Disaster Recovery Journal Fall 2023

n Multi-factor authentication (MFA) . Finally, many appliances now offer multi-factor authentication. As an individual attempts to log into an appliance, they must provide a separate authentication code to verify their identity. This code may be in the form of a text, email, or authenticator application. These four features ensure an appliance and its data remain secure if a ransomware attack occurs. In that vein, both legacy and new disk-based backups target appliances and support these features in some capacity. However, these features only serve to guarantee the resilience of the appliance and its data. They do not, however, necessarily better equip organizations to perform faster data restores and recoveries. Here a distinct separation in feature functionality exists between legacy and new disk-based backup targets. New appliances offer faster, more robust restore and recovery capabilities with options to scale to much larger capacities. The Restore and Recovery Differentiators The need for more comprehensive data restoration and recov ery functionality surfaces after an organization experiences a large-scale ransomware attack. If ransomware encrypts the pro duction data of a few servers or tens of GBs of data, almost any disk-based backup target appliances can handle the restore work load. However, some ransomware attacks compromise the data of dozens or hundreds of servers or tens or hundreds of TBs of data. In these scenarios, organizations often need to quickly perform large-scale restores and recoveries. These situations require one of the current generations of disk-based backup target appliances designed to handle these workloads. Features that help set this newer generation of appliances apart include the following: n Use of flash . Disk-based target backup appliances have typically avoided using flash media due to its cost. Driven by customer demand and a lower price point for flash, this no longer holds true. Many of the next generation of disk-based target backup appliances support flash in some capacity. Some only use it as a disk cache to store recent backups (less than 30 days) to facilitate rapid data restores and recoveries. A few now even offer all-flash models and store all backup data on flash regardless of its age. n Can perform instant restores . The introduction of flash into these backup appliances has made it possible for organizations to restore data much more quickly. By hosting it on flash, data can be accessed and restored to production machines very quickly. More robust disk-based backup target appliances even give organizations the option to host restored production applications and data on them. n Minimal or no performance impact when restoring deduplicated data . Storing backups in a deduplicated format

always represented a bit of a two-edged sword. It reduced storage requirements but contributed to lengthy restores and recoveries. Today’s disk-based backup target appliances address this concern. They use new algorithms which run on more powerful processors. As a result, restore times approach or even match restores and recoveries of raw (non-deduplicated) backups. n Availability as virtual appliances . Almost all enterprises operate in hybrid cloud environments. Some applications and data run and reside on-premises while others run and reside with various cloud providers. To accommodate this new requirement, more next generation disk-based backup target appliances may run on any hardware or in the cloud. This gives organizations the flexibility to perform backups and recoveries using the same solution anywhere in their infrastructure. n Scale-out architectures . Hosting backup data while potentially also hosting data running in production can cause capacity and performance bottlenecks. To address these challenges, more disk-based backup target appliances offer a scale-out architecture. Using this feature, organizations can start with the capacity and performance they initially need. Then as their environment grows, they can more easily add on additional capacity and performance without needing to replace their existing solution. Ransomware Has Changed the Backup Game Years ago, many organizations replaced tape with disk and, in so doing, largely solved their backup challenges. Ransomware changes the backup game again. Organizations can no longer assume daily successful backups guarantee they can recover from a ransomware attack. If any thing, organizations may only find out after a ransomware attack it has also compromised their backups. By then, it is too late. To avoid this scenario, organizations need to take a hard look at any disk-based backup target appliances they currently use. Minimally they need to examine what resilience features their appliance offers and if they use them. If it lacks immutability or security features, the appliance and/or backups on it may suc cumb to a ransomware attack. Even if it survives the attack, the backup appliance must still be prepared to restore and recover production applications and data. It may need to quickly, and at scale, perform restores and recoveries of production data. How well the backup appliances perform all these tasks may well determine if the organizations survive and recover from the attack or end up paying a ransom out of pocket. v Jerome Wendt, an AWS Certified Solutions Architect, is the president and founder of DCIG, LLC., a technology analyst firm. DCIG, LLC., focuses on providing competitive intelligence for the enterprise data protection, data storage, disaster recovery, and cloud technology markets.

22 DISASTER RECOVERY JOURNAL | FALL 2023