Forecasting Through the Variables
For many in the cannabis industry, your business is starting from scratch. One of the myriad of things that you find yourself doing is financial projections. Security is undoubtedly a line item in your budget, and as you embrace technology and your cybersecurity, you will need to consider your data. Protection of client information and intellectual property can make or break a business in the event of a breach. But how do you plan for backups in your budget?
When the topics of data storage, business continuity, and disaster recovery are brought up, the question of cost is usually at the forefront. The problem with this thinking lies in the fact that there is no simple answer about how to budget for backups. There are a number of variables that make this nearly impossible to “ballpark.”
Industry, compliance, internal requirements and goals play a large role in determining the right solution for your company as well as the costs for that solution. So what are the variables? Let’s break them down into 4 categories: Quantity, Redundancy, Frequency, and Maintenance.
It would be great if they only determining factor was the quantity of information that you wanted to store. In that case we would provide a cost per gigabyte (GB) and you could estimate based on your needs. That isn’t a solution though. It is really the digital version of a closet or storage unit full of boxes of paperwork. You have it, but what can you do with it? You might say that it’s just a byte of the meal that is a data plan.
Where and when you are storing your data, as well as the level of security you want to have, are the places that options start to really confuse a budget. Like many things in life, you need to find the balance between cost and security and determine where you are comfortable. The ‘where’ is your redundancy. Redundancy is a condition wherein the same piece(s) of information are held in two (or more) separate places. The most common options are: on premise, in the cloud, and a hybrid combination of the two. All of these options have their pluses and minuses.
With an on premise solution you have high availability but will find a higher cost of ownership in the form of hardware. Not only will this come into play for the initial investment, but you will also have to consider an approximate 3-5 year life cycle on the equipment and the need to stay up to date.
A cloud solution may save you on the hardware investment, but here you will pay more for the storage of the data. Most cloud based solutions charge by the GB and this can mount quickly. Your time to spin up this data in the case of an emergency will also lag unless you make a significant investment.
Hybrid in many ways is going to be the most secure and accessible solution. That being said, you take on the inevitable cost structures and hurdles of both of the previously mentioned approaches.
For an additional level of security you can also opt for geographic redundancy. Where an on premise solution can be a great solution for some, this would not protect you in the case of a physical emergency to your space (weather, fire, natural disaster). In geographic redundancy, your data is synced to another physical location that would be unlikely to be affected by any issue at your office space. There is usually a certain distance between the locations and one is typically in an area that has been deemed “safe” from common occurrences.
The ‘when’ is another big question mark in trying to plan for a data solution budget. When can be focused in a few ways, the frequency of your images (the backup file), the time you need to be able to spin your data up after an issue, and for how long you need to retain the data. All three factors can cause pivotal shifts in the costs.
To explain this, we are going to get a little technical. Of the two major concerns here, one is forward looking and the other looks back. The terms you will hear are Recovery Point Objective (RPO) and Recovery Time Objective (RTO). Both deal with your exposure to loss. RPO, in its most base level, deals with the maximum amount of data you are comfortable losing. A back up image of your environment (or individual applications) can be done as often as you want, but the higher the frequency, the higher the expense. If you are not amassing a constant stream of data, you may be able to get away with imaging once or twice a day. In the case of a busy retail store or doctor’s office, this may not be sufficient. The idea here is the maximum loss risk you are willing to take. Where imaging every 12 hours may work for one company, another may need every 15 minutes in ensure that business critical data is not compromised. RTO works in the other direction. This is about the time to spin back up/recover your data. This deals more with lost business, employee productivity, and customer satisfaction than the data itself. Obviously it costs more to have a near immediate restoration and gets more economical as more time is allotted. Again, the answer here is not one that we can provide for you. It is based in your comfort and your operational needs.
The final variable here is in the length of time you plan to retain the data. For some this may be a personal/financial decision, but for many industries this is dictated by various state and federal regulations and compliance needs.(some of these are federal regulations but are something to consider for your future. In most cases this means in the vicinity of 7 years of data that needs to be stored.
There are also maintenance fees associated with the storage and retention of data. These vary a lot less but you still have factors that you need to consider. It will be important to make sure that the images are completing, error free, and clean. This can be a tedious step, and one that some people will regrettably decide is not important. The day it becomes important, you may not have the data you need. Similarly there should be testing of the recovery process. This is the process by which you actually see what it would take to restore your environment in the case of an issue. This should be done annually at an absolute minimum with quarterly tests the recommendation. As before, you don’t want to have gone through all of the cost and effort to store your data only to find out you don’t have access when it is needed. Both of these examples fall into the recommended creation of policies and procedures as well as an action plan when it comes to your data storage, business continuity and disaster recovery.
Did I miss something?
If you noticed, I still haven’t answered what an appropriate budget would be for your data storage and recovery solutions. Now you know why. Hopefully you understand what is out there and the wide range of possibilities. The important step for your business to take is to consider all of the options, determine your needs, and to tell us what sort of budget you have to work with. Together we can build a solution that will allow for your business to feel comfortable knowing that, if something were to go wrong, you and your data are secure.
Your business critical data is not place to cut corners. IT4cannabis is here to back you up.
You’ve worked too hard to get here, now make sure that you are a success!