Cloud Computing Information Protection: Creating Peaceful Sleep for IT Leaders
Modernizing Authentication — What It Takes to Transform Secure Access
The Far Hills, N.J.-based United States Golf Association (USGA) protects between 600 gigabytes and 700 gigabytes of mission-critical data every day via cloud computing, using IBM's business continuity and resilience services. This includes more than 4 million membership records and more than 150,000 daily e-mails.
The USGA has just under 70 servers, most of which are based in Far Hills, with some at a backup site 20 miles away, and others in Colorado Springs. The USGA has traditionally done storage and backup internally. In the event of a total disaster, it would have had to order new equipment from vendors, set up in a backup location, and retrieve backup tapes that were stored off-site. Using this approach, it could have taken a week to retrieve critical data, such as membership records.
"We have had traditional data protection forever - data tape back-ups that we have off-site," explains Jessica Carroll, managing director, Information Technologies, for USGA. "We continue to do this today. However, it is very much a 1990s mentality. What I was looking for was a more immediate result, and the cloud really fit into that for us." What Carroll was looking to do specifically was to be able to take USGA's most mission-critical data, back it up, and put it in the cloud. "So, even though I have it on tape, I wanted something that would enable me to get me back to yesterday as quickly as possible," she explains. "Off-site tapes which rotate once a week were not going to cut that."
In September 2008, USGA selected a cloud-based business resilience service from IBM, called Business Continuity and Resiliency Services (BCRS). "With new regulations like compliance and increasing security and data demands on our network, we have made it a priority to protect our data and ensure that we have the right disaster recovery plan in place," says Carroll. "In working with IBM on this multi-year project and tapping their business resilience and cloud expertise, we have put into place a flexible infrastructure recovery solution that ensures the availability and resiliency of our core business functions."
There are three pieces to USGA's BCRS agreement with IBM.
- A hot-site agreement. This is an IBM-hosted hot site (not related to cloud computing) with servers set aside for USGA to use in case of a disaster.
- A managed cloud backup agreement. "We don't back up our entire infrastructure," says Carroll. "We only back up mission-critical data, which started at about 500 gigabytes, and is now between 600 and 700 gigs." Here, software agents placed on each server take "snapshots" of the data, which are funneled into a server in the USGA data center, then backed up to the IBM cloud. "We have an IBM device in our data center which serves as a collection point for the snapshot of our mission-critical servers that we are backing up each night," she explains.
- An e-mail continuity service agreement. This is a cloud-based service which IBM coordinates with USGA's onsite e-mail servers. If there is a disruption, USGA can switch over to Web service with the flip of a switch.
"The cloud opportunity meant that, without adding additional infrastructure into my environment, without having to add support staff to my environment, I could actually do a nightly back-up through the cloud -- have somebody else watch it, monitor it, make sure it's all taken care of -- and know that it's there for me if and when I should need to access it," she continues.
"For me, this is probably going to always be one of my absolute favorite, pivotal projects of my career," says Carroll. "I say that because nobody else really is getting excited about it. Disaster recovery is not exactly the most glamorous topic, and I don't know of too many people who were going, 'Yay, she's finally got this for us!' But I was so happy, because what it meant for me as the IT leader was: I've just protected our organization. I hope we never have to find out about it, but if we do, I'm going to be in a position to say, 'We've got you covered.'"
Carroll elaborates on the reason for the general lack of excitement for BCRS outside of her own department. "I work for a non-profit sports industry, so the focus is golf, not technology," she says. "I'm in the basement and excited about backup and recovery, but this isn't really appealing to golf executives. However, just like any other business, our data needs to be protected, so I realized that I needed to 'lead the charge' on the importance of this."
She reports that IBM's BCRS was fairly smooth and painless to put into place. "One reason is that we spent many months in advance evaluating the product, going over the contract to make sure it fit our needs," she notes. "We signed the agreement in September 2008, and by February 2009, everything was in place."
While excitement for the project outside of her department was minimal, excitement within the department was strong. "Our team was excited about it, because they realized the benefits," she states. "If there is an issue, they know they will be covered. Again, prior to signing with IBM, we had a home-grown plan for restoration. Now, everyone feels better knowing that everything is 'sitting at the ready' at IBM."
To date, USGA hasn't had any incidents that would cause the technology to prove its worth. However, an important benefit for Carroll is that she can sleep better at night, knowing that USGA's critical data is backed up. When she talks with IT executives in other organizations, she emphasizes that they need to look at something like this, too. "I tell them to think of it as insurance," she points out. "You have insurance for your building. Why wouldn't you want to have some form of insurance for your data, which is a more important asset than your building?"
USGA's agreement with IBM is up for renewal later this year. "Since we implemented this in 2008, our environment has changed a bit," says Carroll. "As a result, we are talking to IBM about some modifications to our agreement. There are some things we want to add on to the package that we didn't have before. One thing we are really interested in, for example, is seeing if it is possible to have a virtual server available, rather than a physical server."