As part of the modernization of their IT environments, more and more companies’ cloud-based services instead of or in addition to the conventional servers in their data centers – a transformation with far-reaching implications for the backup strategy.
“As a result of the corona pandemic, companies have significantly accelerated the modernization of their IT environments but should not neglect the backup of data in the cloud. In an interview, the Cloud Protection Trends Report 2021 shows that companies react quite differently to the challenges of backing up data in the cloud,”
Accelerated Cloud Usage
The backup specialist Veeam shows that the number of physical servers in IT infrastructures is continuously decreasing. The proportion of virtual servers remains largely the same. By contrast, servers hosted in the cloud will account for almost half of all servers by 2023.
However, the use of the cloud is seen in addition to the on-premises solutions. The idea that companies are in a transformation phase, i.e., out of the old data center and into the new, cloud-based world, does not correspond to reality. Cloud resources are built up but operated and what is already available in the classic data center. Businesses are not on their way to the cloud; the cloud is another resource.
Companies used to have a data center in the basement and perhaps a second a few kilometers away. Today you still have it, but also Software-as-a-Service (SaaS) for Microsoft 365 (formerly Office 365), Salesforce or Workday, plus native cloud applications and web services hosted by a hyperscale, and much more. The data center thus spreads over various platforms, and potential vectors of incidence lurk everywhere. However, there is still no single solution for backups across all platforms.
If you take a closer look at the workloads migrated to the cloud in the report, 62 percent of the servers hosted in the cloud were migrated from the local data center, whereas 40 percent were already created in the cloud. This underlines the cloud-first strategy of many companies.
Responsibility For The Backups
In production environments, the question arises of where the data backup system is located. Every larger company has a central IT team. However, responsibility is increasingly shifting to the area of application managers and administrators. The data protection team in the central IT department used to be responsible for all backups, but the move to the cloud has reshuffled the cards.
In a migration, physical or virtual, Infrastructure-as-a-Service (IaaS) or Platform-as-a-Service (PaaS) is usually used. It is clear to everyone here that if they operate a virtual machine at AWS, for example, the data belongs to them, and the data backup is up to them as the user of this platform.
But in many cases, this is not so clear. At AWS, for example, there are a cloud-native databases or web applications that only provide an API. The business application is then developed on this API. Here it is sometimes unclear who is ultimately responsible for the data that is located within the platform.
Office data must also be protected. It is a fallacy to assume that Microsoft will take care of backing up your data. Regardless of how your data is hosted in the cloud, your data remains.
Disaster Recovery In Cloud-Based Infrastructures
According to the report, 80 percent of companies use the cloud as part of their backup strategy. The first step is usually to outsource non-productive data to the cloud. This is followed by cloud-based infrastructures that can also be used in failover scenarios. Disaster-Recovery-as-a-Service (DRaaS) is becoming increasingly important.
Often, it’s not a major ransomware attack that cripples a company’s IT. Most of the time, it is a matter of small and medium-sized disasters such as faulty configuration or hardware failure. In the trend report, 40 percent of decision-makers state that their company uses on-premises recovery. The data is in the cloud, but the compute resources are in the local data center. 25 percent rely on restoration in the data center. The data is stored externally and must be transferred to the local environment. 32 percent rely on recovery in the cloud, of which 12 percent take the silver bullet: a recovery in the cloud, with preconfigured servers and network systems enabling operations of all necessary components to be resumed quickly. Basically: The more cloud, the faster the company will be back online.
SaaS And Backups
In the future, there will hardly be any internal services in many companies. E-mail runs via Microsoft 365, vacation requests via Workday, SaaS is on the advance everywhere, additionally fueled by the Covid crisis and the trend towards home offices, remote workplaces, and online conferences.
The question to be answered is who is responsible for which data. Microsoft calls this shared responsibility. Too many companies still believe that the native features of Microsoft 365 offer adequate protection and therefore do not need to back up data separately. But the responsibility of the platform operator ends where the integrity of the data is concerned; he only guarantees access. The General Data Protection Regulation (GDPR) has clear requirements here. A proliferation of responsibilities can also hurt audits and certifications. Therefore, a pragmatic solution is recommended: Those who are responsible for Microsoft 365 as an application also take care of the backups.
Backup Of Data In Containers
When it comes to containers, the question arises as to whether they need to be secured at all. Because the basic idea of containers is that they are easy to replace. If you lose one, you deploy a new one, and the whole thing is up and running again. But the applications in the containers work with data.
Containers were originally programmed stateless, which corresponds to their portable, flexible nature. With the increasing spread of containers, however, one began to containerize applications (stateful), i.e. to develop them from the ground up for execution in containers. The persistent data in these container applications must also be backed up. With the increasing use of containers, the topic of backup will become even more relevant.
In a nutshell: Companies must flexibly protect their data regardless of the storage location, hypervisor, or the respective application. Depending on the extent to which companies have already introduced cloud solutions, they take different positions on how and by whom productive data must be backed up in cloud environments.
Also Read:4 Best Practices For IP Protection & Know About Pirated Software