New cloud data protection layer
A brief history of data protection and cloud computing
In 2006 Amazon introduced Amazon Elastic Compute Cloud (EC2), making it easier for businesses to deploy and scale applications in the cloud, 2008 Google launched Google App Engine, a platform for building and hosting web applications, and in the 2010s Microsoft Azure, IBM Cloud and other major cloud providers entered the market, leading to rapid growth in the cloud computing industry. We can say then that data protection in the cloud began to be a concern in 2010
The backup software industry has its origins in the 1990s and 2000s with companies such as Veritas (later acquired by Symantec), EMC (later acquired by Dell EMC), and Commvault. Features such as data deduplication, thin provisioning, and backup replication, among others, are added to the original versions of its products; All of this happened in the 2000s. In the 2010s, backup products were ripe for on-premises installations, but new challenges appeared, such as:
- Implement data protection as a service (DPaaS)
- Integrate with artificial intelligence (AI) and machine learning (ML)
- Improve threat detection.
The new versions try to incorporate the demands of the new challenges but seem to have forgotten the strength of their original versions: the unified backup record.
Advantages of a unified backup record
Having a unified backup record for all corporate applications offers several advantages:
Efficient Resource Utilization: Organizations can optimize resource allocation, such as storage and bandwidth, by using a single backup solution. This leads to better resource utilization and cost savings.
Centralized Monitoring and Control: Centralized backup management allows for better control and monitoring of backup processes. Administrators can easily track backup status, troubleshoot issues, and enforce backup policies across all applications from a single interface. A unified backup record simplifies data management by consolidating all backup information into a single system. This reduces the complexity of managing multiple backup solutions for various applications.
Improved Compliance and Security: A unified backup solution can enforce consistent backup policies and security measures across all applications, ensuring compliance with regulatory requirements and data protection standards.
Faster Recovery and Disaster Recovery: In the event of data loss or system failures, a unified backup record enables faster recovery times since all backup data is readily accessible from a single location. This reduces downtime and minimizes business disruption.
Unified backups simplify disaster recovery planning and execution: Organizations can create comprehensive recovery plans that cover all applications, reducing complexity and ensuring a faster recovery in case of disasters.
Reduced Training and Maintenance Costs: Training employees on a single backup solution is more cost-effective than training them on multiple platforms. Additionally, maintenance and updates are streamlined, reducing overall IT operational costs. A unified backup record simplifies data management by consolidating all backup information into a single system. This reduces the complexity of managing multiple backup solutions for various applications.
Enhanced Data Governance: With a single backup solution, data governance policies can be consistently applied to all applications, ensuring data quality, retention, and compliance with data governance policies.
Simplified Vendor Management: Dealing with a single backup vendor or solution provider simplifies vendor management, reducing administrative overhead and potential compatibility issues between different backup tools.
A new layer of data protection to protect cloud assets
In the following graph, we see the integration between the different layers. Layer 1 communicates with cloud assets and allows data to be extracted and passed to Layer 2, which acts as a transport to Layer 3, which resides on a server. In this way, we ensure a unified backup registry.
In the next few lines, we are going to develop this model by integrating the three layers to see how they interact with each other.
Layer 3 — Unified backup record (Server layer)
This is the server layer that allows backup logs to be stored. This is achieved by scheduling tasks that will run periodically to generate copies that will have a lifetime according to a defined policy. Most current technologies allow you to add useful services such as replication of backup records to a different geographic location, air gaps, and reporting facilities, among other features.
Layer 2 — Legacy agents and plugins (Client layer)
It has the ability to communicate natively with layer 3 since it has been designed for this purpose; we are going to use this layer as a transport between the Cloud Layer and Server Layer. For almost all manufacturers of data protection solutions, this layer must be modified to be able to receive the information from a new client and be able to transport it.
Layer 1 — Cloud plugins (Cloud layer)
Cloud plug-ins allow you to interact with all types of assets that are present in the cloud since each of these plugins is developed specifically to cover their need to protect them (*).
The current integration techniques can be diverse and vary over time, this depends on the APIs or data extraction methods that the different manufacturers of cloud solutions develop and can range from making intermediate dumps, FUSE drivers, etc.
In summary, it is recommended to follow this architectural approach to safeguard data protection in the cloud, thereby maintaining the benefits of current backup solutions while remaining flexible to changing requirements. Currently, we are faced with a paradigm in which level 3 is well established and solid but there is no level 1 capable of sending the data to be protected. New forms of data are being generated to protect faster than our current ability to understand and protect them.
(*) I’m developing an Access by Code technology to speed up the creation of these plugins. I will share it when the release candidate is available.
