Pledging Backup Assurances in an Unsure World
March 30, 2022 Alex Woodie
Companies are facing increasingly threats to their backups these days. Whether it’s ransomware attacks, migrations to the cloud, or random hardware failures, the possibility of corrupted data looms as big as ever. With World Backup Day taking place tomorrow (March 31), it makes sense to check out the state of backups on IBM i.
The first thing to know is that backup plans appear to be changing at many companies, or at least the mechanism they use to execute the backup. From 2020 to 2021, the percentage of IBM i shops using tape to backup and recover data dropped from 54 percent to 50 percent, according to the HelpSystems’ IBM i Marketplace Reports for 2021 and 2022, respectively. (Remember: each report reflects data collected the previous year.)
Meanwhile, the percentage of IBM i shops using virtual tape libraries (VTLs) and disk-based appliances increased from 25 percent to 33 percent, the Marketplace studies show. Backups to the cloud also jumped by 5 points, to 15 percent, in the 2022 report. The number of IBM i shops reporting they have no backup plan stayed at 2 percent in the latest report. The 2020 report showed 4 percent of IBM i shops with no plan to back up data, so the halving of that figure represents progress.
Some of this change in backup techniques at IBM i shops may be due to greater adoption of high availability technologies, as we reported earlier this month. In some cases, IBM i shops may forgo traditional backups (i.e., tape) in favor of a high availability setup, whereby data is replicated in real time to a secondary system. However, many shops rely on both techniques, using high availability to protect against expected and unexpected outages to their primary server while relying on tape as another insurance policy against major disasters, including ransomware (which high availably does not protect against). Some shops may also use tape as an archive for regulatory compliance.
But another explanation to the downtick in tape could also be the impact of the COVID-19 pandemic and the changes that’s had on the availability of workers in the office. When IT professionals are working from home, more automated and “touchless” backup tools and technologies are naturally in order. That would favor automated replication solutions, such as high availability and VTL or cloud backups, and it would disfavor setups that require an operator to manually load a tape into a drive or autoloader (although bigger tape libraries can run pretty much unattended for extended periods of time).
The IBM i data is important to back up, but keep in mind that it’s part of the overall IT landscape at most companies. Joe Noonan, a product executive for backup and disaster recovery for Unitrends, encourages users to stay on top of all of their data amid significant organizational change.
“Today, there is a greater focus on protecting data no matter where it lives — on-prem, on the laptops of remote employees, in clouds, and in SaaS applications,” Noonan says. “Recovery time objectives (RTOs) are increasingly shrinking in today’s always-on world, with goals being set in hours — if not minutes.”
Noonan also reminds us that cybercriminals are taking advantage of the shift to remote and hybrid work environments, which involve personal PCs that may not have been configured with the same security rigor as a corporate PC. With ransomware attacks on the upswing again, this complicates the recovery.
“[T]he data recovery process post-incident has become more complex due to new cyber insurance requirements,” he says. “These new regulations include critical audits and tests that businesses must comply with in order to restore their data and receive a payout after an attack — which can slow down the recovery process.”
The great cloud migration began before COVID-19, but it has been super-charged by the viral pandemic. That’s great news for software as a service (SaaS) companies and the big public cloud hyperscalers, which typically run the servers and storage systems used by SaaS providers.
But companies that adopt cloud-based SaaS solutions or move their data into the cloud can be in for big surprises if they don’t take special precautions to protect and secure their data. For example, SaaS providers typically bear no responsibility for backing up their clients’ data.
“Most businesses assume their data security is totally in the hands of their cloud providers, which can lead to unfortunate situations when data is not backed up,” says Adrian Moir, a technology evangelist and principal engineer at Quest Software. “This is why organizations must follow the shared responsibility model, which discourages the ‘out of sight, out of mind’ attitude and reduces the risk of lost data.”
Another business risk for companies that have stored their backup in cloud data lakes like Amazon S3 is the slow data egress they are likely to experience during data recovery. “Going forward, we expect to see new approaches to APIs that provide faster data restoration and give cloud customers more control and speed over their backups,” Moir says.
As business and data volumes grow, it’s critical for organizations to keep their data safe and secure. While you don’t necessarily have to take the World Backup Day Pledge, it would behoove you to take a look at your backup techniques, re-assess your assumptions, re-calculate the risks you are willing and not willing to take, and make any changes that you need to ensure your organization will continue to be a going entity should the unthinkable happen and your primary storage goes down.
Because the unthinkable has happened before, and it will happen again, eventually. It’s just a matter of time.