Those new to cloud data recovery can often jump on the cloud bandwagon without really thinking through the tough...
questions. Administrators need to work out what percentage of data they will need to realistically pull back on a regular or nonregular basis.
It's vital for an organization to understand what it can afford balanced against what it desires. Important questions include: How quickly does the administrator need to be in a recovered state within the cloud? Who makes the decision as to which applications are key? The first part of the answer here is marking the applications according to importance. Then, it comes down to working with the cloud data recovery service or technology vendor to meet the required recovery time objective.
At this point, the adage of "quick, cheap, reliable; pick two" has never been more apt. While most vendors don't charge for data ingress (uploading to the cloud), users will pay through the nose for egress -- hence the importance of understanding how much data will be pulled back on a regular basis.
In addition to the cost of pulling the data out for a DR scenario, migrating data to another cloud platform will be equally cost-prohibitive, especially considering the scale of data to be migrated.
Granularity and security
It is also quite important to realize that restoring from cloud should be available on a granular level. No administrator wants to pull back tens of gigabytes of virtual machine (VM) files (at a significant cost) for a single file or small number of files. Most cloud DR vendors do allow this, but any company considering cloud data recovery needs to ensure this is available as standard.
A more intelligent solution would be to have a hybrid backup platform whereby on-site tape/disk backup is utilized for run-of-the-mill, low-importance data recovery, but when there is a full-on DR scenario, failing into the cloud, with all a company's resources, is a winning scenario.
Doing it this way allows a company to reduce costs, while still retaining the ability to fail over in a true DR scenario. Alongside this, another pertinent question is which machines need cloud data recovery resources.
Depending on location, another factor that has come into play is the General Data Protection Regulation (GDPR) legislation. Being able to manage all this information at a granular level is essential.
Alongside the requirement for data to be accessible, the company in question is also liable for the security of all information related to GDPR.
With all this data and the requirements to keep GDPR data encrypted, security should be at the top of any cloud recovery plan. All of the information, VMs and so on need to be encrypted at rest. Ensure that any promises around this are not only tested but included in the legal documents that will be signed to use such a service. Pro tip: Don't try to roll your own. The administrator's time is worth more than trying to create an internal fix solution on the cheap internally.
In summary, before even approaching a cloud data recovery vendor, sit down and work out:
- what is to be protected;
- how vital that data is;
- how quickly that data recovery is required to be; and
- how it is to be secured.