delivering an effective backup and recovery service: how a
TRANSCRIPT
Symantec Global Services
Confidence in a connected world.
Delivering an Effective Backup and Recovery Service: How a Proactive Approach Can Be a Real Life SaverA Symantec Global Services Advisory Guide
Who should read this guide:• CIOs, CTOs, and IT directors who are managing backup and recovery operations• Operational budget holders
Advice offered about:• Why backup and recovery is critical to the business• The most common mistakes• Getting it right, with case examples• Comparison of in-house and outsourced approaches
This guide examines why backup and recovery is critical to the business and how a proactive approach can be the key to backup success.
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Why is backup and recovery critical to the business? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Tackling common problems with backup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Tackling common problems with recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Winning board backing for investment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Stick or twist? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
What to consider when outsourcing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Consultants have been there and done that . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
Symantec Managed Backup Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Case example . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
What our clients say… . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
About Symantec Global Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
About Symantec . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Contents
Delivering an Effective Backup and Recovery Service: How a Proactive Approach Can Be a Real Life SaverA Symantec Global Services Advisory Guide
3
Technical infrastructure manager, leading financial services firmWe spoke to a technical infrastructure manager working for a leading financial services firm. For
corporate reasons, his contributions are anonymous.
Service director, managed service provider, public sector programWe interviewed a service director working on a high-profile public sector engagement. For
corporate reasons, his contributions are anonymous.
Archie Maddocks, Senior Service Delivery Manager, Symantec Global ServicesAn IT professional with 18 years’ experience working in operations, Archie has worked on FTSE
100 and government contracts and has specialized in storage-related service delivery for the past
eight years. When it comes to running backup services, Archie has been there and done it.
Adrian Spink, Head of Technical Architecture & Managed Service, Symantec Global ServicesAfter nearly 20 years of running IT infrastructure services in the automotive, oil and gas, telecom,
and investment banking sectors, Adrian brings broad experience to this guide. A track record of
delivering for clients like JPMorganChase and Sun Microsystems, combined with inside knowledge
of organizations like CSC and IBM Global Services, helps ensure that his insights are from both
sides of the outsourcing fence.
Our contributors
Delivering an Effective Backup and Recovery Service: A Symantec Global Services Advisory Guide
4
What you will get from reading this guide
• An understanding of the business-critical nature of backup and recovery services
• An overview of the most common mistakes
• Advice on getting it right and case examples
• An introduction to services
• Awareness of the key benefits and ROI
What this guide is not
This guide is not another explanation of backup technologies or the future protection technologies
that will revolutionize the customer experience. Neither is it an analysis of the benefits or
shortcomings of online vs. offline protection.
Instead, this guide aims to examine why backup and recovery is critical to the business and how a
proactive approach can be the key to backup success.
Introduction
Delivering an Effective Backup and Recovery Service: A Symantec Global Services Advisory Guide
Like many homeowners, businesses have often been satisfied with just minimal provision and preparation for disasters. It is only when a disaster arrives that it becomes clear how inadequate this approach is.
5
A useful analogy
Businesses tend to view backup and recovery in the same way that property owners view
homeowner’s insurance. Cast your mind back to the devastating floods that hit Britain in the
summer of 2007 or the fires that ravaged Southern California the same year. You will recall that
many of the affected homeowners had insufficient insurance.
Only when houses were flooded or burned, belongings destroyed, and lives turned upside
down did homeowners come to realize the importance of adequate insurance policies—and to
profoundly regret having allowed homeowner’s insurance to sink to the bottom of their priority
lists.
Historically, many IT departments have approached backup and recovery in a similar way. Too
often the budget is spent on the very latest technologies at the expense of protecting the critical
data that allows the business to function.
Like many homeowners, businesses are often satisfied with minimal provision and preparation for
disasters. It is only when a disaster arrives that it becomes clear how inadequate this approach is.
Who should read this guide?
This guide is intended for CIOs, CTOs, and IT directors faced with the challenge of managing
backup and recovery operations. Operational budget holders will also benefit from some of the
financial messages in the guide.
“We believe that a reactive attitude should be replaced with a proactive and assertive strategy,
which attaches much greater significance to the role of backup and recovery. I commissioned
this guide to help organizations make the right decisions about how best to prevent data loss and
potentially catastrophic IT failure.”
— Archie Maddocks, Senior Service Delivery Manager, Symantec Global Services
Delivering an Effective Backup and Recovery Service: A Symantec Global Services Advisory Guide
6
The sad truth is that many businesses do not much care about backup and recovery. The majority
of businesses that do care are often either unaware of the best way to address the issue, or
under the impression that their existing measures are enough. The end result is that vital
services provided by the IT group are often ignored or misunderstood. Indeed, because too many
businesses still see backup as a burdensome drain on their time, organizations that have well-run
backup operations are very much in the minority.
A significant proportion of the problems associated with backup and recovery can be attributed to
this basic reluctance—or inability—to take a firm grip of it.
