News/Trends

Principles of a Data Resiliency Cloud — The New Cloud Data Ops

The data revolution has begun, and IT needs to find its role in the new world order. Data is sprawling across sites, applications, and clouds. Cyber criminals and insider threats are escalating. Meanwhile, in the face of greater requirements, the business expects IT to do more with less. It is time for a new approach to protecting your data, applications, and businesses.

It is time for a Data Resiliency Cloud. Data Resiliency is a shift left from data protection — always being prepared to recover and stopping attacks before they spread. A Data Resiliency Cloud shifts from selling software and appliances to actually solving your protection challenges for you. 

There are five pillars to a Data Resiliency Cloud: Cloud Data Operations, Multi-Cloud Control Pane, Multi-Layer Cyber Defense, True Cloud Experience, and Autonomous Operation. Over the course of this blog series, we will explore the five pillars, so you can choose the Data Resiliency Cloud that is right for you.

Organizations are evolving from siloed data management to integrated Cloud Data Operations. Business teams, regulators, and cyber criminals are all driving new data resiliency requirements, but IT cannot afford to keep adding more tools. Instead, they are taking a two-phased approach to evolving to Cloud Data Operations. In the first phase, they are streamlining four fundamental solutions: data protection, data intelligence, data security, and data governance. In phase two, they are integrating those solutions into a Cloud Data Operations service.

Challenges in Managing Data

Data is no longer simply created and used in a data center before being deleted or archived. Virtually all organizations now run extensive data mining, AI/ML modeling, and deep learning initiatives on data that span applications, divisions, and countries. Data connects their businesses to devices, infrastructure, and most importantly — customers. 

Not surprisingly, the requirements for protecting and managing data have increased just as quickly. Traditional requirements for backup, disaster recovery, and long-term retention are just the baseline. Modern requirements include ransomware protection, data privacy, AI/ML reproducibility, data residency, and end-to-end data security (e.g. software supply chain). 

Teams are trying to retrofit solutions to meet the modern challenges, but the result is an unmanageable mix of products, workarounds, and human effort. For example, customers are adding ransomware protection by deploying additional appliances in remote locations and copying their data across a self-managed “air-gapped network.” To meet data residency requirements, they deploy physical and virtual appliances in even more locations. Despite the staggering operation and capital costs, these approaches still rarely meet the business’s requirements. Data silos do not work.

Phase 1: Streamline the Four Functions of Data Management

Successful data management transformations begin by focusing on four core challenges: data protection, data intelligence, data security, and data governance. Some customers have dozens of products in these areas, but if you focus on the core requirements, it is possible to reduce to four without rearchitecting your environment.

Data protection includes backup, disaster recovery, and long-term retention. For years, vendors have promised an integrated continuum of data protection, but have fallen short. Their products require extra management, hardware, and software. A truly integrated solution must:

  • Follow the 3-2-1 rule: Store at least three versions of the data on at least two types of media, where at least one is in an alternate location.
  • Enable on-demand, alternate site rapid recovery: Pay for recovery resources only when you need them, recover outside the blast radius of any failure, and recover in minutes.
  • Offer automatic, low-cost resilient long-term retention: Automatically tier copies to inexpensive storage with the confidence that they can be recovered at any time.

Data intelligence includes discovery, analytics, and recommendations. Today, most organizations cannot identify the location of all their data. Meanwhile, they manually collate reports across different data sources to understand what is happening. Finally, they must interpret the raw data for themselves. A modern data intelligence solution must:

  • Identify all data in an organization — Discover data sets in the data center, endpoints, cloud, and SaaS applications whether it is structured (e.g. databases), unstructured (e.g. files), or semi-structured (e.g. email). 
  • Assess global application data patterns — Organizations span across data types and locations, so the solution must present a global, application-centric view of the data.
  • Recommend solutions — Present options to the customer to optimize for cost, security, protection, and compliance. Provide answers, not lists of problems.

