Disasters are on the rise, and today’s enterprise IT organizations must be better prepared for unpredictable disruptions than they were a decade ago. In 2023, the U.S. experienced more billion-dollar climate disasters than ever before, with damages estimated at $92 billion, according to NOAA. Additionally, man-made disasters, particularly sophisticated ransomware attacks, are becoming increasingly common. Geopolitical tensions are also putting immense pressure on urban infrastructure.
These factors have contributed to a higher-risk business landscape. Data is arguably an organization’s most valuable asset, and safeguarding it from various threats is becoming increasingly complex. Failure to protect this data can lead to catastrophic consequences, eroding customer trust and resulting in significant revenue losses.
Many businesses still rely on traditional enterprise data protection strategies, such as scheduled backups and disaster recovery (DR) plans involving remote data replication. However, these methods are no longer sufficient. The increased frequency and severity of disasters, along with the rapid growth of data, have created a perfect storm. Is your organization prepared for the next major challenge?
Review the myriad of issues that enterprises now face, all of which threaten data assets and business viability:
- Most of our data – up to 90% by some estimates – is unstructured. These are large files of diverse types ranging from chat files to IoT and instrument data to video, audio and user documents spread among many different data silos. Today’s data is therefore harder and more expensive to corral, store and protect in a sustainable way.
- Data protection costs are ballooning relative to budgets. Unstructured data is often very large and diverse. Imagine how large a movie file can get—or an X-ray. Protecting this data means making many copies, which can get intolerably costly. Unstructured data is doubling every two years, but storage budgets remain flat.
- Backups aren’t foolproof for disaster recovery. Backups often keep snapshots of data at different points in time so that if there is some data loss such as a user accidentally deleting a file, you can recover it. This is different from disaster recovery which requires a quick restore of large data estates, not just a few files, in the event of a site-wide disaster such as a tsunami or an earthquake. Recovering large amounts of data from backups can take a long time. Also, backups do not protect from threats like ransomware since they are often incremental; corruption on the source propagates before it gets detected, thus infecting the backup as well. For these reasons, organizations need a separate DR strategy with its own data copy independent of backups.
- DR (aka replication and backups) is too expensive on all data given the size of data in most organizations. Midsize to large companies today have petabytes of data in storage. Traditional disaster recovery strategies involved creating an identical mirror of the storage architecture in a remote site. This like-for-like replication was fine when data volumes were small– but no longer.
- DR strategies are inadequate due to cyberthreats like ransom attacks. Because of the expense of identical mirroring, some organizations are replicating just the critical data which is often 20% or less of the total data estate. This wide gap in protection opens up heightened risks from ransomware villains and other malicious actors.
- Cloud DR is a missed opportunity still, because if companies use storage technologies that must do like-to-like replication to identical technology then they can’t leverage the cost-effective and easy-to-provision benefits of cloud storage.
Questions to Help You Adopt a More Cost-Effective DR Strategy
A better way to approach disaster recovery in an age of petabyte-level data environments is not to pick and choose which data sets to protect, but to right-size your strategy.
Do you have a data retention or deletion strategy?
If not, it might be time to create these policies which will vary from department to department and sometimes by data type.
Who are the stakeholders involved in evolving your disaster recovery strategy?
You may need to revise your organization’s DR objectives and budgets. This involves discussions with Legal, IT, Finance and CISO/Governance and Risk officers. Showing reports on how much data your organization has, how much of it is mission critical, how much is less critical, how much is hot and active, how much is cold, and how fast data is growing are all important factors in creating a plan. Also, consider whether the DR site should now be the cloud and not another datacenter.
Can obsolete data be proactively identified and deleted?
Many organizations don’t have any policies, which means that data never gets deleted. That is not sustainable. Low-hanging fruit for data deletion is duplicate data and orphaned data – or non-critical data owned by ex-employees. Keep in mind that by undergoing a data cleanup exercise you will lower your overall risk by reducing the footprint of data potentially exposed to cyber hackers. This of course also saves on the overall data storage budget, which includes backups and disaster recovery. Data management tools that discover and confine data eligible for deletion can speed up and automate this process.
Can you develop a tiered DR strategy?
Consider segregating less critical data and replicating it to a lower-cost disaster recovery location such as cloud object storage. You can still recover this data if needed during a disaster, but you don’t need instant access with high performance. Generally, this “cold” data makes up at least 80% of all data. Therefore, you can preserve budget for high-performing storage resources to handle the remaining 20% of data which needs rapid recovery and access.
Data protection doesn’t stop with backups. Understanding your data estate and developing a disaster recovery strategy that protects your data against both natural disasters and ransomware attacks in a way that is cost-effective and sustainable is core to cybersecurity and business continuity requirements today.