As a result, very few businesses are adequately organized, and there tends to be a lack of effective
planning behind their strategies. Correct processes and procedures are often missing, and there is
little evidence of root cause analysis when things go wrong.
So it is not surprising that many businesses operate with a false sense of confidence that
everything will turn out alright. In truth, however, they are risking a cycle of perennial fire-
fighting.
“The whole issue of backup and recovery is too low on the list of priorities,” says Symantec’s
Archie Maddocks. “Too many businesses are only interested in storage when they can’t recover
data they desperately need, and it costs them money. Data backup and recovery is very much a
reactive part of the overall end-to-end service.”
The benefits of a proactive approach
What businesses do care about is making profit and the quality of the service they provide to
their customers. While backup and recovery operations are often treated as necessary in an IT
organization, they only become of strategic importance during an IT failure in recovering mission-
critical information.
The outbreak of a blended threat, a natural disaster, or a regional catastrophe such as an oil
refinery explosion, could leave a business without the resources to locate, restore, and recover
each data instance.
Yet any interruption to service—whether IT-related or not—will affect profits, lower customer
satisfaction, and even threaten the long-term prospects of the business.
In Symantec’s experience, those businesses that respond positively with a robust strategy for
dealing with worst-case scenarios can reap substantial business benefits.
Why is backup and recovery critical to the business?
Delivering an Effective Backup and Recovery Service: A Symantec Global Services Advisory Guide
“I think in the past, businesses didn’t always give backup and recovery the attention it deserved. But increasingly, businesses are taking it much more seriously because we all know the potential repercussions.”
Technical infrastructure manager, leading financial services firm
7
The pressure for compliance
Recent high-profile incidents of data loss demonstrate that companies and governments must
understand the procedures and policies they implement and ensure compliance with legal
standards.
Businesses are also under pressure for a variety of other legal reasons. If, for example, a business
is asked to produce data in litigation, it is essential that the data be located quickly and efficiently.
Organizations tend to store data on backup tapes for many years in the belief that it can be
retrieved when necessary. With tape-based backups, however, time can severely compromise
the readability of data. There are at least two reasons. First, tapes begin to degrade over time.
Second, the recording technology becomes obsolete and is replaced, leaving no “playback”
capability.
Moreover, few organizations catalog their data-storage tapes, relying instead on timestamps
to identify likely locations. Many businesses are therefore unable to quickly identify the tape
that contains the data they need—which means that their organizations do not meet current
compliance laws.
Not only can a robust approach to data backup and recovery help lessen the likelihood of such
problems, but it can also be a powerful tool for winning and retaining the trust of investors and
customers.
Delivering an Effective Backup and Recovery Service: A Symantec Global Services Advisory Guide
8
Sarbanes-Oxley, Basel II, and SAS 70 are three of the biggest compliance concerns at present—and they all place significant demands on the recovery of data.
Returning momentarily to the homeowner’s insurance analogy, assuming that nothing very bad
will happen is the most common mistake associated with backup and recovery.
For too many businesses, it seems that only when they stare data loss in the face will backup and
recovery receive the attention and investment it demands. But by that time, it is usually too late.
Understanding what you are backing up and why
The fundamental problem is that businesses do not always know the actual value of their data, so
they do not know what to back up—or why.
“It is not uncommon to find a business that is failing to backup all of the data it really needs,”
says Symantec’s Archie Maddocks. “Backup success rates may appear to be impressive, but the
business may be missing critical data entirely. Moreover, there may have been little thought about
how the data will be recovered and where it will be recovered to.”
Managing business—and data—growth
Business growth is a thorny area, particularly when it comes to justifying costs. As a business
grows, it is almost inevitable that data volumes will also increase—especially if growth is rapid.
In these circumstances, convincing the board to invest will require appropriate and persuasive
reports and metrics.
.
Tackling common problems with backup
Delivering an Effective Backup and Recovery Service: A Symantec Global Services Advisory Guide
There are businesses using snapshot techniques and off-host backup for data sets that aren’t the product of high-volume, mission-critical applications and that don’t need such stringent—and expensive—backup and recovery technology.
9
Absence of a dedicated storage function
The responsibility for ensuring data backup and recovery often falls to platform teams. However,
they generally believe they are employed to perform other tasks. For example, the Wintel platform
team might be asked to manage backups even though their main focus is on the day-to-day
patches and updates of other Wintel services.
As a result, data storage becomes a secondary consideration. By its very nature, this leads to a
reactive environment. Because businesses are unable to formalize responsibilities, it is difficult
for them to prevent, diagnose, or repair problems with backup. Companies may be confident that
they can adequately respond to problems, but they will rarely be able to keep a problem from
occurring.
Delivering an Effective Backup and Recovery Service: A Symantec Global Services Advisory Guide
10
Dis
k st
ora
ge (
TB)
Growth in SAN disk storage in the average Fortune 1000 data center
1H 2H 1H 2H 1H 2H 1H 2H2005 2006 2007E2004
1600
1400
1200
1000
800
600
400
200
0
Figure 1 . Storage capacity, utilization, and anticipated growth for Fortune 1000 companies.
