Data Protection Blueprints
"When writing a data retention policy, you must determine how to: organize information so it can be searched and accessed later, and dispose of information that's no longer needed. A comprehensive data retention policy outlines the business reasons and legal requirements for retaining specific data and what to do with it when targeted for disposal. An organization should only retain data for as long as it's needed, whether that's six months or six years. Retaining data longer than necessary takes up unnecessary storage space and costs more than needed" (Source: TechTarget).
Which backup standards guide a data protection strategy?
Examples: ISO/IEC 27040:2015 / ISO/IEC 27001:2013 / NIST SP 800-171 / NIST SP 800-34 Rev. 1 / ISO-IEC 27031:2011 / BS ISO/IEC 27031:2011.
Important: SOX / GDPR / CCPA / HIPAA (in 45 CFR Part 160 and Subparts A and C of Part 164. Part 164 of the HIPAA Security Rule)
Chief Privacy Officers manage risk related to information privacy laws and compliance regulations. Do you have a CPO?
What are some data retention policy best practices? - "When developing a policy for data retention, it's important to consider the reason why the organization is archiving data in the first place."
Create a data archiving process for your growing data sets - Note: ILM Stage 3 of 3 ("Information Lifecycle Management").
How a backup data retention policy combats growing storage needs - Protect and remove data based on pre-defined rules.
What is your DR Temperature?
Hierarchy of needs in Data Protection...
Data Re-Use: Consider using Veeam Data Integration APIs to re-use your data for increased business value & capability.
Orchestrated Workflows: Consider using Veeam One, SureBackup, Veeam VDRO to automate your SLA availability for recovery, testing, and reporting.
BC/DR: Consider using CDP and/or Replicas for SLA availability as part of planning, preparedness, and portability.
Data Survivability: Enable Immutability and a 3-2-1-1-0 strategy to protect your data.
Reliable Restore-ability: Use Instant Recovery within VBR to protect and restore your data.
Backups vs. Archives...
Backup: Copy to another location in the event of data loss, damage, or corruption following an incident.
Archive: Long-term data retention of inactive data that an organization needs to keep for legal or compliance reasons.
Questions you should always ask yourself...
Based on your SLAs, what are your desired data lifecycle (GFS Retention)?
First, identify AND document your business requirements.
Second, identify AND document your legal requirements.
Note that these are rarely, if EVER the same.
How will you be safeguarding your backups?
What is your plan for protecting your backups from Ransomware?
Is your data encrypted?
What are five benefits of a data retention policy (click here)?
Automated compliance.
Reduced likelihood of compliance related fines.
Reduced storage costs.
Increased relevancy of existing data (data becomes less relevant as it ages).
Reduced legal exposure (don't let your data be used against you!)
Sample Protection Blueprint 1 (click here)...
Daily retention points, for 10 days.
Weekly retention points, for 8 weeks.
Monthly retention points, for 8 months.
Yearly retention points, for 2 years.
SUMMARY: 38 Recovery Points required (NOTE: During operations there maybe more than 38 points on disk required to meet the retention)
How will you be safeguarding your backups?
Backups written to the "Performance Tier" (On-premise storage) in the SOBR.
COPY: Backups immediately copied to from the "Performance Tier" (On-premise storage) to the "Capacity Tier" (Cloud Object Storage) in the SOBR where they will be configured as immutable for 21 days.
MOVE: Backups moved (deleted) from the "Performance Tier" (On-premise storage) to the "Capacity Tier" (Cloud Object Storage) in the SOBR after 21 days.
ARCHIVE: Backups moved from the "Capacity Tier" (Cloud Object Storage) to the "Archive Tier" (such as Amazon S3 Glacier) in the SOBR after 120 days.
NOTE: Be sure to leverage Veeam storage integration keeping in mind that SNAPSHOTS are NOT BACKUPS.
NOTE: Veeam Encryption Best Practices.
What is your plan for protecting your backups from Ransomware?
Backups to be configured as immutable on the "Capacity Tier" (Cloud Object Storage) for 21 days. Immutable backups are NOT vulnerable to unauthorized access or malicious attacks (such as Ransomware).
SUMMARY...
38 recovery points over a 2 year period. The first 21 days of backups are in both the "Performance Tier" (On-premise storage) and the "Capacity Tier" (Cloud Object Storage) where they are immutable. Backups are in long term archives (such as Amazon S3 Glacier) after 120 days. Note that it takes more time to recover from the "Capacity Tier" (Cloud Object Storage) than from the "Performance Tier" (On-premise storage).
Note: X TB of source data would consume 2X TB in the Performance Tier and 5X TB in the Capacity/Archive Tiers.
Sample Protection Blueprint 2 (click here)...
Daily retention points, for 10 days.
Weekly retention points, for 8 weeks.
Monthly retention points, for 8 months.
Yearly retention points, for 2 years.
SUMMARY: 38 Recovery Points required (NOTE: During operations there maybe more than 38 points on disk required to meet the retention)
How will you be safeguarding your backups?
Backups written to an Hardened Backup Repository in the "Performance Tier" (On-premise storage) where they will be immutable for 21 days.
MOVE: Backups moved from the "Performance Tier" (On-premise storage) to the "Capacity Tier" (Cloud Object Storage) in the SOBR after 35 days.
ARCHIVE: Backups moved from the "Capacity Tier" (Cloud) to the "Archive Tier" (such as Amazon S3 Glacier) in the SOBR after 120 days.
NOTE: Be sure to leverage Veeam storage integration keeping in mind that SNAPSHOTS are NOT BACKUPS.
NOTE: Veeam Encryption Best Practices.
What is your plan for protecting your backups from Ransomware?
Backups to be configured as immutable on the "Performance Tier" (On-premise Hardened Backup Repository) for 21 days. Immutable backups are NOT vulnerable to unauthorized access or malicious attacks (such as Ransomware).
SUMMARY...
38 recovery points over a 2 year period. The first 35 days of backups are in the "Performance Tier" (On-premise storage) where they are immutable. Backups are in the "Capacity Tier" (Cloud Object Storage) after 35 days. Backups are in long term archives (such as Amazon S3 Glacier) after 120 days.
Note: X TB of source data would consume 2X TB in the Performance Tier and 4X TB in the Capacity/Archive Tiers.