Our experience with HTL and their IT support team has been fantastic. Contacting them with any IT problems we have is so convenient and all issues are solved quickly.
Replicate to speculate: The truth about backup and DR for service sector firms
Cost, compliance and business sense: The case for cloud-based business-class backup and DR services to underpin business continuity capability in the services sector
Besides recovering accidentally deleted, corrupted or ‘lost’ files, data backup supports the ability to recover after a disaster and is an essential for all businesses. However, scaremongering that 70%, 80% and perhaps even as many as 90% of businesses never recover after a data loss have achieved the status of urban myth and should be taken with a pinch of salt. Such messages may be interpreted as little more than a job creation exercise by some sections of the IT industry.
Nonetheless, the fact remains that a cast-iron backup and Disaster Recovery (DR) plan needs to be in place. The inability to continue business within an established timeframe after a worst case data loss scenario may have far reaching consequences.
The failure to deliver contracted services to clients or customers may have significant financial repercussions, and many industries that comprise the services sector are regulated and have obligations to meet compliance. Some may directly need to ensure adequate data backup is provisioned.
In this guide we discuss how cost, compliance and business sense combine to make a compelling case for service sector firms to use cloud-based business-class backup and DR services to underpin business continuity capability.
The problem with tape
Historically, tape based backup systems became popular because they provided the lowest cost per MB of storage. Today, with higher capacity disks we see the costs of tape and disk backup approaching parity. However, despite the negligible difference in cost, a tape-based approach to back up and DR is generally unsatisfactory due to the following factors:
- Unreliability of media and hardware
- Tapes and autoloaders are complex mechanical devices and the shared shortcoming of moving parts simply amplifies the likelihood of failure.
- Complexity of software
- There is a lot of confusion around backup software configuration and terminology. For example, the terms incremental and differential are often poorly understood.
- Inadequate technology
- The backup window, of when data backups can be reliably run without affecting server storage and network performance, has narrowed. The rate at which data can be backed up by tape systems has failed to keep in step with the exponential growth of data.
- Using incremental and differential backups may reduce the time required to perform backups and reduce tape costs. However, they have a reputation for being unreliable, and the question always remains: Do you really have a full up-to-date backup of the data?
- Offsite storage and archive issues
- Offsite storage of tape media with a specialist service provider is an expensive option for data backups. Service elements such as couriers and barcoding systems simply add to the cost of physically storing tapes in secure, access and environment controlled data stores.
- Offsite storage at a specialist data warehousing facility is no guarantee of the physical safety of tapes and offers no certainty against events such as fires.
- Offsite backup processes are likely to rely on internal staff to change tapes; these may not always be those qualified in IT matters.
- Such a process is labour and admin intensive. Tape media needs to be prepared for collection; tapes need to be ordered for return when files need to be restored, and then sent back; there is the risk of damage or loss in handling and transit.
- It is highly unsatisfactory and risky to keep tapes at an employees’ home or in the boot of a car; tapes may be stored unsecured or in poor conditions which damage the media.
- Successful data restore is not a certainty
- Essentially, the cumulative effect of these issues is that sometimes it is only certain the backup, offsite media management and storage process has worked when data is successfully restored!
The drivers of online back up
The cloud is one of the most revolutionary trends in the history of computing. Over the last decade or so, whether in our personal or professional interactions with digital technology, the cloud has become an accepted part of the fabric. Dropbox, one of the pioneers of file sharing and online storage, launched with its ‘freemium’ business model in 2007. Now it’s almost a prerequisite for major global tech companies to offer an online data storage service.
One of the key drivers behind the proliferation of online services is economy of scale.
- The cost of disk storage has decreased. Higher capacity disks are manufactured at low cost, in effect decreasing the cost per gigabyte of storage.
- Increasing investment by telecoms carriers has increased network capacity and resulte d in lower bandwidth costs, causing a reduction in the cost per GB of moving data over the internet.