Getting processes right
Another potential pitfall is the general trend to focus too narrowly on technology. When problems
are encountered in the backup and recovery process, organizations often conclude that software
or hardware must be to blame.
However, flawed processes and procedures are often the real issues. More often than not, poor
practice in root cause analysis is the real problem that makes it nearly impossible to get the most
out of the IT infrastructure.
Poor communication is another contributing factor to many backup and recovery failures. If the
appropriate people are not communicating effectively, services are bound to suffer. For example, if
a backup schedule is looking for a particular application but somebody has taken that application
offline for testing, the backup software will not be able to connect to the target files. This will be
logged as a failure, and it is unlikely that anybody will know why.
Approaching the problem with the right attitude
Successful backup and recovery require considerable tenacity. It is too easy to accept a 90 percent
backup success rate as adequate. A truly committed business will be less interested in the 90
percent than in the 10 percent that is missed.
This tenacious approach to backup and recovery will scrutinize the remaining 10 percent carefully
and analyze exactly what has been overlooked. Shrewd businesses will work out why 10 percent of
the data could not be backed up, then come up with a solution to the problem.
And why the need for this intense focus?
“If it is the same 10 percent that has failed every night for two years, you are leaving yourself
open to considerable data loss,” says Symantec’s Adrian Spink.
Even with a good backup success rate of 97 percent, an organization may leave itself exposed.
This is especially true if the 3 percent failure rate includes repeated failures for essential data,
such as a customer database that is accessed and modified on a daily basis. For instance, imagine
that a corruption occurred, and the database had to be restored from tape or disk backup images.
Then imagine that consecutive backup failures meant the backup images from the past 12 to 24
hours were unavailable. It does not take much imagination to realize that the company could face
significant challenges.
Delivering an Effective Backup and Recovery Service: A Symantec Global Services Advisory Guide
Often it is the absence of a dedicated storage team that leaves businesses most exposed. Beyond this, the fundamental problem is that businesses don’t always know what, or why, they are backing up—or what the value of their data actually is.
11
How to back up the right data in the right way
Translate business requirements and align them with backup and recovery requirements. 1.
If the business does not have clear objectives, try to define some of your own and seek
agreement.
Develop a tiered list of backup and recovery requirements (service catalog) that fits the 2.
organization’s business needs. Ensure that this is reviewed and revisited regularly.
Work out the true respective costs of the organization’s backup and recovery operations and 3.
apportion them to the various options.
Predict the impact of data loss and build this into a budget proposal.4.
Build or modify the infrastructure to deliver against the service catalog.5.
Establish service-level agreements (SLAs) to define the expected level of service.6.
Test the recovery process regularly, and perform analysis of the recovery times and recovery 7.
points to ensure that they fit with the business needs.
Proactively manage and analyze backup logs to determine whether jobs are completed 8.
successfully.
Perform effective incident management on backup failures or storage-related issues.9.
Perform root cause analysis on all problems and issues found.10.
Perform service-level management to the agreed service catalog.11.
Delivering an Effective Backup and Recovery Service: A Symantec Global Services Advisory Guide
12
It is important to remember that without the ability to recover data, backing up data is futile.
Too many organizations relax when they have all their data backed up. Inexplicably, many fail to
test their ability to recover the data, This is typically the difference between success and failure.
Disaster preparedness checklist
√ Consider all the stages of recovery and all the components required.
√ Investigate what will happen if a Bare Metal Restore (BMR) is needed—i.e., if a complete
hardware failure demands reinstallation of the operating system and applications.
√ Perform recovery exercises for critical applications to ensure that backups are consistent and
that technologies and processes are in place to recover data to the required level.
√ Consider when recovery may be required and what skills and resources will be available to work
on the problem.
√ Define and document recovery procedures.
√ Develop competency in process adherence and improvement.
√ Test and then test again.
√ Ensure that backup and recovery are part of the IT service continuity strategy, underpinning
your organization’s business continuity plan.
Tackling common problems with recovery
Delivering an Effective Backup and Recovery Service: A Symantec Global Services Advisory Guide
Too many organizations relax when they have all their data backed up. Inexplicably, many fail to test their ability to recover this data. This is often the difference between success and failure.
13
Make testing central to recovery
A failure to test recovery on a regular basis can even disguise the fact that backups themselves
are not working. In a worst-case scenario, it could become apparent that the entire backup
process is flawed only when the business is required to recover critical data or applications.
Testing the recovery process would highlight such a problem at an early stage, allowing
the business to limit the damage. Working under the assumption that data recovery will be
straightforward is extremely dangerous.
When dealing with recoverability, it is particularly important to understand the business
requirements. If these are not known, there is no way of working out how quickly the business will
need to recover the data.
RTOs and RPOs
The recovery time objective (RTO) refers to how much time a business can afford to lose as it waits
for data to be recovered. The recovery point objective (RPO) refers to how much data the business
can afford to lose.
