Special report: What you don't know can hurt you

In backup and data protection it has been all Greek to many customers for far too long. Fleur Doidge reports

"Then from his high couch our forefather Aeneas began:
‘O queen, you command me to renew unspeakable grief,
how the Greeks destroyed the riches of Troy,
and the sorrowful kingdom, miseries I saw myself,
and in which I played a great part."
- Virgil, The Aeneid: Book II 2-6

Beware of Greeks bearing gifts, as the oft-misquoted warning goes: what you don't know can indeed hurt you. During the Trojan War, as referred to in Homer and described in depth by the later Roman epic by Virgil, the Greeks broke the long-running siege of Troy by sneaking a group of handpicked warriors into the city hidden in a giant wooden horse, accepted mistakenly by the Trojans as a gift.

"Trojan" of course has come to refer to a certain kind of malware that is not what it seems on the surface; one that hackers use to infiltrate organisations, whether to destroy their systems or to steal information. At the same time, information - held on IT systems as data - has become the lifeblood of many companies, around the world and of all sizes; its protection and safeguarding is increasingly critical.

At the same time, organisations are under siege. Data protection and backup has become increasingly important from both a regulatory compliance and a straightforward business survival perspective. Yet the channel, as recent CRN research has revealed, has steered clear of the opportunity despite the intensifying need in the market.

A battle unfought?
Simon Meredith, consulting editor at CRN, hosted an industry roundtable for resellers, distributors and vendors recently sponsored by Dell Software. He confirmed that the backup and data protection market is expanding but noted that partners need assistance with the challenges.

"Data is obviously vital for all organisations," Meredith said. "Gartner has said it will be a $10bn (£6.4bn) opportunity worldwide by 2016. The research from Gartner also estimates that one third of customers will change their backup provider by that time. Yet the recent CRN research also shows that a surprising number of resellers are not actually addressing this opportunity. Up to one third just don't offer backup at all."

Channel partners should be donning their armour and assembling their arsenal on this news because an opportunity to get into a whole new area - one where the need is growing noticeably every year - does not appear every day. Meredith, however, said there were several reasons for the channel's lack of involvement so far, including that customers themselves do not appear receptive to the sale.

"Customers seem to feel that it just won't happen to them, and they're reluctant to spend the additional investment funds," he said. "And of course, there is the problem of restoring data."

Restoring data can be difficult; it's not sufficient to simply back it up. Rather like the Trojans, who ignored a direct warning about a concealed threat in the wooden horse beyond the launch of a single spear, they prefer to take a gift horse - the apparent convenience of IT systems - at face value. That is of course until something really does happen, and the walls come tumbling down.

Grahame Smee, managing director of distributor Exertis VAD Solutions (pictured, right), agreed. "I think data is so important to everybody, and there is a perception that the cost of failure is so high," he said. "And backup, without restoration, is nothing."

The true situation around data protection is complicated and customers need education on how to address it, he suggested. "We live in physical, virtual, mobile environments, and I think a lot of resellers see that as a risk, that it is risky providing those sorts of services, and the risk of failure in that can be high."

Partners that are successful, according to Smee, will invest or have invested in backup and data protection specifically, as well as learned about it, so they can establish with customers the right service-level agreements (SLAs). This means ones that not only can be fulfilled, but that suit customers' requirements, taken holistically, as well as providing some peace of mind to those customers. This means looking at continuity, rather than backup per se.

"What do they really want to deliver with backup?" he asked. "The product is one thing, but it is in understanding the customer's needs where you'll really be successful. It's not hard to find a reseller, or even an end-user customer, that's had a bad experience."

If you're a reseller, do you understand the threat to the customer? Do you have a full understanding of the range of weapons and defensive devices that might be applied? Do you understand the customer's use of data and their related requirements, and how the elements of their data protection environment influence each other? Can you help the customer work out what is truly needed in order to keep its own business and customers safe?

Do you know the restore time and the recovery points?
And if you're an end customer, did you give the provider a suitably comprehensive, detailed brief on what is required? Does your provider have the right information to select and deploy the right service or environment?

Assemble an effective army
For Smee, having access to the right knowledge, and working with the customer to outline all the pitfalls and practical details, is absolutely critical to successful data protection. That includes ensuring that all the right people are involved in the discussion when formulating those all-important SLAs, not just IT, and not just senior business management.

"These are the things that are so often missed off, or misunderstood," he said.

Then, of course, the pricing has to be appropriate. To make an effective argument for proper data protection, providers may have to work out the value and cost of data to each customer.

Certain data sets are more time-dependent and critical than others, so yet again clear and detailed communication between all parties is key.

"What is the price point for backup and recovery? What is the cost of the data if you do not have it? If you lose this, what is the effect on your business?" Smee said.

Erwin van Workum, chief executive of Netherlands-based managed services provider and Dell partner nCoActive, said: "I totally agree with Grahame. The resellers are scared of offering backup as a service - because, first of all, it looks very complicated. So we need to bring it down to something that is easier to handle, offer and manage. It's still difficult; it has been for years, it still is now. But I think it is more down to perception."

Van Workum hinted that sometimes channel players had made the situation in the market worse by appearing to shy away from risk themselves. The SLAs drafted and eventually agreed to by channel providers have tended to accept responsibility for providing the backup and associated services, for example, and maintaining all that, but specifically avoiding accountability and liability in the case of something going wrong.

Of course, he noted, there is no way of guaranteeing that nothing will go wrong - but that should mean, in part, stepping up to the plate and working out some appropriate contingency policies and procedures well in advance. It also means having the right people in the right place at the right time, he added.

All these too could be in the SLAs. If the Trojans hadn't been asleep, perhaps, and taking so much for granted, they would have surely been better able to fight off the Argives when they emerged from their hiding place.

"It's much more difficult for a reseller to be sure it [the reseller] is covered within the SLAs, and that they are capable of restoring all the data," van Workum conceded. "That's really significant."

Data replication, whether to a provider's own or to someone else's datacentres, involves an inherent risk that not enough providers are prepared to take, van Workum suggested.

The actual technological solution can vary and be cut according to the customer's cloth. An appliance-based offering might work, or a managed service, or some combination of same. There are plenty of offerings, and once again, the customer needs a trusted adviser, or advisers, to select an appropriate one.

Key to getting past the mental walls of customers is to do proof-of-concept demonstrations. Going beyond showing how the system is set up and works but actually staging a failure and recovery can do a lot to prove the business value, van Workum noted.

Marc Stein, vice president of sales at vendor Dell Software, pointed out that Dell research carried out a few years ago reflected similar customer and reseller objections and fears. He noted also that the comprehensive approach to data protection that is really needed means pulling together capabilities across a wider range of technological areas, including servers and storage as well as software and services.

"We're a relative newcomer to the data backup market, having entered in the past four years. And we've seen many large incumbents, but we heard the same things. So we saw an opportunity for Dell and decided to enter," Stein said.

Later entrants to a market can often benefit by learning from the mistakes of early adopters and others. Stein said they had noted a "very high turnover rate" in the market, and yet in terms of data loss, both customers and partners were reporting that breaches were "very expensive and time-consuming" to resolve, with the solutions available both "costly and complex".

Furthermore, solutions applied were often not perceived by the customer as adding an appropriate amount of value, he said.

Take up arms
There is often a gulf between customer expectation and what is being provided or able to be provided, he said, and on top of that a chasm between management and the IT department - whether that be an in-house IT department, or the IT department of the reseller or other tech provider. This was not only about what data and information could be recovered, but the time frame in which recovery could be achieved.

"In the traditional IT department, their SLAs are more likely to be about doing it in 24 hours, 48 hours or even a number of days," Stein said.

"Start the conversation with what the expectation of the business is. Things such as a SharePoint drive or some more latent data where it is fine if there is a disk failure, where you can wait for a couple of days, or there are more critical things, like a critical database, where they expect it in minutes."

Success would be about improving education and developing trust, and working hard with partners to serve customers - and Dell was determined to achieve that.

"There was a more than 20 per cent failure rate in actually being able to deliver that data," Stein said. "So there is a big gap in the market."

As Virgil says of the sack of Troy: "Here's a great battle indeed, as if the rest of the war were nothing." The issues that vendors and their channel partners must tackle to take advantage of the undoubted opportunity are comprehensive to the point of complexity - necessarily so - and the stakes are high. But the reward for the right efforts towards improving backup and data protection is there.

And Dell Software's Marc Stein pointed out that sometimes the enterprise players are the furthest along the path to effective backup and protection in a world of ever-more-sophisticated threats to data and an intensifying requirement for regulatory compliance. This means that the biggest piece of the market is likely to be SMB, with the mid-market in particular needing special attention.

There is no one-size-fits-all beauty, no Helen of Troy for 1,000 customers or more to sail after - but once again, that should be a call to action for an IT channel prepared to gird its loins and fight these more difficult battles to shield customers against data loss. MSPs, vendors and distributors are all prepared to engage the enemy; third-party providers can seek out the right brothers and sisters in arms to assist.

Download the full report in PDF here