GUIDE

Data protection
conversation
guide
Data protection is a high priority
Data protection is a critical conversation for any
organization. The importance and growth of data,
combined with the ever-increasing threat of
cyberattacks, is drawing more and more resources
to protecting and securing data.
According to a 2021 Komprise study, 63% of
organizations are managing more than 1PB of data,
with more than 30% of IT budgets spent on data
storage and backups. And those numbers are
expected to grow in the coming years.
An IDC study states that “Petabyte-scale deployments
are becoming commonplace. Traditional backup
methodologies can no longer cope with such data
volumes.” Another IDC study states that 500 million
new logical applications will be created by 2023, as
many as were created in the last 40 years, which will
generate massive volumes of structured, semi-
structured, and unstructured data.
According to 451 Research, more than 35% of
customers list data growth as their #1 pain point
for disaster recovery1. Ransomware is driving more
investment in data protection; 73% of respondents
claim that they are spending more to combat
ransomware.
Data protection personas
Influencers and decision makers
Influence and input
Datacenter Manager
Defines space, power,
cooling requirements
Business/Application/LOB
Defines application SLAs
Security/Regulatory
Defines security requirements,
applies regulation
2 Data protection conversation guide
Why NetApp?
Data protection is one of the key differentiators of
NetApp® ONTAP® data management software. An
important part of the DNA of the storage software
is powerful data protection and security technology
that dramatically improves the performance and
efficiency of data protection workloads, such as
backup, disaster recovery, and continuous availability.
When combined with our management tools and
independent software vendor partners, we can enable
customers to better protect and secure their most
valuable asset, their data. We can eliminate backup
windows, move data more efficiently, secure data
against cyberthreats, and increase ROI with data
reuse, across a hybrid cloud.
Who cares about data protection?
Those who care about data protection are the ones
who feel the pain when data is lost, corrupted, stolen,
or encrypted, or when applications go down. Which
means that everyone cares about protecting data.
However, there are particular roles that are
responsible for protecting data, and there are roles
that influence those decision makers.
Decision and implementation
Director Infrastructure IT
Defines standards for protection
across enterprise
Database Owner
Defines database performance and
availability requirements
Storage/VMware/
Infrastructure/Backup Admin
Defines requirements, and
engineer solution
Discovery questions
The following questions are grouped by role within the organization.
Questions can also be used across departments.
Business or application leader (line of business)
Discovery questions
Do you have challenges around data availability
and protection?
• Is this a new or existing application?
Has a business impact analysis been performed?
If not, is one planned?
• Cost of data loss
• Cost of downtime
Does the application have defined SLAs?
Where do you host your data and applications?
What, if any, is your cloud strategy?
(Do you have a cloud first or hybrid
cloud strategy?)
Are there ransomware concerns?
Do you have a security team?
3 Data protection conversation guide
Why this is relevant
Understand the scope of the problem. Is the customer
trying to solve a protection problem with a new approach?
Or by simply refreshing storage?
Enterprise applications are the lifeblood of most
organizations. It’s important to calculate the amount of
data loss and downtime acceptable to the business.
The average cost of downtime today is between $100k
and $1M per outage. Classification of the customer’s
data is important, because not all data is created
equal. Depending on the application, the data support
determines how often data needs to be protected, how
quickly it needs to be made available, and how much
money the business will lose while the application and
data are not available.
Traditional data protection with streaming backups can
adversely impact applications by slowing storage response.
This impact determines the type of data protection and/or
availability methods that might be needed to meet SLAs.
The location of the primary data and where the secondary
is located (for example, cloud object storage) obviously
impact the design of the proposed solution. That’s true
whether the solution is on premises, at a colocation
facility, or in a public or hybrid cloud.
Depending on where the applications run, NetApp
solutions will be different. However, the underlying
performance and efficiency through ONTAP are the same.
Data protection is a key part of ransomware protection.
According to 451 Research, 75% of organizations claim
to maintain at least one gold copy of data for protection.1
On-premises backup targets like virtual tape library and
object storage systems are the top choice of 67% of
respondents, while 52% choose public cloud storage.
Additionally, NetApp features like immutable Snapshot™
copies and indelible file locking with SnapLock®
compliance software are powerful protection against
cyberthreats.
 Discovery questions
Are you bound by regulatory laws and rulings,
such as GDPR, CA law, etc.? Do you have a
regulatory team?
Describe the value of your data. Does all of
your data have equal value?
How do you protect your compute?
• Is the application resilient?
Are your applications containerized?
Performance requirements?
Goals for organization or project?
Business or application leader (line of business)
Discovery questions
What databases are being protected?
How do you protect and provide data availability,
and are there any challenges with the current
method?
Are backups, secondary copies, or standby
servers used in any operational tasks?
For example, refreshes.
Are any native tools used for protection
and/or replication?
4 Data protection conversation guide
Why this is relevant
Data retention is a key part of data protection. Snapshot
retention scheduling and SnapLock can help protect
regulated data.
Determining what data is important to keep will help
with sizing environments as well as with data protection
policies.
Many applications have built in data protection
capabilities, but they aren’t always efficient. The
combination of application protection and data
protection can be complementary.
Persistent storage is essential for stateful containerized
applications. NetApp Astra™ Control is a set of powerful
software to help manage and protect containerized
application data. NetApp Cloud Backup now offers
support for containerized data as well. Ideal for
ONTAP focused IT environments.
NetApp Snapshot based data protection has little to
no impact on storage performance. Copies are made
in seconds, eliminating the need for backup windows.
Understanding the performance requirements of the
application can help with positioning the NetApp solution
and determining whether synchronous or asynchronous
replication is possible.
For example, what is the timeframe for the solution?
Why this is relevant
NetApp offers application-integrated protection with
SnapCenter® software. We support a broad list of
databases, including SQL and NoSQL databases.
Many applications have built-in features for protection,
such as Oracle RMAN, but these can be very expensive
licenses and may include performance and feature
limitations.
Does the customer use their secondary data for other
purposes than protection, or would they like to?
In the case of Oracle, RMAN may be used to protect
databases. Unfortunately, it only provides a mirror of the
data. When combined with ONTAP secondary storage,
Snapshot copies can be scheduled, providing an
incremental-forever backup environment, which is
efficient and powerful.
Data center manager
Discovery questions
Do you have any constraints in space, power,
or cooling?
Do you have a cloud mandate?
Are you considering site consolidations?
What are your requirements for availability,
accuracy (lack of corruption), and so on?
What is your tolerance for data loss?
Security and regulatory team
Discovery questions
Are you under any sort of regulatory restrictions?
Do you have any other security controls in place?
Copy control (regulatory). How many copies do
you really need?
5 Data protection conversation guide
Why this is relevant
Physical limitations can impact how and where the
data is protected.
It’s important to understand what this means. For some
organizations, a mandate means doing something as
simple as putting backups in the cloud, or it could mean
moving applications to the cloud.
Many organizations are looking to reduce data centers
to focus on their core business. Their strategy will highly
influence where the data is stored and protected.
How is the physical environment related to the logical
environment?
Why this is relevant
Regulatory restrictions impact how data is stored, where
it is stored, and for how long. Technologies like NetApp
Cloud Data Sense can help classify and categorize
data for these purposes. Features like SnapLock when
combined with SnapMirror® software can help manage
data retention.
Regardless of legal or regulatory requirements,
organizations must ensure that their critical business
information is kept safe on many levels, both internal
and external. There are a multitude of products, services,
and strategies on the market today to harden and
secure environments. As a result of this proliferation,
there is potential for feature overlap—or even worse, a
lack of interoperability that creates gaps in protection.
Understanding what security controls are in place, in
conjunction with documented requirements, helps to
position a well-rounded NetApp solution while taking into
account what is already in place.
Organizations have internal policies that determine the
number of copies they need to keep. This number may
be influenced by government regulations based on
industry (for example, HIPAA), which may determine the
requirements of the organization to store copies of data.
Understanding the number of copies required is essential
to sizing the right solution.
Storage, VMs, infrastructure, backup admin