Together, RTOs and RPOs are vital in a corporate environment. Therefore, it is essential that
they be intelligently aligned with genuine business requirements. This is particularly important
in today’s litigious environment, where the inability to recover data can have significant legal
repercussions.
Many businesses believe that they are addressing data security by taking their tapes offsite. How
the data will be recovered and when—and to where it will be recovered—often remain a mystery.
People forget that in extreme cases, the whole recovery cycle could take weeks, not hours. More
and more, we are discovering that businesses do not focus enough on recovery because they are
too obsessed with backup.
Delivering an Effective Backup and Recovery Service: A Symantec Global Services Advisory Guide
14
“The ability to recover data is not necessarily an area of high focus until something goes wrong. Unless something is glaringly wrong, it is easy to take things for granted.”
Service director, managed service provider, public sector program
Data Loss Downtime(Recovery time objective)
Wks Days Hrs Mins Secs Secs Mins Hrs Days Wks
(Recovery point objective)
Figure 2 . Determining your data recovery needs.
Delivering an Effective Backup and Recovery Service: A Symantec Global Services Advisory Guide
15
It is often said that IT experts and business experts speak very different languages. This makes
it extremely difficult for IT experts to impress upon their boards of directors the importance of
effective backup and recovery.
With this in mind, there are ten basic steps that an IT manager or IT director can take to ensure
the board’s agreement to, and support for, a backup and recovery plan.
If you follow these steps and report regularly to the board, they will soon begin to understand how
critical backup and recovery are to the organization.
Find out what regulations affect your business, and assess the impact they will have on your 1.
data retention and protection policies.
Perform a risk and impact assessment of the business from a data loss perspective. Identify 2.
the critical business processes and ensure that these receive appropriate protection.
Define a recovery strategy based on the criticality of the business processes.3.
Establish a set of information and backup and recovery policies explaining exactly what 4.
needs to be done.
Develop a full audit and reporting framework where backup and recovery operations are 5.
tracked and audited for process adherence.
Develop an operational reporting framework for backup and storage. Make it visible to the 6.
organization, highlighting the importance of backup and recovery to the business.
Educate all areas of the organization—including end users—on the importance of good 7.
information management.
Ensure that the backup and recovery strategy effectively underpins a comprehensive security 8.
program. Interestingly, 40 percent of data compromise happens inside the organization. Role-
based access should be used.
Develop a separate, usable archiving policy where information can be searched and recovered 9.
easily.
Practice recovering data.10.
Winning board backing for investment
The secret is to avoid technical jargon and communicate your concerns in real, understandable business terms.
15
Signs that your backup and recovery operations needs to be improved
• Spiraling or unknown costs or total cost of ownership (TCO)
• Unknown operational and business risks
• Unknown or low level of backup success rates
• Struggling to meet audit compliance
(e.g., Sarbanes-Oxley, Statement on Auditing Standards [SAS] No. 70)
• No clear service-level agreements (SLAs)
• Undefined roles and responsibilities (i.e., lack of clear ownership)
• Lack of tiered storage model
• Undefined operational processes
• Recovery issues due to failed backups
Communicating risk
At all times, you need to identify the reduction in risk that your backup and recovery strategy
would provide. If the organization is presented with the end result of the improved service in
terms of productivity or other metrics, skeptics will always take an interest. The secret is to avoid
technical jargon and to communicate your concerns in real, understandable business terms.
For example, if a bank loses encrypted tapes containing customer data, what exactly will the
impact be? Similarly, what if your own business should lose confidential customer data?
It is important to put this information into some form of cost/risk profile. This can then be used
to inform the board that more investment is needed in order to improve the backup and recovery
service.
Delivering an Effective Backup and Recovery Service: A Symantec Global Services Advisory Guide
16
“The media are always looking for things to go wrong. Any mistakes can lead to damning front-page headlines.”
Service director, managed service provider, public sector program
Managing backup and recovery operations can be a daunting task. Businesses are often left
with a simple choice: continue to manage backup and recovery operations in-house, or seek the
assistance of an outsourcer.
The appeal of an in-house solutionIn some circumstances, an in-house backup and recovery team will be attractive for a variety of
reasons:
• The perception that it will be cheaper . Without conducting a thorough investigation of costs,
there will be understandable concerns that obtaining outside assistance is more expensive than
doing the job completely in-house.
• Concerns over security and confidentiality . Organizations are sometimes reluctant to hand
access to their data over to someone else. Security is one of several considerations that may
persuade a firm to keep storage in-house or simply avoid obtaining planning assistance.
• Basic reluctance to pursue outsourcing . Cultural resistance to outsourcing is commonplace.
• A desire to remain independent . There is an element of risk attached to the formation of any
business relationship. Some firms will be reluctant to accept this potential danger.
• Anxieties over flexibility . Some businesses may also fear a loss of flexibility because an
outsourcer will assume some degree of operational control. There may be concerns that
relinquishing even a small amount of control will inhibit the organization’s ability to react to
changing business conditions.
