Does GDPR Make Me Go Tapeless?
So, let me guess … your manager just asked you whether you can delete someone’s personal data from your backup copies if he or she were to ask you following a ‘right to be forgotten’ request, right?
Oh yes, and you are one of the 49% of organizations that are still using backup tapes as part of the backup and recovery strategy. Nothing wrong with that, but you'll quickly realize that in order to delete someone’s personal data, you first must find his or her data and that can prove an almost impossible task, especially when you are using backup tapes to store your backup copies.
You may very well have hundreds if not thousands of backup tapes, some you keep onsite in a fireproof safe, but most are safely kept offsite in your disaster recovery location. The target file (or files) that you have been asked to delete can be on any of these backup tapes.
- So … how do you find the backup tape that stores your target file? Now … your files aren’t actually individually copied to your backup tapes. Your backup tapes store backup images and each image may contain multiple files. This means that you first must identify the backup image that contains your target file before you can determine which backup tape you must retrieve.
- Next … how do you delete your target file from the backup tape? Unfortunately, you cannot selectively destroy a backup image on a backup tape. You have to destroy everything else on that backup tape too. This doesn’t sound a viable approach – at least not to me. You may end up having first to duplicate out all the other backup images from the backup tape except for the backup image that contains the target file, and then perform (long) erasure of the backup tape. And – adding some more time consuming joy - if the backup image also contains other files that must be kept, then you first need to restore that backup image, delete the file, and then backup the rest again.
- Finally … depending on your data retention policies you are likely to have to repeat these steps for several more backup tapes.
I can feel your pain …
The good news is that you have just under two-years left to go 'tapeless'.
By the 25th May 2018 your company must be compliant with the General Data Protection Regulation (GDPR) – of course subject to your company trading in or with the European Union. Article 17 of this new regulation addresses the ‘right to erasure’ (or ‘right to be forgotten’), which I believe will impact almost every company in the world.
Going 'tapeless' is easier than you may think …
Veritas successfully helps thousands of companies with their transition from a tape-based approach to a disk-based one, as their tape-systems are no longer fit for purpose. For example: companies that are unable to backup the increasing volume of their data within the backup windows. These companies are reporting an increasing number of backup errors or spending an increasing amount of time and money on just keeping the tape system running. To solve this problem, they must redesign their backup to make the backup process reliable, scalable, fast, resilient and cost-effective again.
These companies choose the Veritas NetBackup Appliances to replace their tape-based systems. I see them often deploy the NetBackup Appliances in phases; starting with small or new sites, helping them gain experience before implementing the Veritas NetBackup Appliances company wide, which at that point is an easy, straightforward task. The benefits they feedback to me are remarkable and include:
- Reduced tape costs for management, transportation and storage
- Boost in backup performance ensures that backups complete within the backup windows and improves backup success rates
- Reduced storage costs through 90%-95% (or even higher) data deduplication ratios and cost-per-terabyte licensing
- Significant reduction in backup administration time frees staff for higher value tasks
- Reduced support calls; platform reliability and stability makes 24×7 support easy to deliver
… but the most compelling benefit is that their data is now readily available. With a Veritas NetBackup Appliance, you assume control over your data. It delivers direct access to your backup copies – there are no tapes to retrieve and change which is a massive time saver – making that ‘right to be forgotten’ request so much easier to deal with.
Get ready for GDPR and boost your backup and recovery performance to a whole new level with the new Veritas NetBackup 5240 Appliance. Start today.
Note: This post was first published on my Linkedin on 21 July 2016.