Brent Ellis, a senior analyst for Forrester, defines data resilience as a combination of data durability (ensuring the data is safe and not compromised), and availability for use by the people or services that use it.
In the context of the current hybrid work environment, he believes this might include connectivity components, and BYOD support to address availability issues when connecting remotely. For a hybrid multi-cloud infrastructure, it will mean understanding how different services on-premises and in the cloud relate to each other and knowing what the risks are for each.
IT people understand on-premises risks well, but the cloud mitigates most of those by default and brings a new unfamiliar set of risks related to web-scale automation, shared responsibility issues and gaps.
Pure Storage chief technology officer & VP, Matthew Oostveen, noted that organisations are increasingly leveraging artificial intelligence (AI), container platforms, virtualised infrastructure, and other emerging technologies.
“Data resilience needs to be accounted for when using these platforms, which tend to operate in a multi-cloud environment. This includes phasing out any legacy storage arrays as these systems are usually incompatible with the cloud infrastructure and might not be updated against the latest threats."
Matthew Oostveen
Composition of data resilience
One of the outcomes of digital transformation is imperative to modernise applications. IDC says application modernization is consistently rising in priority in IDC surveys, from 33% of respondents rating it a "high" or "top priority" in 2015 to over 83% in 2021.
However, modernising is not without risks and CIOs carry the burden of ensuring that its business-as-usual even as applications go through the rigour of modernisation, and systems through a well-defined business continuity framework.
Oostveen says one of the biggest challenges businesses face in data resilience is the overwhelming complexity of migrating legacy architectures into the modern era.
A concern shared by Justin Hurst, Nutanix’s field CTO for APJ, outlined the core elements of a data resilient strategy as being data protection, automated business continuity, and governance. “Business continuity restores mission-critical IT functionality, ideally with little to no manual intervention. It’s important to enable “zero-touch”, which allows IT Ops and infrastructure managers to manage their environments without being in the datacentre,” he added.
Ellis posits that data resilience is a mix of good risk management, vendor management, backup and recovery tooling, and a proactive understanding of how your services are put together.
“I think data resilience measures have always been about risk management and backup, but using the cloud means you have to develop a way of assessing risk in the vendor environment and how integrating those third-party services affects the overall resilience of your data and technology services," he added.
When data is all over the place
Gartner predicts that by 2025 more than 50% of enterprise-managed data will be created and processed outside the data centre or cloud. Before that happens, CIOs will need to have a data strategy able to manage data regardless of where it is stored.
Forrester’s Ellis suggests looking at it from the lens of “How resilient is my data in x platform?” and “Do gaps in my data resilience cause significant risk?”
“When you can answer those questions, it will lead to your particular business strategy. For some, the gaps don’t cause a big enough risk to invest in mitigation, for other companies it will. The key part of it is exposing specific risks as much as possible.”
Brent Ellis
He posited that using the cloud injects a lot of unknown and unfamiliar risks into your environment. On-premises risk mitigations start at the level of physical threat to infrastructure (weather, fire, hardware failure, etc). In the cloud, risks might be poor automation governance, cyber threat, misconfiguration, or accidental or malicious compromise of data, for example.
“Mitigations will be different, and in the case of vendor-supplied services, those mitigations might be something you have to contractually stipulate for the vendor to do. It is a complex problem, and the answer is not whether my data is resilient or not, it is about how resilient you are. Maybe the answer is 97% for parts of your tech stack and 50% for others,” he elaborated.
Hursts says a cloud data management solution can unify data governance, security, and intelligence in a single control plane.
“Having a holistic hybrid or multi-cloud strategy enables businesses to break down data silos, increase visibility across the organisation and ultimately help them achieve data resilience,” he continued.
Data resilience in the platform era
Asked whether it is possible to leverage SaaS solutions to achieve resilience, Hurst believes it is not possible to leverage SaaS solutions to achieve resilience.
“Resilience is not a band-aid that can simply be applied from the outside. It must be meticulously designed throughout every layer of the infrastructure and application landscape,” he opined.
Pure Storage’s Oostveen disagrees explaining that as-a-service solutions can reduce the need for on-premises security architecture, especially if the latter has been configured inconsistently or incorrectly, leading to greater resilience.
“The scalability and convenience of outsourcing data protection to their cloud vendor also give CIOs more time to focus on other aspects of resilience, such as IT budget planning to ensure that they are equipped with the right systems and tools for organisational agility and resilience,” he continued.
Ellis gives a yes and no to the question. He concedes that there are “some great Backup-as-a-Service and Disaster Recovery-as-a-Service vendors allowing companies to have high levels of resilience but nothing covers everything a large enterprise uses so there is always a bespoke element to a backup or disaster recovery plan. He offers a similar rationale for SaaS applications that support core enterprise functions.
Setting the path to data resilience
Hurst believes that resilience isn’t an “either/or” proposition. He posited that for each organisation, and for that matter each application within, there is a different set of requirements.
He suggests starting with understanding the data and application landscape across datacentres and clouds, and how they interact and are interdependent.
“Once appropriate goals and service levels have been set, they can be implemented in a layered, holistic approach taking in mind existing capabilities, and supplementing where needed. It’s critical as well to understand the human element and automate as much as possible – a crisis is the worst time to rely on manual processes."
Justin Hurst
For his part, Ellis says the starting point is to get an understanding of where your data is and how valuable it is. He believes that answering these two questions will help a company decide how many resources to dedicate toward the resilience of the data.
“One gets in the weeds quickly in a modern environment because you can’t just “backup everything” the way you would in a 100% on-premises environment. It elevates data resilience to the level of risk management and the leading criteria for the resources dedicated to ensuring data resilience then become business needs rather than technical capability,” he concluded.