Beware Low and zero cost online backup
However, much online data storage is unsuited to the needs of business. Generally, the greater the sensitivity of data, the higher the compliance and security demands. Many services that are low or zero cost simply do not provide the service guarantees required for business data. There are a number of shortcomings of low and zero cost backup services.
- Free services and some low cost data vaults
- Services to which zero cost is attached are frequently of limited capacity.
- Some exhibit a ‘storage bucket shop’ mentality, piling it high and selling it cheap – it’s simply not geared to customer service.
- Low and zero cost services are generally not backed by any SLA guarantees.
- Slow backup and restore processes which make them unsuitable for large volumes of data such as network storage or server boot volumes.
- Data sovereignty issues
- Where is it domiciled and who legally has access? The issues around data sovereignty are complex and the situation remains fluid. Safe Harbour, which lets American companies use a single standard for consumer privacy and data storage in both the US and Europe, is being challenged in court, casting uncertainty on one legal agreement that seemed to provide some clarity.
- At the root of the issue is who is entitled to access the data, both legally and illegally? In an age characterised by security concerns, it is naïve to believe that government snooping on an industrial scale will be discontinued anytime soon, if ever. For data domiciled in offshore locations, what are the security standards applied in the data centres in question?
- In a true disaster situation where access to the usual place of business is denied, there is a need for servers and premises on which to restore the data, there is also a need for technical expertise. There is little certainty attached to the question “How long before we are up and running again?”
- For a smaller or medium business which has limited technical capability, if a service provider is required to provide the recovery facilities, it makes sense for it to provide backup services as well.
The benefits of Business class backup and DR services
In order for an online backup and DR service to be of intrinsic and enduring value to a business, it needs to deliver certainty around two important aspects. These are both ‘dimensions’ of time.
- Recovery Point Objective (RPO) is the time interval between successive backups. This determines how much work may be lost – i.e. the data that has been created or changed since the last backup.
- Typically in tape based systems, the RPO is likely to be measured in days. For online services it is more likely to be hours, minutes or perhaps seconds.
- Most businesses that are not concerned with continual transactions are able to tolerate some potential loss. The amount of data loss that is acceptable is determined according to business needs.
- Recovery Time Objective (RTO) is the amount of time taken to restore data and return servers and communications systems to the state where they are able to support business operations.
- Typically in tape-based systems this could be measured in days, perhaps even weeks. For online services it is more likely to be hours, minutes or perhaps seconds.
- True business-class back up and DR services need to contractually guarantee RPO and RTO within a Service Level Agreement (SLA).
Types of Business class backup and DR services
Types of Business class backup and DR services
- Backup-as-a-Service (BUAAS) offers data replication-only services, where data is replicated to cloud storage.
- Organisations need to be self-sufficient with in-house expertise to enable business continuity, or to have made arrangements with a third-party in the shape of an external DR hosting services provider to restore servers and data using the replicated data.
- Disaster Recovery as-a-Service (DRAAS) is generally a complete solution including data replication and DR hosting to return systems to full operational status within an SLA specified time frame.
- Such a service utilises the most recent backup to host servers and filesystem data on cloud servers in remote locations and deliver all computing services over an internet connection to the business. If the usual place of business is inaccessible or unserviceable for any reason, a service provision can be made for an alternative DR site to be made available if required.
Regulation and compliance
Broadly speaking, the computing compliance requirements for businesses in the service sector are generally regulated by specific bodies. Data security and privacy are the primary concerns and where this is in scope of the Data Protection Act, responsibility for enforcement may lie with the Information Commissioners Office (ICO).
In conjunction with the DPA, the Financial Conduct Authority (FCA) has some clear requirements. Based on this, an excellent guide for businesses in the service sector is that:
- Backup data should be encrypted.
- Backup data should be replicated to more than one data centre.
- One data centre should be at least 50 miles from the primary site.
- Sovereignty issues mean backup data centres should preferably be within the UK.
