Data Protection in 2017: Future Is Cloud

This report was written on April 2017 by Jason Buffington, principal analyst, and Monya Keane, senior research analyst at The Enterprise Strategy Group, Inc. (ESG) and commissioned by Druva, Inc.

Data Protection in 2017: Cloud is the Future

Abstract
Multiple factors drive the need for better speed, agility, and reliability in data protection and recovery. Astute organizations wishing to incorporate the cloud into their data protection strategies should do so only after carefully considering issues of security, scalability, reach, reliability, and cost effectiveness. Many companies engaging in such an evaluation may find that Druva Phoenix aligns very well with those considerations and could help them leverage the benefits of cloud-powered data protection with less risk.

Introduction
For as long as IT has been modernizing production infrastructures to accommodate the growing needs of business units, data protection has been something to be ‘solved’ or at least continually improved. ESG research shows that among organizations it has surveyed, only 70% of backup jobs are completing within their prescribed windows, and only 68% of recovery jobs are achieving their RPO/RTO SLAs.(1) Simply put, inadequate data protection solutions are preventing people within organizations from getting the business-critical data they need, when they need it.

Looking at another side of the issue, IT organizations are receiving direct guidance from their senior leadership about the need for simply ‘better’ data protection, as shown in Figure 1.(2)

(1) Source: ESG Research Report, Data Protection Modernization in 2017, to be published.
(2) ibid.

Figure 1. Top Data Protection Mandates from IT Leadership
What are the top data protection mandates from your organization’s IT leadership?
(Percent of respondents, N=387, three responses accepted; top five displayed)

(Source: Enterprise Strategy Group, 2017)

As Figure 1 shows, IT leadership is demanding better protection and recovery in terms of speed, agility, reliability, cost reduction, and long-term retention improvement. They are particularly interested in increasing the use of cloud-based services for backup offsite vaulting, and archiving while prioritizing cost control. For the third year in a row, surveyed IT decision makers reported that their top anticipated use cases for cloud-based infrastructure include backup, archiving, and BC/DR preparedness (see Figure 2).(3)

(3) Source: ESG Research Report, 2017 IT Spending Intentions Survey, March 2017.

Figure 2. Five Most Common Cloud Infrastructure Use Cases
For which of the following purposes has your organization used cloud infrastructure services (IaaS and/or PaaS)?
(Percent of respondents, N=430, multiple responses accepted)

(Source: Enterprise Strategy Group, 2017)

What to Consider When Choosing Cloud-based Data Protection Solutions
ESG has identified several areas of consideration that can make evaluating data protection providers and solutions a bit less complicated for the many IT organizations looking into implementing or expanding cloud service usage to support data protection initiatives.

Security
The security of data in flight (between subscriber and provider) and at rest (within the provider’s infrastructure) are almost always the biggest areas of concern and the top excuse for not implementing cloud-based protection in the first place. Nearly half (46%) of surveyed organizations that are not using cloud-based protection mention data security and privacy concerns as one of their objections.(4) In reality, this has been the opposite of what IT organizations have experienced in production.

ESG research has uncovered an interesting and relevant finding: Improved security has been reported as a benefit realized by 42% of organizations that already leverage cloud-based data protection services (see Figure 3).(5)

(4 Source: ESG Research Report, Data Protection Cloud Strategies, December 2016.
(5) ibid.

Figure 3. Top Ten Realized Benefits of Cloud-based Data Protection Services
What benefits-if any-has your organization realized as the result of using cloud-based data protection services?
(Percent of respondents, N=212)

(Source: Enterprise Strategy Group, 2017)

In direct alignment with the mandates of IT leadership for improving reliability and reducing costs, Figure 3 confirms many such improvements and reductions as outcomes of cloud services. In the realm of security specifically, it is notable that while traditional onsite backup solutions usually do not encrypt data in flight nor at rest, cloud service providers who have had to overcome security objections often have a higher standard for security than many onsite protection offerings. Although organizations absolutely should be zealous in ensuring that their cloud solution partner operates securely, it would be erroneous to presume that all cloud services are not secure or that on-premises solutions are.

Scalability
For small and midsized organizations that simply want to remove backup burdens from their daily responsibilities, going to the cloud is an obvious choice. But larger enterprises have an additional facet to consider: scalability. They typically have more data to protect, and often, they operate more sites that generate more data, while trying to reduce long provisioning times and laborious processes; thus, their interest in cloud-services, as well.

