CFD13 – Day 2 – Cloud-based Recovery Vaults

With ransomware attacks and other similar threats increasing in frequency and severity, data protection architectures across many organizations are being scrutinized more closely.

In many environments, backup repositories exist on-premises and are attached in some way to an accessible network using a standard protocol. This placement and attachment approach is useful in providing protected resources an efficient path for depositing backup data.

However, this accessibility is frequently exploited during attacks, resulting in impact to both running workloads and associated backups. One way to combat this vulnerability is to incorporate an additional copy (vault) of critical backup data that is isolated both from a network and security perspective. Variations on the theme exist, but this is the basic premise.

Metallic, a Commvault company, presented on their capabilities in this area at Cloud Field Day 13, and it made for an interesting discussion.

The cloud can be a good fit for this type of use-case because of the additional physical and logical security boundaries that separate the impacted environment from the recovery vault. But this placement also presents a few challenges when it comes to recovery scenarios, and high on this list is the potential impact to recovery time.

In the event of an attack impacting a large quantity of on-premises data, where the emergency copy resides in the cloud, the overall recovery time is going to be highly dependent on network throughput between the cloud environment and the impacted datacenter.

So, organizations dependent on a cloud-based recovery vault should account not just for steady state backup traffic requirements, but also the ability to scale network throughput in the event an emergency restore from the cloud is required.

In this example, Metallic is hosted within Microsoft Azure, so this could be as straightforward as planning an adjustment to your ExpressRoute links ahead of time. If there’s a lead time associated with this type of work, it should be accounted for during the backup design process, and not discovered during an emergency.

Simplification of a solution in one area can sometimes lead to an increase in complexity in another, and this is a good example. Selecting a cloud-based platform for hosting a recovery vault can decrease administrative and storage complexity, while introducing network elements that must be accounted for. The tradeoff may be worthwhile for some, in exchange for the convenience afforded.

Day 3 of Cloud Field Day 13 kicks off tomorrow with StormForge, followed by RackN and Fortinet. See everyone there.

One thought on “CFD13 – Day 2 – Cloud-based Recovery Vaults

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s