Debbie Saugen on IBM i Backup and Recovery
In urging IBM i installations to develop and carry out a comprehensive backup/recovery strategy, the veteran security consultant has many horror stories and three closing words of advice
Charlie Guarino: Hi everybody. This is Charlie Guarino. I’m sitting here today with Ms. Debbie Saugen of Debbie Saugen Consulting. Debbie, you and I have known each other for quite some time and I know you are the recognized worldwide expert on IBM i backup and recovery, disaster recovery, high availability, and things like that and surely, you’ve done so many podcasts and webinars and sessions on these topics but today I want to put you a little bit more in the hot seat and talk about topics that may be a little beyond the realm of that. For example, I’d like to discuss things like the value of information and why it’s so important to keep that secure, because I feel that security and backup and recovery do intercept probably more often than anybody thinks. But before we even have that conversation, hello Deb, how are you? I haven’t even said hello to you. Hello, Deb.
Debbie Saugen: Hi Charlie. I’m doing great, thank you.
Charlie: Right. You know it’s always a pleasure to talk to you. I’ve had the great pleasure of knowing you for many, many years, so thank you for joining us here today, Deb.
Debbie: You’re welcome. We won’t say how many years, okay?
Charlie: No, that will remain a mystery.
Charlie: Our little secret.
Debbie: Our secret, yeah.
Charlie: Great. So Deb, I said it already. You know the value of information—and this has really been weighing on my brain lately, because I’ve been reading recently that somehow information today has become more valuable than it has in the past. I guess there are two sides to this debate perhaps, but is information more valuable today, and why do you think people might even be saying that?
Debbie: So Charlie, I think the information has always been valuable, but I think that information is growing and it’s being put in different places, stored in different places, and we have more threats today against that information. There’s ransomware, there’s data corruption, disgruntled employees. Years and years ago we really didn’t look at so much. I mean we talked about disaster recovery, we were worried about fires and floods and tornadoes and hurricanes and natural-type disasters, but we’re in a new world where more of our information is actually online today and it’s becoming very, very vulnerable.
Charlie: And much more pervasive. You talk about online but there’s also offline information, things like smartphones. If I outfit my entire staff with company-issued smartphones, is that information necessarily backed up? I mean things like their text messages—I mean does that fall under the cover of information today?
Debbie: It may. It depends on what business you’re in and that’s something you need to assess. A lot of companies will issue their own smartphones with very secure measures, but that’s definitely something if it’s going to be used for a corporation. You have to assess how critical is that data and making sure it’s backed up and making sure it’s not compromised.
Charlie: I always remember you don’t have a good backup strategy if you don’t have a good recovery strategy, so that’s I guess all part of this same conversation—you can’t have one without the other, and right in your title, it’s a backup and recovery expert. So let’s talk a little bit about recovery, things like all these external sources of smartphones and even things like firewalls. If there was a natural disaster and a company’s physical location was completely obliterated, how do you recover from something like that, down to the smartphones and down to the firewalls, things like that? I mean I’m sure you’ve had situations like that in all your years.
Debbie: Yeah, and that’s where when you’re planning backup and recovery, you’re not planning the backup first. You’re really planning the recovery first, and you have to look at the recovery time—the recovery point, which is how much data are we able to lose, that type of thing. And then you have to test out that plan for that recovery, and that’s not just your IBM i systems. It’s your Windows servers, it’s your network, it’s your firewalls—it’s all those type of connections and that’s working, maybe it’s within your own organization because you have multiple sites that you can actually do this yourself, or maybe it’s working with a service provider that provides those type of things. But it’s going through that scenario and making sure that you can have everything you need accessible and backed up and recoverable in the amount of time that you need to have it done.
Charlie: All right so I agree with all the things you’ve said there, but there are going to be times when there are companies with smaller budgets for example, and certainly their information is no less valuable than anybody else’s information to them. So how do you address that when people have limited budgets and you’re trying to make sure that all of their information is in fact recoverable?
