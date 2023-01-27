For decades, IT departments have set their data backup strategies around metrics for recovery point objective and recovery time objective. RPO and RTO. The idea was that you could roll back a system to just prior to an interruption and restart normally. The two objectives presuppose an acceptable level of data loss or transactions lost over a prescribed amount of time. In the age of ransomware and sophisticated phishing for launching attacks, entire databases are... READ MORE

For decades, IT departments have set their data backup strategies around metrics for recovery point objective and recovery time objective. RPO and RTO. The idea was that you could roll back a system to just prior to an interruption and restart normally. The two objectives presuppose an acceptable level of data loss or transactions lost over a prescribed amount of time.

In the age of ransomware and sophisticated phishing for launching attacks, entire databases are at risk. Therefore, while RPO and RTO remain important specifications for designing backup systems it’s time to expand on them by taking a more comprehensive view of data protection.

“Traditionally, organizations really looked at two things,” said Aaron Lewis, the vice president of U.S. sales and engineering at Rubrik. “How much data am I willing to lose? That’s RPO. And how long can I wait until I get my data back the recovery time objective. That just doesn’t encompass the whole picture.”

Not in an age when cyber espionage and wholesale theft of data are the primary objectives of malicious actors. Lewis said organizations really need to ask themselves whether they are capable of recovering 100% of the data, and that when they do recover it, that the data will be clean.

This capability starts with that Lewis called data observability, having a complete picture of data you want to protect. Observability augments the traditional cybersecurity practice of “let’s protect the moat.” Without observability, Lewis said, IT teams often find themselves rolling systems further and further back in time, seeking a safe spot at which to restart. That 10-minute RTO can end up being hours or days.

To get to total data protection, Lewis said, IT staffs have to do a couple of things.

One is having what he called a single platform for data security, meaning each component agency or group of related agencies have a single source of truth. This, Lewis said, “minimizes risks around lack of visibility into separate point products,” adding, “It also minimizes the complexity around enablement for administrators.” A single, shared platform helps ensure proficiency of people interacting it, Lewis said, versus having people deal with multiple tools.

Two is designing the system in the first place around data security, rather than around the network perimeter. The system should include an immutable data storage platform, Lewis said, that administrators can invoke following a corruption or loss of operational data.

The data-centric protection application – the single platform – is best acquired as a cloud-hosted, software-as-a service product, Lewis said.

SaaS applications “have the ability to reach in not only to physical, on-premises applications and workloads,” Lewis said, “but also manage cloud workloads as well by their very nature of also being in the cloud.”

Lewis said the single platform solution must include automation for adding new workloads and data sets. He recalled an incident, when, as a junior IT backup-and-recovery administrator, he’d overlooked a server that became corrupted.

“I realized I had not added it manually to the protection policy,” Lewis recalled. Today, he said, administrators need to designate workloads for protection by type for automatically coming under the protection policy. “As new workloads get added, I think that’s absolutely crucial.”