Climate change has made natural disasters an increasingly regular global threat. Backup and recovery expert W. Curtis Preston breaks down how companies can protect their data and prepare resilient disaster recovery plans to be ready for the worst-case scenario
Just as with the emergency services, there is a section of the IT department people wish to never have to call up: backup and recovery.
As the Earth continues to warm up and extreme weather events such as the recent Ida hurricane become more and more frequent, so does the threat to companies’ data systems. From extensive data losses to system outages, events such as floods and fires can greatly damage an organisations’ operations, making the need to develop disaster recovery plans more relevant than ever.
With over 30 years of experience in backup and recovery, W. Curtis Preston — well known in the industry as ‘Mr. Backup’ — speaks to Tech For Good about the best strategies to approach disaster recovery (DR) and the most important trends in the sector.
Meet Mr Backup
Preston started his career in backup in 1993 at MBNA, at that time the second-largest credit card company in the United States. During the years he spent there, MBNA’s servers grew from 15 to 250, and from two operating systems to five. In those days, the $35bn company had a total of 300GB in the entire data centre. Although Preston’s career has specialised in backup and recovery, he admits this was not something he originally intended to do.
“It was the job I could get,” he says. “It’s a negative thing about our industry that one of the most important jobs in the data centre is often given to the most inexperienced person.
“It’s a really thankless job. It’s a job where no-one remembers the millions of backups that you got right; they only remember the one restore you got wrong. And you’re never given enough budget or enough infrastructure to get the job done, and so you give it to the junior person. And that’s exactly how I got my job; it was the job nobody else wanted. And then, after a time, I definitely gained an affinity for the area.”
After leaving MBNA, Preston moved into consulting, wrote four books and founded two companies — The Storage Group and TruthinIT — specialising in backup and recovery system design, implementation and management. Since November 2017, he is the Chief Technical Evangelist of Druva, a data protection as a service company.
“I have a real passion for helping people protect their data, whether it’s their data centre data or the pictures on their iPhone,” Preston says. “It kills me when someone who is in my sphere of influence tells me that they’ve lost data, because there are so many easy services to protect your data, and it’s just a matter of you signing up for the right service and paying for that service.”
In the 30 years that Preston has been working in the industry, he has witnessed a technological revolution that completely changed the way people use the internet and backup data. However, although technology is much more accessible now than ever before, Preston doesn’t think that people have got better at protecting their data.
“Oddly enough, I think we’ve gotten worse,” he says. “30 years ago, everything was a hard drive. There were no flash drives, and they [hard drives] failed all the time. And so, you had to be good at backup, because you would absolutely need it. Now, a person that just uses Microsoft 365 and accidentally deletes an email can get it back from the recycle bin. To a lot of younger people, restore is just a magic thing that happens.
“There are a lot better offerings to do backup and recovery today than there were when I started. My iPhone here has more storage than the data centre I worked at when I joined the IT industry. The problem is bigger, but the infrastructure is there and the services are there.”
Planning for disaster
Although the extra effort of setting up a backup plan might seem inconvenient, these services prove to be absolutely vital in the case of a disaster, such as hurricanes like Ida or ransomware attacks. By the time the servers are at risk, it’s too late to build a disaster recovery plan.
Disasters — natural or otherwise — are, by definition, unpredictable. However, as the Earth grows warmer and climate change continues to be a reality, the coming of extreme weather events is a guarantee. Within these situations, backup and recovery plans could make a difference in the survival of any organisation.
Preston, who grew up amongst the Florida hurricanes, and has recently witnessed the California wildfires, is unequivocal about the importance of resilient disaster recovery plans.
“This is a problem as long as computing,” he says. “Whether it’s a hurricane or a fire, or a terrorist action that blows up a building, or a ransomware attack that takes out your entire infrastructure, the result of all of those is the same. And that is you no longer have access to the computing infrastructure that your company uses to do its business.”
To minimise the loss of data, money and time that result from these scenarios, companies should design disaster recovery plans that are tailored to their needs. The first thing that organisations need to do before creating one is a cost-benefit analysis, that looks at what would happen to the company if it lost its computing infrastructure.
The dependence of companies on their computer infrastructure varies greatly from sector to sector, and so do their recovery time objectives (RTO). The RTO is the metric used to establish how long the restore should take, and it affects how often the cloud is updated and how much data would get lost.
