Bring Data Governance To Your Cloud Backup Strategy

By on

Big Data Governance Cloud x300by Jennifer Zaino

In an age of wearable devices, 3-D printing, and social media everything, data backup generally doesn’t get to stand in the technology spotlight. IT leaders feel about it much as consumers feel about insurance policies – we know we need them, but we don’t necessarily have a passionate desire for them.

The topic is starting to generate a little more heat as companies increasingly connect it to the always-cool Cloud, to provide the infrastructure for their backup efforts, both at the server and endpoint level. Global disaster-recovery-as-a-service and Cloud-based business continuity is forecasted to grow from $640.8 million in 2013 to $5.77 billion by 2018, at a CAGR of 55.2%, according to research company MarketsandMarkets:

“Whether for endpoints like laptops, smart phones and tablets or for server backup, the comfort of using the cloud is higher than ever,” says Chandar Venkataraman, Chief Product Officer at data protection vendor Druva. IT leaders “understand the ease of backing up to the cloud without the need for local hardware or an appliance behind the firewall.”

It’s not only the backup medium, but the backup message, that needs to evolve, though. That’s especially true as it relates to the data that resides on enterprise users’ growing array of endpoint devices – many of them owned by the individual rather than the company. “CIOs and IT directors are starting to look at things differently, from a data governance standpoint,” says Venkataraman.

Control Counts

At the end-user level, of course it remains critical to ensure that workers will be able to access the data they need to continue business operations if the device where they’ve stored that information is destroyed in a disaster or otherwise put out of commission. But equally, if not more important, is being able to effectively ward off the potential data breaches that could occur when a user’s mobile device on which sensitive corporate data resides is left on a train or swiped by thieves.

“You want employees to be able to get their data from anywhere but you don’t want someone else accessing it if their laptop is lost or stolen,” Venkataraman says. Especially when employees bring their own devices, it’s important for enterprise IT to have visibility into and policy control over the corporate data that’s on them. To ensure that it is automatically encrypted and backed up to the Cloud, and that, in emergency situations, that data can be remotely wiped off the device without affecting users’ personal information. IT also needs to be able to set policies for data access, so that workers can be authorized to self-restore their corporate information from the cloud to a new mobile device, to be back up and running quickly.

Generally speaking, IT governance control should include authority over all the access policies that will affect the corporate data on end-user devices, preferably with a single console for managing users, policies, and storage across nodes. It’s important to have complete visibility into data for reasons that include satisfying compliance and e-discovery requirements, which can be accomplished if Cloud backup providers offer e-discovery on endpoint data including federated search capabilities across all storage nodes. That way, “you can automatically track and locate any confidential file on any endpoint,” says Venkataraman. Being able to have a record of audit trail of activities also can be important to meeting certain compliance requirements, such as PCI (Payment Card Industry), HIPAA (Health Insurance Portability and Accountability Act) and FISMA (Federal Information Security Management Act) that demand tracking access to sensitive information or network resources or both:

“You have to be absolutely sure that personal information is protected, that IT has   control of who has access to what data, and what kinds of permissions [they’re granted],” he says. “Cloud backup is not just about storage and costs but about all these broad governance capabilities.”

More Keys To Cloud Backup

Providing authorized parties correct visibility into all the data that is stored and shared at the edges of the enterprise is necessary to implement an effective Cloud-based Data Governance and risk management strategy. But, so too is ensuring that the Cloud backup service is capable of appropriately supporting that strategy.

Take the encryption issue. Consider the privacy concerns raised by the National Security Agency (NSA) spying allegations, and the charges that its MUSCULAR data program infiltrated links to Yahoo and Google data centers. According to a survey unveiled this January, sponsored by Peer 1 Hosting, 25 percent of respondents (all IT decision makers who have a primary role in issues related to where their company data is hosted in a geographic sense) said they are moving their data outside the U.S. They named security and data privacy as their top two concerns. Nearly 60 percent said the scandal is making them less likely to use the public Cloud, period.

Such reactions aren’t necessarily beyond the pale. When Cloud backup vendors store their users’ data encryption keys on the Cloud, Venkataraman contends, the risk exists that a federal agency like the NSA could subpoena those keys and that the service provider would have no choice other than to comply. The risk can be eliminated, however, with two-factor encryption. At Druva, for example, data is encrypted with an encryption key uniquely generated for the user and is further encrypted with credentials such as a password that only the user would know – and only the subsequent token is stored on the Cloud:

“The whole thing comes together only when you authenticate with your own password, and only during that session do you have access to your unencrypted data,” he says. “So even if the NSA came knocking on the door we can’t give them anything because that token is useless to anyone [but the customer]. So be sure to look where and how encryption keys are stored.”

Other infrastructure issues should also factor into deliberations, including how the Cloud backup provider has constructed its data center strategy to support data durability. Complete data loss can occur if provisions aren’t in place to handle one of its data center sites going down. Cloud backup providers that use Amazon Web Services as their data center partner have the advantage, he says, of leveraging its concept of multiple regions in the U.S., and multiple availability zones in each one. So, even if two data centers concurrently go down, the data is still intact and available. That’s because the three data centers that comprise each region have a company’s data automatically synchronized across them as it is stored, Venkataraman says. “One way to look at it is to ask is what is the ‘data durability guarantee.’ We use AWS and say you get 99.999999999 percent. That means maybe you’ll lose one block of data every one million years.”

It’s also important for businesses that operate worldwide to discover what a Cloud backup provider’s global data center footprint is. Not only that, “but do they have the same notion of replicated data centers with low latency among them,” he says. Also inquire about the ease with which you can add storage globally to satisfy your need to scale. European Union laws, as well as laws particular to some European countries, for instance, mandate that certain data not cross certain borders, so the Cloud backup provider has to be able to support the addition of storage not only when, but also where, you need it. “There are a lot of stringent requirements around data crossing continental boundaries, and providers need certifications for that,” he says.

Speaking of Cloud storage, it’s also critical that users’ data can get from their machines to Cloud destinations fast. “Reality can hit hard when your users are sending terabytes of data over time,” he says. It is possible, however, to reduce both storage capacity and required bandwidth with client-side data deduplication technologies for transferring and storing only unique data that hasn’t been sent to the Cloud by any your other enterprise’s endpoints.

It comes down, as Venkataraman puts it, to “pushing the backup envelope.” Doing so with the help of the Cloud can bring greater attention to the oft-sidelined technology – and to how IT can best support enterprise compliance, privacy and protection needs as it moves its backup processes to the skies.

Leave a Reply