5 Tips to Slay the Cloud Disaster Recovery Dragon

5 Tips to Slay the Cloud Disaster Recovery Dragon BUILD YOUR CLOUD DR CONFIDENCE AND CONTROL IT organizations are choosing the cloud to harness the never-ending onslaught of data coming at them, from sales to social media. Storing data in the cloud, along with virtualized datacenters, is becoming a far more common practice as the cloud offers elastic storage capacity, giving IT more freedom in moving workloads and eliminating operational waste. While the cloud is less of an esoteric concept now, what has not gotten the attention it should is data recovery. That’s scary, considering the incidence of company data breaches is on the rise, with the number of incidents increasing 40% in 2016, year over year.1 Cloud-based disaster recovery (DR) is the next hill for IT to take, the next frontier to conquer. It’s time for IT to take the reins and deliver cloud DR that can provide a stronger offense against cyberattacks through better visibility, tighter security and cross-platform management.

1 Bloomberg Technology, “2016 was a Record Year for Data Breaches,” January 19, 2017

Remember when you thought ‘the cloud’ was really edgy, ahead of the curve? Apple did television commercials for phones using the cloud. ‘Smartphone’ was a catchphrase. Ah, the good old days. Now the cloud has evolved from a cool user app mentality to becoming a fundamental part of how businesses store and retrieve data, and deploy applications. In particular, businesses are using the public cloud to move data and apps quickly, using dominant cloud providers such as Amazon Web Services. A Forrester report estimates the global public cloud market to grow at a 22% CAGR, and to exceed $146 billion in 2017, a big jump from $87 million just two years earlier.2 Whether an organization deploys the public cloud to move and store data, its own purpose-built private cloud, or a hybrid combination, one commonality that exists is the need to secure the data. Organizations must also have thorough visibility into the repository and be able to effectively recover critical data from the cloud should a disruptive event occur. Moving the organization from its current ‘we love data in the cloud’ premise to a more fully enveloped strategy that includes cloud DR, and getting buy-in from the C-suite, takes a controlled approach. Being a perfectionist, and aggressive in getting the needed tools, is what it takes to deliver a highly secure, reliable DR solution. Tip #1: Get a Management Reality Check. The IT team is well aware of the need for reliable DR but the C-suite may be more focused on workload increases and storage capacity than disaster recovery scenarios. This is the time to lean on the C-suite for detailed information that will help set overall objectives for recovery, and will indicate their level of buy-in for enhancing cloud DR. Questions can include: • How is the C-suite envisioning use of the cloud over the next 1-2 years? • Does the C-suite believe cloud deployment to date has lived up to its expectations? • What is the projected business growth of the organization over the next 1-2 years? • Given this anticipated growth curve is there budget considerations in place for increased workloads, for stepped up security for critical data and applications? • Is there sufficient awareness of the need to retire more legacy systems for cost effectiveness, and migrate more functionality, such as disaster recovery, to the cloud? • Does the C-suite have a clear understanding of the elements of cloud DR versus on-premises backup and recovery? Don’t be surprised if these answers are not as satisfactory as one would wish. How many C-suite executives really spend time thinking about DR? It is incumbent upon IT to connect the dots between data storage and recovery in the cloud and what IT needs to provide a cloud DR service that ensures business continuity for the organization.

2

2 CIO.com, 6 Trends that will shape cloud computing in 2017, November, 2016

Cloud security spending increased for 48 percent of the companies in the past year, while the IT security budget for other security activities remained the same. SC MAGAZINE February 2017

As one published article notes, it’s smarter for IT to make a business value case for cloud expenditures and investment than to fall into the trap of debating CAPEX versus OPEX.3 The C-suite needs to see cloud investment, DR included, as supportive of their larger goals of growth, of digital transformation and market competitiveness. Tip #2: It’s Right to Feel Insecure about Security. Risk mitigation is one of the stickiest issues in migrating workloads to the cloud. Often colleagues may assume anything living in the cloud is getting advanced data protection, and easily recoverable should a disruptive event occurs. It is not the case. Here’s a cautionary item: In published reports, Bitdefender said its security study4 showed one third of companies in the U.S. were breached in 2016, and almost 75% of those targeted were unaware of how the incident occurred. It’s good to remember data is the lifeblood that feeds cybercriminals, and clearly organizations are not yet winning the war against cyberattacks. The report5 notes that cloud security spending is on the increase but about one third of the companies say they need more budget to deliver efficient IT security. ‘This is mainly because migrating information from traditional data centers to a cloud infrastructure has significantly increased companies’ attackable surface, bringing new threats and more worries to CIO offices regarding the safety of their data. From the total base of the IT decision makers, they say only 64% of cyberattacks can be stopped, detected or prevented with the current resources, on average,’ the report states.

