Three guiding principles to establishing data resilience for a hybrid cloud strategy
According to the 2020 Dell Technologies Digital Transformation Index, 79% of business leaders are reinventing their business model as a result of the disruption caused by the pandemic. And, for organizations across the region, investing in multiple cloud environments featured among the top five technology priorities over the next one to three yearsAs a result, a hybrid cloud strategy is rapidly becoming the IT strategy of choice largely due to its ability to offer enterprises the best of private and public clouds, plus edge technologies with greater choice and flexibility. A hybrid cloud strategy also presents an opportunity for businesses to rethink their data protection and resilience approach.
Adopting a hybrid cloud strategy offers distinct advantages regarding data protection:
- Cost optimization: A hybrid cloud offers flexibility and choice as to where to store data to optimize costs over the lifecycle of the data.
- Right-sizing recovery and availability: Cloud computing has driven organizations to think more comprehensively about what data is important and how each workload should be treated; taking the time to right size for the future.
- Minimize risk: We are taught that diversifying investments is a sound strategy to avoid losing everything. A hybrid cloud approach provides location diversity for data, minimizing the risk of data loss and cloud-vendor lock-in.
There is no one-size-fits-all solution, however, we recommend these three broad guiding principles that enable organizations to establish long-term data resilience for their hybrid cloud strategy:
1. Architecture matters
Advocate for scalable and efficient architectures, technologies and products that are built with multi-cloud in mind. Why? Data resilience is a long-term strategy. The more costly your organization’s data is, the riskier it is to protect it. Making sustainable investments to support data resilience will reduce risk over the long term. This includes:
- Storing data efficiently: Storage costs, whether cloud or not, are not decreasing at a rate faster than data is growing. Backup data offers an opportunity to leverage data deduplication efficiencies to ensure the most amount of data can be stored in the smallest footprint. This has a flow on effect in that efficiently stored data enables efficient data mobility. Therefore, data can be transferred across clouds to allow restoration anywhere, as well as enable strategic direction changes, quickly and cost effectively.
- Optimizing hybrid cloud infrastructure costs: Assess all hybrid cloud infrastructure components required, including compute, block and object storage, egress and transfer costs, and API call costs. This will ensure there are no surprises when it comes to the run costs to enable an IT strategy.
- Addressing cyber risk: Leverage controls such as data encryption, immutability and access controls so that data is not visible to the cloud provider or an adversary in the network. Over-the-wire and at-rest data encryption can ensure data privacy is maintained as data travels through hybrid cloud networks and is stored in cloud storage. Leverage an air-gapped data protection copy and actively analyze for threats to enable recovery in the event of a sophisticated cyber-attack either against the business or the cloud provider.
- Leveraging cloud economics: Choose capabilities that deploy technology as a utility service so that infrastructure does not become an expense when it is not in use. Ideally, look for ways to consume IT where you only pay for what you use via a subscription-based or consumption-based model. The architecture should be modular, starting with a minimal resource footprint and growing with the needs of the organization.
For many organizations, data is their lifeblood or competitive advantage. This data should be protected, including these considerations:
- Regulatory and reputational: Companies need to consider local data protection regulations and how those impact the data they collect. Regulatory requirements should be reviewed in the context of storing and protecting data in a hybrid cloud model. Cyber resilience is not cyber security. Take actions to ensure resilience in the event of a successful cyber-attack. The ability to get critical systems back in service has the potential to impact an organization’s customers positively or negatively.
- Responsibility: Understand that public clouds generally operate under a Shared Responsibility Model, meaning an organization maintains some responsibilities for their data and workloads, while the cloud provider may also take some responsibility. Data protection and availability is one aspect of this model that typically falls on the customer to implement and manage. For this reason, it’s important to ensure that the corporate data protection policies extend across the hybrid cloud strategy.
- Review the data protection strategy regularly: It is best to ensure the data protection strategy is up to date with the changing technology, as well as with the ever-evolving regulatory landscape.
Findings from the 2020 Dell Technologies Global Data Protection Index highlighted that to bridge the data protection gap across their multiple clouds, 80% of survey respondents were using solutions from multiple data protection vendors. There are significant risks to this approach:
- Compared to those working with a single data protection vendor, on average, organizations using multiple vendors are likely to experience almost 5x higher data loss costs and 2x higher downtime related costs. These enterprises are likely investing more in time, money and staffing resources to protect their data and applications and yet their annual data loss and downtime costs are significantly higher than those working with a single data protection vendor.
While thinking through a data protection plan for a hybrid cloud strategy, CIOs should look to data protection solutions that protect data wherever it resides.
Organizations understand a hybrid cloud strategy has many benefits. However, only those that adopt the broadest data protection capabilities, develop and follow strong data governance policies, and have a data protection solution for their on-premises, public cloud and edge environments will be in a position to effectively manage and protect their data and workloads, safely.