Discovery questions Why this is relevant

Are there any current challenges around data Does the customer have any particular challenges they
availability and protection? How is your data want to address with new investment, such as reducing
currently protected? backup windows, moving backup to cloud, reducing
• Replication strategies data center sites, improving disaster recovery, moving
• Backup strategies applications to the cloud from on premises, and so on?
• DR strategies
• Availability strategies

Is any data loss acceptable? Data loss refers to the recovery point objective (RPO).
This is essentially the amount of time and therefore the
change in the data between backups or Snapshot copies.
Zero RPO requires synchronous replication of data.
How much recovery time is acceptable? The recovery time objective (RTO) indicates whether a
customer is looking at an HA system (like MetroCluster),
asynchronous DR, or backup. Backup usually takes
longer to restore data, but it is the most cost effective.

Where do you host your data and applications? Where applications and the protection storage are
Distance between sites, how many sites, and located impacts the solution options. Due to the laws
so on. of physics, data can travel only so fast over a wire. A
• Do you have a mandate to consolidate or synchronous replication solution has a distance limitation
reduce data center locations? to ensure adequate application performance.
• Move to cloud?

Goals for your organization or project? Timeframe? Modernizing? Refreshing?

Conclusion About NetApp

The opportunities to engage in data protection
conversations are plentiful, and the conversations
are typically welcome if you can solve the customer’s
problems. And NetApp can. NetApp ONTAP native
data protection capabilities and integrated solutions
can transform how our customers protect and secure
their data. Engage in these conversations now to
show your customers how NetApp can remove the
pain and significant cost of protecting their data.
1) Source: 451 Research, Voice of the Enterprise: Storage, Data Management and
Disaster Recovery—Charts and Figures, 2021
In a world full of generalists, NetApp is a specialist.
We’re focused on one thing, helping your business
get the most out of your data. NetApp brings the
enterprise-grade data services you rely on into the
cloud, and the simple flexibility of cloud into the data
center. Our industry-leading solutions work across
diverse customer environments and the world’s
biggest public clouds.
As a cloud-led, data-centric software company,
only NetApp can help build your unique data fabric,
simplify and connect your cloud, and securely deliver
the right data, services, and applications to the right
people—anytime, anywhere.

© 2021 NetApp, Inc. All Rights Reserved. NETAPP, the NETAPP logo, and the marks listed at http://www.netapp.com/TM are trademarks of NetApp, Inc.
Other company and product names may be trademarks of their respective owners. NA-750-1121