Trends In The Data Protection Industry – An Interview

The Bocada Team | December 29, 2020

An IT infrastructure leader with over thirty-five years’ experience overseeing service delivery for multiple global manufacturing companies, Jim Sellers has led everything from cloud and hybrid-cloud infrastructure migrations and data protection compliance operations for publicly-trading companies to the assessment, selection, and management of outsourced infrastructure vendors.

We sat down with Jim to learn more about the evolutions he’s seen in the IT infrastructure category, the role cloud technologies will play in IT infrastructure, and his perspective on technology proliferation.


Bocada: Looking back at the past 10-15 years, what’s the biggest change backup administrators have seen in how their role is practiced today?

Jim: Reporting. There is a lot more reporting now.

In the early days when we used to do backups, you’d ask the question, “How do we check that backups are occurring?” There was no good way to answer this. Without manually logging into the systems, there was zero visibility around this.

This has thankfully changed. The backup tools themselves developed improved reporting capabilities as a response to an increased demand for visibility. That, however, also means administrators are expected to report out on backup performance. Now, add in the fact that enterprise environments are using more and more backup solutions and that means more operational reporting. Add in the introduction of compliance regulations and you just added in more reporting requirements.

It has changed the day-to-day activities of a backup administrator and IT managers, and it’s why finding ways to automate monitoring is so important. Sticking to manual processes would mean spending all your time pulling and aggregating data. You wouldn’t even have time to look at what’s going on and fix it.

Bocada: Looking ahead 5-10 years, what are the biggest changes you expect to see in the backup and storage category?

Jim: I expect that it’s less about software and hardware and more about the expectations of the people working in backup and storage. Let’s take the database administrator for example (DBA). Organizations with an on-prem system will have an application DBA and an infrastructure DBA. But with cloud environments, the role of the infrastructure DBA will change since you won’t need people who know how to configure systems and servers. Instead, you’ll need more of the application DBAs that understand how everything works together and how each piece of the puzzle fits.

When it comes to backup and recovery, we’ll see more of this transition too with greater cloud adoption. Your backup administrator will be less focused on details like location and storage. Instead, they’ll be expected to be backup managers, people in charge of overseeing the environment, making sure it’s healthy, and identifying opportunities for better operations.

The same is probably true of storage administrators who will ultimately evolve into storage managers. There won’t be a need for SAN switch management or array management. Instead, you’ll need people who are observing how storage is being used, monitoring your storage tiers, and determining how to keep expenses in check.

The professionals working in this category will need to be driven by a desire to proactively identify broader issues and improve overall systems.

Bocada: Tell us about the biggest pain point you typically see when first assessing an organization’s backup environment operations.

Jim: The challenge in backup operations is ensuring that everything that should be backed up is. You don’t want to find yourself in the situation that a server crashes, you go to restore it, and there’s no backup data there. If your tools and processes are good, that shouldn’t be a problem.

So many organizations rely just on humans to set this up. Humans make errors. It’s a huge reason why backup and recovery validation is key, and particularly automated validation. Implementing tools that automatically oversee these operations and proactively identify failures removes the risk of human error from your system and can keep you ahead of these types of data restore issues.

Bocada: What’s one area you frequently see organizations spending time on in their backup operations that’s rife with inefficiency?

Jim: We talk a lot about what needs to be backed up. But we can’t forget that there is often data that does not need to be backed up. If you just take a list of backup failures and don’t have a way to identify the exceptions, you could spend countless labor hours every week chasing problems that aren’t real problems.

It’s a reason why building and maintaining exceptions lists is critical, as is having the expertise and policy documentation to ensure that the exceptions list is accurate and current. When you maintain this exceptions list and also have automated backup monitoring that’s generating failure lists, you can easily reconcile the information and pinpoint just those areas that need attention. You spend less time chasing red herrings and more time focused on critical issues that are actually going to impact data protection and restorability.

Bocada: What role do you see automation playing in managing backup environments?

Jim: I’ve alluded to it a bit already but being able to normalize information from across all your backup systems into a single console and have your team review it daily, without manual intervention, has countless benefits. We remove the human error component, and that’s a big win. But, on top of that, we’ve decreased how long it takes to fix issues. We’re not spending hours manually going into each system and pulling performance data. We have it right in front of us and can jump on the issues immediately.

As we move into hybrid environments, this becomes even more important. A lot of on-prem backup solutions didn’t used to have any kind of dashboards. They’re changing that and introducing some good looking, useful dashboards. But if you’re moving to a hybrid environment, you now have multiple systems. Sure, they might each have a dashboard to work off of, but now you have to look at multiple dashboards, one at a time, to see what’s going on. Being able to automate the collection and display of all of these different systems’ performance, whether they’re on-prem or in the cloud, into a single console is a real game changer. You can do the IT migrations or evolutions that make sense for your business and still be efficient and effective with how you monitor your data.

