Mitigating the Impact of Data Loss & Outages in Government INDUSTRY PERSPECTIVE
MITIGATING THE IMPACT OF DATA LOSS & OUTAGES IN GOVERNMENT 1
INTRODUCTION The tsunami of information that today’s government agencies create, manage, and store has never been greater. This data spans everything from classified information to highly sensitive personal information to less sensitive social feeds, email and more. Much of this data is critical to the security of the nation’s infrastructure, and in today’s globally connected world, nearly all of it is vital to the successful operation of governmental agencies. The negative impact of data loss – whether from inadvertent error, operational failure or external attack – is something that public sector organizations must confront on a daily basis. The risk of inaction is too high, with threats expanding dayby-day to include state sponsored cyber initiatives and rapidly evolving malware and ransomware. Given the sensitive nature of government data in particular, it has never been more essential that agency leaders safeguard their data with a modern plan for the backup, and more importantly, the recovery of critical digital information.
Unfortunately, data backup and recovery is notoriously a laggard in IT modernization efforts. With as many as one in six backups and one in seven restores failing, most IT professionals would agree that conventional backup approaches are broken, or at least in need of a critical review. The evolving threats to online information require a new level of backup and recovery in the public sector. GovLoop has teamed up with Oracle, a leading cloud application and platform services provider, to discuss how agencies can best protect, store, back up and recover their data. In the following pages, we’ll discuss the challenges agencies face in keeping their data secure and backed up; the importance of recovery in protecting our nation’s digital assets; and gain additional insights from Donna Cooksey, Solution Specialist, and Kerstin Woods, Senior Principle Product Director at Oracle.
INDUSTRY PERSPECTIVE 2
“
“We can’t be expected to operate as large as General Motors on a gas station budget…We need help and it’s going to take funds.” B Lisa Cannon Director of IT, Madison County, stated in response to a ransomware attack which affected 600 computers and 75 servers and cost the county around $200,000.
THE CHALLENGES AT PLAY FOR GOVERNMENT DATA Agencies across government and the nation’s critical departments — including transportation, energy, emergency services and financial services — rely on electronic data and the related computer systems to share, process, manage and store that information. The protection of these is critically important to our nation’s future. “For the public sector, the stakes are incredibly high,” said Woods. “The data we’re talking about is not just important for public confidence; it’s crucial to our nation’s operations, economy and security. So, safeguarding these computer systems and vital data isn’t just important – it’s essential.”
While getting backup and recovery right is important for any organization, it is particularly difficult to achieve in government due to three serious challenges: transactional services, regulations, and evolving cyberattacks. Let’s examine each in detail:
TRANSACTIONAL SERVICES:
Government data is highly transactional; information and data is constantly flowing back and forth between citizens and the agencies that serve them. Backups that occur daily, or even hourly, guarantee data loss exposure and do not provide appropriate protection for transactional environments that change constantly.
REGULATIONS:
Due to regulatory compliance statutes that are unique to government, and requirements about backup and recovery set by the National Institute for Standards and Technology (NIST), agencies must be more certain than ever they can recover data confidently, in minimal time and can easily prove it. Slow or uncertain recovery without any visibility or reporting capabilities will severely limit public sector compliance efforts.
EVOLVING CYBERATTACKS:
Agencies need an agile recovery solution to be able to rapidly restore to a point in time prior to a cyberattack in order to minimize any detrimental impact to agency-held data.
Clearly, there is a long list of real risks associated with backup and recovery issues for agencies today. As a result, government IT and database administrators spend considerable resources dealing with data protection challenges. It is a critically important time in our nation’s history to choose a more tailored data protection solution, especially for sensitive transactional data, and break from the decades old paradigm of one-size-fits-all backup and recovery. And, with simultaneous pressure to reduce costs and improve efficiency, it’s time to improve backup and recovery productivity and free up valuable resources for more strategic initiatives.
