Magazine Article | February 15, 2012

Are You A Hybrid Storage Expert?

By Jay McCall, Business Solutions magazine.

Using only one type of backup system for your customers is most likely leaving them vulnerable and hurting your profit margins.

Because of all the different ways your customers’ data can become compromised (or corrupted), the right storage solution will almost always be some kind of hybrid offering — that is, a true BDR (backup and disaster recovery) solution that includes both an on-site and off-site component. I spoke with four industry experts who have some tips to help you sell this type of solution.

Start Your BDR Conversation With Security Questions
One of the fundamental challenges when selling storage solutions is that they’re not adding to your customers’ bottom lines. As a result, they don’t always know what value to put on a hybrid solution. According to Eran Farajun, executive VP of Asigra, “VARs should be working with a vendor partner that knows how to provide the appropriate messaging, positioning, and comparison.” Jamie Brenzel, CEO of KineticD, agrees with this view and adds, “We’re seeing the more successful VARs demonstrating cost savings with BDR by integrating storage and recovery solutions with their customers’ internal processes and helping to optimize those processes.”

One of the first points a VAR needs to address early in a BDR discussion is security. The first component to securing your customer’s data is encrypting data that is going to be backed up off-site via the cloud. “The cloud vendor should handle most of the encryption work,” says Farajun. “And, the only involvement the customer should have is inputting their encryption key before the first off-site backup is scheduled.” This is an important step for a healthcare client, for example, that falls under HIPAA (The Health Insurance Portability and Accountability Act of 1996) regulations. Imagine this customer has a data breach. The customer has to report the situation and then forensic experts follow up to assess the situation. “One of the first things they’ll do is ask questions about data leaving your customer’s environment,” says Brenzel. “You can then say that the data is encrypted and the customer is the only one with a private key.”

After addressing encryption, the next concern you’ll need to address for your customer will be about your cloud service provider. Specifically, how can you know for sure they’re going to keep your customer’s data safe? There are three steps to address this concern:

  • Ensure Your Cloud Provider’s Data Center Is SSAE 16-Certified — The acronym stands for statement on standards for attestation engagements number 16. A data center carrying this certification has been independently audited and found to be compliant with all its data security processes and controls.
  • Google Your Cloud Provider — “If the cloud provider is headquartered in California or if they are part of a publicly traded company, they are required by law to report any data breach such as those Amazon and DropBox did last year,” says Brenzel.
  • Ask For An Operation Report On Uptime — “There is no standard around this kind of report, but after looking at a few, you can find out how truthful a company is about disclosing the details about its operations,” says Brenzel. “There should be scheduled downtimes and very few unscheduled downtimes. However, if a cloud provider has been in business for a few years and claims 100% uptime, it’s probably lying.”

One additional concern you’ll need to be prepared to address with your customers is ownership and recovery of their data. Asigra’s Farajun advises VARs to be up front with customers about “cloud lock-in” by service providers. “If you don’t raise this issue with your customer, you risk creating resentment and losing other business should the customer want to move its data to another data center,” he says. “VARs should demonstrate thought leadership and confidence in their relationships with customers by ensuring data mobility/ portability in the cloud backup solutions they are proposing.”

Know Your Customer’s Recovery Time, Location Objectives
After you address the basic objectives described above, you’ll need to address your customers’ RTO (recovery time objective). “You need to know their uptime and recovery requirements,” says Ted Hulsy, VP of marketing at eFolder. “Generally, clients can be down for several minutes, but several hours is rarely acceptable. Therefore, imaging software must be used that not only backs up their data, but their server configuration as well.” Additionally, VARs need to understand where their customers would want to recover data. “For on-site data recovery, the local BDR appliance used to back up the data and server images could double as a storage server in the event of a primary on-site server malfunction,” says Hulsy. In a true disaster recovery scenario, where the customer’s facility is destroyed, you need a plan to recover data to another location. One option is to recover data from the cloud to servers in the new location. “Another option is to leave the data in the cloud and provide customers with access to their data and applications via a virtual server,” says Mike Kunz, VP of sales at StorageCraft. Some clients may even require a fourth option, which would be to recover data from an alternative replication site, such as a remote office location.

Don’t Wait For A Disaster To Prove Your BDR’s Reliability
One thing to keep in mind with BDR is a phenomenon that can occur as data is backed up to the cloud, known as silent data corruption. “For every 100 GB of data written to a storage server, a certain percent will be corrupted,” says Kunz. Following the advice outlined earlier about choosing a reputable data center provider should keep this to a minimum, but you still don’t want to leave this to chance. “The only way to ensure data integrity is to have a monitoring system in place that’s able to compare the replicated cloud data with the original data,” says Hulsy. “VARs need to ask their cloud vendor partners what systems they have in place to defend against silent data corruption.” By helping your customers understand the value of having a secure BDR in place and backing up that claim with the experts’ advice, your customers will appreciate your competence at handling one of their most important assets — their data — and their future projects.