Debbie: So the things that you have to look at there is going with the solutions that are not going to break their budget. Maybe it’s a physical tape drive. Maybe for the iPhones, it’s just backing them up to the cloud. But what’s important is in all cases, it’s looking at what we can afford, and there are different levels of backup and recovery and it’s maybe taking a stepping stone, but you do have various options out there. In my mind everybody needs a backup, right? So they need the backup, and let’s look at what we can afford. Maybe we can expand on that. Maybe instead of a physical tape drive, we look at a virtual tape library. With a virtual tape library, we can actually replicate that offsite. That doesn’t have to be our site. That can be a service provider and that can be a lesser expensive solution, so we need to look at that. But I think what’s really important is in today’s environment is because there is so much ransomware and there’s a lot of corruption going on, things like that, we need to look at do we have an air gap solution? An air gap solution means I have my data off of the system and there’s no connection via a network to that backup. That might be a physical tape, because once I get it off to that physical tape, I can take it offsite. Let’s talk about a little bit of the offsite, because a lot of people forget the offsite. I will meet with customers, and I’ll say okay, backing up the physical tape, where are you storing those tapes? I’ll sometimes get a blank stare and they say well, it’s in Joe’s closet. Well let’s hope Joe is a very good employee and doesn’t have a fire at his house. You really need to expand on those solutions. There are places to send your tapes, like Iron Mountain or Vanguard, and store them in a safe location. The other thing as far as air gap is maybe you’re using a virtual tape library, and that gets replicated to another virtual tape library. Well you’ve still got that network connection. You’ve got software involved, things like that, but a lot of the providers offer a solution called a cyber vault backup for their VTL, or it might be a cyber vault backup solution for the storage. So it’s a copy of the data or a backup the data that is not connected to that actual data that you have, and that’s what’s important in today’s environment is coming up with that air gap solution. Also because if we’re just replicating systems, corruption can be replicated, ransomware can be replicated. The other thing you have to look at is how many versions of that backup are you keeping, because who knows how long it is going to take you to detect that you’ve had ransomware or that your data has actually been corrupted? It may take some time—it may be a month or so before you know. So you have that air gap backup solution somewhere that doesn’t have any corruption that you can go back to. So that’s something different that we’re dealing with when we’re dealing with just—and I don’t want to say just a natural disaster, but it’s a different kind of disaster that you know many, many years ago, who would have thought?
Charlie: While you were speaking just now Deb, I thought of some interesting questions, and one of them is you mentioned where are these backup tapes being stored, and you mentioned an honest to goodness company who is in the business of storing offsite data. And then you mentioned Joe’s closet, you know some employee named Joe who is casually putting these tapes in the trunk of the car and driving to their house and throwing these tapes into a closet somewhere. That’s an important point because—well, for two reasons. First of all, let’s talk about stewardship of this data, because that backup tape is literally the keys to the vault, the entire company right there, and somebody with any malicious intention—whether if Joe loses control of that tape and someone acquires it somehow and is able to get the information off of it—I mean are these things that you typically have in conversation like that when you have these less than formal arrangements with offsite storage.
Debbie: Absolutely. Absolutely we have those conversations, and that was a good visual picture of Joe putting those tapes in the trunk. Let’s hope he doesn’t get in a car accident, and then he takes them home and he puts them in the closet, let’s hope nothing happens in the closet or to the home where Joe lives. But the other question was are those tapes encrypted, or can somebody just pick up those tapes and put them in another system? Because encryption is another option you can do with your tapes, and then it’s adding in that piece of actually encrypting those tapes. But when we start encrypting tapes, things like that, you have to also look at how is that recovery going to go, because with hardware tape encryption, there are keys involved. I literally got a call once because with hardware encryption, you have a separate server that has the keys, and a customer was in the process of doing an upgrade of a system. Well, they thought they were going to upgrade the system, but they actually started a scratch recovery of the system. So they start this scratch recovery of the system, and now they’re committed. Their data has been wiped out. They’re going to have to actually do a recovery from the backup tapes, but the backup tapes are encrypted and they do not know the encryption key. This particular encryption was software encryption, and the encryption key—I got a call and they had called IBM Rochester and they’re saying well, if you don’t know the encryption key, there’s no way we can figure out how to do it. And they were in a quandary right there because they thought well maybe they put the encryption key in a bank vault, whatever. They were going to check into this. So luckily, they did finally find that encryption key, but these are things like when people leave the company, people haven’t thought through: where is the encryption key? I’ve had customers where one person knows half the encryption key, another person knows the other half of the encryption key. What if something happens to those personnel? So these are things that have been added in our environment, these encryption keys for encrypting the data that we really haven’t thought through to make sure we’re able to actually recover the system while we’re still protecting the data. Another customer, the same thing: They had encrypted the hardware tapes, the backup tapes, the physical tapes, but when you’re using the ERMS product, or Backup Recovery and Media Services product, you need the recovery report. You know every year they would come to test at the recovery center, they would give us a recovery report. We would recover it just fine, but when we were talking about this externally one time, I talked about well, do you send the recovery report offsite every day? And they said no, we put it on the tape. And I looked at them and I said, you mean the encrypted tape? That was the first time it dawned on them that oh, we wouldn’t have the recovery report because we haven’t recovered the tapes yet, and the tapes are encrypted. So it’s going through that whole process of all those protections we put in place to make sure that we can still recover our system.
