Compiled by Kiran Kumar, Business analyst at Powerup Cloud Technologies
Contributor Agnel Bankien, Head – Marketing at Powerup Cloud Technologies
DR on-premise versus DR on cloud
Disaster Recovery (DR) is the process of enabling recovery or business continuation of IT functions, systems, and infrastructure performances in case of unforeseen events such as natural disasters, data security breaches, or any other calamity disrupting normal business operations.
It is vital for every organization to have a disaster recovery plan that states the backup and recovery strategies to be taken before, during, and after a disaster in the interest of recovering and safeguarding their business IT infrastructure.
While on-premise servers offer more control, privacy, and offline data access, they are often expensive given the cost incurred from hardware, software, and skilled resources required to run them. Moreover, conventional DR solutions limit scalability and are incompetent in protecting data during a disaster.
Disaster recovery on the cloud takes a completely different approach as the entire server, including the operating systems, applications, patches, and data are encapsulated into a single software bundle or on virtual servers.
Due to the virtual set up, it is regarded as an infrastructure as a service (IaaS) solution where centralized data on the remote cloud server can be backed up to an offsite data center and wheeled around on a virtual host within no time.
However, if the business is heavily invested in on-premise solutions, decision-makers and stakeholders need to arrive at a reasonable basis on when and how to make a shift to the cloud and whether it is truly necessary. Organizations cannot afford to be carried away by the cost-effectiveness and benefits associated with the cloud.
What changes in the cloud?
With cyber-attacks and system failures occurring frequently coupled with the rise in the demand for systematic and cost-effective data recovery and backups, organizations are now more aware and turning to invest in DR on cloud services. Organizations may find on-premise DR as the right fit for some workloads, while cloud DR may be most suitable for others. Both alternatives can be utilized consensually to arrive at the best DR protection solutions. Let us look at some of the most significant benefits offered by cloud disaster recovery:
As virtual setups are hardware-independent, Cloud DR, whether run solely or as a service (DRaaS) makes it easy for critical data and all applications on cloud to be safely and accurately replicated on multiple data centers.
This eminently decreases the recovery time compared to conventional (non-virtualized) disaster recovery methods where usually, servers first need to be loaded with the OS and application software and patched to the last configuration used in production before the data can be restored.
A cloud-based disaster recovery solution also offers increased scalability and flexibility of data while engaging minimum resources to run the setup on the cloud.
Easy and secure deployment
Cloud DR facilitates organizations to configure and build customized architecture as per their business needs. Whether it is the security and control of a private cloud deployment, the cost-effectiveness, and ease of a public cloud, or hybrid, which is the best of both solutions, cloud DR ascertains unique opportunities to transform and secure businesses efficiently and with greater agility.
Faster turnaround time
The periodic online backups between data centers on cloud have almost dispelled the offsite tape backup practices. With the cloud DR taking over, maintaining a cold site disaster recovery facility has also become redundant as a cost-effective backup of critical servers can be spun up in minutes on a shared or private cloud host platform.
Additionally, SAN-to-SAN replication with its centralized repository of archived data helps duplicate data between multiple storage sites and can easily support private cloud environments providing fast recovery times (RTO of 1 hour and RPO of minutes). Conventional DR systems, restrained by their high costs and testing related challenges were unable to facilitate the same.
One of the most stimulating capacities of cloud disaster recovery is the ability to provide multi-site availability.
In case of a disaster, SAN replication not only provides swift failover to the DR site but also capacitates reinstating to the production site once the DR test or disaster event is taken care of.
Reliability and business continuity
Integrated backup and disaster recovery for on-premise as well as cloud workloads promote centralized management that simplifies data protection across the entire cloud infrastructure. One-click automated DR ensures timely recovery, reduces network congestion during backup, and clones applications and systems across multiple cloud accounts.
Moreover, cloud disaster recovery proves highly beneficial allowing organizations to regulate the costs and performance of the DR platform. In case of a disaster, applications and servers that are considered less critical can be rendered with fewer resources, while ensuring that critical applications that need instant attention are catered to with immediate effect in order to keep the business running through the disaster.
With cloud computing, there is zero onsite hardware building cost, significant high-speed recovery time, continuous system availability, and data backup that is feasible every 15 minutes. Eventually, in the long run, disaster recovery becomes much more cost-effective, secure, and scalable despite the fixed on-going cloud costs incurred.
Some of the most cost-effective cloud-based disaster recovery platforms are AWS, Azure, and GCP. They offer infrastructure and data recovery solutions, solutions that provide data backup, minimum downtime while protecting major IT systems.
