Reducing Risk in Your Data Protection Environment with EMC Data Protection Advisor

Similar documents
Technology Insight Series

IBM Real-time Compression and ProtecTIER Deduplication

The Ultimate Guide for Virtual Server Protection

COMPREHENSIVE RETENTION COMPLIANCE: HOW KEEPITSAFE ONLINE BACKUP CAN HELP YOUR BUSINESS

Archive Legislation: archiving in the United Kingdom. The key laws that affect your business

EMC VIPR SRM: VAPP BACKUP AND RESTORE USING VMWARE VSPHERE DATA PROTECTION ADVANCED

Controlling Costs and Driving Agility in the Datacenter

Symantec Document Retention and Discovery

Data Protection for Virtualized Environments

INTELLIGENCE DRIVEN GRC FOR SECURITY

Evaluator Group Inc. Executive Editor: Randy Kerns

Tracking and Reporting

Start Now with Information Governance

The Data Protection Rule and Hybrid Cloud Backup

EMC Centera CentraStar/SDK Compatibility with Centera ISV Applications

RSA Solution Brief. The RSA Solution for Cloud Security and Compliance

Moving From Reactive to Proactive Storage Management with an On-demand Cloud Solution

INTEGRATING EMC XTENDER AND DISKXTENDER FOR ELECTRONIC MESSAGING ARCHIVAL WITH NETAPP NEARSTORE

Next Generation Backup: Better ways to deal with rapid data growth and aging tape infrastructures

DISASTER RECOVERY TESTING, YOUR EXCUSES, AND HOW TO WIN

WHY SECURE MULTI-TENANCY WITH DATA DOMAIN SYSTEMS?

EMC Ionix IT Compliance Analyzer Application Edition

Data safety for digital business. Veritas Backup Exec WHITE PAPER. One solution for hybrid, physical, and virtual environments.

SQL Compliance Whitepaper HOW COMPLIANCE IMPACTS BACKUP STRATEGY

THE STATE OF CLOUD & DATA PROTECTION 2018

Governance, Risk, and Compliance: A Practical Guide to Points of Entry

CA Test Data Manager Key Scenarios

EMC Celerra Replicator V2 with Silver Peak WAN Optimization

Green Governance Growth

White Paper Server. Five Reasons for Choosing SUSE Manager

Solving Exchange and.pst Management Problems in Microsoft Environments An Osterman Research White Paper

Why Continuity Matters

The Nuances of Backup and Recovery Solutions

DELL EMC DATA DOMAIN RETENTION LOCK SOFTWARE

74% 2014 SIEM Efficiency Report. Hunting out IT changes with SIEM

POWERING NETWORK RESILIENCY WITH UPS LIFECYCLE MANAGEMENT

Disaster Recovery Is A Business Strategy

Oracle s Engineered Systems Approach to Maximizing Database Protection

15-MINUTE GUIDE. SMARTER BACKUP Transform your future

Oracle Buys Automated Applications Controls Leader LogicalApps

Demystifying GRC. Abstract

BUSINESS CONTINUITY: THE PROFIT SCENARIO

Isaca EXAM - CISM. Certified Information Security Manager. Buy Full Product.

EMC Disk Library Automated Tape Caching Feature

CA ARCserve Backup. Benefits. Overview. The CA Advantage

Cost savings of disk-based backup using a Dell PowerVault DL Backup to Disk Appliance powered by Symantec Backup Exec 2010 R2 vs.

The Microsoft Large Mailbox Vision

Exam4Tests. Latest exam questions & answers help you to pass IT exam test easily

Industry-leading solutions for transforming data centers into drivers of business value and innovation. Symantec in the Data Center

Lab Validation Report

eguide: Designing a Continuous Response Architecture 5 Steps to Reduce the Complexity of PCI Security Assessments

IBM TS7700 grid solutions for business continuity

Build a viable plan for disaster recovery and crisis management.

