Additionally, as businesses become more global, heterogeneous in nature, and require 24x7 availability – downtime is not tolerated.  Therefore, we have seen a shift from tape to disk as the ‘center of gravity.’  In many ways this shift really parallels the shift among consumers from VCRs to DVD players to DVRs.  Users will also turn to Software-as-a-Service (SaaS) and ‘backup in the cloud’ technologies in order to protect data in today’s business environment.  Whatever the approach, data protection will need to stay on IT’s priority list.  Next Generation Data Protection technologies that are complete, powered by disk and centered around recovery will enable users to keep up with the growing demands.

DCJ: How has the data protection landscape changed over the past five years?

Mohan: During my 15 years in this industry, I have seen several distinct phases of backup and recovery.  Fifteen years ago, data protection was primarily about how fast you could ‘spin tape.’  Data was backed up to tape and sent to a central location.  About five or six years ago, there was a turning point when Virtual Tape Libraries (VTLs) were introduced into the market to improve performance of the backup and recovery process.  VTLs are disk arrays which emulate tape drives, media and libraries, which was a great idea when backup software only knew how to communicate with tape.  Over the past five years, there has been a dramatic shift to disk-based data protection. 

DCJ: Have most organizations made that shift, or are there some that lag behind?

Mohan: For the most part, companies are moving past tape technologies, but there are some organizations that continue to purchase and use VTL-based solutions.  We are making the transition to next-generation disk-based technologies with many of our customers right now. The shift has been accelerated for many customers for the following reasons:
• Transparency & regulation requirements: If data is lost (particularly customer data), the law in many states requires full disclosure.  So the ability of the IT staff to implement proper data protection policies becomes public information. Similarly, many public organizations must comply with strict regulations often enforced by outside auditors and agencies.
• Service Level Agreements (SLAs): SLAs have become increasingly stringent.  Five years ago it was acceptable to recover data within a day or two of the request.  Now, data must be recovered within hours at a minimum – and quite often within minutes.

DCJ: What do you anticipate the next five years will bring in terms of data protection technologies and innovation? Similarly, what are the trends you are predicting over the next five years will bring in terms of technology and innovation?

Mohan: It is likely that several trends will continue with regard to the typical customer’s environment over the next five years.  First, there will be more platforms, applications, servers, virtual servers, and databases.  What’s more, they will be spread out globally, heterogeneous in nature, and they will need to be available 24x7.  Because of strict recovery time objectives (RTOs), customers will move to a complete adoption of disk.  At the same time, we will begin to see another shift with data protection as more users adopt Software-as-a-Service (SaaS) and ‘backup in to the cloud’ technologies.  These technologies are the next step in protecting global data across a highly distributed IT environment. 

DCJ: What are some key points that IT operations overlook when it comes to data storage security?

Mohan: Any good strategy for data storage protection includes a strategic balance between information availability and information security – and the ability to make an informed decision about the trade-off.  Companies that take advantage of Symantec’s data loss risk assessment to discover how and where their most important, confidential information is being used are frequently surprised at the gaps in their storage security.  For most organizations, it starts with knowing where the most important information is actually being stored. Then they should consider the four key ways data can be compromised: malicious attacks, human error, infrastructure failures and natural disasters.  A good strategy for effective storage security should take all of these risks into consideration.  For example: Consider the practice of sending tapes to an offsite vault.  There is a risk of losing tapes which is often overlooked.  It can be mitigated by encrypting the tapes or using replication techniques to a remote data center.

DCJ: Data backup over the cloud appears to be gaining popularity with SMB’s – Do you have any advice for SMB’s regarding security when conducting backup online?

Mohan: Backup to the cloud is a good option for our SMB customers.  It can be a reliable and cost effective method to protect their data.  Customers should start by comparing the amount of data they will be backing up with the Internet bandwidth at your locations. Many SMBs have broadband access that limits uploads to 256-512Kbits/sec. That means it may take a lot longer to backup and recover information than most SMBs plan for, versus the other option of backing up on-site and then sending a tape or disk offsite. Users should balance this against the typical cost savings that online backup typically offers versus tape vaulting. 

Disaster recovery is another important consideration.  What if there is a need to replace a disk drive and rebuild the entire system?   How much time and how many steps would it take to rebuild the system?

When online backup does make sense, it is important to consider the stability and financial strength of the provider. Customers should consider whether the provider operates certified, redundant data centers manned by experts.

Finally, organizations should work with a provider that fully encrypts data in transit and in storage, and that provides a private encryption passphrase.  This may be secured by an independent third-party provider, guaranteeing that data is only accessible by the customer.

DCJ: How integral is encryption to storage security?

Mohan: It can be difficult to justify the additional operational complexity and cost of encrypting storage.  In addition to ensuring that all critical data is encrypted, organizations should have rigorous key management policies in place to avoid the risk of losing data.   Having good intelligence and data classification is important.  Using storage resource management (SRM) and data loss prevention (DLP) tools can identify the most vulnerable data.  This data should be encrypted, especially as it travels offsite to remote data centers or tapes.

DCJ: What recommendations do you have when it comes to storage area network encryption?

