Table of Contents
Many organizations are investing heavily in the cloud to improve their agility and optimize the total cost of ownership of their infrastructure. They are moving applications and data to the public cloud to take advantage of its flexibility, only to discover that, when not properly managed, the public cloud costs can quickly spiral out of control.
Data storage and protection are among the biggest pain points of many cloud bills. Many of the services available in the public cloud need to be enhanced and hardened to deliver the reliability and availability of enterprise storage systems and the tools to manage the protection of data saved in them need to go well beyond simple snapshot-based data protection.
Even though snapshots provide a good mechanism to protect data against basic operational incidents, they are not designed to meet enterprise needs and can be particularly expensive when managed without the proper tools and awareness of the environment. At the same time, traditional enterprise backup solutions are not optimal because they do not provide the necessary speed and flexibility and add unnecessary complexity to the picture.
Cloud-native backup solutions are designed to add enterprise-class backup functionalities to the public cloud while improving data management processes and costs. Compared to traditional (agent-based) and snapshot backup solutions, cloud-native data protection offers several advantages and simplifies operations.
In this regard, the user should take into account some important aspects:
- Speed: When properly integrated, cloud-native backup can take advantage of snapshots and other mechanisms available from the service provider to speed up backup and restore operations.
- Granularity: One of the biggest limitations of snapshots is the ability to restore single files and database records, one of the most common requirements. To do so, the user has to mount the snapshot on a new virtual machine instance, recover the necessary field, and then kill the instance. This is slow, and the process is also error-prone.
- Air gap: Creating distance between source and backup targets is at the base of every safety and security practice in data protection, especially with the increasing number of ransomware attacks. Snapshot management services in the cloud do not separate snapshots from the source storage system, exposing the system to potential attacks or risks of major service failures.
- Operation scalability: Snapshots are good for making quick backup copies of data, but they tend to show their limits pretty quickly. Most of the services available in the market make it difficult to coordinate snapshot operations and grant application consistency. At the same time, managing a large number of snapshots can quickly become complicated and, while automation exists, it usually lacks the user-friendliness necessary to manage large-scale environments. Agent-based solutions have a different set of challenges, but the scalability of operations can easily become a problem as well. With agents, everything should be planned in advance, and it is another software component that has to be installed and managed over time.
- Cost and TCO: Snapshots are relatively cheap, but they are very expensive to manage in the end, creating hidden costs that are difficult to remove over time. Again, for agent-based solutions the user has to consider additional costs coming from additional resources necessary to run backup operations and infrastructure management.
The most efficient way to operate in the public cloud is to always adopt solutions specifically designed in a cloud-native fashion. In this context, the best data protection is the one that can take advantage of the services available from the cloud provider and can operate with them to build a seamless user experience. This means having the ability to operate with snapshots, organize them efficiently, and have full visibility of data for recovery operations. At the same time, enterprise users expect to find features and functionalities similar to what they have on their traditional backup platforms, including application awareness, analytics, reporting, and so on.
About the GigaOm Use Case Scenario Report
This GigaOm report is focused on a specific use case scenario and best practices to adopt new technology. It helps organizations of all sizes understand the technology, and apply it efficiently for their needs. The report is organized into two sections:
Design criteria: A simple guide that describes the use case in all its aspects, including potential benefits, challenges, and risks during the adoption process. This section also includes information on common architectures, how to create an adoption timeline, and considerations about interactions with the rest of the infrastructure and processes in place.
Solution profile: A description of a solution that has a proven track record with the technology described in these pages and with this specific use case.
2. Report Methodology
A GigaOm Use Case Scenario report analyzes new technology to provide decision-makers the information they need to take advantage of new technologies for highly rewarding IT strategies, while taking into account potential risks associated with its deployment.
This report discusses common design criteria to implement new technology and how it may interact with existing processes and infrastructure components. Thus, this report aims to work with field-validated designs and practices to simplify adoption and minimize risks. Our analysis focuses on highlighting the use case while providing the necessary information and examples to speed up the adoption process.
The idea is to define what the user should expect from this technology while providing the necessary view and basic design considerations to start the evaluation process with partners and technology vendors.