The benefits of outsourcingA strong, reliable outsourcer will bring a range of benefits which may resolve the concerns listed
above:
• Greater visibility of TCO and the assurance of a fixed price . Typically, the budget manager
will be unaware of the total cost of ownership (TCO) of an in-house solution. Consequently, the
manager will be unable to forecast ongoing costs. However, an outsourcer can set a pricing
schedule based on fixed monthly costs. Even better, this may well prove less expensive than
existing methods.
• Guarantees on service levels . It is often difficult to establish, adhere to, or even measure
operational levels internally. Strict SLAs provided by an outsourcer will enable management to
learn exactly how effectively the organization’s backup and recovery operations are performing.
Stick or twist?
Delivering an Effective Backup and Recovery Service: A Symantec Global Services Advisory Guide
Invariably, businesses are left with a simple choice: continue to manage backup and recovery operations in-house, or seek the assistance of an outsourcer.
17
• Greater focus on your core business . An outsourcer will allow an organization to focus on its
core competencies, thus allowing resources to be redeployed to more central concerns of the
business.
• Stronger expertise in supporting your backup process . Many organizations do not have full
knowledge of service management processes. Neither do they have a deep understanding of
backup architecture and technology. An outsourcer will be able to improve service levels by
efficiently applying best-of-breed solutions with strong service management processes.
• A more structured approach to critical business data . The financial repercussions of data
loss or downtime can be devastating. An experienced outsourcer can minimize the risk by
helping the business identify and effectively back up its critical business data. In March 2007,
Symantec research1 found that best-in-class organizations are monitoring and measuring
controls and procedures to protect sensitive data on a weekly basis. In contrast, the average
business only examines these controls and procedures every 176 days.
• A heads-up on RTOs and RPOs . The board will gain reassurance from an outsourcer with
in-depth experience working out RTOs and RPOs. An understanding of RTOs and RPOs will
allow the business to choose between gradual recovery, intermediate recovery, and immediate
recovery.
• An understanding of the importance of compliance . Compliance demands will only increase
in the years ahead. It is important to have experts onboard to deal with these growing concerns.
Symantec’s Archie Maddocks comments: “Organizations are usually aware of the legislation,
but they do not necessarily know how to configure or manage storage to meet the various
requirements.”
• Assistance with the auditing process . When an audit is conducted, it is crucial that everything
is in place and up to date. A third-party outsource provider can offer the skills and experience
needed to help ensure that audits run smoothly.
• Greater accountability and help in the decision-making process . Reporting capabilities of
in-house systems are generally poor, which can limit damage accountability. An outsourcer,
however, should be able to produce effective reporting of their services. This should be scalable
from operations to business owners, and it should relay pertinent information based upon roles.
However, an outsourcer’s customers should ensure that they have a method of independently
verifying the reported information.
1 Symantec: “Taking Action to Protect Sensitive Data” report, March 2007.
Delivering an Effective Backup and Recovery Service: A Symantec Global Services Advisory Guide
18
In March 2007, Symantec research1 found that best-in-class organizations are monitoring and measuring controls and procedures to protect sensitive data on a weekly basis. The average business only examines these controls and procedures every 176 days.
If you are thinking about outsourcing your data backup and recovery operations to a third party,
what factors should you consider?
Finding a trusted third party
There should always be a strong professional relationship between the business and the
outsourcer. The client must be able to trust the third party to do the job more efficiently and
reliably than was previously possible.
Clients want relationships, and they want to know that they can trust the people with whom they
work. They want to know that the third party will deliver on its promises and step up if something
goes wrong. They want a hands-on relationship. And they want to know that the outsourcer will
deliver on its promises.
Getting the right range of services
Because all businesses have specific motivations when outsourcing backup and recovery
operations, it is important that tailored services be available to you.
For those looking for sophisticated metrics and status information—as well as trending and
historical mapping—reporting tools may be the only service they will need.
Some third-party outsource providers also offer a range of onsite and offsite backup and recovery
services. These include providing onsite specialists who work as members of your team for an
extended period of time. These resident specialists can perform services under a statement
of work or under an arrangement where the outsourcer takes responsibility for day-to-day
administration and management under a strict SLA.
Alternatively, managed backup services can also use remote teams and offsite infrastructure
investments to perform 24x7 remote monitoring and remote management, analysis, and reporting
under SLAs.
These services can also work together as a “managed solution,” combining best practices onsite
with remote management capabilities offsite.
Through the use of onsite resident specialists or remote experts, existing internal resources can
be freed to focus on strategic projects and core activities.
.
What to consider when outsourcing
Delivering an Effective Backup and Recovery Service: A Symantec Global Services Advisory Guide
“If you are going to let somebody else run something important for you, it is crucial that you trust them implicitly.”
Technical infrastructure manager, leading financial services firm
19
Ensuring cost-effectiveness
Choosing an outsourcing partner with a strong industry reputation should guarantee an improved
service.
“Customers rarely know the total cost of ownership of running backup and recovery in-house,”
says Symantec’s Archie Maddocks. “There is a misconception that the cost of managing backup
and recovery is limited to the salaries of the people actually employed for these purposes. In
reality, you also need to consider the cost of upgrading, the cost of training, and the cost of
managing high-impact failures or even data loss.”