Mohan: The most important aspect of SAN encryption is a rock solid key management strategy in order to prevent data loss. While key management continues to mature, organizations need to have confidence in their ability to effectively manage keys at a reasonable cost.  There’s a rather consistent and strong desire to avoid encrypting data at rest unless there’s a clear risk that justifies it. The most significant exception to this is the encryption of tape. Organizations should encrypt tapes that are being sent offsite and even those that remain onsite,  depending on the physical security of the tape storage location.

DCJ: How will the data protection trends over the next five years differ for the small business, mid-market, and the enterprise?

Mohan: For SMBs, the most significant priority is simplicity.  Most small businesses simply don’t have the staff or the expertise to spend time managing data protection.  For this reason, backup in to the cloud and SaaS will become increasingly popular.  Technologies like off-site vaulting will enable SMBs to backup data and send it to a technology partner’s data center.  SaaS offerings will also appeal to SMBs that lack a local infrastructure because they can easily partner with a third-party provider to protect data and servers.

For the mid-market and enterprise customer, customization and central management will become the most significant priorities.  Enterprises need central management to protect their diverse set of applications and infrastructure.  Furthermore, enterprises have identified a more stringent need to protect desktops and laptops.  Most mid-market and enterprise organizations have employees working from home, from the road, and from remote locations, and often these desktops and laptops are not adequately protected.  The second priority for enterprises is customization in order to implement backup strategies for each application and treat them differently based on SLAs.

DCJ: What are the top three drivers contributing to the tremendous data growth we are experiencing?  Will this level out over the next few years, or continue to increase?

Mohan: To answer this question, we just need to consider how our daily lives have changed.  Everything we do now is online.  All traditional forms of communication have gone electronic and we are storing much of it because of government regulation.  This trend is consistent in mature economies throughout the world.

At the same time, there are new economies throughout the world that are moving to an online world by digitizing and storing more data online.

Finally, in the business world, smaller companies are increasingly connected to big companies and need to communicate across email, SharePoint, Web servers, and other collaboration tools.

All of these drivers equate to approximately 50 to 60 percent growth in data each year.  When you consider that much of this data is stored and needs to be protected, you can see how data protection will continue to challenge many organizations. 

DCJ: What are the biggest gaps in data protection today?  What do typical IT organizations fail to consider when protecting their data? 

Mohan: There are gaps in data protection across all market segments starting with the home user.  The typical home user does not have a strategy in place for protecting their data.  At the same time, the home PC is home to more important information (financial information, pictures, music, etc).  The first step with consumers is awareness.  More and more end users are beginning to realize how much important and valuable data is stored on their home PC, but many aren’t taking the steps to back up that data yet. 

Similarly, the typical small business, such as a doctor’s office, lawyer, or accounting firm, often does not have a knowledgeable IT person overseeing data protection.  Or, if they do get set up with a backup strategy, they don’t have a process to regularly test data backup and recovery and ensure the appropriate process is in place. 

For enterprise customers, the increasing complexity of data that needs to be protected, along with the distributed and heterogeneous nature of data and applications, makes it easy for something to ‘fall through the cracks’ of a data protection strategy.  Enterprises are also dealing with increasing storage, power and cooling costs and cannot afford to continue to add hardware, tape arrays, and disk arrays.  Newer technologies like data deduplication and continuous data protection (CDP) are potential solutions that enable enterprises to get more intelligent about protecting distributed data. 

Traditional (tape-centric) data protection technologies try to “funnel” a large amount of data to a single storage device (Tape or VTL).  Today, customers have a large amount of mission critical 24x7 applications that are highly distributed.  Next generation data protection technologies allow users to manage this data from a single platform, reducing the total cost of ownership. 

DCJ: How have stringent SLAs driven data protection technology innovation? 

Mohan: SLAs are tighter and stricter for the typical large enterprise organization.  Often, these organizations must achieve 99 percent success rates for backup data.  The typical enterprise simply cannot afford to have any downtime and can’t lose even an hour’s worth of transactions.  SLAs ultimately drive customers to shrink backup windows and ensure immediate data recovery.  These requirements often force customers to prioritize new products and technologies based on what will enable them to continue to meet strict SLAs, as well as to implement a tiering strategy for applications and servers in order to determine where the most mission-critical data resides. 

DCJ: How does data protection technologies help IT organizations become more efficient and reduce complexity as their IT budgets and resources are shrinking in today’s economy?

Mohan: As IT infrastructures and data centers become more complex, data protection needs to become simpler to manage the complexity.  In other words, as the data users are protecting become more different, the data protection solution needs to examine everything in the same way.  The best way to manage data protection is to categorize things into simpler forms – whether it’s an application, database, server, disk, tape, or networks, it all produces one thing, data.  That data should be managed from a single pane of glass. 

Often, organizations implement single point products to address each individual data protection challenge.  The result is often a proliferation of tools that ultimately increase the cost of management.  Data protection should work across a wide variety of platforms, should handle disk, tape, and virtual machines, and should adapt as the infrastructure changes. 

DCJ: What are Symantec’s plans to continue to innovate, etc?

Mohan: With Symantec’s leadership and market share, we are uniquely enabled to make significant investments in research and development to bring the latest technologies that meet our customers’ needs for securing and managing their information.

Symantec will continue to deliver solutions that provide complete protection, powered by disk and centered around recovery to help our customers – SMBs to large enterprises – take data protection to the next level.

Comments (0)

Subscribe to this comment's feed