Protecting your data in the cloud with a perspective on the Gmail outage
Recently, Howard Marks posted an article on Network Computing entitled “Can Cloud Snapshots Replace Backup?” Howard’s key implication in the article is that cloud storage gateways, onramps or enablers that reside on-premise can replace conventional backup with snapshots for primary data stored in the cloud. However, the article leaves open a point of exposure around the reliability of the cloud storage provider if both the primary copy of data and snapshots are in the cloud. In that case, the storage provider is responsible for the safekeeping of both your primary and backup data.
Let’s take a closer look at what may possibly go wrong with a cloud storage provider and your primary data in the cloud.
- For starters, a provider could experience data loss. Better providers offer redundancy and multi-datacenter replication that reduce or eliminate risk of disk or data center failures. For instance, Amazon claims 99.999999999% durability of data stored on S3. Assuming the cloud provider you choose maintains best practices around redundancy and data protection, the odds of data loss due to hardware of site failures are rather low.
- The more likely scenario is that a provider suffers an outage which prevents data access. To be fair, better providers offer 99.9% or even 99.99% availability, but none offer a 100% guarantee against outages, so a cloud provider outage could range from a temporary annoyance to a painful business outage. More 9′s of availability help, but also keep in mind your network availability is also a limiting factor.
- A third, though less likely, case is that the cloud storage provider goes out of business. Again this would depend highly on the quality of the storage provider, which may leave users a migration path, such as when EMC Atmos Online stopped supporting production customers. Whether or not there is a migration path, this case should be part of any risk analysis when it comes to storing business critical data in the cloud.
- Finally, the world is still buzzing from thousands of Gmail users losing access to email accounts in late February, that was blamed on a bad software update. The words of Google vice president of engineering and site reliability Ben Treynor are quite telling on how Google is recovering these customers: “To protect your information from these unusual bugs, we also back it up to tape. Since the tapes are offline, they’re protected from such software bugs.” The sobering message is that just because data is stored in the cloud, it is not exempt from software bugs or even human error, and may still require an offline storage tier for recovery.
Although snapshots in the cloud can functionally replace backup, how can we address the paranoid system administrators who are now white-knuckled at the thought of the 4 aforementioned risks? SLAs or a refund of monthly fees may be a small consolation in the face of lost data.
Is there a foolproof way to eliminate any business continuity dependency on the cloud provider? It turns out there are in fact a few:
- Keep a local data copy. This is almost too simple, but some cloud storage enablers allow you to keep full local copies of your data along with snapshots in the cloud. Some, like CloudArray, even allow you to grow a local cache to ensure entire data sets reside on-premise. Additional local storage tends to be cheap, while off-site storage is very expensive, making this a compelling way to continue operations even if a cloud provider suffers an outage.
- Use multiple cloud storage providers. Some cloud storage enablers support multiple cloud storage providers. If so, replicating across providers is relatively simple, albeit at double the capacity and bandwidth costs. The additional cost may be a bit much to swallow, reducing the viability of this alternative.
- Periodically copy data/snapshots off-cloud. This may sound familiar to the backup administrator. Recently, Marcel van den Berg published design guidelines for Veeam backup and stated “As a number one rule I would advise to store the backup on a different storage platform than the storage platform which is being protected.” The notion of where a storage platform in the cloud begins or ends is admittedly vague. It’s not clear that storing backups in the same cloud observes this fundamental rule. Enter “off-cloud” copies or backups which can reside on-premise or on a separate cloud provider and the problem can be solved. The notion of having primary data in the cloud and backups local may sound strange at first, but is actually a very viable option that is supported by cloud storage enablers like CloudArray and provides protection against both on-premise and cloud disasters.
With these alternatives, it is viable to store primary data in the cloud while minimizing risks of cloud provider failures, software reliability and even human error.
No data center is perfect, which is what makes off-site backup and disaster recovery (DR) planning a requirement for most organizations. Likewise, storing primary data in the cloud is no exemption from proper DR planning and best practices.
Bottom line: If you are considering using a cloud storage enabler, gateway or onramp to store primary data in the cloud, consider working with a product that minimizes your risk and a company that has already thought through and addressed the possible risks and DR contingency options.
Do you use cloud snapshots for backup? Let us know…