A Georgia-based paper mill company that Preston consulted for had an “extremely generous” RTO of two weeks because the cost of their computing infrastructure being down for two weeks was next to nothing. In contrast, a financial trading firm could lose millions of dollars if its systems went down for a couple of hours. Therefore, these types of companies would need a more specialised service, such as Druva, which supports an RTO of 15 to 20 minutes, with only one hour of data loss.
“You need to know the cost of downtime for your company,” Preston says. “Without that, there’s literally no sense in having any of the rest of the meetings.
“What continues to happen to this day is that people do the math and they say: ‘Okay, we’ll lose a million dollars if we’re down for this amount of time.’ And then we say, ‘Well, we can solve this problem for a million bucks’. And the response is, ‘I don’t know if we have that kind of money.’ I can’t deal with that. That problem is old, that problem is still here and if, in the end, you don’t care enough about your company’s data, to protect it in a reasonable way, there’s nothing that I can do to address that.”
“No-one remembers the millions of backups that you got right; they only remember the one restore you got wrong”
Once companies have decided that they do want to invest in protecting their data, the second thing that Preston advises to do is to create an inventory of their “computing world” — all the data that a company has online — and decide whether it is going to be backed up and how. The easiest way to do this is by following the 3–2–1 rule.
“If your backup system doesn’t at least conform to the 3–2–1 rule, it’s just not backup,” Preston says. “And what that means is that you have to have at least three versions of your data on two different media, one of which is stored somewhere else.”
It seems simple enough. However, Preston puts an emphasis on the importance of having copies on different platforms and warns about the dangers of relying on restore features. It is fundamental that one of the copies of the data is stored separately, and preferably within a third party service. “You don’t backup your MacBook on your MacBook,” he says.
After these decisions have been made, comes the innovative part: designing the recovery system. For Preston, the perfect way to do this is by using cloud services such as the one provided by Druva.
“It is pretty much universally agreed that DR is the killer application for the cloud,” he says. “Pre-cloud you could do DR for your company for, say, a million dollars and it would take you two to three days. Well, now we can do DR in the cloud for the same company and have it cost you $50,000, and it could be up in a matter of minutes. It’s literally like one or two orders of magnitude better than it used to be and less expensive.”
As a result of the transition to remote work, the use of software as a service (SaaS) systems significantly increased, as people were not able to use on-premise systems. Companies such as Druva were very COVID-19 friendly from a data management and data protection standpoint, as they were able to provide the same service on the cloud.
“The beautiful thing about being SaaS in the cloud is that the customer doesn’t ever need to worry about the infrastructure on the backend,” Preston says. “During my career, 95% of the consulting that I did was to help customers redesign and re-architect their backend. They bought bigger servers, faster tape drives, faster disk drives, and all of those things in the backend to make their backup system perform better. None of that stuff applies to our customers.
“If you’re a Microsoft 365 customer, and you acquire another company that has 100,000 employees, you don’t need to call Microsoft, you just need to add 100,000 employees to your Microsoft 365 account. And that’s exactly the same with us. You don’t need to add storage, you don’t need to add computing power, you just need to configure the new things that we’re going to backup.”
Containing the future
Although SaaS is the current wave that the backup world is riding, Preston has a clear view of what the next big wave will be: containers.
Containers allow users to divide up a machine so that it can run more than one application on the same kernel and hardware while maintaining isolation among the workloads. Using this technology, Google developed Kubernetes, an open-source platform that works by joining a group of host machines into a cluster to manage containers.
“I do think Kubernetes and containers are what’s next on the backend,” he says. “If the vendors that you are working with aren’t already looking at that world, to me that’s an indication that they’re behind the times.”
The technology to protect companies’ data against the worst-case scenario exists, and it is only getting better. However, these innovations are useless if business leaders refuse to see the need to protect their data. In Preston’s view, outsourcing these services is key to ensuring that DR receives the attention it deserves so that businesses can thrive even in the worst of disasters.
“People ask me ‘Why should I use a service to do data protection?’” he says. “And my answer back to them is: ‘Why shouldn’t you?’ For so long DR has been at the back of the bus. The only reason I took that job 30 years ago was because it was the job I could get. No one wants this job, it’s a thankless, very difficult job. So don’t give it to anybody. Give it to a company that is at the front of the bus and have them take care of it for you.”