In this regard, readers will find similarities with the Key Criteria and Radar reports. The Use Case Scenario report can be considered a follow-up to these reports to go deeper into the use case evaluation and eventual technology adoption. The objective of this report is to provide complementary and additional information to the readers and inform them on how to proceed further in their technology, solution and vendor evaluation process.
3. Design Criteria
Compared to other solutions, the primary goal for cloud-native backup is better efficiency in day-to-day operations, stronger protection from ransomware and similar account compromises, and the most visible aspect from the outside is a vastly improved TCO. To achieve this goal, the backup solution must include characteristics that match the needs of cloud and traditional infrastructure operations:
- Automatic discovery: It is highly likely that the public cloud infrastructure is very dynamic, with new VMs and services spun up quickly and often for a limited time. The user should be immediately informed about these changes and be able to protect them as soon as possible.
- Integration with cloud storage: The solution must leverage system snapshots and interface with the storage system to manage them for the best speed in backup operations. At the same time, it is important to convert snapshots in a native backup format and move data to a different location for granularity and better protection.
- Integration with native data services: Protecting only VMs in the cloud is a huge limitation. Many users prefer to use native data storage and database services to optimize costs, performance, and operations. The backup solution must support these services, including file and block storage, databases, and other common deployed services to protect applications properly.
- Consistency groups: A consistency group is a set of VMs and data services that need to be protected through a single backup job, simultaneously and with the proper action to ensure data consistency across the board. This is a fundamental aspect of protecting complex applications with several moving parts.
- Backup scheduler: Traditional infrastructure and data center operators need to operate in a familiar environment to limit process disruption and assure prompt responses when users request data. A proper backup scheduler, with its associated search capabilities, vastly improves restore operations.
- User interface: Depending on the type of users, a modern backup solution should always provide multiple ways to interact with the system. Again, differences between the ways a system is operated by traditional data center operators and cloud-native or DevOps teams require access to the management system through different methods, including APIs, CLIs, and a graphical user interface.
- Self-service capabilities: More and more users require some level of control be given to DevOps teams for daily operations, especially when it comes to retrieving data and rebuilding development or test instances of an application. This limits the burden on infrastructure admins and eases operations.
- RBAC: The need for this is one of the direct consequences of the previous point and important for getting a level of control over user access comparable to what the user can get from an on-premises enterprise solution. Role-based access control is a mandatory feature, and it has to be associated with strong logging and auditing features for security and compliance.
- Analytics: Getting a full picture of what is happening in the system is mandatory to keep control of protection policies and costs. Alongside traditional dashboards to check the status of backup operations, it is also essential to get a complete historical view and predictive analysis of the environment. This helps users understand trends and take action before potential issues become problems. At the same time, analytics can quickly show major paint points and help with overall cost management.
- Security and ransomware protection: Even though ransomware attacks are most prevalent in on-premises data centers, the risk is also increasing for cloud data, and users require better overall security features from every vendor. Data protection, when properly implemented, is one of the few tools that is effective in recovering from a ransomware attack.
When it comes to data protection in the cloud, it is also important to evaluate how the service is delivered. In fact, even though many user-managed solutions are available in the market, the most effective are SaaS solutions with a pay-as-you-go subscription model. For infrastructure solutions like data protection, this model is widely used by small and medium enterprises now, but larger organizations are also starting to appreciate its benefits.
Major benefits from the adoption of a cloud-native backup solution include:
- Efficiency: A solution specifically designed to operate in the public cloud is usually more efficient and better integrated with the cloud environment. This improves operations and costs while also providing better performance.
- Infrastructure simplification: SaaS solutions remove a series of tasks for the administrators, improve security with software that is always up to date, and reduce complexity and costs for infrastructure management.
- Better user experience: A solution designed to operate in the cloud will provide a user experience similar to other services available in the same cloud environment. Again, this simplifies operations, learning, and initial adoption.
The most common challenges with the adoption of a cloud-native backup solution include:
- Risk of siloing: The cloud-native solution is usually adopted to protect data in the public cloud. Even though many organizations still have a single public cloud provider, others are already working in multi-cloud environments, and all of them should be properly protected.
- Creation of multiple backup environments: Following from the previous point, a dedicated cloud-native solution is much more efficient than a traditional one, but there is a risk associated with splitting backup operations onto two platforms. This implies different operational models, processes, and, eventually, an increased complexity with its associated costs.