Charlie: Just going back to that Joe’s—poor Joe.
Debbie: Poor Joe.
Charlie: We are picking on Joe, but he’s the guy we have our crosshairs today. So Joe, you know I remember years back when data was still being backed up on diskettes, 8-inch diskettes. Holy cow, but—
Charlie: Anyway, this one company was very comfortable that the diskettes were being taken offsite by one of the employees. We’ll call this employee Joe—
Charlie: And Joe would put the diskettes in the trunk and drive away. Until one day when Joe realized that the diskettes were still in the car trunk and took them out and they were completely warped and—
Debbie: Because of the heat, right. The heat and humidity.
Charlie: Because of the heat, exactly right.
Debbie: That’s exactly true and I have seen tapes—and this happened to be in Tucson, Arizona, where we did a lot of our processing and invention of tape technology for IBM i. People would put the tapes in the trunk of the car and they literally would melt. So environmental factor is an important thing. Like you said, the diskettes were just always in the car and they had melted.
Debbie: Same thing with the physical tape, yeah.
Charlie: That’s obviously a gaping hole in their backup and recovery strategy, but no one at the time—I guess there was just this casual approach. I think the reason why I bring it up because it still proliferates to today—
Debbie: It does, yeah.
Charlie: With the physical tapes, and obviously not everywhere, obviously not, but there is sometimes the less than formal or casual approach to, oh that’s the backup tape. We got our backup tape and we’re good to go, but holy cow, the value of that information. You know it’s only more valuable when you need it, obviously.
Charlie: The day when the machine is up and running, its value is potentially zero, but now we’re in crisis mode. Now it’s the most important piece of information—the physical piece of thing I have—in the world.
Debbie: Correct. Correct.
Charlie: So how do you speak to that as far as a recovery plan? Is that something that you talk about when you’re talking to a customer about the value of that and why that’s such a critical component, the safe securing of tapes?
Debbie: Yes, and so we talk about the safe securing of tape. We also talk about the location of that tape. Where is the recovery going to happen? Do you have a site that you work with? Is it close to the site? How fast can you get the tape there? A lot of natural disasters like hurricanes—one time in Texas, you know the vendors that pick up tapes don’t go into hurricane zones is what they found out, and in particular one customer that did show up with a tape, that was because the company owned a Lear jet and they could fly the tapes out. So that’s where you look at, well maybe tape is not the best way for me to do a recovery. In fact, Hurricane Katrina—those companies that went through that with getting their physical tape to a location, doing physical tape recovery, they opted for doing high availability where you replicate the system and the system is replicated from one site to another site. So they’re not dealing with that physical tape in an actual recovery where they can switch over systems. Another option that we have today are the virtual tape libraries where you can replicate that virtual tape to another site at another location. It’s a very, very good solution and in fact there are some smaller VTLs where that is not very expensive for some companies—the cost has come significantly down—but yet I will say there are some really small customers where physical tape still is their best option. So you really have to look at the security of that data on the tape or in the virtual tape library and then include all the possible scenarios that may happen. In fact, the company where the tape was going home to Joe’s closet did experience a fire after I had worked with them. Luckily it didn’t hit the IT department, but it did hit the business—
Charlie: Right. So our hypothetical Joe, that scenario is still alive and well.
Debbie: It is still alive and well, yeah.
Charlie: And sadly of course, now the non-natural disasters. Now Joe happens to be away on vacation and now they need access to his house for example, and Joe is not available.
Debbie: That is correct, yeah.
Charlie: So what do you do? I mean that’s a valid point to consider.
Charlie: It’s a bad day to be Joe, I think.
Debbie: I think so [laughs]. Luckily Joe doesn’t have tapes in his closet anymore.
