Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.
Law firms today are inundated with new data protection and recovery methodologies from vendors. It's a hot market because technologists in law firms are under intense pressure to protect sensitive client data and clients are now holding their firms to higher standards than ever. However, IT leaders are struggling to make sense of what they need to have, both to meet client demands and stay ahead of the ever-evolving threat landscape.
For this reason, below are a few essential definitions, intended to provide clarity and guidance to firms that are exploring how to improve their data compliance, protection and recovery posture.
|Archive: A collection of historical business records that are immutable and unchangeable, which must be retained for future reference should you ever need to produce evidence (perhaps when legal or regulatory questions arise). Archiving refers to the process of moving data that is no longer in active use to a separate storage device. Many organizations define archive data as any copies older than 120 days, whereas some may archive immediately when a matter is closed. Typically, archive data can be located online in to-disk format or offline in to-tape format.
Archive-as-a-Service (AaaS): Also emphasizes maintaining a historical record, but unlike the “archive” definition above, a vendor is helping you with the act and storage of the archive data. It's typically assumed the storage is in a second datacenter managed by the vendor.
Backups: A snapshot, point-in-time copy of your current on-premises data that you use to restore original file-level data if it's ever damaged or lost. This refers to the practice of copying computer files to another storage device, with additional copies being added to an external storage location as those files change. Backup data can be located online in to-disk format or offline in to-tape format.
Backup-as-a-Service (BaaS): An approach where instead of performing backup on-premises, BaaS connects systems and data to a second datacenter, private, public or hybrid cloud managed by an outside provider. This outsourced method offloads the duties of managing tapes or hard disks and keeps data accessible or restorable from a remote location.
Some people also refer to this form of data protection as Backup Recovery-as-a-Service (BRaaS), which is meant to place more emphasis on its purpose: to be able to recover using these backups.
IT Disaster Recovery (DR): A type of data protection that is usually implemented with the goal of returning systems to normal. Depending on the approach, recovery could be within hours, but is typically much longer (days or weeks). It is typically accomplished using a combination of backups, SAN-to-SAN hardware-based replication, database replication or even software-based replication. With traditional IT-DR, the DR site requires the same amount of physical hardware and capacity as what is being used in the production or primary site, or this hardware must be procured before recovery can begin.
Disaster Recovery as a Service (DRaaS): Emphasizes fast recovery from a technology disruption, restoring applications and networking often within minutes-to-hours so users can return to work again quickly. It is like BaaS but instead of protecting individual files, it involves protecting the entire system or environment. On-premises datacenters or cloud-based datacenters are replicated to a second datacenter, private, public or hybrid cloud managed by an outside provider, removing the need for organizations to manage and maintain their own DR site. It also eliminates the need for capacity planning because the service allows for scaling of hardware resources when a declaration occurs, reducing costs.
Disaster Recovery on Infrastructure-as-a-Service (IaaS): References when an organization builds a recovery solution using replication or migration tools with an IaaS provider such as Azure, AWS or Google. In many cases this solution is set up with the intent of reducing overall costs for DR, but the firm's IT team is responsible for the implementation, management, testing and recovery of the applications. It's important to note that failover and failback capabilities should be tested on a small dataset if you are protecting workloads from outside of that same cloud family, because in some cases the failback doesn't exist or requires a large effort.
|On a high level, the key difference between each of these terms comes down to their intended purpose. Oftentimes, a firm's budget has an impact on what solution is chosen, but knowing every solution option will aid in good decision-making, flexibility and transformation for the future. Selecting a BaaS provider, for example, that also offers DRaaS solutions, may mean an easier transition later on.
As a rule of thumb, small firms need to have archive and backups at a minimum. Mid-size and larger firms are likely expected by clients and partners to not only archive and backup their data, but also have the ability to recover from disruptions within a moment's notice.
In each of the “as-a-Service” offerings noted in this article, it's important to also understand that three different service models exist within them:
Anytime you are using the cloud, there are shared responsibilities. For this reason, know how much responsibility you want to take on. Firms should consider each of these “as-a-Service” service models and their associated responsibilities to ensure proper alignment with their needs.
*****
Jeff Ton is executive vice president of product and service development for Bluelock where he is responsible for driving the company's product strategy and service vision and strategy. Ton has over 30 years of experience in business and information technology and previously served as CIO for Goodwill Industries of Central Indiana and Lauth Property Group. To learn more about DRaaS specifically, read Bluelock's free & ungated beginner's resource, “The Practical Guide to Disaster Recovery-as-a-Service.”
ENJOY UNLIMITED ACCESS TO THE SINGLE SOURCE OF OBJECTIVE LEGAL ANALYSIS, PRACTICAL INSIGHTS, AND NEWS IN ENTERTAINMENT LAW.
Already a have an account? Sign In Now Log In Now
For enterprise-wide or corporate acess, please contact Customer Service at [email protected] or 877-256-2473
In June 2024, the First Department decided Huguenot LLC v. Megalith Capital Group Fund I, L.P., which resolved a question of liability for a group of condominium apartment buyers and in so doing, touched on a wide range of issues about how contracts can obligate purchasers of real property.
With each successive large-scale cyber attack, it is slowly becoming clear that ransomware attacks are targeting the critical infrastructure of the most powerful country on the planet. Understanding the strategy, and tactics of our opponents, as well as the strategy and the tactics we implement as a response are vital to victory.
Latham & Watkins helped the largest U.S. commercial real estate research company prevail in a breach-of-contract dispute in District of Columbia federal court.
The Article 8 opt-in election adds an additional layer of complexity to the already labyrinthine rules governing perfection of security interests under the UCC. A lender that is unaware of the nuances created by the opt in (may find its security interest vulnerable to being primed by another party that has taken steps to perfect in a superior manner under the circumstances.