Protecting Microsoft Hyper-V 3.0 Environments with Arcserve

Securing Your SWIFT Environment Using Micro-Segmentation

Maximizing IT Security with Configuration Management WHITE PAPER

SQL Server 2008 Consolidation

Chapter 1. Storage Concepts. CommVault Concepts & Design Strategies:

Optim. Optim Solutions for Data Governance. R. Kudžma Information management technical sales

HP BladeSystem Matrix

The case for cloud-based data backup

Information Lifecycle Management for Business Data. An Oracle White Paper September 2005

Accelerate Your Enterprise Private Cloud Initiative

A SERVICE ORGANIZATION S GUIDE SOC 1, 2, & 3 REPORTS

First Financial Bank. Highly available, centralized, tiered storage brings simplicity, reliability, and significant cost advantages to operations

Using Self-Protecting Storage to Lower Backup TCO

Technical Note P/N REV A01 March 29, 2007

Global Headquarters: 5 Speen Street Framingham, MA USA P F

Oracle Database Vault

What is Penetration Testing?

arcserve r16.5 Hybrid data protection

Dell PowerVault DL2100 Powered by CommVault

Sarbanes-Oxley Act (SOX)

Cost savings of disk-based backup using the Dell PowerVault DL2100 powered by Symantec Backup Exec 2010 vs. tape-based backup

IBM Global Technology Services December 2008 Business continuity and resiliency services from IBM

WHY BUILDING SECURITY SYSTEMS NEED CONTINUOUS AVAILABILITY

Protect Your Data At Every Point Possible. Reduce risk while controlling costs with Dell EMC and Intel #1 in data protection 1

Five Key Considerations for Selecting Cloud Recovery Services

USING QUALYSGUARD TO MEET SOX COMPLIANCE & IT CONTROL OBJECTIVES

The Upside to Active Mail Management - Five Reasons to Actively Manage Mail

EMC DiskXtender for Windows and EMC RecoverPoint Interoperability

Achieving Rapid Data Recovery for IBM AIX Environments An Executive Overview of EchoStream for AIX

RSA Solution Brief. The RSA Solution for VMware. Key Manager RSA. RSA Solution Brief

Virtualizing the SAP Infrastructure through Grid Technology. WHITE PAPER March 2007

PowerBroker Auditing & Security Suite Version 5.6

Don t Jeopardize Your Business: 5 Key Business Continuity Use Cases for Cloud

Symantec NetBackup 7 for VMware

VMWARE PROTECTION WITH DELL EMC NETWORKER 9

From Single File Recovery to Full Restore: Choosing the Right Backup and Recovery Solution for Your Cloud Data

The Convergence of Security and Compliance

SOLUTION BRIEF RSA ARCHER BUSINESS RESILIENCY

How WhereScape Data Automation Ensures You Are GDPR Compliant

Best Practices in Securing a Multicloud World

MODERNIZE INFRASTRUCTURE

-archiving. project roadmap CHAPTER 1. archiving Planning, policies and product selection

Know Your Customer. c360 Microsoft Dynamics CRM 4.0 Product Catalog

VMware BCDR Accelerator Service

ISACA Cincinnati Chapter March Meeting

Six Sigma in the datacenter drives a zero-defects culture

BACKUP TO THE FUTURE A SPICEWORKS SURVEY

Transcription:

Reducing Risk in Your Data Protection Environment with EMC Data Protection Advisor Applied Technology Abstract EMC Data Protection Advisor provides a comprehensive set of features to improve compliance with business and regulatory requirements for protection and retention of data, while reducing the risk of data loss. This white paper outlines how Data Protection Advisor helps avoid the costs associated with lost data, both from legal and governmental fines and reduced customer satisfaction. July 2009

Copyright 2009 EMC Corporation. All rights reserved. EMC believes the information in this publication is accurate as of its publication date. The information is subject to change without notice. THE INFORMATION IN THIS PUBLICATION IS PROVIDED AS IS. EMC CORPORATION MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Use, copying, and distribution of any EMC software described in this publication requires an applicable software license. For the most up-to-date listing of EMC product names, see EMC Corporation Trademarks on EMC.com All other trademarks used herein are the property of their respective owners. Part Number h6446 Applied Technology 2

Table of Contents Executive summary...4 Introduction...4 Audience... 4 Overview...4 Industry statistics...5 Centralize monitoring and control across domains... 6 Improving IT efficiency... 8 Trusted independent verification...11 Example of regulations...12 Sarbanes-Oxley... 12 Conclusion...13 References...13 Applied Technology 3

