefficient as well. Transferring large database files over the wire or to the cloud can slow network performance — and invite complaints from across the organization.
And don’t forget about virtual environments. With digital transformation and evolving architectures, you’ve now got data scattered across on-premises data centers, public clouds, private clouds, containers, VMs, and apps throughout your ever-changing hybrid environment. Virtual environments are especially critical for key use cases like rapid innovation, workforce mobility, CI/CD, and so on. You have got to be able to ensure fast granular, file, and system-level virtual restores across infrastructures.
How do you meet these requirements? It starts with a comprehensive view of every location where your data is stored, including on-premises data centers, public clouds, and private clouds. And don’t forget those tapes you have. Consistent, strategic data management policies and practices will help you maintain IT agility and meet SLAs across your hybrid environments.
To get the job done well, simplification is essential. An intelligent, centralized approach to data protection helps you successfully respond to threats and meet stringent backup requirements while reducing repetitive, time-consuming tasks.
University of Leicester saves money and time with Commvault
How Commvault helps backup & recovery
Commvault software integrates directly with your business-critical apps to simplify and automate the entire data lifecycle, so you’re always recovery ready. Commvault solves database problems with a comprehensive data management solution that lets you:
- Protect your data wherever it lives
- Seamlessly migrate data to where it’s needed
- Meet aggressive recovery Service Level Agreements (SLAs)
- Improve system performance
- Accelerate development and test workloads
Multi-platform support lets you maintain recovery readiness across physical servers, storage arrays, hypervisors, apps, databases, cloud environments, containers, and even big data platforms through a single point of control. With better data visibility across your hybrid environment, you can achieve a more flexible, scalable recovery.
2. Ransomware recovery
Ransomware is one of the biggest threats we face today. No matter how hard you work to secure your environment, you’re still vulnerable to an attack via phishing, insider error, infected email attachment, or any other kind of malware attack. Most companies that have fallen prey to ransomware were already relying on countermeasures like antivirus, antimalware, and firewall blockers. You can reduce that risk as much as possible, but you have to accept the likelihood that you’ll be victimized anyway, and do everything you can to mitigate the damage.
Ransomware protection: Last line of defense, first step in data recovery
When your data has been encrypted by a hacker, even paying the ransom (if it’s not illegal) might not be enough to get it back. To avoid data loss and minimize disruption, your best bet is to restore to the safest RPO the moment you detect an attack. And every minute counts. That makes fast, automated recovery a crucial part of your ransomware strategy. Without an effective ransomware recovery plan — or if you depend on manual processes — it might take weeks to recover your data and apps. You also need quick visibility into which data was involved in the incident so you can notify the people impacted in a timely, compliant way.
Critical technical capabilities for your ransomware recovery plan include:
- Fast detection – By reacting faster to an attack, you can minimize data loss and reduce its impact by restoring to a more recent RPO. For early alerts of potential attacks, use analytics to monitor your entire data pool, risk profile, and compliance status. To reduce your vulnerability in the first place, make sure you have the visibility to enable proactive compliance management and timely incident remediation and reporting.
- Rapid restoration – By streamlining operations with automation and standardization, you can accelerate the recovery of data on-premises, in the cloud, or wherever it’s hosted.
- Testing – Make sure that your endpoints, applications, and backup infrastructure are ready for anything. Validate your plan by regularly testing and reporting that your data, applications, and systems can meet your recovery service levels — and adjust if necessary. Verify that your staff and third-party resources are fully up to speed on recovery processes and infrastructure.
How Commvault helps ransomware recovery
Commvault provides ransomware recovery readiness with an end-to-end solution that improves threat and risk mitigation across endpoints and applications. With greater confidence in your data backup, recovery, and compliance, you’ll have less to fear from a successful attack.
The State of Colorado used the Commvault platform to recover quickly and fully from a major ransomware attack against its Department of Transportation. The state learned of the attack through a Commvault alert — before any of its dedicated security tools had detected the breach.
3. Disaster recovery
Disaster recovery is a matter of when, not if. Every organization has to deal with it at some point — most likely, more than once. Whether you’re hit by a natural disaster, hardware failure, data breach, or ransomware attack, you need to recover your data quickly and painlessly with as little disruption as possible.
To ensure business continuity, your disaster recovery strategy should be designed for:
- Simplicity – with fast recovery through a single, scalable solution that can manage all your data from one centralized console.
- Flexibility – with the ability to recover data, applications, and VMs from any platform to any platform, including physical servers, storage arrays, hypervisors, applications, databases, cloud environments, containers, and big data platforms.
- Cost-effectiveness – so you can meet the specific RPOs and RTOs defined in various SLAs while using tiered storage to reduce licensing and maintenance costs.
DenizBank cuts OPEX by 50% and increases agility with Commvault
Simplification and automation are vital to enable effective disaster recovery across your complex environment. To ensure rapid recovery, make sure you have a simple, unified way to recover workloads from multiple on-premises and cloud locations, and to replicate and recover to both like and unlike hypervisors, without having to work in multiple tools or platforms. This can also help you avoid vendor lock-in and avoid common cost drivers.
Flexibility is a critical component of a disaster recovery strategy and must include cloud platform support for your current and future initiatives. Your cloud disaster recovery strategy should address three considerations:
- Disaster recovery to the cloud – When your primary environment becomes unavailable, you can failover to cloud capacity temporarily without the need to provision and pay for a secondary data center.
- Disaster recovery from the cloud – Native cloud integration can help you migrate apps, databases, VMs, and large datasets from the cloud to your primary environment quickly following a disaster.
- Disaster recovery across clouds – For optimal agility and flexibility, you should also be able to recover data and apps across cloud providers or geographic regions.
It’s also a good idea to build multiple disaster recovery tiers. By allocating your data based on business value and RPO/RTO requirements, you can meet various SLAs more efficiently while making strategic use of lower-cost offsite backups. Intelligence and visibility into where critical data lives can help you make better decisions on recovery priorities to support this approach.
How Commvault helps disaster recovery
Commvault gives you a simple, efficient way to handle your recovery from all types of disaster situations. A single point of control lets you consolidate and streamline your disaster recovery strategy across on-premises data centers, public clouds, and private clouds with consistent, strategic data management practices. Actionable insights help you verify that you’ll be able to meet the RPOs and RTOs defined in your SLAs as well as regulatory requirements.
Laing O’Rourke – changing the skyline of cities worldwide
Getting started with recovery readiness
When your business runs on data, its availability can make the difference between success and failure. Commvault helps you achieve recovery readiness across every part of your hybrid environment, for every type of data — wherever and however it’s stored.