Charlie: Great. Thank you, Joe.
Debbie: Well yeah, and you know it’s not just the tapes. You get into high availability, and I’ve worked with customers where I come in there and I’m supposed to create a backup, and I’m supposed to create and ensure they have a good backup on the replicated system, right? I’ll start looking at that and I’m like okay, let’s look at your backup strategy and let’s make sure this is good, but I’ll notice something and one thing that I might notice is you’re only replicating one directory in the IFS. What about the rest of the IFS? You have a lot of data in there. The system has a lot of data in the IFS. Oh well, we’re just replicating the one directory. I’m like, so if my task is to help you with a backup plan off of the replicated system, I cannot do a good backup because the data is not there, it’s not being replicated, and by the way you’re not backing up production at all. So at this point I need to tell the customer you’re not recoverable. Whether you’re doing HA or whether you have a backup, in either case, you are not recoverable, and it suddenly dawns on them. It’s like oh yeah, we’re not, are we? So you have to look at all the pieces, not the backup and the recovery but the high availability solution also in some cases. So that customer eventually replicated all the data in the IFS, which was good because now we truly have high availability, and they started testing switch-overs to make sure they could actually switch over and run their system, but also on the replicated system where we were performing the backups, we were able to get good backups. So it’s looking at those whole pieces. I will see a lot of companies, they’ll spend a lot of money to do replication, but they’re not really testing it, not implemented properly and they don’t feel comfortable that they could ever switch over. And those are the things you have to look at—let’s clean it up, or maybe look at a different solution that’s going to work for us.
Charlie: You make a point there, Deb. You said that for customers that I go and visit, and I challenge them on their plans, but lucky are those who have you to come in there and meet with their teams. But obviously you’re not covering every customer in the world and there are many, many companies who don’t have a visit from an expert in backup and recovery. They’re just comfortable, perhaps ignorant but comfortable, that they will be able to recover from a disaster, and these are the ones I think who are really in potentially the most danger.
Debbie: That’s correct, and not necessarily comfortable, but I think there’s a lot of, that’s never going to happen to us. It’s never happened in 30 years, so it’s not going to happen, which is totally not true.
Charlie: Wow. That’s true. I mean listen, there are so many stories you hear of people, you hear it all the time. People, they buy fire insurance once their house burns down, obviously.
Debbie: Right, and it doesn’t help you once the house is gone.
Charlie: No it doesn’t, and you mentioned a couple of other points I want to talk about. You talked about the production data not being backed up or not recoverable, but let’s switch gears on that one and talk about test environments for developers, because isn’t that equally as important in some cases, many, or even most cases?
Debbie: Yeah. So a lot of customers are focused on production, and maybe not in test or development. I will have customers that will say well, we only backup development once a month, because you know developers, they like to be on the systems at all different hours. Maybe they are working at 2-3 in the morning because they can’t sleep. And so the developers have decided, and that is a totally true story, they decided we only need to backup the system once a month. So they give it to us once a month, we do a backup. Well this particular customer, after we had got them all set up really, really well for backup recovery on their production environment, they had an issue where they lost all their data on their development system. And remember, it’s once a month they’re being backed up. It happened on like the 28th day after that backup—
Charlie: Of course it did.
Debbie: Yeah, of course it did, that’s the way it’s always going to happen, and they lost a month’s worth of work. So not only is that an impact to the business, but developers are not happy when they have to figure out all this work that they already did. There’s no backup and they’ll have to redo all of that, and that’s where we look at options and you talked about a budget. I’ve worked with a lot of customers that say oh well, we can’t take the system down. There are options on the system where you can do things like save while active (SWA) to get a good save—we may have to request things for maybe 5-10 minutes and then bring it back up. But we’re able to get that save while active checkpoint and still backup on that system. It’s a limited downtime and that save while active function, it comes with the system. It’s free, you’re not going to pay extra for that. In fact I’ve worked with a lot of customers in that scenario that say we just can’t take the system down and we can’t buy another system to replicate, but there are these options like the save while active where you can get a good save. Another customer I had—it was a hospital, and again, they said we’re 24 x 7, we can’t take the system down. And they had come from a strategy of what we used to use in 38 days, and their strategy was to save journal receivers every single day. They did this for a month and then they only did a full backup once a month. They had a system failure so they were in the recovery center trying to recover the system. You first recover from the full backup and then you start the apply of journal receivers, and applying the journal receivers was taking a very, very long time. So we started up as many multiple jobs as the system could handle, and then we kind of did some calculation. Well, it was going to take seven days to put those journal receivers on—a long, long recovery.