Executive summary Compliance with business and government data protection requirements is not a revenue-generating activity. However, the converse (non-compliance) can be costly and have a negative impact on the business. Data is central to all businesses, and protecting this data is very important. The inability to recover company data after a critical failure at a primary site can put an entire company at risk, with catastrophic consequences for employees, shareholders, and customers alike. As a result, almost every company today is subject to one or more sets of data protection regulations, be they industry, government, or internal requirements. It is not only important for backups to meet stated Service Level Agreements (SLAs) on a daily basis but for companies to be able to prove compliance when audited. Failure to do so can lead to fines and in the worst case, irrecoverable data that can put a company at risk. Requirements such as HIPAA, Sarbanes-Oxley, FDA, and SEC regulations can impact already overloaded IT budgets. EMC Data Protection Advisor is a proven solution that compares established policies with the enforcement of those policies. Data Protection Advisor alerts when gaps in protection are found, so that you can make corrections, get back on track, and in many cases avoid problems before they arise. Data Protection Advisor can also accelerate the time required to satisfy audits, thereby reducing the time needed to get back to business. Introduction This white paper gives an overview of EMC Data Protection Advisor and provides an outline of how Data Protection Advisor helps avoid the costs associated with lost data, both from legal and governmental fines and reduced customer satisfaction. Audience This white paper is aimed at mid- to high-level management responsible for storage technology costs, IT operations, legal counsel, and CIO level management. Overview The primary requirement for compliance management is an audit trail of all data protection activities that take place. The information on these activities must be retained and made available for inspection if required, with the ability to obtain data for a specific subset of protected systems over a given time period. Complying with SLAs and regulations is a drain on IT resources, first to protect the data as specified and then to report back to the business and regulators on how well the requirements were met. Regulations such as Sarbanes-Oxley (SOX) direct companies to define their own best practice and then adhere to that best practice. There are thousands of regulations that companies may be subject to beyond SOX. To improve attainment of SLA goals, IT follows a cyclical process of finding issues, fixing them, reporting back, and looking for the next protection gap. Reporting back to the business and auditors is a continuously changing requirement. As the environment grows, companies are acquired, new regulations are imposed and new technologies are adopted; many companies adopt third-party reporting solutions as a way of eliminating scripting. Third-party solutions also have the benefit of being unbiased, something that is critical when responding to audits. The business and auditors can request information on all aspects of the Data Protection Management process, such as success rates, data retention, unprotected data or clients, missed backups, and where data is retained (what tape in which location). The variations of each request are endless. Lastly, the need for compliance is continuous and must be sustained over time. Applied Technology 4

To minimize the impact on an environment, a Data Protection Management solution must meet several criteria: Provide heterogeneous support for data protection solutions and the surrounding infrastructure Improve IT operations, and the resources used to manage and report on achievement of service levels Maintain an unbiased record of events for reporting to the business and auditors, including changes to the policies and retention of data The end goal for this process of establishing, maintaining, and reporting is to ensure that data is protected and recoverable. Industry statistics As IT struggles to maintain compliance, the amount of data produced is growing at 60 percent CAGR, and the percentage of data that has intense protection requirements will increase by 50 percent. Some industry statistics relating to data protection activities are as follows: Over 40 percent of all companies that experience a disaster never reopen, and more than 25 percent of those that do reopen close within two years. 1 After a major disaster, an average company will lose at least 25 percent of the daily revenue in the first six days, while over 40 percent will be lost if a disaster lasts up to 24 days. 1 93 percent of companies that suffer a significant data loss are out of business within five years. 1 In a recent court case a service provider was fined $900,000 for failure to back up 27 GB of data, after a system upgrade lost the original 27 GB of data. 2 In another case, a European service provider was fined $3 million for failure to protect data. The percentage of data that will be Security, Compliance, and Preservation Intense will grow sharply between 2008 and 2012: Compliance Intense will grow from 25 percent to 35 percent. Preservation Intense will grow from 22 percent to 38 percent. Security Intense will grow from 33 percent to 45 percent. 3 During the economic downturn, companies will focus on consolidating IT, helping the company achieve regulatory compliance and securing the company s sensitive data 4 Risk to your data can come from current protection practices, as well as growth of data and an increase in the percentage of data requiring increased protection. Loss of data can lead to severe fines or even failure of a business. During the economic slowdown, many companies are focusing on improving data protection and compliance. To get an idea of the level of effort required, let us do a quick calculation: Assume 1,000 hosts, averaging three backups per day, and a 90 percent success rate. This results in 300 failed backups per day. Use an average of 15 minutes to resolve a failure and record your actions: 300 failures * 15 min each = 75 hours per day, or roughly 10 people full time Clearly this is not achievable, so something has to give. This strongly suggests the need for automation to reduce workload, highlight critical failures, improve success rates, and catch developing issues before they become a fire drill. 1 IBM, Disaster Recovery Journal, Global Disaster Recovery Preparedness Online Survey, October 2007; Forrester Research, What Your Business Can Learn about Disaster Recovery from Financial Institutions, June 2008 2 Information Week, IBM Fined $900,000 for Failing to Backup, October 2008 3 IDC Digital Universe white paper, sponsored by EMC, May 2009 4 Forrester Consulting, 2009 Data Protection Budgets, Priorities, and Technology Adoption, February 2009 Applied Technology 5