- Both backup process and DR needs to be well documented.
- DR solutions should be tested periodically.
- It is recommended DR tests take place every 6 months to 1 year. Results should be documented and adjustments made to improve DR procedures. For financial sector companies the FCA requires DR to be tested annually.
Some service providers offer ‘vanilla’ business-class services, designed to offer a solution that is acceptable to as many businesses as possible. Frequently, this requires compromises that make recovering from disaster less straight forward than it might otherwise be. Also, when it comes to matters of reliability and cost it is also worth understanding a little about the marketplace.
- Each business has different requirements and to make DR as straight forward as possible avoid vanilla backup and DR services. Each business needs a backup and DR solution customised to meet its specific requirements. This places an emphasis on selecting a backup and DR provider that offers significant value-add in the shape of a comprehensive set of services. This includes consultancy, implementation, management, monitoring and support.
- Beware of high set up costs as the cost of technology and economy of scale mean a good service provider should be able to incorporate setup of all but the most complex solutions within a monthly cost structure.
- Monthly costs should be affordable; however, this has not always been the case. Just a few short years ago a simple solution could have run to five-figures. Now, low four-figure recurring monthlies make it something of a “Why wouldn’t you?” decision for many service sector businesses.
Key advantages for service sector businesses
The key advantages of the best online backup and DR for UK service sector businesses are:
- Cost reduction
- When factored across the cumulative costs for tape media, drives/autoloader hardware, maintenance, software, IT administration, offsite media storage and management and the costs for DR services, online backup and DR makes financial sense.
- Mitigates risks
- Backup and DR may fail as a result of the poor reliability of tape based systems. Online backup and DR is a high reliability service backed by SLA guarantees.
- Compliance failure may result from making inappropriate service provision when using either in-house or third-party resources.
- Appropriate online backup and DR :
- Meets compliance requirements, such as those of the FCA.
- Locks in security & privacy with encryption and ISO 270001 data centres.
- Eliminates data sovereignty issues by restricting data storage to UK data centres.
Why is HTL Support a preferred technology supplier to the service sector?
HTL Support is a specialist provider of cloud technology solutions to the service sector. HTL Support has the expertise and experience to help finance, recruitment, legal, travel, and software firms to meet their regulatory obligations or follow guidelines on the use of technology.
It is our confirmed belief that the cloud offers outstanding opportunities for service sector firms to leverage technology so it returns more value to their businesses. An online backup and DR solution showcases this in a way that is truly compelling.
HTL Support works with in-house compliance experts or external consultants to ensure any solution exceeds interpretation of the applicable regulatory codes. Serviced Cloud is able to provide the appropriate level of services required by the majority of finance, recruitment, legal, travel, and software businesses.
About HTL Support
HTL Support is a close knit and highly professional team of technology professionals that are evangelists for cloud solutions. This is because we believe the benefits are unrivalled by equivalent on-premise approaches to provisioning business technology.
The business benefits of the cloud are regularly highlighted in the press and deliberated in boardrooms. Cloud technology is a topic about which the vast majority of business leaders are likely to have more than a passing interest.
Based in the heart of London in Canary Wharf, HTL Support was incorporated in 2009 with a clear and simple vision. We are dedicated to helping business leaders in financial service organisations find the best way of successfully adopting cloud technology in their businesses. We offer best of breed Hosted Cloud Services in our ISO27001 London data centres, and help clients to create their own Private Cloud systems in their own offices or data centres.
Our friendly and professional engineers and consultants have extensive experience, proven track records and ‘can-do’ attitudes. We offer independent advice but partner with the leading cloud technology companies to ensure seamless support. We are serviced focused; our client’s satisfaction is paramount.
References and further reading
Business continuity statistics: where myth meets fact
— Continuity Central
Iron Mountain fire in Buenos Aires kills 9, destroys corporate records
Two Iron Mountain facilities hit by fire