Continuous data protection (CDP) emerged a few years back and was heralded for its ability to restore data to any point in time. However, adoption was slow and many CDP vendors went out of business or were bought up. Today, CDP soldiers on and for some shops, it can be invaluable. Kevin Beaver, independent information security consultant with Principle Logic LLC, discusses CDP and disaster recovery in this Q&A. His answers are available as an MP3 below.
Table of contents:
>> How can CDP benefit disaster recovery?
>> Can CDP make disaster recovery testing easier?
>> What is the difference between real CDP and near CDP?
>> What questions should people ask prospective vendors when considering a CDP product?
The essence of CDP is being able to recover to any specific point in time when there is a problem such as data corruption, accidental deletion or a disaster -- fire, flood, earthquake, terrorist attack, etc. Continuous data protection provides businesses with a great way to recover from unexpected events. It's a technology that can help you with procedures and take the pain out of the process if you have the resources to justify investing in it and maintaining it long-term.
Yes, continuous data protection can make disaster recovery testing easier. I see a lot of companies with pretty well-documented disaster recovery plans, but they've never actually tested their plan. A lot of people find out the hard way that "hope" is not a strategy. With CDP, testing can be carried out relatively quickly. So, it's easy to know if that portion of your disaster recovery plan does or does not work.
You are going to have the right CDP technology in place on the right systems. And, you'll want to create a test environment, so there is no impact on production data. But, it's all pretty straightforward. CDP isn't going to get you better test results, but it can streamline the process. That could be a motivating factor in encouraging people to test their disaster recovery plan.
Near CDP creates snapshots or shadow copies of data every so often and allows you to restore everything up to that last snapshot -- usually every hour. Real CDP captures changes in real-time. So if you have little to no tolerance for data loss, then real CDP is the only way to go. But, if you have some flexibility, or you don't have the budget, or if you have less administrative resources to maintain such a system, near CDP is probably going to be good enough.
You need to conduct a business impact analysis to determine where your critical data is, how it's at risk, and how long you can go without it. Then you can come up with a recovery time objective (RTO).
It's going to depend on your specific needs -- your compliance requirements, your recovery time objectives, etc. But there are some things that you are definitely going to want to ask:
- What does your product do that competing products don't? Find out why the product is different.
- How will your product save me time, effort and money?
- Why is your product a good fit for my environment?
- Ask for references in your industry. Call these people up and talk to them.
Don't just ask what's good about the product, ask what's wrong with it. Ask what they would do differently if they could.
This was first published in April 2010