September 15, 2017
Mindsight sat down with Lilac Schoenbeck from Carbonite to discuss backup, disaster recovery, and how these technologies have developed over the last five years. Our conversation went on to demystify the solutions and explain how accessible these technologies can be to organizations of any size. Disaster recovery is not a boutique solution. It is a strategy, and with the right balance of risk and cost, any IT department can protect themselves from a disaster.
Interview with Lilac Schoenbeck From Carbonite
Mindsight Blogging Team (MBT) Please introduce yourself and your role at Carbonite.
Lilac Shoenbeck (LS): My name is Lilac Schoenbeck. I lead portfolio marketing here at Carbonite, which means that I watch over the messaging and positioning of our full suite of data protection solutions from things like i-Series backup all the way to endpoint backup, replication, migration and all the things that keep a company’s business systems safe, protected, and available.
MBT: We find there is a disconnect between disaster recovery and data backup. People mistakenly combine the two concepts or presume that their data backup is their disaster recovery plan. Let’s start by untangling data backup and disaster recovery.
LS: They were really designed for two different ends. Backup addresses requirements for a long-term record of all the information in your organization, often years of data for compliance purposes. This is entirely necessary and rational.
When you talk about disaster recovery, the focus is less on an archival history and more on the speed with which you can recover from any kind of outage. We usually think about outages as a hurricane, a tornado, or some sort of act of god, but most IT organizations experience an outage to one or more systems many times a year, usually measured in hours or minutes. DR is focused on shortening that recovery time.
Backups are typically taken daily, at the close of business. If something happens during the middle of the workday, your backup is as current as last night. That makes sense. Backups are an expensive thing to do on systems. You don’t want them happening during the day.
A disaster recovery solution takes a real time copy, not a historical copy, of your systems at a secondary location. At 2 o’clock when the systems are going down, you can fail over to a copy that is current as of 10 seconds ago – and the failover is done in minutes. Speed is of the essence.
Advances in Disaster Recovery and Data Backup
MBT: For those that haven’t been keeping up with advances in the industry, what kind of changes have we seen in the disaster recovery and data backup space over the last five or so years?
LS: We talk to a lot of people who are still using tape, which is really cost effective, and still works in certain use cases. However, a few big shifts have happened, and advances to technology have provided many benefits to organizations.
For example, many companies have been trying to consolidate their data centers, and now they can. The best practice has always been to store your backups or your disaster recovery plan at a secondary location — this helps offset the danger of something like a flood wiping out everything in one place. Five or ten years ago, most organizations accepted that this was something they couldn’t have. Recently however, we got the Cloud.
Cloud is a delightful secondary location for data to be kept safely, securely, and encrypted. Now, you can do your backups directly to a cloud or hybrid model, or you can keep one copy on-prem and one copy in the cloud, changing the level of security significantly. Cloud also dramatically reduces cost, precluding the need for a secondary data center, hardware, and human maintenance.
Another huge change that has occurred in the disaster recovery space relates to time. It is now possible to keep a nearly real time copy of your system at a secondary location (like the cloud) and keep that consistently up-to-date. When something happens to the primary system and it’s time to fail over, the primary system cuts out and the secondary system can stand up two minutes later. From a backup, that failover would take hours at best, and days if no hardware were involved.
The whole financial model of data protection has shifted fundamentally in the last few years.
The Demand for DR
MBT: Would you say that this is in response to other changes in the industry that increase the demand for these sorts of solutions, or is this just the natural refinement of those solutions. Is this just a new way to tackle age old problems
LS: A few things have come together. Firstly, the adoption and acceptance of cloud and IT infrastructures have changed over the last decade, and data protection is one area where a lot of organizations who aren’t already heavily in cloud do feel comfortable using it. The alternative is no protection, so data protection acts as a bit of a gateway drug to cloud.
Secondly, more and more businesses are dependent on their IT infrastructure to continue to generate revenue–you’d be hard-pressed to find even a small business that doesn’t rely on a cloud-based system for scheduling, finance, or something else operationally critical. Without that IT system running, revenue is severely compromised, so we’re seeing a level of criticality being put on data protection as an IT initiative.
Accommodating for More Common Outages
MBT: Earlier you were talking about how we think of disasters as hurricanes and tornadoes, but you referenced more mundane events that can create outages. Could you go into a little more detail about what kind of hiccups you’re referring to?