A large or growing organization investigating cloud-based data protection would be well served to consider providers whose architectures provide multi-site and multi-tier data management as well as deduplication and other optimizations designed to mitigate data sprawl while reducing administrative burdens of irksome or redundant tasks.

Reach
Some organizations operate many locations within one region or geopolitical boundary. They tend to address their protection needs in part through good scalability. But an organization of any size may need to store data in multiple locales for a variety of reasons, including preparing to survive regional disasters (e.g., hurricanes or tornados), adhering to DR mandates requiring significant distance between sites, or serving customers whose data is legally required to remain within country borders. In such cases, finding a cloud provider that uses a technology solution featuring seamless manageability
across a range of locales will be crucial to long-term success.

Reliability
Unfortunately, even in 2017, many organizations are still struggling to ensure the protection and reliable recovery of their IT assets. The pressure is on IT groups to increase reliability-either reactively in response to failures or IT mandates, or proactively as part of a digital transformation initiative. The bottom line is that improved reliability absolutely must be a high-profile attribute of any new data protection strategy to ensure the recoverability of data, which in turn relieves burdens for both production users and IT staff responsible for cumbersome legacy backup tools.

Cost Effectiveness
IT organizations are constantly being asked to do more with less. To accomplish this feat, many of them have been turning to the cloud, hoping to take advantage of its potential to reduce costs while offering an appealing OpEx-based consumption model. As Figure 3 showed, many organizations leveraging cloud infrastructure services are seeing savings tied to hardware, software, cooling, management, and more.

That said: not all cloud-based services are cheaper than their on-prem alternatives. The cloud will definitely (and usually positively) alter the way IT is consumed, but “the devil is in the details.” Specifically, when it comes to network costs, ingest costs, retention costs, and restoration costs, organizations run the risk of making a wrong (expensive) decision. To reduce that risk, organizations should formally assess not only the prospective service’s functional capabilities, but also how its pricing model would work with the organization’s unique data sets and recovery requirements. Most organizations will be delighted with the results of such an assessment, but some won’t-thus warranting such diligence.

One Cloud-native Solution to Consider Comes from Druva
Druva is perhaps best known as the maker of inSync, an endpoint-focused enterprise solution for protection, recovery, and eDiscovery of corporate data. In addition, for the past couple of years, Druva has offered a cloud-native backup and recovery solution for servers, which is particularly appropriate for remote offices, called Phoenix (see Figure 4).

Figure 4. Druva Unified Cloud Platform

(Source: Druva, 2017)

Phoenix is a particularly compelling solution for remote office and branch office scenarios. And as Figure 4 shows, Druva provides these capabilities across a variety of production resources with multiple data protection outcomes.

How Phoenix Aligns to ESG’s Areas of Consideration
In examining Druva Phoenix in relation to the guidance provided earlier, parallels appear to be evident in terms of:
• Security – Recognizing the importance of security in data protection, Druva provides multiple layers, including in-flight and at-rest encryption, auditable controls at the application layer, and encryption within the cloud repositories.
• Scalability and Reach – Druva Phoenix provides a multi-tier and multi-tenant approach to managing many sites, regardless of locale, which is underpinned by the AWS S3 repositories around the globe, thus providing both unlimited scalability and on-demand access to new data centers.
• Reliability – Druva ensures better reliability through its three tenets:

• A modern, modular software architecture marked by flexible, easily maintainable code.
• A durable underlying infrastructure to ensure access to and recovery of data.
• Insightful instrumentation that facilitates actionable mitigation as conditions warrant.

• Cost Effectiveness – Expanding on the appeal of the cloud service economic model, Druva increases cloud effectiveness further through a combination of global deduplication, forever – incremental transmissions, and smart use of cold cloud storage within the architecture – all of which are consumed through a pay-as-you-go OpEx model.

The Bigger Truth
It is inevitable that organizations will keep investigating how and when cloud-based services should become part of their data protection strategies.

The time has come to embrace cloud services, especially to protect virtual and remote office/branch office environments. Some would argue that this has been the case for the past few years. After all, the primary IT systems of SMBs continue to evolve. And enterprises are always looking for alternative (i.e., better) approaches. Essentially, companies small and large are looking to cloud-based data protection to bolster their broader IT strategies.

But in the face of all this momentum, it is important to be methodical. Diligently investigate any potential cloud-native data protection provider according to at least five tenets: security, scalability, reach, reliability, and cost effectiveness. Druva, with its Phoenix offering, is certainly one to watch and perhaps investigate in 2017 and beyond. The vendor that was an early innovator in cloud-based data protection is continuing to evolve as it strives to meet heightening customer demands.