Data protection on cloud
According to research conducted by ESG 38% of organizations’ data is expected to be cloud-resident within 24 months. With data being back-uped across multiple data centers it is essential to understand some of the common methods used to protect your data on cloud.
Cloud data protection is the process of safekeeping stored, static, and moving data in the cloud also known as Data Protection as a Service (DPaaS), designed to execute the most optimal data storage and security methodologies.
Cloud data protection provides data integrity, states policies, and measures that ensure cloud infrastructure security and creates a compatible data storage management system.
As organizations are accumulating and moving large amounts of data on cloud, it is highly challenging for them to perceive where all their applications and data on cloud are.
With third-party infrastructure predominantly handling enterprise cloud environments, there is a loss of control over who, from which device, and how their data is being accessed or shared resulting in low visibility of operations.
Even with organizations and cloud providers customarily sharing responsibilities for cloud security, organizations often have low insight on how cloud providers are storing and securing their data even though sophisticated security measures are set in place.
Besides, multiple cloud providers offer varied capabilities that can cause inconsistent cloud data protection and security in addition to other security issues like breaches, malware, loss, or theft of sensitive data or application vulnerabilities.
A recent survey reveals that 67% of cybersecurity professionals are concerned about protecting data from loss and leakage, 61% worry about threats to data privacy, and 53% of them about breaches of confidentiality.
Therefore it is hardly surprising that companies are heavily confining to data protection and privacy laws and regulations with the data protection market projected to surpass US$158 billion by 2024.
Protecting cloud data is much like protecting data within a traditional data center. Authentication and identity, access control, encryption, secure deletion, integrity checking and data masking are all data protection methods that have applicability in cloud computing.
Authentication and identity
Centralized authentication of users based on a combination of authentication factors like a password, a security token, or some intrinsic measurable quality such as a fingerprint is the first step to data safety. It promotes proactive identity and eliminates suspicious user behavior.
While single-factor authentication is based on only one authentication factor, stronger authentication requires two-factor authentication based on additional features like a pin and a fingerprint for instance.
Effective access controls in combination with other security capabilities enable maintenance of complex IT environments by integrating voluntary ownership controls with a set of role-based permission privileges along with an access control list, naming individuals and their access modes to the objects and groups on cloud. Identity-based access controls are required to support organizational access policies where procedures are defined to secure the entire data life cycle. Mechanisms are needed to ascertain that data is accessed appropriately without malicious intent and there is limited exposure of data during backups.
This helps secure applications and data across multiple cloud environments while maintaining complete visibility into all user, folder, and file activities.
Data labeling is an information security technique that has been used widely for classified, sensitive, or confidential information that equally supports non-classified categories. The objective of information identification and categorization is to put in place a centralized framework for controls and data handling through file permissions, encryption, or more sophisticated container approaches.
On the contrary, data sometimes is treated as being equal insensitivity or value leading to sensitive data getting mixed in with non-sensitive data making it vulnerable. This in turn complicates incident resolution and can pose serious issues in case of data subject to regulatory controls.
Encryption of data is essential at the operating system and application levels where the entire set of data directories are encrypted or decrypted, as a container and access to files is through the use of encryption keys. The same method can be used to segregate identical sensitive data or categorize them into directories that are individually encrypted with different keys. File-level encryption caters to encrypting individual files instead of the whole directory or hard drive. Lastly, the application can also manage the encryption and decryption of application-managed data.
Securing data integrity and confidentiality while data is in motion is of utmost priority and this can be achieved by utilizing encryption combined with authentication to create a secure channel where data can pass to or from the cloud. Thus, in case of a violation, data remains confidential and authentication assures that the parties communicating data are authentic.
Deletion of data
To delete sensitive data on the cloud, it is necessary to verify if data is hygienic and how it intends to be deleted otherwise the data is at risk of being exposed. Moreover, deleted data can still be accessed from archives or data backup bundles even after it is deleted. For instance, if a subscriber deletes a portion of the data and the cloud provider backs up that data every night and archives tapes for 6 months, that data still exists. Accommodating this in the Information Security Policy when adopting cloud is of prime importance to its integrity.
Data masking is a technique used to conceal the identity of sensitive information while keeping it operational. It is the process of preserving data privacy by substituting actual data values with keys to an external lookup table that holds the actual data values. Masked data values can be processed with lesser controls than if the original data was still unmasked.
Cloud data protection is certainly crucial as organizations are not only able to secure their cloud set up but also attain enhanced visibility into their compartmentalized centralized data repository. Companies are better placed at defining regulatory policies, governing their cloud, and proactively mitigating risks to prevent data loss and disruption.
It is difficult to predict where technology is headed but it is clear that on-premises DR solutions are now seen as a precursor to cloud-based DR solutions.