It sometimes comes as a surprise that even accomplished IT professionals seem to take an undifferentiated view of advertised features of mainstream public clouds such as AWS, Google or Azure. The misconception based on certain biases can be very costly when it comes to the crunch.
Most recently, Capita, the UK based outsourcer running UK government contracts, has been the subject to a cyber attack by the Black Basta gang. Expected costs are between £15m and £20m, which include recovery and remediation costs as well as investments into cyber security. (https://www.telegraph.co.uk/business/2023/05/10/capita-russian-cyber-attack-bbc/)
So, when it comes to backups, one of such, potentially costly, misconception can be attributed to Azure's RA-GRS (Read Access - Georedundant Storage). There is a belief among IT managers that selecting Geo-Redundant Storage (GRS) as the replication level, one will achieve a geographically-segregated backup copy of the data.
Backups and redundancy schemes are both data protection methods, but they are not interchangeable, especially when it comes to cyber security. Fast and effective recovery from a cyber protected, geo-redundant backup is critical to manage costs, not least avoiding or being able to negotiate ransom payments.
Unfortunately, none of the Azure storage replication levels, Read Access Geo-Redundant Storage (RA-GRS) included, offer a backup. Replication levels, however, are provided only as a way of increasing resiliency of the solution and availability of data, which is not a backup.
Redundancy is a data protection method intended as a real-time fail-safe measure against hard drive failure. A common redundancy feature found in servers and NAS boxes to prevent data loss is RAID (which stands for Redundant Array of Independent Disks), which creates multiple copies of files across several hard drives. If one hard drive in the array fails, the other hard drives pick up the slack with (usually) no interruption.
A backup, on the other hand, doesn’t provide real-time protection, but it does provide protection against a greater set of problems, including failed drives, device theft, fire, or even just accidentally, or maliciously, deleting files. The latter being a common failure event. Atlassian Cloud customers may recall the data loss spanning about 700 organisations caused by an accidental deletion of data by an Atlassian administrator.
There are several key attributes of backup which are entirely missing in the replication models provided in Azure (and other clouds).
One key issue with replication models is one of synchronised modification.
One of the critical components of a backup is that even if, and especially when, blocks of data or tables in a database or even containers are changed or deleted, these data containers, data wrappers or databases are still recoverable, as they existed at a previous point in time.
With Azure's GRS, such capability is absent, since any modifications or deletions are immediately replicated to the secondary or tertiary storage .
If the accidental or malicious deletion of an object happens, GRS does not provide any recovery option, since all changes (and, in this case, deletion counts as a change) are replicated to all copies, including those in the secondary or tertiary storage region. On this basis alone GRS, and any other replication level, fail to meet the most basic requirement of a backup.
Let's mention costs. In general, when dealing with backup, the goal is to have the maximum retention and granularity for recovery at the lowest possible cost. We already mentioned that GRS does not provide any guaranteed retention policy and lack point in time recovery. Moreover, in case of Azure, the costs for their RA-GRS option is astronomically high.
For instance, Azure's RA-GRS will more than double the cost since one has to pay the equivalent of storage twice. Storage operation costs increase also in tandem with storage management. In addition, geo-replication bandwidth cost are an overhead that can't be ignored.
We have to mention another issue. You have no control over the replication region as pairings are predetermined and cannot be changed. Although, with the exception of Brazil, all regional pairings are within the same national geography, at least 300 miles apart, you may want to break this pairing though for the simple reason that you want to stay in control of any fail-over procedures. We understand that Microsoft does not perform any fail-over procedures due to prohibitively high costs and complexity of the Azure infrastructure.
Instead, in case of temporary outages, a work-around offered is to take data offline (even GRS data) for the duration of the outage. In severe circumstances, after making attempts to recover the primary storage account, Microsoft may elect to open up the replica storage account, but it is entirely at their discretion when this happens.
In summary, GRS is not a backup solution. It is expensive, and it forces organisations into adhering to Microsoft's pre-determined procedures.
The Accxia ONE Cloud is independent and provides a cyber protected geo-redundant backup and recovery platform as a service with access to over 40 data centers across the globe.
Volker Schulze : April 4, 2022 7:19:13 PM BST