- Lack of enterprise-grade features: A major risk factor with cloud-native data protection solutions is their immaturity and focus on small and medium organizations that usually require less demanding policies and compliance with regulations.
For these reasons, the user should always keep an eye on the product roadmap to see how the software vendor is reacting to emerging business needs.
Cloud-native solutions are usually easier to adopt than traditional software. Most of these solutions provide a freemium model with a limited protected capacity or nodes, or a limited time to test all the functionalities without a capacity limit. This is especially true for SaaS solutions. These options tremendously simplify the realization of a PoC (Proof of Concept) to test the solution, and it can then quickly be developed once in the production environment. These options also enable the user to test multiple solutions with minimal time, effort, and associated costs.
4. Additional Considerations
In addition to what we discussed in the previous section of this document, the user should also take into account that the data protection solution may be used for additional use cases:
- Disaster recovery: The user should always check what mechanisms the backup vendor has put in place to prevent a major disaster. At the same time, the solution should provide the tools to restore data in a different region, including creating the necessary resources and services to receive the data backup.
- Support: In the initial evaluation of the product, the user should thoroughly test support services, reaction times, the knowledge base for self-support, and community-based support resources. The last two points are particularly important for users such as developers who take advantage of these resources daily.
- Protection of SaaS applications: Again, to limit the number of data protection environments to manage, the cloud-native data protection should provide options for protecting common SaaS applications such as Microsoft 365, Google Workspace, and other similar applications.
- Kubernetes: The number of applications now developed using containers and microservices is relevant. Even though some organizations are still relying on stateless containers and persistent data services, it is also true that the number of stateful applications is rising very quickly. Stateless Kubernetes applications need a form of data protection to save relevant data that is stored in the Kubernetes cluster.
Emerging Tech to Consider
Data protection is quickly gaining an important role in several areas lately, ranging from security to CI/CD integrations. Copies of data are available in the data protection environment, and an increasing number of users want to take advantage of this data to create additional copies for development and testing purposes as well as migrations.
Copy data management is an interesting development area for these solutions, especially now that Kubernetes is in the game. This also creates the need to back up data sources usually not included in standard backup practices, including object stores, to ensure that data and applications can be managed and moved across different regions and service providers.
Backup of object stores also introduces the possibility of replicating data across regions and service providers without relying on expensive real-time replication mechanisms usually offered by the service provider. These new techniques can reduce costs dramatically for some use cases that are based on a master copy of data, and secondary copies that are normally used only for reads.
5. Solution Profile
The GigaOm Use Case Scenario wants to associate the theory behind prominent and emerging use cases for technology or an application with a practical example brought by a solution available in the market. The solution is usually selected among those already proven to be effective in this situation and is already present in recent Key Criteria and Radar reports.
Clumio is a true SaaS solution that does not require managing or deploying any AWS resources to start using it. It is a consumption-based service available through AWS marketplace with infinite scale built-in; users can start small and then scale to protect massive amounts of data without having to do any planning or management—it is all seamlessly handled by the platform. The onboarding process is so simple that users can start protecting their AWS assets in 10 minutes or less.
Clumio enables simple backups by automating the entire process through global policies across different AWS assets and accounts. Using massive serverless compute resources in parallel to run backup jobs as well as doing incremental backups help achieve compliance faster. Just as important as fast backups, Clumio also enables quick recovery to ensure business continuity. An intuitive calendar view provides a quick and simple way to find the data (snapshots, instances, files, records, and so forth) that needs to be recovered, and restoring the data takes just a few clicks. By enabling rapid, full and granular data recovery, Clumio reduces recovery times significantly to meet low RTO and RPO SLAs.
The Clumio platform is designed with a security-first mindset. Backups are saved to a Clumio service independent and separated from the user’s AWS account. This provides true turnkey air-gap functionality and protection against ransomware and other attacks. Backups are immutable, and to safeguard against bad actors, there is no delete option. Moreover, all data processing and storage is handled with end-to-end encryption, also managing bring-your-own-keys capabilities. The platform is also compliant with the latest security certifications and standards, such as ISO, HIPAA, PCI, SOC 2, and it supports single sign on (SSO).
