When developing a data protection plan, IT teams should take a hybrid approach to on-site and off-site protection that uses disk, cloud and tape in almost every scenario. Sure, some organizations can go without tape due to a lack of long-term retention requirements, while others will never be able touse the cloud for one security concern or another. But for the rest of us, a hybrid plan should likely include all three.
To be clear, I am a huge fan of cloud-based data protection, especially for endpoint devices and remote offices. I’m an even bigger fan of using it fordisaster recovery as a service as a superset of backup as a service. Almost every data protection activity should start with disk, preferably deduplicated disk, but there are reasons why the tertiary copy should be on tape, as much as some cloud companies want to put the last nail in tape’s coffin. One major reason is chain of custody.
If you are in an audited environment that requires long-term retention, it is important to be able to prove that data on a seven-year-old tape is, in fact, seven years old and has not been modified. There are some very compelling extended-hold capabilities in disk target systems, as well as tape cartridges, so you can be assured that the data was “written once” even if it is later “read many” times (WORM). If you have WORM-enabled tape cartridges or disk volumes, you can write to them all you want, but your options to modify the data are typically relegated to “delete volume.”
How do you assure an auditor that the data within your cloud service has not been tampered with?
You can’t, at least not today. Perhaps the closest thing to that is if your service provider offers a virtualized disk target system via their cloud service, and that target system has an extended-hold feature. Depending on the implementation and the amicability of the auditor, that might pass, but there is another problem.
Most folks, once they clear away fear, uncertainty and doubt about tapes being fragile and slow, just want out of the tape management (Opex) burden. If you don’t want to manage your tape inventory, handle off-site tape storage or perform periodic maintenance on tape drives, there are some great services for that. And if you outsource the tape management for a few years and then decide to change managed services or bring the tapes back on-site, you can do that. The tapes, in their pristine original state, are returned to be stored however you like throughout their lifecycle.
What do you do if you want to switch clouds after three years, but your data has to be stored for seven?
You can’t pull back three years of iterations from a cloud provider without an inordinate amount of effort and expense (with most products). So you will likely have “cloud lock-in,” whereby if you are going to stop using tape for long-term retention, you must commit to that cloud provider for the seven-year term so the data is pristine within the cloud storage. If you later choose to change cloud providers, you will either be invalidating the older copies (no longer have seven defensible years of data) or you will have to leave the old data with the original cloud provider until it ages out, while protecting your newer data with the new cloud provider. Since much of the data set will be similar to what it was last week with the old provider, this will likely double your storage footprint until the older data ages out of the original provider.
There are some exceptions. If the service provider has the ability to export your entire data set into a secure disk appliance or other repository that can be assured to be unscathed, you have more options. If your cloud serviceprovider stores your data on tapes for long-term retention, you have options when it comes to developing a data protection plan. If you believe your organization can store long-term data more effectively in the cloud than on tapes, be sure your auditors and legal department agree with your retention strategy before you throw those tape drives away.
[Originally posted on TechTarget as a recurring columnist]