LS: So many things are normal accidents within an IT operation: a patch might go bad; a user error could occur; physical hardware can break down on one or two systems; someone might just trip over a power cord. These would be localized disasters with an outage to one of a few dependent systems, rather than the entire infrastructure. It would be hard to find any organization that didn’t experience some amount of downtime due to one of these “normal accidents”.
Sometimes recovery from those accidents takes a long time, and sometimes it can be done very quickly. There is not a lot of room for accidents in a world that is operating 24/7, and that room is only shrinking.
“Normal accidents” are things that people accept as unavoidable, but there are now more ways to rapidly recover from them.
MBT: So what’s the strategy then, do you plan for the hurricane and then the data protection system that can respond to a hurricane disaster is going to be able to handle tripping over a power cord? Or is it two different strategies that you have enact simultaneously?
LS: I think it is actually one strategy, the advice being to balance risk and cost. There’s a certain amount of risk that people are willing to take on, as well as, almost certainly, a limited budget.
Everything should get backed up. It’s usually an operational or legal compliance requirement, and is also extremely cost effective. Usually, you can recover everything from a backup of a system within a few days. For some systems, this recovery time is good enough.
For other systems however, a few days lost can be the death of a business. For those first and second tier systems, protection from a high availability solution and backup would be prudent.
Data Protection for an SMB
MBT: This all leads to a very pragmatic question. Suppose I’m a business owner or IT director today. I have a single office in the Chicago suburbs with a data center in house and around 100 employees. What do I need to be thinking about from a disaster recovery and backup perspective?
LS: You should be backing up everything. Usually companies with 100 employees don’t have two data centers, so a hybrid backup model would probably be best. Store a copy on-prem, plus one in the cloud. Or you could do direct to cloud–we see a lot of folks do that as well.
Next, I would look at the critical systems that are behind the business. If it’s a financial service business, you might need financial analysis systems or trading systems. You might need credit card processing. Whatever those system needs are, ensure they are highly available with a disaster recovery solution that enables failover if something goes wrong.
There is probably a third tier of systems that is far less mission-critical. I always pick on HR which is unfair, but if the HR system goes down for three days, usually nothing horrible happens. If you’re cost constrained, just back that one up, and don’t worry about any kind of DR solution. It really ends up looking like a risk and cost profile decision.
Disaster Recovery with Carbonite
MBT: How can Carbonite address those concerns that the business should have?
LS: We have a range of data protection solutions, from backup solutions (both hybrid and direct to cloud) to availability solutions that provide that rapid failover. We also have endpoint protection solutions that protect laptops or other endpoint devices, which store a huge amount of data for an organization. In some ways, these devices are at a much greater risk for outage—they aren’t kept in secure data centers.
Our approach is to work with our customers to build an integrated data protection strategy that accounts for the risk they are willing to take across these different systems. We have a lot of customers that have everything from legacy or exotic systems like iSeries through to the coolest tablet technologies. We support the whole range, helping customers navigate options and make the right decisions for their organization.
Because we can support your whole IT footprint, in the event of an outage, you’re working with a single vendor to help bring your systems back online. During a disaster, simplicity and streamlined exceptional support during a disaster have tremendous value.
A Unique Solution for Your Unique Business
Based on our conversation with Schoenbeck, it’s clear that the approach to disaster recovery is largely dependent on the business in question. It involves asking the tough questions of what the business truly needs to stay afloat. Those are your tier one and tier two applications. The rest can be addressed in time. In a disaster, you’re functioning like a triage center. Prioritize the most important components and move on.
Carbonite provides data protection solutions for businesses and the IT professionals who serve them. Our product suite provides a full complement of backup, disaster recovery and high availability solutions for any size business in any location around the world, all supported by secure and scalable global cloud infrastructure.
Like what you read?
Mindsight, a Chicago IT services provider, is an extension of your team. Our culture is built on transparency and trust, and our team is made up of extraordinary people – the kinds of people you would hire. We have one of the largest expert-level engineering teams delivering the full spectrum of IT services and solutions, from cloud to infrastructure, collaboration to contact center. Our highly-certified engineers and process-oriented excellence have certainly been key to our success. But what really sets us apart is our straightforward and honest approach to every conversation, whether it is for an emerging business or global enterprise. Our customers rely on our thought leadership, responsiveness, and dedication to solving their toughest technology challenges.