In many cases, businesses taking control of their own backup and recovery services are hugely
wasteful of their resources, simply because they lack the necessary processes and best practices.
This inefficiency invariably has an impact on cost.
Before agreeing to work with an outsourcer, it is important to understand how much you are
currently spending on your backup and recovery operations. In our experience, organizations
spend much more on backup and recovery than they realize—and, in many cases, much more
than necessary.
Setting service levels
When engaging with a business over backup and recovery, outsourcers will typically produce a
proposal based on five pre-defined SLAs:
Backup success rates1.
Restore success rates2.
Response time to incidents3.
Repeat backup failure4.
Reporting5.
By establishing firm SLAs in this way, organizations are able to keep a closer eye on the quality
of services provided. Metrics are made available to test all five SLAs. This means businesses can
expect first-class management of the entire backup and recovery process.
Delivering an Effective Backup and Recovery Service: A Symantec Global Services Advisory Guide
20
“Backup should be a chief priority for all firms and there should be a dedicated team taking control of it. Outsourcers live and die by their success rates, which can give them an edge over in-house teams. They will not be afraid to ask the difficult questions to achieve the desired results.”
Adrian Spink, Symantec Global Services
Often outsourcers are able to raise the bar significantly by setting minimum standards for backup
and restore success rates. Because few businesses have the tools available to measure these
processes, standards tend to be considerably lower when backup and restore operations are
managed in-house.
Organizations need to track existing success rates. They need to understand whether they are
getting better or worse at doing the job. They also need to understand why backup failures are
occurring. It is important to look at this not just from a technology perspective, but from process
and skills perspectives as well. Without proper root cause analyses, backup success can become
a nightly lottery. Yet it is rare to find a business with the skills in-house to carry out the necessary
root cause analysis.
Questions to ask potential outsourcing partners
What cost model do you have for an environment of our size and complexity? (You should 1.
compare the answers with their own internal cost model to establish if outsourcing makes
sense.)
What service delivery metrics will you agree to2. —and in what measurable ways will you
improve the current state of our backup and restore operations?
In which areas will you introduce risk, and where will you reduce it? (This should be matched 3.
against an existing risk profile.)
What resources will you require to deliver the cost, risk reductions, and delivery increases 4.
you have defined?
Delivering an Effective Backup and Recovery Service: A Symantec Global Services Advisory Guide
21
As companies deliberate on whether to do backup and recovery in-house or through an
outsourced solution, they need not face the decision alone. Outside consultants can help advise,
develop, and transform a company’s IT operations to suit its backup and recovery needs.
It is possible to gain many advantages through short- and long-term consulting assistance.
Consultants can provide:
• Third-party assessment of the current state and protection gaps . Using specific expertise
gained in analyzing a wide range of environments, a consultant can identify issues that
in-house resources miss. Because these types of in-depth analysis often take time away from
the core business, they are often skipped, increasing the risk of ineffective backup and recovery
operations. Consultants can let you know what needs fixing before an audit takes place—or let
you know what technologies and processes you need to implement in order to meet your SLAs.
• Assistance with the auditing process . A third-party consultant can offer the necessary skills
and experience to help ensure that audits run smoothly.
• Help designing the right solution and transition plans . A consultant will be able to improve
service levels by creating a solution design that efficiently applies best-of-breed solutions
and processes in order to meet your specific business requirements—and tell you how to go
from where you are now to the desired state, as well. Consultants bring to bear their in-depth
experience working out RTOs and RPOs, and they understand the importance of compliance.
• Ongoing operational assistance, as needed . While handing over complete operational control
to a third party may not always be possible, adding expertise to your team offers distinct
advantages for both short- and long-term projects. Once you determine the changes that are
required, how do you implement them? If you have a recurring task that needs to be done
right each and every time, but is not done that often, how do you maintain consistency? Expert
consultants can provide the extra hands needed to accomplish the project, help ensure that it is
accomplished correctly, and possibly train your in-house staff to take over.
• Residency services . You might want to continue to free up your current resources to
concentrate on the core business, and instead have expert consultants run backup and recovery
operations for you. Residency services provide onsite expert consultants that can take over the
portions of your backup and recovery operations that you designate. These consultants become
part of your team, and you control what they do.
Consultants have been there and done that
Delivering an Effective Backup and Recovery Service: A Symantec Global Services Advisory Guide
22
For many organizations, a managed backup service makes great business sense. Symantec’s
broad experience in the backup arena shows that clients often wish to remove the headache of
managing backups. However, relinquishing all control to an outsourcer is a step too far for most.
Symantec Managed Backup Services allow you to retain ownership of the technology and control
of business critical data, but leave the day-to-day operation to us. Our product and service
expertise will drive optimum operational efficiency with our Managed Backup Services becoming a
seamless extension of your support team.