Charlie: They were down for seven days?
Debbie: That would mean yeah, they were down for seven days to get the journal receivers applied.
Charlie: Seven days—I mean that’s a huge risk to the business overall.
Debbie: Yeah. Luckily, the main thing that they run on the system was time cards, timekeeping. It didn’t impact the hospital operations, but it did impact their personnel and timekeeping, but it’s just an example of a scenario of not knowing how long it’s going to take to do that recovery based on the strategy that you have. In this particular instance I said we can do save while active. Can you take it down for 5-10 minutes? Oh yeah, we think we can actually do that, and they did that and then the system was back up in 8 hours after we tested it.
Charlie: From what I’m gathering, this is not a set it and forget it type strategy. The company’s data needs grow, their enterprise grows, acquisition, whatever the case is, and you have to keep revisiting on some reasonable interval your backup and recovery strategy because—
Debbie: That is totally true because the data is changing, what you’re running on the system is changing. I’ve been involved in thousands of recovery tests and it never fails to amaze me that every test you usually find something different that you will probably have to deal with, and if you hadn’t tested that, you wouldn’t know about that.
Charlie: So—I mean the ultimate goal is to get a run book, I guess. Some kind of book that we can go to and say: this is our recovery plan.
Debbie: Yup, yup, and a good business will have a good recovery plan. It doesn’t include just the IBM i, it includes networking, it includes the Windows servers, whatever you’re doing for those. A key piece of it is the IBM i, and everybody’s system is different. You’ve got different data, you’ve got different security options. I’ve been through long recovery tests where we think we’re ready. We’re up and ready to sign-on this system, and none of the work stations are signing on. Well this was because of a security change that was put in place that we don’t know about, or these new devices were auto-configured, which means they’re ending in different IDs—001, 002—we’re not going to let them come up. But when you’re looking at that 1 o’clock in the morning and trying to figure out what happened and how do we actually get back on the system, it’s very time-consuming and very, very frustrating. So having the plan, knowing who is going to execute it and actually going through some testing to know what’s going to happen is very, very critical.
Charlie: You know there’s another point to be made here. You’re talking about this hospital, and we’ll talk in generic terms, but hospitals are certainly an industry that’s regulated. We have HIPAA concerns, things like that, and you go to Europe and you have GDPR and things like that. So how do those regulations impact maybe a backup and recovery strategy, or do they?
Debbie: They absolutely do, and those are things that they need to look at: their recovery time, their recovery point, and like we talked about, they have very strict security rules. They have things like, does the disk need to be encrypted, do the data fields need to be encrypted, do the backups need to be encrypted? It’s all part of the plan and the processing of going through whatever the security rules are that you have to go through.
Charlie: So what would a typical meeting look like? If somebody really wants to do this in earnest, or revisit it—perhaps now they fit that interval where they need to revisit and do a whole audit on backup/recovery. I mean does that go hand in hand with a security audit? Would you sit in tandem with somebody and hey, these keep intersecting. We need to have this conversation with everybody on board at the same table. Who else might be involved in those meetings?
Debbie: So the people involved in the meetings with the company would be the security people, the people doing the backups. The admins are very important to this whole process—anybody that owns or has a piece in that business. Like we might talk about a business impact analysis. How much is the company going to lose if we’re down for how many hours? That’s something you have to look at and then really, it’s just working with the IT people to have a discussion about—let’s look at your backups. Let’s talk about where those backups are going and then let’s look at the recovery. It’s a unique thing because it’s kind of really finding out the whole idea of the customer and what they’re doing. I truly find out that every single customer is different, even from the very small, simple customer. They may have been doing the same thing over and over for years, and they have like a CL program that does their backup. It has been added to and added to and added to, and I can take a quick glimpse of the CL program and I can say, oh there are some critical libraries here that you’ve never backed up and you’re missing. I can also look at that and say I think we have a simple option for you. On IBM i we have something called SAVE Menu Option 21—and mind you, this is a small customer. I think if we take what you’ve been doing for years and take it to an Option 21 and mind you, we have a new way to actually automate an Option 21, which didn’t happen years and years ago. I think I can ensure you’re going to have a full backup and I think it’s going to run faster. So we did a test and that’s exactly what happened, from the simple customer to the very, very large customer, maybe the large customer, has BRMS. We’ll start looking at a very complex environment with a lot of LPARs and larger data. I’ve seen customers with up to 90 terabytes of data that we have to recover and look at.