Centralize monitoring and control across domains Why centralize monitoring and control through a Data Protection Management (DPM) solution? As companies grow and expand they acquire new data protection technologies, open new locations, and get into areas with new regulations. This growth results in a conglomeration of products and policies, scripts, and reporting mechanisms. Even in an environment with a single solution, it is not easy to get all the data required. To meet this need, many environments write scripts to extract data for each purpose, backup solution, location, or business unit. This provides an incomplete picture, is tough to maintain, and rarely helps move the business forward. Having a solution that collects data from across all locations, all backup solutions including the supporting infrastructure, and clients creates a central repository and console to monitor, alert, and report on all aspects of your data protection environment. Broad heterogeneous support is critical; otherwise you end up with multiple products and increased effort. Products in this space are known as DPM products. EMC Data Protection Advisor is a DPM solution that supports all major backup applications, as well as collection from SAN/LAN, disk/tape, clients, switches and more; providing status, configuration, and performance data. This approach improves visibility and allows a holistic, yet granular view across locations and data protection topologies. Consider this example: A business has locations in London, Boston, and Sydney with finance in each location, utilizing different backup products for each site. Data Protection Advisor could seamlessly run a report against all three locations combining TSM, NBU, and NW into a single report for financial reports. Then in a matter of a couple clicks, the business could broaden the same report to the entire data center in each location. Figure 1 summarizes the backup and restore activities across five backup applications for the last week. Figure 1. Summary of the backup and restore activities across five backup applications Figure 2 shows those clients that have failed three times in the last week. Figure 3 shows the number of clients with one, two, or three failures in the last week. Applied Technology 6

Figure 2. Clients that have failed three times in the last week Figure 3. Number of clients with one, two, or three failures in the last week Figure 4 summarizes configuration change activity for the Amazon backup server for the last week, showing what was changed and when. Applied Technology 7

Figure 4. Configuration change activity for the Amazon backup server for the last week Improving IT efficiency The drain on IT resources relating to achieving service levels for data protection falls into two main categories: First, the ability to actually achieve a successful backup of the information, and second, the ability to record and report on achievement. Successful backups are critical to the recoverability of data and systems enabling the business to run. A successful backup is one that enables a system or application to be recovered. Policy failures occur when backup operations complete without errors, but do not enable recovery of the company s data. Making this more challenging is differentiating the critical systems from those that are less than critical. Unsuccessful data protection strategies treat each failure individually, resulting in repeated failures and high levels of business exposure. Basic backup failure information must be augmented with business- and application-specific SLAs to ensure that critical failures are given precedence over those that do not directly affect the business. Applied Technology 8

Almost as important as understanding the criticality of a system is the ability to resolve problems quickly. It is the heterogeneous support for hardware and software in Data Protection Advisor that gives operations access to the needed information quickly to determine which component is the bottleneck or point of failure. Combining fast problem resolution, with a focus on critical systems failures, ensures that operations treat systems appropriately. By quickly resolving issues on key systems first, Data Protection Advisor accelerates achievement of service levels. The second challenge is reporting on how well IT is performing against its data protection goals. Reporting is a daily activity, and so are changes to the number and types of reports requested. Relying on scripts to generate reports for each backup solution or location puts a heavy manual burden on each environment. More complex requests like how long is data retained, where is data located, when was the last successful backup, and so on will drive more scripts creation. When auditors are involved, the number and type of reports can be dramatically higher. EMC Data Protection Advisor directly addresses reporting on the achievement of the stated goals. Data Protection Advisor can very quickly generate reports that capture the entire environment or focus on a specific subset of systems and data. Having comprehensive reporting that is extremely flexible eliminates the need for scripts and the associated writing and rewriting. Having simple, flexible, comprehensive reporting accelerates the completion of audits by enabling you to answer requests in minutes. Consider another example: A service provider that uses Data Protection Advisor to manage its environment gets audited regularly to satisfy contractual requirements. Audits typically took about two weeks to complete, with activities such as writing reports, digging through logs, and explaining why failures happened and how they were resolved. After deploying Data Protection Advisor, an audit now takes 1 2 hours instead of 40 80 hours previously, resulting in a 95 percent reduction. A central repository with information from across the environment enables running analysis to detect changing or developing conditions; these are situations that you would not normally look for due to the level of effort. Data Protection Advisor constantly monitors for the following: Backups with a big swing in the amount of data protected Changes in performance Extending backups that threaten to exceed the window Backups slowing down Capacity shortage Waiting for these situations to appear results in fire drills, but Data Protection Advisor can alert on these conditions to proactively address the issues. Figure 5 summarizes the configuration change activity for the Amazon backup server for the last week, showing what was changed and when. Figure 6 shows the exposure details for clients for the last week. Applied Technology 9