Because the data stays on your own assets in your own data centers, there is no “lock-in”
agreement with a third-party service provider that could impact data recovery over the long-term.
Symantec Managed Backup Services provide 24x7 remote monitoring and management under
strict SLAs. These can give you world-class success rates for backup and restore.
Moving to a managed service
The four-phase approach—assess, design, transform, and operate—is central to Symantec
Managed Backup Services:
• In the first of these phases, we assess the current backup environment and future
requirements. The goal is to ensure that the operational component is fully understood.
• Once we have completed our assessment, we design a solution that includes improvements to
the architecture. We also develop an operating plan that provides best practices for managing
the backup and recovery environment.
• In the transform phase we implement a series of improvements identified during the
assessment phase. These provide you with a backup and recovery environment that is both
effective and efficient.
• Once all the activities of the transform phase are complete, Symantec will operate according to
agreed SLAs. The benchmark of successful data recovery is backup success rates. A world-class
backup operation should be above 95 percent monthly average for backup success. Symantec
will successfully back up at least 97 percent of in-scope clients.
Symantec Managed Backup Services
Delivering an Effective Backup and Recovery Service: A Symantec Global Services Advisory Guide
Symantec Managed Backup Services allow clients to retain ownership of the technology and control of business-critical data, but leave the day-to-day operation to us.
23
The backup environment is managed night and day by Symantec, using exactly the right
combination of resident and remote expertise for each client. This maximizes your access to
experts while reducing the amount of historically expensive onsite time. For some clients, a
completely remote service may be the best solution. It is based on the following components:
• Service catalog and associated SLAs
• Dedicated service delivery manager
• Real-time event monitoring and alerting via the 24x7 Service Operations Center
• Incident and problem management from the Operations Center
• ITIL process definition and implementation
• Offsite staff for daily operations, change, release, and capacity changes
• Monthly backup reporting and service review
• Vendor management to reduce problem resolution times
Phase: Assess Design Transform Operate
Objectives: • Evaluate operational effectiveness
• Evaluate backup and recovery infrastructure
• Define operating model
• Define technology model
• Implement operating model
• Implement technology model
• Deliver Symantec Managed Backup Services
Deliverables: • Backup assessment plan
• Transition plan
• Service delivery document
• Project plan
• Service manuals
• Run environment on behalf of client 24x7
• Report and manage
Activities: • Determine requirements and desired service levels
• Provide detailed costing analysis and determine potential ROI
• Provide recom-mendations for improvementsl
• Evaluate existing processes
• Design service level and strategy
• Develop transition process and plan around people, process and technology
• Integrate monitoring tools
• Implement changes to reduce risk of data loss and improve SLAs
• Implement standard processes
• Establish change control
• Conduct backup administration and media management
• Conduct backup and restore verifications
• Provide monitoring, alerting and metrics reporting
• SLA adherence
Figure 3 . Symantec’s assess, design, transform, and operate approach to managed service.
Delivering an Effective Backup and Recovery Service: A Symantec Global Services Advisory Guide
24
Because the data stays on your own assets in your own data centers, there is no “lock-in” agreement with a third-party service provider impacting data recovery over the long term.
Reporting
A Symantec expert will be assigned to lead your backup and recovery process, absorbing the
extra workload of incident and problem management. This dedicated Symantec Service Delivery
Manager knows that your time is valuable, so a short face-to-face monthly service meeting will
focus on key issues. Meanwhile, our comprehensive service pack will provide reports that enable
your business to quickly monitor and assess the health of the backup environment.
Our track record
Symantec Managed Backup Services have a proven track record of:
• Significantly improving backup and restore performance
• Increasing backup and recovery success through root cause analysis
• Implementing initiatives to standardize policies, procedures, and measurement
• Achieving world-class service through meeting strict SLAs
Delivering an Effective Backup and Recovery Service: A Symantec Global Services Advisory Guide
25
An international banking group
When clients claim to be “absolutely thrilled” with the service they are receiving, things must be
going well. And that is exactly the case for an international banking group that is using Symantec
Managed Backup Services.
Frustrated by the lack of management from its existing managed backup service, the bank
made the strategic decision to transfer the ongoing management of its backup environment to
Symantec. The goal was to effectively meet demanding service levels.
By using Symantec for day-to-day operational backup management and end-to-end data
protection, the bank is significantly increasing its backup success rates. In addition, it is reducing
the costs and IT risks associated with unmet recovery objectives, data loss, and business
disruption. Symantec is also helping the bank ensure that it meets its SLAs each time, every time.