Bocada: Enterprises are speeding up the migration of their backup operations to the cloud. What are the biggest upsides of this migration?

Jim: I see the upsides in two key areas: cost control and ease of testing new things. In fact, they generally go together.

It’s a pretty safe thing to try. Spin up machines and see what works. Some data could be sent to the cloud, and some of it stays local. You may need to keep that data local for a variety of reasons, maybe it’s extremely sensitive, maybe you’re working with data sovereignty issues, or perhaps management isn’t comfortable just yet with putting backups in the cloud.

Regardless, you can dip your toe in the water, test it out, and get the organization comfortable with the idea of it…all without having to spend a lot in capital expenditures.

Bocada: Conversely, what is a major challenge organizations come up against when moving backup activities to the cloud?

Jim: A lot of problems can arise, but the one many organizations, especially enterprise organizations with extremely large data volumes, don’t anticipate is the actual process of moving the data itself to the cloud. If you’re backing up terabytes and terabytes of data, and sending that out, you’re likely going to have a telecommunications challenge on your hands that must be addressed. This much data on a single line is going to impede the data ability to get data into the cloud. Deduplication and hardware transfer components like AWS Snowball devices can help, but only to a point. Someone needs to be keeping their eye on this data flow, and you may need to upgrade your infrastructure and telecommunications to accommodate this change in data volume patterns.

Bocada: You have unique experience managing IT infrastructure and backup operations for publicly traded companies and companies in the healthcare and drug space. Have you dealt with unique challenges as a result of those business environments?

Jim: Absolutely, especially in terms of compliance monitoring and tracking. Most notable are SOX regulations and compliance guidelines put in place by the US Food and Drug Administration (FDA).

When you migrate to cloud services, you switch from performing several of the SOX control tests yourself, and instead you have to reply on external reports. For example, Microsoft and Amazon are not going to allow you to perform physical security tests on their data centers. Instead, the hosting companies hire audit companies and provide you with the SOX reports. Also, SOX controls around backup and recovery become more complex since you are dealing with additional computing and storage service technologies instead of the traditional server and NAS found in most on-premise installations. Additionally, security patching compliance becomes more complex due to the additional operating system offerings from the cloud vendors. The vendors offer solutions, but these have to be combined with the existing on-premise solutions for complete reporting.

For FDA, systems must go through a validation process when any component of the systems changes. Migrating to the cloud environment may require the validated systems to be re-validated. This is a time-consuming process.

Bocada: What’s your perspective on backup environment consolidation? That is, the process of moving from a lot to just a few backup and storage products. Do organizations reap the benefits of doing this?

Jim: I’ve certainly heard of companies moving in this direction, and particularly with cloud. There’s this idea that everything can be moved to the cloud and all your problems will be answered. It’s important to remember that cloud isn’t a solution. It’s a location.

In fact, once you move to the cloud, and let’s say we’re talking about the AWS cloud, you can spin up DynamoDB, Relational Databases, S3, FSx, and many more. Cloud providers are bringing so many new components and benefits that on-prem solutions just don’t have. This means more technologies rather than fewer so that organizations can reap the benefits of all these new enhancements.

As a result, I’d say the question of consolidation is less about consolidating your hardware and software and more about consolidating your approach or processes to monitoring performance. Our IT infrastructures are only going to get more complex. This means we’ll need solutions that help us easily manage this complexity, which takes us back to automating and centralizing monitoring to stay proactive and keep ahead of issues.

Bocada: What relationship, if any, do you see with cybersecurity and backup management or IT infrastructure management?

Jim: That depends on whether we’re talking about the role backup plays in cybersecurity, or the interplay of IT infrastructure and cybersecurity professionals.

Obviously, backup and data restorability play a key role in cybersecurity. If our systems come under attack or experience some kind of natural disaster, we know we’ll be okay if our backup policies were properly enacted.

If we’re talking about the people side of this, they are closely aligned and yet need to be completely independent from each other. Cybersecurity needs to be its own team that doesn’t report into IT infrastructure. Keeping them separate from any application or infrastructure group ensures that they stay objective.

This ultimately sets up a place where we’re working in a partnership. The cybersecurity team knows what overall controls or processes are needed, but they aren’t IT infrastructure experts. They don’t know what those changes mean for our IT systems or if we need to bring in new software to make those changes. That’s on us. Using our expertise, we have to come up with recommendations for what we think is best, listen to their feedback, and home in on a solution that we know will work from both and IT and cybersecurity standpoint.