The first thing to agree on in data protection modernization

There are many fundamental debates in data protection:

  • Disk vs. tape vs. cloud
  • Backups vs. snapshots vs. replication
  • Centralized backup of ROBO’s vs. autonomous backups vs. cloud-BaaS solutions
  • Unified data protection vs. workload-specific (e.g. VM/database) methods

On any given day, I could argue on either side of any one of them (for fun) in which I adamantly insist that these choices are not mutually exclusive nor definitively decidable with a unilateral best choice. Candidly, every one of those choices is best resolved somewhere with, “it depends”, and usually the right answer is, “and, not or.”

There truly is only one argument that really does require definitive alignment and consensus on when discussing data protection modernization: “what are we solving for?

But as it turns out, even that simple question is often in stark disagreement, depending on who you talk to in the organization between IT professionals responsible for data protection, IT professionals responsible for production workloads, and IT and corporate leadership executives. Here’s a video to try to clear the confusion:

Fundamentally, if those that are implementing and those that are paying for (and depending on) any aspect of IT do not agree, neither side is likely to be satisfied. And frankly, the broader organization suffers in that scenario.

In the case of data protection, if executive leaders are looking for increased reliability or speed, it is a safe bet that they don’t believe that the current solution is reliable or fast enough. But if IT implementers are instead focused on operational or functional scenarios, this can be lost. More importantly, if IT implementers bring up new functionality through purchase requests, but the new solution doesn’t also assure increased reliability, agility or speed (what the executives want to pay for), then the entire project likely fails — if it is even purchased at all.

At the end of the day, the argument, “what implementers need vs. what executives want” turns out to be just like the other great data protection debates listed above. The right answer is and, not or. But until all of the stakeholders align on that, the technology decisions are irrelevant.


Video transcript:

Woman: The following is an ESG video blog.

Jason: Hi, I’m Jason Buffington. I’m the Senior Analyst at ESG covering data protection. One aspect of IT that everybody seems to agree on is we need better data protection. What they don’t always agree on is how, let’s unpack that.

In ESG’s latest annual IT spending intentions report, improving data backup has actually been on the top three for the past four years running. This is not a new struggle, but something folks continue to deal with. It’s also interesting to see not only the tactical side of data protection within the top 10, but also the more strategic side within business continuity and SaaS recovery. Of those same four years, we’ve often seen improving data backup and increasing use of server utilization, either adjacent to each other or within a percentage point. And that last one is a big lesson. When you modernize production, you have to modernize protection. Virtualization’s a great example. SaaS is also a good one. But even just scaling up what you already have will likely show inadequacies in the legacy approaches for data protection use.

Maybe you’ll modernize protection reactively, because your legacy approach is hindering those new production systems. Maybe you’ll modernize production proactively, because you’re smart like that and you understand that evolving production systems will assuredly need better protection than your legacy solution’s provided. But let’s just agree, when you modernize production, you will modernize protection. But how? That is actually the challenge because it turns out that folks are way out of alignment on this.

When ESG looked at what were the top protection challenges that folks were struggling with, we saw the costs, complexity, and workloads as top of mind. But when ESG asked what were the data protection mandates from IT leadership, we saw something much different. Increasing reliability of backups and recoveries, increase the speed and agility of recoveries, increasing the speed and frequency of backups. I’ve never known execs to say that they want something more reliable, unless they thought what they had was unreliable. If they’re asking for more speed and agility for recoveries, it’s a safe bet they believe recoveries are not fast enough or agile enough today. Same thing with speed and frequency of backups.

But the funny thing is those IT mandates for better data protection, don’t seem to be addressing what we saw with what the implementers were struggling with. And there’s more. When IT professionals were asked what were the top considerations for choosing a new backup vendor, we see encryption and cloud and TCO and solution scenarios again. Those are all good things, but they don’t align with what IT leadership wants – reliability and agility. All of those costs savings and security enhancements don’t count if you can’t restore your data.

So here are three things that I hope you do after this video. Plan for a hybrid approach to data protection. Data protection is more than a synonym for backup because backup alone isn’t enough. To accommodate the kind of agility the business units need, you really ought to be complementing your backups with snapshots, and replication, and probably also archiving for long-term retention and grooming-off that stagnant data.

Number two, spend more time in a conference room than you do staring in a backup UI dashboard. You got to talk to these other groups and get aligned. The gaps I shared earlier are just between data protection professionals and IT leadership. Add in some DBAs, some V-Admins, legal and compliance, IT operations, and a few business unit owners who rely on the data, you hopefully get my point. Spend more time in a conference room talking and listening about data protection.

And number three, balance operational and economic goals against the business unit’s IT dependency. That’s a fancy way of saying the cost of the solution should not be more than the business impact of the problem. And when you take a real look at the business units, you’ll find that not everyone has the same, or needs the same SOAs. Not everyone’s data should only be on disk. In fact, if you take a fresh look you’ll see where tape fits, where cloud fits, which clouds or not, etc.

In retrospect, I probably gave those to you in the wrong order. Start with understanding the needs of the business units and the platform owners. See how you already are going to be in the conference room more? Then, go to a different conference room with the other tech folks to figure out how you’re going to deliver the levels of IT resiliency the business users are asking for. And then, and only then, are you really ready to start looking at the technologies that you’ll need.

[Originally blogged via ESG’s Technical]

Leave a Reply