Charlie: Now you mentioned admins. You mentioned security people. These are stakeholders in the enterprise, in the company, and no matter how big a company is, they’re going to have stakeholders. But how do you identify the stakeholders, or is that your responsibility? Whose responsibility—who does that fall onto? Whose burden is that to identify that stakeholders and make sure that they are accountable for their part in overall infrastructure?
Debbie: So when I go in and work with a customer, I’m going to need their assistance to identify those people. Maybe I’m working with a partner that works with this customer, and they will identify those people. But I think what helps, and if I take some of the customers I work with I may be looking at the lower level and I can identify the problems that they have, and then within the company they can take those issues and move them up the chain so that they can make some decisions there. But a lot of times if you’re not looking at it, they just want to put on the blinders because it hasn’t been an issue. If we’re not seeing it, then it’s not a problem.
Charlie: Wow, yeah. Head in the sand—that’s something that we see a lot as well. That’s a dangerous model.
Debbie: Yeah, like for instance I was teaching a class once and we were teaching BRMS, and I always focus on the recovery side. I was talking about taking tapes offsite, and at one point IBM sold a tape library where you could load up eight tapes, and some customers thought inadvertently like, oh I can have Monday’s tape, Tuesday’s tape, Wednesday, Thursday, Friday. All the tapes are loaded there. Nice solution? Yeah, except for one fact: they’re not taking the tapes offsite. They’re waiting for seven days because well, they’re in the library. They’re in use. I did have a person in the class get up, leave the class, and call her manager. So this is where she’s reporting to the management. Do you realize if we have seven tapes and we have a problem or a fire, we lose seven days’ worth of data? Until it had been explained to her that not taking those tapes off every day, it seemed like a great solution to have seven days’ worth of tape in the tape library.
Charlie: Yeah, but you know what? That is still in existence. I still hear people tell me at conferences that’s still their strategy.
Charlie: And far be it for me to say anything terrible to them, because those might have been options I put into place myself years ago when that seemed to be a better solution, and then it’s convenient. But again, I think going back to the original point that we started with, the value of information. You can’t go back a week and try to recreate that. It’s too valuable and it’s a true asset to the business. It is an asset and without that, the longer you’re down, the greater the risk of going out of business perhaps.
Debbie: Yup and there’s been a lot of companies go out of business when they can’t recover their data. So, so true.
Charlie: Well fortunately there are newer solutions in place. We said cloud backups and VTLs, and there are better things in place today to help mitigate some of these risks.
Debbie: Yeah so, we have VTL. We have high availability, we have service providers, we have cloud. Another thing I want to just touch on though is a lot of people are thinking about moving their data to the cloud. So it’s one thing to get the data to the cloud, but then your question is how am I protecting that data that’s in the cloud? Those are usually add-on services. Is it going to be replication? Is there going to be a backup solution? In a lot of cases, it may not be the backup solution that is going to give you the recovery time that you need, or it may not be the affordable backup solution that you need. So it’s very attractive to put your development environment, your test environment—you can spin up a VM in the cloud and that’s good, but you have to weigh the risk. I do talk with a lot of people that say we do have test and development, but we’re not backing it up, and that’s a risk they’re willing to take. But they do look at, okay, if I’m going to do production in the cloud, what really is going to be my high availability solution? What’s going to be my backup recovery solution in addition to high availability? Then those costs will add up too, but you cannot forget when you put your data in the cloud, it still requires a backup recovery solution, and it also requires maybe a HA solution too.
Charlie: And this is not to suggest, by the way, that having an on-prem solution is not a viable method anymore. I mean there are many companies who run on-prem very well today, and that’s all they’ll always do.
Debbie: That is absolutely correct. A lot of customers, they love their on-prem and they love being in control of their data, which is a good thing, and they’ll continue to do on-prem. So it just depends on what works well for your business but—
Charlie: As long as you’re cognizant of whatever the risks are—and both solutions have risks, certainly.
Debbie: Exactly. Both solutions have risks and both solutions need both backup and recovery and high availability, usually. Yes.