MITIGATING THE IMPACT OF DATA LOSS & OUTAGES IN GOVERNMENT 3
TODAY’S DATABASE PROTECTION PROBLEMS The fundamental problems with today’s database protection solutions stem from: Data protection strategies focused exclusively on backup without taking into account the critical aspects of restore
One-size-fits-all backup solutions that treat databases as a flat files and have zero database-insight
Outdated backup methodologies, where up to a day’s worth of data can be lost due to a gap between backups
Poor visibility and control, which results in recoverability status guesswork and unnecessary management overhead
Burdensome overhead on production servers and networks negatively impacting application performance
Unabated data growth and 24x7 operations driving backup window constraints
Backup appliances with limited scalability and availability create system sprawl and management complexity
INDUSTRY PERSPECTIVE 4
THE SOLUTION FROM ORACLE: CONTINUOUS DATABASE PROTECTION In light of the realities facing agencies today, a new backup and recovery paradigm is recommended for transactional, sensitive and critical database data. One modern solution is Oracle’s Zero Data Loss Recovery Appliance (Recovery Appliance), a proven engineered system, offering an unparalleled approach to database protection. It was developed by Oracle’s database development team in response to the gaps in protection provided by traditional backup and recovery products, which are database-unaware and deliver suboptimal results for database protection. As an extension of the Oracle Database, the Recovery Appliance is masterful at transaction-level protection – designed to continuously protect database changes. It also goes further to perform database-aware validation and autonomous self-healing with the goal of full endto-end backup integrity. With these unique capabilities, the Recovery Appliance helps protect agencies from database data loss exposure and minimize the risk of corrupted backups. This is where backup and recovery becomes especially important, said Cooksey. “If a ransomware attack has you by the proverbial throat, your options are to either pay the ransom or restore data from a backup, thereby avoiding having to give into criminal demands. The Recovery Appliance is like an insurance policy. If ransomware or malware hits, you know your data’s been continuously protected, and your data loss exposure is less than a second.” Since recovery is even more critical, Oracle’s Recovery Appliance dramatically streamlines database recovery and helps public sector customers recover the database in a minimal amount of time to a specific point-in-time and enable rapid recovery after a downtime or cyberattack
incident. As a result, agencies can quickly recover to a time before a ransomware or malware attack. In addition, Oracle’s Recovery Appliance helps organizations meet critical regulatory mandates with unique reporting capabilities that provide the recovery status of each managed database and alerts based on user-defined thresholds. These tools help agencies meet compliance requirements and rapidly respond to audit requests. “With this solution, the Recovery Appliance shows your current data protection status, per database, down to the sub-second,” Woods said. “So if you have compliance mandates to meet, you’d be able to compile a report that assures your management with full confidence that you’re compliant, your databases are recoverable, and your backups are valid.” Lastly, and critical for budget-constrained government IT modernization projects, Oracle’s Recovery Appliance can help deliver significant savings by reducing backup management busywork and computing resource consumption. Elements such as policy-based automation and single-pane-of-glass management are very user-friendly. Also, the fact that it sends only database changes saves a tremendous amount of production server, network, and management resources. The result can mean a dramatic decrease in the cost per protected terabyte compared to traditional backup and recovery systems. In summary, Oracle’s Recovery Appliance is a solution tailored to meet the demands of today’s always-on world of government agencies: protecting critical and sensitive database data from end-to-end and minimizing data loss exposure in the face of cyberattacks as well as the more conventional system failures.
In November 2016, hackers breached Navy systems and compromised personal records of more than 130,000 sailors. MITIGATING THE IMPACT OF DATA LOSS & OUTAGES IN GOVERNMENT 5
CASE STUDY: STATE GOVERNMENT JUDICIAL SYSTEM
40
PRODUCTION DATABASES
15
CRITICAL DATABASES
8,000 INTERNAL USERS
70,000 DAILY WEB USERS
This state government civil and criminal court system has 13,000 employees and handles internal and public services. All of its judicial processes are recorded in digital format and are fully paperless with nearly 14 million judicial cases recorded since inception of its Oracle-based system—approximately 723,000 in 2015 alone. An Oracle user since 1998, the government entity today has nearly 40 production databases and 15 critical databases that are accessed by more than 8,000 internal users and more than 70,000 web users every day. Like many government agencies, the court system faced problems with backup and recovery. Database backups suffered from low de-duplication rates even after following its previous vendor’s best practices. In fact, it took nearly three days to back up its most critical database. It also needed to expire old backups every day, due to space constraints. When the agency turned to Oracle’s Recovery Appliance, it realized immediate benefits. Recovery Appliance reduced initial full backup time from three days to 12 hours and reduced all backups thereafter to only 23 minutes. The de-duplication ratio dropped to 12-to-1, providing more space efficiency and a nearly 200-fold improvement in backup performance. Most importantly, the agency no longer had to waste resources on full backups again and was able to leverage a fully-recoverable database on demand.
INDUSTRY PERSPECTIVE 6
CONCLUSION Many existing data protection solutions fail to meet the backup and recovery needs of government agencies’ round-the-clock databases. They treat databases as generic files to copy rather than as transactional systems with specific data integrity, performance and availability requirements. The result is fragmented deployment, complex management processes, and ultimately, data loss jeopardizing the citizens that agency serves. We must arm our agencies with the right tools and data protection capabilities designed to help combat ever-increasing cyberthreats, meet compliance requirements, and protect sensitive transactions. Oracle’s Recovery Appliance tightly integrates the advanced, high-availability technologies of Oracle Database to uniquely address these challenges head-on.
ABOUT ORACLE
ABOUT GOVLOOP
Oracle (NASDAQ: ORCL) is the world’s most complete, open, and integrated business software and hardware systems company. With more than 370,000 customers—including 100 of the Fortune 100—in more than 145 countries around the globe, Oracle is the only vendor able to offer a complete technology stack in which every layer is engineered to work together as a single system. Oracle’s industry-leading public sector solutions give organizations unmatched benefits including unbreakable security, high availability, scalability, energy efficiency, powerful performance, and low total cost of ownership.
GovLoop’s mission is to “connect government to improve government.” We aim to inspire public-sector professionals by serving as the knowledge network for government. GovLoop connects more than 250,000 members, fostering cross-government collaboration, solving common problems and advancing government careers. GovLoop is headquartered in Washington, D.C., with a team of dedicated professionals who share a commitment to connect and improve government. For more information about this report, please reach out to info@govloop.com.
MITIGATING THE IMPACT OF DATA LOSS & OUTAGES IN GOVERNMENT 7
1152 15th St. NW, Suite 800 Washington, DC 20005 (202) 407-7421 | F: (202) 407-7501 www.govloop.com @govloop
INDUSTRY PERSPECTIVE 8