Law.com Subscribers SAVE 30%

Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.

CybersecurityFeaturesTechnology Media and TelecomCybersecurity Law & Strategy

Key Tech Terms to Know: Archives, Backups, Disaster Recovery and “as-a-Service”

By Jeff Ton
May 01, 2018

Law firms today are inundated with new data protection and recovery methodologies from vendors. It's a hot market because technologists in law firms are under intense pressure to protect sensitive client data and clients are now holding their firms to higher standards than ever. However, IT leaders are struggling to make sense of what they need to have, both to meet client demands and stay ahead of the ever-evolving threat landscape.

For this reason, below are a few essential definitions, intended to provide clarity and guidance to firms that are exploring how to improve their data compliance, protection and recovery posture.

|

Definitions and Differences

Archive: A collection of historical business records that are immutable and unchangeable, which must be retained for future reference should you ever need to produce evidence (perhaps when legal or regulatory questions arise). Archiving refers to the process of moving data that is no longer in active use to a separate storage device. Many organizations define archive data as any copies older than 120 days, whereas some may archive immediately when a matter is closed. Typically, archive data can be located online in to-disk format or offline in to-tape format.

Archive-as-a-Service (AaaS): Also emphasizes maintaining a historical record, but unlike the “archive” definition above, a vendor is helping you with the act and storage of the archive data. It's typically assumed the storage is in a second datacenter managed by the vendor.

Backups: A snapshot, point-in-time copy of your current on-premises data that you use to restore original file-level data if it's ever damaged or lost. This refers to the practice of copying computer files to another storage device, with additional copies being added to an external storage location as those files change. Backup data can be located online in to-disk format or offline in to-tape format.

Backup-as-a-Service (BaaS): An approach where instead of performing backup on-premises, BaaS connects systems and data to a second datacenter, private, public or hybrid cloud managed by an outside provider. This outsourced method offloads the duties of managing tapes or hard disks and keeps data accessible or restorable from a remote location.

Some people also refer to this form of data protection as Backup Recovery-as-a-Service (BRaaS), which is meant to place more emphasis on its purpose: to be able to recover using these backups.

IT Disaster Recovery (DR): A type of data protection that is usually implemented with the goal of returning systems to normal. Depending on the approach, recovery could be within hours, but is typically much longer (days or weeks). It is typically accomplished using a combination of backups, SAN-to-SAN hardware-based replication, database replication or even software-based replication. With traditional IT-DR, the DR site requires the same amount of physical hardware and capacity as what is being used in the production or primary site, or this hardware must be procured before recovery can begin.

Disaster Recovery as a Service (DRaaS): Emphasizes fast recovery from a technology disruption, restoring applications and networking often within minutes-to-hours so users can return to work again quickly. It is like BaaS but instead of protecting individual files, it involves protecting the entire system or environment. On-premises datacenters or cloud-based datacenters are replicated to a second datacenter, private, public or hybrid cloud managed by an outside provider, removing the need for organizations to manage and maintain their own DR site. It also eliminates the need for capacity planning because the service allows for scaling of hardware resources when a declaration occurs, reducing costs.

Disaster Recovery on Infrastructure-as-a-Service (IaaS): References when an organization builds a recovery solution using replication or migration tools with an IaaS provider such as Azure, AWS or Google. In many cases this solution is set up with the intent of reducing overall costs for DR, but the firm's IT team is responsible for the implementation, management, testing and recovery of the applications. It's important to note that failover and failback capabilities should be tested on a small dataset if you are protecting workloads from outside of that same cloud family, because in some cases the failback doesn't exist or requires a large effort.

|

Putting It All Together

On a high level, the key difference between each of these terms comes down to their intended purpose. Oftentimes, a firm's budget has an impact on what solution is chosen, but knowing every solution option will aid in good decision-making, flexibility and transformation for the future. Selecting a BaaS provider, for example, that also offers DRaaS solutions, may mean an easier transition later on.

As a rule of thumb, small firms need to have archive and backups at a minimum. Mid-size and larger firms are likely expected by clients and partners to not only archive and backup their data, but also have the ability to recover from disruptions within a moment's notice.

In each of the “as-a-Service” offerings noted in this article, it's important to also understand that three different service models exist within them:

  1. Managed – the provider is responsible for performing and managing the solution (backups, replication, storage, etc.). In scenarios when the client's IT team is unavailable, the provider can even execute the recovery process on their own.
  2. Assisted – the provider gives the client expert advice on building a robust recovery strategy and setup, while also helping during a recovery event when needed.
  3. Self-Service – the client receives the necessary tools for the solution, but is on their own for everything else.

Anytime you are using the cloud, there are shared responsibilities. For this reason, know how much responsibility you want to take on. Firms should consider each of these “as-a-Service” service models and their associated responsibilities to ensure proper alignment with their needs.

*****

Jeff Ton is executive vice president of product and service development for Bluelock where he is responsible for driving the company's product strategy and service vision and strategy. Ton has over 30 years of experience in business and information technology and previously served as CIO for Goodwill Industries of Central Indiana and Lauth Property Group. To learn more about DRaaS specifically, read Bluelock's free & ungated beginner's resource, “The Practical Guide to Disaster Recovery-as-a-Service.”

This premium content is locked for Entertainment Law & Finance subscribers only

  • Stay current on the latest information, rulings, regulations, and trends
  • Includes practical, must-have information on copyrights, royalties, AI, and more
  • Tap into expert guidance from top entertainment lawyers and experts

For enterprise-wide or corporate acess, please contact Customer Service at [email protected] or 877-256-2473

Read These Next
How Secure Is the AI System Your Law Firm Is Using? Image

In a profession where confidentiality is paramount, failing to address AI security concerns could have disastrous consequences. It is vital that law firms and those in related industries ask the right questions about AI security to protect their clients and their reputation.

COVID-19 and Lease Negotiations: Early Termination Provisions Image

During the COVID-19 pandemic, some tenants were able to negotiate termination agreements with their landlords. But even though a landlord may agree to terminate a lease to regain control of a defaulting tenant's space without costly and lengthy litigation, typically a defaulting tenant that otherwise has no contractual right to terminate its lease will be in a much weaker bargaining position with respect to the conditions for termination.

Pleading Importation: ITC Decisions Highlight Need for Adequate Evidentiary Support Image

The International Trade Commission is empowered to block the importation into the United States of products that infringe U.S. intellectual property rights, In the past, the ITC generally instituted investigations without questioning the importation allegations in the complaint, however in several recent cases, the ITC declined to institute an investigation as to certain proposed respondents due to inadequate pleading of importation.

The Power of Your Inner Circle: Turning Friends and Social Contacts Into Business Allies Image

Practical strategies to explore doing business with friends and social contacts in a way that respects relationships and maximizes opportunities.

Authentic Communications Today Increase Success for Value-Driven Clients Image

As the relationship between in-house and outside counsel continues to evolve, lawyers must continue to foster a client-first mindset, offer business-focused solutions, and embrace technology that helps deliver work faster and more efficiently.