Business drivers• Improve operational efficiency
• Keep control of the spiraling cost of data protection operations
• Adhere to stringent SLAs
• Enable the bank to focus on core business areas and strategic priorities
Technology challenges• Excessive time and resources devoted to managing data protection environment
• Risk of data loss or data corruption associated with a poorly managed data protection
environment
Solution• Managed Backup Services using expertise from Symantec
• Incremental backup of 1.5 terabytes of data every other day, with full backups taking place
every week across 300 servers (mainly “Wintel”)
Business value and technical benefits• Provides real-time day-to-day operational management and end-to-end data protection
• Helps the bank to significantly increase backup success rates
• Reduces the costs and IT risks associated with unmet recovery objectives, data loss, and
business disruption
• Provides comprehensive daily, monthly, and capacity reporting
• Ensures that the bank meets its SLAs every time
Case example
Delivering an Effective Backup and Recovery Service: A Symantec Global Services Advisory Guide
26
“The bank is barely involved in backup now. Symantec manages the entire backup environment, but we have the satisfaction of knowing exactly what is going on, thanks to comprehensive daily, monthly and capacity reporting. The net result is that we are hitting our SLA each time—every time.”
Technical infrastructure manager, leading financial services firm
Client A: Service director, managed service provider, public sector program
“The thing to remember about public sector data is that the media are always looking for things
to go wrong. Any mistakes can lead to damning front-page headlines, which is why it is important
to work with organizations that you can trust implicitly to deliver against objectives. This is a key
reason for the ongoing success of our relationship with Symantec.
“Working with Symantec makes perfect sense, from my perspective, as we do not have the internal
resource available to deliver the kind of capability we are now enjoying. We need Symantec’s
expertise and experience if we are to deliver a high-quality service.
“Any form of data loss is unacceptable to our customer and the backup and restore capability
we deliver in partnership with Symantec is a vital service, underpinning the customer’s data
availability strategy. We also use industry benchmarks, such as Gartner, and expect an extremely
high rate of backup success.
“I have a great deal of faith in Symantec as an organization, and I am confident in their ability to
deliver a world-class backup solution. In the past, when we have had any issues, they have been
taken very seriously and resolved appropriately, and this is important when building up trust.
“Symantec brings order and predictability to the table, which is a huge advantage to all
businesses. The ability to recover data is not necessarily an area of high focus until something
goes wrong. Unless something is glaringly wrong, it is easy to take things for granted. Symantec
does not allow this to happen.”
.
What our clients say…
Delivering an Effective Backup and Recovery Service: A Symantec Global Services Advisory Guide
“Working with Symantec makes perfect sense, from my perspective, as we do not have the internal resource available to deliver the kind of capability we are now enjoying. We need Symantec’s expertise and experience if we are to deliver a high-quality service.”
Service director, managed service provider, public sector program
27
Client B: Technical infrastructure manager, leading financial services firm
“We have been working closely with Symantec since January, 2007, when we brought them in to
do some work for us on the performance of our backup systems. We were impressed with their
work and decided to call them in to take over the management of our entire backup and recovery
services.
“We knew that we did not want to employ our own backup administrator internally. We simply
wanted to get somebody involved who had the expertise and experience to do an excellent job for
us.
“More importantly, we wanted somebody who really understood the products we were using.
Because Symantec designed the backup products in the first place, they were the obvious choice
to manage them for us.
“Trust is also very important, and this is true of all outsourcing relationships. If you are going to
let somebody else run something important for you, it is crucial that you trust them implicitly.
Because Symantec had already done work for us, we knew they would do the job properly, and
this was extremely reassuring.
“The value-add of working with Symantec is that they can delve deeper into our backup and
recovery processes. They don’t just run it for us; they identify what the problems are and fix them
immediately.
“With Symantec Managed Backup Services, we get straight through to whomever we need to. They
ask a few questions, and take responsibility for sorting any issues immediately.
“We’re absolutely thrilled with Symantec Managed Backup Services. If I had to make a choice
about renewing the contract with Symantec tomorrow, I wouldn’t hesitate.”
Delivering an Effective Backup and Recovery Service: A Symantec Global Services Advisory Guide
28
Symantec Global Services offers deep technical knowledge and proven expertise to help clients
manage IT risk, performance, and cost. Our consultants have helped IT teams from over 95
percent of Fortune 500 companies enhance and maintain the security, availability, performance,
and compliance of their information and infrastructures. With over 1,000 consultants worldwide,
we provide consulting services to clients in more than 60 countries and participate in more than
4,000 engagements per year. Our consultants average 15 years of experience across all major
operating systems, storage hardware, and application environments.
For information on Symantec Global Services, go to:
www.symantec.com/globalservices
For information on Symantec Managed Services, go to:
http://go.symantec.com/managed_services
.
About Symantec Global Services
Delivering an Effective Backup and Recovery Service: A Symantec Global Services Advisory Guide
29
For specific country offices and
contact numbers, please visit
our Web site. For product
information in the U.S., call
toll-free 1 (800) 745 6054.
Symantec Corporation
World Headquarters
20330 Stevens Creek Boulevard
Cupertino, CA 95014 USA
+1 (408) 517 8000
1 (800) 721 3934
www.symantec.com
Copyright © 2008 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. Printed in the U.S.A. 03/08 13773570
About Symantec
Symantec is a global leader in
providing security, storage, and
systems management solutions to
help businesses and consumers
secure and manage their information.
Headquartered in Cupertino, Calif.,
Symantec has operations in more
than 40 countries. More information
is available at www.symantec.com.