Charlie: Well that makes perfect sense, and when has that never been the case? Even with my own little laptop, that’s important.
Debbie: Yeah. Speaking of laptops, I’ll tell you a story. So my laptop, when I worked at IBM and years and years ago getting ready for a COMMON conference, I had just finished up my presentations. And I was going to do the right thing and I was going to backup my presentations. So in those days we would back up to a DVD on our laptop. I’m very busy that night. The kids had a lot going on. I’m trying to pack, I’m trying to clean, and then I’m going to format my DVD to backup my presentations before I go to COMMON, and I type in Format C. Then I go and I work on the dishes and I come back. There’s a message and I press enter. Then all of a sudden, I’m like oh no, and I start sweating because I just formatted my whole laptop.
Charlie: I have a feeling that that was more than an oh no moment.
Debbie: Yeah, it was really bad [laughs]. I was literally like panicking and sweating and like—
Charlie: Right. Right.
Debbie: I had no idea what I was going to do, because the plane left the next day to go to COMMON and I do not have my presentations. Neither do I have a laptop. So I was trying to figure out something, right? So we have IT support in Rochester here, but I kind of did have a backup strategy, and my backup strategy before taking it off to DVD was through my email. So as I made changes to my presentation, I would send it back to myself, because our email servers are backed up, right? If I can get to my email of the presentations I sent to myself, then I have my backup, but I had to get my laptop reloaded in order to get to those. And so I called into IBM and a particular person that I would work with—and this is a Saturday, mind you—and I’m like, I really need help here. He’s like, what did you do? And I told him the whole story. I was a little embarrassed, but I was like, this is what happened, I have to catch a plane. He came into the site. I met him and he got my laptop reloaded just before I had to get on the plane so I could get to my email, so I could get to my presentation.
Charlie: These are the kind of stories when you hear the person on the other end of this phone call saying, you owe me one big time for this.
Debbie: That was right. I can still remember him saying to me, Deb, what did you do and why? I’m like, I’m only Miss Backup/Recovery. Why would I do something like this?
Charlie: Well that’s my point, which only goes to show if you’re going to do that, then anybody is capable of losing data.
Debbie: Of human error. Yup, yup.
Charlie: Exactly. We’re all human, so certainly we have to be aware that that is a real reason to lose data, obviously.
Debbie: Yeah, it is.
Charlie: Very funny. So listen—can you imagine, Deb, that you and I have been talking for such a long time?
Debbie: Yeah I can, Charlie. We do talk a long time. That’s true.
Charlie: We do—and I love it by the way.
Debbie: Thank you.
Charlie: But I don’t want to go over the allotted time here. So what kind of final words—you know, what’s the big takeaway here? We talked about the value of information. Information is very valuable and perhaps is no more valuable today than it was even 20 years ago, but there’s certainly more data out there. What’s your takeaway to anybody who even in this day and age does not have by any real measure any backup and recovery strategy? What’s your final message to them other than just do it? Or is that the message?
Debbie: I kind of like that. I kind of like, just do it. Definitely the information is growing. There’s more of it. I think you really do have to make even a small effort to have somebody help you or take a look at it. An outside eye is always good. You know the one message I used to leave with customers as far as coming out of a backup/recovery session is there’s only three things I want you to remember: one is to test, two is to test, and three is to test.
Charlie: Right. Well there you go. I think that fully encapsulates the whole thing here and there, and I think at the end of the day there needs to be some sense of urgency to this.
Debbie: There does, absolutely.
Charlie: Because you know the cost to the company—again it’s only obvious when you’re in those situations, but the cost to the company is huge if you don’t have the proper things in place.
Debbie: Absolutely. Our companies today run on data, absolutely.
Charlie: That’s a good point. Well, I’ll tell you what: I’ll leave it there, because data does run the world, obviously, and making sure that data is in place and always in place is so important. I know you’ve done a great job in your entire career keeping companies safe and sound, so thank you for all your work and your evangelism of getting that message out there.
Debbie: Well thanks, Charlie. This has been great fun. Thank you so much.
Charlie: Absolutely. So everybody else, please check the TechChannel website. There’s always great information and it’s chock full of other webinars and podcasts, things like that. And thank you for joining, everybody. We’ll talk to you soon. Bye now.
About the author
Charlie Guarino // President, Central Park Data Systems
See more by Charlie Guarino