5 Benefits of Disaster Recovery in the Cloud Read why the cloud is ideally suited to support disaster recovery operations.

http://bit.ly/1DQ0XSQ

Against this landscape, a few key items to consider for cloud DR: • Can the organization verify that workloads deployed on cloud infrastructures are protected by a true backup solution? Some organizations believe simple replication across availability zones is the same thing as backup. • Are 2nd and 3rd tier workloads moving to the cloud securely managed by a disaster recovery solution? Failure to look beyond Tier 1 workloads creates a potential risk exposure issue and/or a compliance violation. • Is IT fulfilling SLA requirements for backup and recovery regardless of infrastructure – including all cloud workloads?

GETTING BETTER CONTROL Adequate investment in cloud security is the first step. IT can provide a more confident, reliable cloud DR service, be in greater control of workload protection, and gain more traction with the C-suite, by incorporating these three additional best practices: Tip #3: Your Data is Restless. Help it Move. Complete data and workload portability is essential since IT needs to be able to move workloads to, from, and within clouds, regardless of the data’s origin. Should IT need to quickly implement cloud DR, this portability ensures workflow will continue. IT therefore can automatically provision the required compute nodes and recover data sets in a public cloud infrastructure, ensuring 3 SearchCIO/Tech Target, the value of cloud computing to the C-suite, January, 2017 4 SC Magazine, One third of U.S. companies breached last year, study, February, 2017 5 Bitdefender, Virtualization makes CIOs role key

3

business continuity. The portability must include migration and recovery between AWS, VMware, Hyper-V, and Azure to have sufficient crossplatform recovery capabilities. Tip #4: Be a Know-it-All. Cloud DR control means having comprehensive visibility into all cloud-related digital assets. This is possible with an advanced centralized management solution that will give IT the ability to not only move workloads according to priority, but also ensure critical workloads get priority in disaster recovery. Since organizations often have a combination of on-premises, hybrid and public cloud data locations, operational and recovery management through a central portal is a must-have to provide efficiency and business continuity. Tip #5: Move it (Fast) or Lose It! The organization’s expectation is that cloud DR should be rapid, reliable and ready to deliver the critical data sets and applications needed to perform business operations. So what does ‘rapid’ mean? Working with the IT and executive teams, IT cloud architects and managers can set recovery time objectives (RTO) for business-critical applications such as email and CRM. These RTO’s should fulfill SLA’s and include Tier 2 and 3 workloads as well as Tier 1, to mitigate further security and compliance risks.

BECOME A CLOUD DR DRAGON SLAYER In a lovely Disney cartoon, organizations would embrace the cloud for its elasticity, its inherent harmony with the world of virtualization and its fit with modern IoT culture. There would be no cyberattacks, or if there were, an attractive dragon slayer would fight the beast and the world would be safe. But the real world is a far more threatened environment and IT has the daunting task of employing the cloud for all its operational advantages, and at the same time, being the dragon slayer! Putting these five control tips into practice is a good start in delivering a solid, reliable DR strategy.

Develop the best cloud disaster recovery strategy to support your enterprise. Visit commvault.com/cloud.

© 2017 Commvault Systems, Inc. All rights reserved. Commvault, Commvault and logo, the “C hexagon” logo, Commvault Systems, Commvault OnePass, CommServe, CommCell, IntelliSnap, Commvault Edge, and Edge Drive, are trademarks or registered trademarks of Commvault Systems, Inc. All other third party brands, products, service names, trademarks, or registered service marks are the property of and used to identify the products or services of their respective owners. All specifications are subject to change without notice.

COMMVAULT.COM | 888.746.3849 | [email protected] © 2017 COMMVAULT SYSTEMS, INC. ALL RIGHTS RESERVED.