Data security includes protection from internal and external security threats and optimized recovery from attacks. Ransomware and insider attacks require more protection and orchestration than a traditional system, site, or user failures.  

  • Immutable backups — Ransomware targets backups, so they must be stored in a way that they cannot be deleted or modified.
  • Detection — Ransomware encrypts active data, so the solution must identify anomalous activity to help identify, assess, and recover from an attack.
  • Assessment — Before recovering, help identify affected systems, trace the root cause of the attack, and ascertain the applications and data that were compromised.
  • Recovery — Run scalable recoveries of clean data — identifying the optimal point-in-time to recover, scanning for malware, and providing a sandbox prior to moving to production. 

Data governance includes: managing data privacy, identifying key data for e-discovery, and controlling the access to data. While data governance has traditionally been restricted to subsets of data (e.g. email), organizations will be expected to meet global privacy and residency requirements across all their data. They will need to replace niche solutions with a consolidated data governance strategy.

  • Data residency — Enable protection data to be stored in a region that meets residency requirements. 
  • eDiscovery — Simplify the cross-region search, retrieval, and legal hold of data for internal or external legal requirements.
  • Privacy — Leverage the cross-region search to alert the organization to data that is being stored on systems or devices in violation of local privacy laws (e.g. GDPR, CCPA).
  • Data Access Governance — Use the centralized data for cloning, so that the copy can be deleted or access to it can be restricted based on compliance requirements.

There is no reason to buy multiple products for any of the four challenges. They each have a natural architectural, user, and workflow affinity. You should be able to find a single solution for each challenge without re-architecting your people, process, or technology. 

Phase 2: Evolve to Cloud Data Operations

A Cloud Data Operations framework sets up organizations to manage their data for the next decade. First, it integrates the four data management functions to help cross organizational silos. Second, it shifts from IT running the solution to delivering a fully operationalized cloud service.

Organizational silos both limit the value that the business derives from data and increase the cost and complexity of managing the data. An integrated solution can address challenges such as:

  • Global Data Intelligence — Organizations cannot run data analytics scans across all their data; it is too expensive and complicated. The protection process, which already works across all the data, should be providing data assessments. 
  • Cyber Resiliency — Data protection and data governance can help identify critical data that is being held in high-risk (i.e. close to users) areas, so it can be secured before an attack happens. Global data intelligence can improve the data security’s detection of unusual data activity. 
  • DevSecOps and MLOps — Data intelligence and data governance can help identify the dependencies between applications and AI/ML models and the data that was used to test and train them. Data protection can create an image of the entire system — containers, models, and data — so that it can be reproduced at any time in the future.

The only way to span across the existing organizational boundaries, however, is to shift to an operationalized model. Today, different groups struggle to define ownership and dependency management across data protection, data intelligence, data security, and data governance. Rather than trying to restructure the organization to meet the business’s needs, buy a service that solves the problem for you. When you shift to Cloud Data Operations, you will eliminate all your data management silos — technology, people, and process. 

Conclusion 

The cloud enables organizations to extract more value from their data, but IT teams are struggling with the new data environment, expanding requirements, and ongoing budget limitations. Their existing approaches to managing data are already complex, expensive, and fragile. It is time for a new approach. 

Leading organizations are moving from data management silos to an integrated Cloud Data Operations service. The first phase is to consolidate the core functionality: data protection, data intelligence, data security, and data governance. In the second phase, they evolve to an integrated Cloud Data Operations model, which they buy as a service. 

For your business to be resilient, your data must be resilient. For your data to be resilient, you need Cloud Data Operations, one of the five pillars of a Data Resiliency Cloud. 

Download Druva’s new eBook, A Revolutionary Approach to Keeping Your Data Safe, to learn more about the benefits of a Data Resiliency Cloud for all your workloads. And stay tuned to the Druva blog as we explore the other pillars of this ideal solution.