Founder and Chief Executive Officer for Zerto, responsible for leading the company’s corporate direction and vision.
getty
With the third anniversary of GDPR and the California Consumer Privacy Act (CCPA) having recently arrived, it’s a good time to consider the progress made around data protection and how technology modernization is allowing organizations to reassert control over the integrity and safety of this critical asset.
Arguably, GDPR is the highest-profile emerging data protection rule around the world. In recent years, GDPR has led the global regulatory movement that has seen governments give their laws greater relevance and sharper teeth. Its impact has certainly been significant and, for a growing number of organizations, extremely costly.
According to law firm DLA Piper in its 2020 GDPR Data Breach Survey, since 2018, more than 160,000 breaches were reported in 28 states. And by January this year, 272.5 million euros ($332.4 million or £245.3 million) of fines had been imposed for a wide range of infringements relating to the regulations.
Significant progress has also been made, with the United Nations Conference on Trade and Development (UNCTAD) reporting last year that 128 out of 194 countries had data protection legislation in place. And while CCPA doesn’t regulate multiple governments, it does govern what ranks as the world’s fifth-largest economy, while also serving as a model for additional U.S. states and possibly a federal model.
The need for stronger regulation was prompted by the failure of organizations worldwide to address data protection weaknesses, and it’s interesting to note that many of the biggest data breaches in recent history occurred in the years leading up to the introduction of GDPR.
From Snapshots To Continuous Protection
In fact, organizations now face a more serious set of data protection risks than ever before. Ransomware attacks grew by 150% in 2020 and have become an existential business threat globally, putting entire data estates at risk. Even with GDPR requirements in mind, companies often overlook ransomware threats, which can affect an organization’s entire technology stack. Every company suffering a breach should fully evaluate its scope and impact.
And from a recovery point of view, it’s often a depressingly familiar story: An organization falls victim to an attack and finds its files are locked down but also discovers that its latest backup is from the previous night, the previous week or even last month.
Having to restore to a day-old backup is bad enough, but when the potential for data loss reaches even further back in time, businesses find themselves facing a potentially huge increase in recovery costs.
For many organizations, the shortcomings of their approach to critical data protection issues stems from a reliance on these legacy solutions that were first seen decades ago, which seek to protect data by using periodic snapshots. However, for the many organizations out there who rely on the always-on digital economy, their requirement is now for a continuous data protection (CDP) process that recognizes every single change and update to their data in real time.
More specifically, CDP tracks and captures data modifications, ensuring that every version of user-created data is stored locally or at a target repository via incremental writes that are replicated continuously and saved to a journal file. In a recovery situation, administrators can then restore data to any point in time with granularity. It’s a process akin to rewinding business operations to a point moments before any disruption occurred, where anything from a single file, virtual machine or an entire site can be brought back with minimal data loss and disruption.
As IDC put it in a recent report sponsored by my company, “In response to the need for ever greater application availability with less data loss, a new generation of continuous data protection (CDP) technology is emerging to significantly reduce recovery point objectives (RPOs).” In addition, CDP is also being implemented across various other use cases where organizations are also struggling with traditional approaches, particularly around backup and long-term retention.
While backup focuses on day-to-day restores and recoveries of files, VMs and/or specific volumes, because it’s not protecting against a specific disaster incident, it doesn’t need an entire site recovery. And as its name suggests, long-term retention (LTR) addresses the need many organizations have to store data long-term, typically for compliance, tax or internal reasons. Because this data isn’t always mission-critical, it can be stored on cost-efficient media where quick recovery isn’t as urgent as in the case of operational recovery.
Furthermore, as more organizations embrace the flexibility of modern infrastructure, applications are frequently moved seamlessly from on-premises to multi-cloud. IDC, for example, says that 70% of CIOs now have a cloud-based strategy for application deployment. However, data protection strategy must keep pace with this approach in order to meet SLAs while ensuring applications and data remain available, regardless of the disruption.
These are all vital issues, and in practical terms, they can help organizations focus on some important questions when building a CDP strategy. For instance, when searching for a solution, consider the following:
• How fast can a solution deliver recovery, given short recovery time is fundamental to data protection? Consider the difference between the near-zero RTO of continuous backup capabilities versus snapshots and time-lagged solutions that can only capture data every few hours at best.
• Does the solution have application-consistency grouping to protect not only mission-critical VMs but also business-critical applications for both short-term and long-term retention?
• Also, can it deliver CDP at scale, and how does it run in the cloud?
Seeking out answers to these questions will help organizations under pressure to improve performance from all sides to transform their data protection capabilities. In an environment where compliance has grown in importance, and where the impact of a serious data breach can be devastating to everything from reputation to profit, approaching backup as a continuous process makes it possible to ensure data remains safe.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
