The cloud: what local and state governments must know before deciding to buy
By John Pearring
Cloud-based data protection sounds like a really good idea. Before buying an enterprise data protection cloud solution, however, be sure you grasp what the terminology marketed to government-based customers actually means. Trade magazines and publications define the “cloud” according to their readership, which can vary from retail-sounding individual users buying machine-based backup, to city and county-positioned products using some versions of “X” as a service terminology; as in, Backup as a Service (BaaS), Disaster Recovery as a Service (DRaaS) and Recovery as a Service (RaaS). In fact, these “aaS” acronyms do not follow a common lexicon. BaaS originally referred to “Backend as a Service,” and the term IT as a Service (ITaaS) does not speak to cloud services at all.
Retail data protection products for individual users have a long history of creeping into enterprise implementations, even when government rules prohibit such activity. Users on mobile or even workstation platforms charged with controlling their own data get creative. They subsequently look for user-based data protection solutions. Beginning with floppies, folks moved onto burning CDs and DVDs until adopting standalone disks with some built-in backup software. Today, users are opting for cloud backups at significant rates. These rogue users now fondly call their backups and archives as putting their data in the cloud. Cloud offerings for enterprises, though, have come of age simply because of so many public users investing in building the business. Large corporate cloud developments began more than a decade ago, but largely failed due to the costs to their customers. Depending on the government entity, this user-based control of backups has created an important paranoia for IT managers.
Government IT managers and executives have consistently expressed frustration with various uses of the term “cloud,” and the aaS representations of services confuses buyers looking at cloud service providers. The recent maturation of cloud-based services has helped the terminology a bit, and the definitions of cloud services have become more focused on the entire point of enterprise cloud implementation. That is, datacenter directors want to outsource IT functions when possible to save shrinking dollars and redirect their staff and asset resources to work more specifically on their governing missions. In other words, the “service” notion of buying a data protection outsource is really what folks trying to buy backup and recovery are looking for in cloud offerings.
No matter what you buy, however, the trio of cost, speed and management define the success of a cloud solution, just like any other IT function. Consider all three as you review the options.
Public vs. Private Cloud
The two main types of cloud-based data protection services reverberate around public or private implementations. The public cloud is where data lives on a shared infrastructure and where networks, storage and management get handed off to a service provider. Government entities would never entertain such an idea, until recently, when costs began shoving them into considering options.
In a private cloud, data is on dedicated infrastructure and the owners of that data control both the network and target site as well as the management. Due to financial compromises expected from such high-minded extremes (private offerings can be very expensive), variations rule the day regarding a clear distinction between public and private clouds. Money usually presents the compromises. Combinations of the two results in either a semi-private cloud, or what may best be called a hybrid public-private cloud.
Data Protection and the Cloud
In data protection, there are some popular configurations to consider. Best practices in data protection recommend an off-site second backup copy, more commonly called a disaster recovery copy. The most frequent option is disaster recovery to a private cloud, which assumes an existing solution is owned privately onsite and a backup/archive copy simply goes to another government site. This classic formula meets the user expectation to automate disaster recovery to a wholly owned “hot site.” Customers who do not yet do this today, but are looking for this automation, typically are trying to move away from a tape solution or simply have not yet installed a disaster recovery technology. If a government datacenter hires a third party managed service provider (MSP) for disaster recovery but wishes to still operate a private cloud, the costs may no longer be prohibitive. MSPs are getting good at meeting compliance regulations.
The second popular option for cloud backup is disaster recovery to a public cloud. This option looks like the first except a replicated backup copy sits in a shared infrastructure. While storage zoning can separate data, users still share network and computing power with others. Some governing bodies have already justified the shared sites by insisting on service level agreements (SLAs) that set private-like standards.
The third and least popular data protection cloud offering for government is a completely hands-off approach to an MSP. Data protection to the cloud as a full service backup, archive and disaster recovery plan is usually charged on a space basis (cost per gigabyte or terabyte) and will likely not meet compliance necessary for government regulations. Customers install a full-function set of software clients and database agents into their onsite environment, and all data movement for backup and archive takes place over Internet connections. Watch for scenarios in the future where even this offering may fit government expectations.
Recovery is the key to any good data protection solution. Cloud does offer many different flexible options, but recovery is the most important as the cost rises according to how fast and how much of the data users want to recover. Variations of the three implementations of data protection in the cloud make more sense today than ever before. Once a decision has been made on cost, speed and administration requirements, cloud offerings become a little less cloudy and more of a viable solution for data protection needs.
John Pearring is the vice president of STORServer, a leading provider of proven data backup solutions for the mid-market, selling exclusively through the channel. As STORServer president from 1995–2008, John built the original OEM alliances and e-business infrastructure for the company.