Clumio recently released data protection for Amazon S3 that provides comprehensive data protection coverage for S3, filling gaps left by S3 versioning and replication. With Clumio Protection Group functionality for Amazon S3, users can now selectively back up only important S3 objects within a bucket, providing much-needed data classification capabilities. This essentially results in much more efficient and optimized backup, providing big TCO savings to users. Additionally, Clumio bundles small files together to optimize and save on small file handling. This data classification feature proves to be a powerful advantage when it comes time to recover data. Using global search functionalities, users can granularly recover S3 objects instead of recovering entire buckets and then spending time going through all the different objects to find the right ones. Faster recovery means business continuity remains undisrupted.
Clumio focuses heavily on AWS, and support for VMware Cloud on AWS is included. Clumio’s strong bond with the AWS ecosystem makes the solution best suited for organizations with a cloud-first approach in which Amazon Web Services is the preferred cloud provider. At this time, the solution is suitable primarily for customers in the North American market, but plans for expansion to other geographies are already under way.
The vendor has a steady pace in adding support for key data services, with new features added regularly. “Clumio currently protects data in Amazon S3, EC2, EBS, RDS, SQL on EC2, DynamoDB, VMware Cloud on AWS, and Microsoft 365. Clumio is the only solution that doesn’t deploy an agent for SQL on EC2.
Clumio Discover, a free service launched in the second half of 2021, is the perfect companion for this data protection solution. It enables users to analyze their entire environment, identify data, adding protection in just a few clicks, plus validate recovery points. Through a simple dashboard, users can see their ransomware risk score, data recovery score, and actionable insights to reduce those risks.
6. Analyst’s Take
With the increasing success of cloud computing and organizations of all sizes adopting it to improve their agility, it is now mandatory to look at solutions that provide the same level of agility and flexibility while helping to reduce its costs. Efficiency and cost management are crucial to success, and data protection is an area where there is a lot to do, especially when we compare third-party products with what is usually available directly from the cloud provider.
SaaS solutions and managed services should be preferred over user-managed solutions because of their simplicity and architectures designed to take advantage of resources available from the cloud providers.
Key areas of development in this area, beyond data protection, are data management and security. The first enables users to take advantage of the data protection solution to ease development processes, increase productivity, and ensure regulatory compliance. The latter is a mandatory requirement to increase the level of protection against common attacks, understand better what is stored in the system, contribute to regulation compliance, and have better control over data.
In this scenario, Clumio is a compelling solution that provides a good combination of features, is easy to use, and focuses on efficiency and total cost of ownership. Its benefits are clearly visible in the data protection area and in the overall data storage management of cloud resources.
7. About Enrico Signoretti
Enrico Signoretti has more than 25 years in technical product strategy and management roles. He has advised mid-market and large enterprises across numerous industries, and worked with a range of software companies from small ISVs to global providers.
Enrico is an internationally renowned expert on data storage—and a visionary, author, blogger, and speaker on the topic. He has tracked the evolution of the storage industry for years, as a Gigaom Research Analyst, an independent analyst, and as a contributor to the Register.
8. About GigaOm
GigaOm provides technical, operational, and business advice for IT’s strategic digital enterprise and business initiatives. Enterprise business leaders, CIOs, and technology organizations partner with GigaOm for practical, actionable, strategic, and visionary advice for modernizing and transforming their business. GigaOm’s advice empowers enterprises to successfully compete in an increasingly complicated business atmosphere that requires a solid understanding of constantly changing customer demands.
GigaOm works directly with enterprises both inside and outside of the IT organization to apply proven research and methodologies designed to avoid pitfalls and roadblocks while balancing risk and innovation. Research methodologies include but are not limited to adoption and benchmarking surveys, use cases, interviews, ROI/TCO, market landscapes, strategic trends, and technical benchmarks. Our analysts possess 20+ years of experience advising a spectrum of clients from early adopters to mainstream enterprises.
GigaOm’s perspective is that of the unbiased enterprise practitioner. Through this perspective, GigaOm connects with engaged and loyal subscribers on a deep and meaningful level.
© Knowingly, Inc. 2022 "GigaOm Use Case Scenario for Cloud-Native Backup" is a trademark of Knowingly, Inc. For permission to reproduce this report, please contact email@example.com.