Figure 5. Configuration change activity for the Amazon backup server for the last week Figure 6. Exposure details for clients for the last week Applied Technology 10

Trusted independent verification The need for independent verification exists even when IT operations have a handle on how well data protection operations are meeting stated goals. Custom written scripts can be subject to manipulation to reflect a higher success rate than what is actually achieved. One of the most elusive aspects of managing a data protection environment is capturing change. As we all know, change is the one constant, but there is no tie between the backup solutions and any change control software that may be deployed, even if the change control captures the proposed changes. Some of the changes that are captured by Data Protection Advisor include new backup policies, changes to retention periods, and changes to media pools, which directly impact the retention of data. Capturing the actual changes is critical to understanding what was changed, by whom, and when the change occurred. This change information can be leveraged to support claims that policies have been consistently applied and maintained. To make an audit go much more smoothly, having a solution outside of the backup application that can validate the success of backups can be a real timesaver. Data Protection Advisor provides comprehensive reporting to customers, allowing them to validate if the SLAs stated in the contract were achieved. DPM solutions such as Data Protection Advisor provide an independent third-party solution to validate the successful achievement of the stated SLAs. Knowing that your data is protected and recoverable is critical to any business recovery plan. A recent Data Protection Advisor customer had its environment outsourced and was receiving status reports from its service provider. Since the service provider had incentive to achieve certain success rates, the idea existed that its custom scripts might be manipulated. This was not the case, but the conflict of interest existed and without third-party verification, there was no way to distinguish accurate reporting from manipulated reporting. By leveraging DPA, the customer was able to verify that SLAs were met, and can now track the recoverability of systems and which systems are at risk. The dashboard in Figure 7 shows a summary of backup activity over the last week, showing success rates, clients most at risk, and changes to configurations. Applied Technology 11

Figure 7. Summary of backup activity over the last week Example of regulations Although much has been written around the area of compliance, it can be hard to pin down specific requirements, much less ways of meeting those requirements. Data Protection Advisor contains alerts and reports that help meet these requirements as well as best practices to ensure that audits against such regulations are successful. In addition, Data Protection Advisor allows companies to define their own best practices, which are enforced in the same way. Sarbanes-Oxley Sarbanes-Oxley is one of the most wide-reaching and yet one of the vaguest regulations that affects data protection touching public companies in the U.S. Rather than mandate specific practices it suggests that companies implement their own best practices. The result is that many companies are unsure of what to do in this critical area. Critical to SOX is the ability to show consistency consistency in the establishment and application of backup and retention policies, as well as the success of those policies. Auditors will want to see that policies have been established and have remained consistent over time, and that the protection of the data was successful. Without tremendous efforts it is difficult to do this without a DPM solution such as Data Protection Advisor. Figure 7 provides a quick snapshot, while the data behind this chart can be examined in much greater detail for further satisfaction. Figure 8 shows how Data Protection Advisor categorizes Applied Technology 12

reports for fast access and categorizes hosts by their priority. Grouping similar clients accelerates running reports against systems at the same tier of importance to the business. Figure 8. Data Protection Advisor categorizes reports for fast access, and similarly hosts can be categorized by their priority Conclusion When selecting a product, ensure that it is truly heterogeneous, otherwise you will simply be creating more work to deploy and manage multiple products, and then to rationalize them to auditors and create common reports for the business. EMC Data Protection Advisor enables you to automate a great deal of your DPM process, maximizing the effectiveness of your data protection solutions, exposing gaps in compliance, tracking changes to policies, validating independent third-party protection, reducing risk of fines and litigation resulting from lost data, and reducing the level of effort to meet these requirements. References The following can provide additional information and can be found on Powerlink, EMC s passwordprotected customer- and partner-only extranet. Note that EMC Backup Advisor version 3.1 has been renamed and released as EMC Data Protection Advisor 5.0: EMC Data Protection Advisor Reference Guide EMC Data Protection Advisor Administration Guide EMC Data Protection Advisor Installation Guide EMC Data Protection Advisor User Guide EMC Data Protection Advisor Compatibility Matrix For access to Evaluation licenses, go to the Data Protection Advisor page on EMC.com: www.emc.com/products/backup and Recovery/Data Protection Advisor Applied Technology 13

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback