Trying to decide if online backup, or backup as a service, will be beneficial to your small-midsized business (SMB)? John Merryman, services director for recovery services at GlassHouse Technologies Inc., discusses the benefits and drawbacks of online backup today. His answers are also available below as an MP3 download.
Table of contents:
>>The benefits of online backup or backup as a service
>>The drawbacks of outsourced backup
>>Major players in the online backup space
>>RTO vendor guarantees
>>Selecting an online backup service
>>Online backup in a midsized business
The major benefits are giving people a way to offload the complexities associated with backups especially the nature of managing backup solutions from an application perspective, managing tapes, trying to contend with offsite vaulting of tapes. This is coupled with the need to lower capital and operational costs.
And then ultimately, the biggest driver is lower risk, especially for small to midsized businesses, mobile users or remote offices. Backup is often there, but in terms of effectiveness or a company's ability to restore data effectively, a lot of companies are just getting by and there is lot of concern about potential data loss.
Naturally with any kind of outsourced function you're putting more dependency and trust on external services. So in this case, you're looking at handing over the backup and restore function to an external service provider. But with that you're also looking at dependencies on your Internet or your network service providers to make sure that your data can be transferred back and forth.
Once you go into a model like this for managed backup services, the backup plan can be somewhat complicated in terms of what do you do when you decide to move to another service provider or bring it back in house. How do you get your data back? Are you going to run into any termination clauses? Do you have end-of-contract fees that are going to be expensive?
It is a crowded space that is only getting more crowded. The majors that you are going to see out there are Iron Mountain, Symantec, EMC and IBM. There are some software companies that have gotten into this space in a big way too, mainly EVault which was just acquired by Seagate, Asigra, which has heavy partnerships with AT&T and Hewlett Packard and other startups like Digi-Data and Carbonite.
So, if you look at the market, you will see quite a few companies that are in the startup phase that are leveraging software from companies like Asigra. So it is an interesting space, there is a lot of acquisition happening, with the biggest and most industry-shaking probably being the EMC acquisition of Berkeley Data Systems, in which the Mozy service product line was acquired in 2007 and has been focused out on a consumer and even enterprise customer basis.
Even if you don't get a formal service level agreement (SLA) from a service provider during the pre-sales process, you should get one before you commit to any type of service like this if you're a business. At a minimum, this type of agreement should include specifics around service availability, how often you have to bring the service down for maintenance or planned or unplanned downtime. Are they truly 24/7, every day of the year, or do they have conditions in which they are not available at all times?
While this may not be important to some businesses, it may be in the future as they grow. Also, are your support engineers, if needed, going to be available day and night? Restores aren't always happening at the most timely or convenient times, so service availability is another big one. Also, how the company handles incidents and provides escalation statistics. Who to contact, what level, when and what are the response times if you do have an issue?
All of these things are very unlikely to become issues, but they are a good thing to look for when you are dealing with a service provider. Also, when you look at guaranteeing backup and restore performance, it's fairly tricky territory in large part because all of these services depend on LAN or internet bandwidth. This can vary tremendously based on geography, latency, hops across network channels and other factors.
You will rarely see guaranteed speeds and performance for backup and restore. So, as a practical approach beyond the contract, you should definitely look for service providers to be able to measure, either during the pre-sales process or during initial deployments, what your actual backup and restore speeds are and to help you identify whether or not you have resource constraints on the WAN and if so, how do you mitigate those constraints.
The number one thing you want to be looking for is ease of use, ease of deployment and speed of deployment. After all, when you look back at the root cause of why companies are looking at these solutions, a lot of it has to do with the management complexities of existing solutions. You want to look for technologies that are part of the solution that minimize the impact of the network. Essentially after your initial full backup, are the technologies doing things like data deduplication or delta differencing or other block-based change mechanisms, so you're not doing large volume copies of your backups over and over. These technologies are out there, but the key thing to look for is whether the incremental or deduplicated backups going over the networks after the initial pull are being deduplicated at your end of the deal or at the service provider's end of the deal. There is a major difference that really equates to bandwidth consumption on the WAN as a result.
Another thing to look at is security. The bigger the organization, the more you are going to be concerned with things like access control lists, role-based authentication and role-based access to systems. For instance, let's say you're a company of 20 people and everyone is using this service, maybe you don't want everyone to have the equivalent of root level access to do resource. Be sure that if you need encryption, that part of the service offering is available. Also if you're doing encryption of data at rest on your side, understand how that impacts the effective amount of storage on the service provider end, and how that affects your contract.
Be sure that you have some visibility into what's actually happening, how much capacity you are using, what the performance looks like on a daily or weekly basis. How much storage is used, how storage is used, how much is backed up, what is used and when and what are the backup window times for the service.
Look for proof of infrastructure. Are the datacenters running the server owned or are they co-owned datacenters? Does the service provider have multiple datacenters, as in, if they have a disaster is your data gone indefinitely or has it been replicated to another site for disaster recovery? These are things that you would normally not think about since your data is moving offsite, yet if you're doing this for the long haul and putting your critical data assets in the hands of a service provider then it does matter.
Look for evidence of a company in technology stability. When you call, up does the CEO answer the phone or do you get a true support person? Also, where is that support person located? Then also look to see if they have 24/7 support. Even if you don't need or don't want to pay for it, whether or not that exists in a company is a huge indicator of company maturity. And lastly, if you need application awareness in the backup and restore process, such as application awareness of Exchange data stores or SQL, things that are very common in SMBs or remote sites, make sure that that application awareness is fully understood by the storage provider, so you have potential for restore consistency.
Small businesses are a direct hit. This type of service is a very strong offering for organizations like that. Medium-sized companies with fewer than 1,000 employees and a traditional backup solution in house, but with much of their workforce remote, can also see strong benefits.
So, it's been a pleasant surprise to see the technology adopted by a wide range of company sizes for various reasons, but when you look at the cause of why you're doing it, many of the root causes are very similar. It has to do with the complexity of managing backup and locations where there aren't necessarily backup administrators or people that are trained or skilled to do the basic day-to-day activities.
John Merryman is responsible for service design and delivery worldwide. Merryman often serves as a subject matter expert in data protection, technology risk and information management related matters, including speaking engagements and publications in leading industry forums.