Anyone responsible for disaster recovery (DR) inevitably cares about data protection. To achieve even the most basic DR objectives, organizations must put the correct data protection technologies in place.

The technology selection task becomes increasingly difficult considering the multitude of data protection technologies currently available. Organizations must understand, prioritize, and choose from among these technologies to properly build out a next generation DR strategy. To do so, mapping current applications to nine DR data protection pillars will facilitate building out a next generation DR strategy.

An Increase in Affordable Data Protection Choices

As recently as five years ago, organizations had a limited number of affordable data protection choices. Backup and recovery software, along with clustering and replication software for mission critical applications, represented their primary options.

Since then, more data protection technologies have come to market and matured. Public, private, and purpose-built clouds have become integral to many data protection technologies. Further, organizations may augment them with anti-ransomware, data loss protection (DLP), and encryption technologies to bolster their recovery abilities.

The maturation of existing technologies coupled with their increased cost-effectiveness creates a new challenge for organizations. They must determine which of these new technologies to incorporate into their IT environment and under what circumstances. To do so, they must establish which data technologies provide them with the

  • functionality all their applications need to achieve a base-line level of DR
  • advanced features that a subset of their applications may need for DR

Organizations will also ideally quantify the data protection technologies available to them that they may not presently need to perform DR. This equips them to deploy them should the need for these technologies arise.

Nine DR Data Protection Pillars

Using pillars as a visual means to illustrate existing data protection technologies serves four purposes.

  • First, pillars impress the idea that these technologies serve as a foundation for DR.
  • Second, each pillar containing a data protection technology ensures an organization maintains awareness of it.
  • Third, coloring each pillar differently highlights each technology’s relevance and importance to an organization for it to deliver on its DR strategy.
  • Fourth, establishing the data protection technologies needed equips an organization to determine which product or products it will need to deliver on its DR strategy.

This first iteration of one’s DR data protection pillars may simply list, in alphabetical order, current data protection technologies. This graphic illustrates data protection technologies that an organization may want to consider for DR for its on-premises applications.


These pillars represent broader data protection technologies an organization may use to protect and recover its on-premises IT environment. Note that the technologies represented will likely change depending on the IT environment an organization seeks to protect and recover. If protecting applications running in a cloud, the pillars or features in them, may change slightly. The same would hold true for protecting data hosted in software-as-a-service (SaaS) applications, such as Microsoft Office 365 Online.

Populating the Pillars

After an organization establishes the DR data protection pillars it needs, populate each pillar with available technology features. Here is an illustration of some features that might appear in each pillar.

This illustration only lists three features in each pillar though the number in each pillar will vary by organization. The variance will depend upon how they wish to populate each pillar. Some may want to list all available features in a pillar that a specific data protection technology offers. Others may want to list only the features germane to their DR strategy.

For instance, the Backup pillar may display available features such as differential, full, incremental, and snapshots, among others. Conversely, an organization may only list features germane to its needs, such as full, incremental, and snapshot.

Some features may appear in multiple pillars as they represent different implementations of the same technology. For instance, an organization may need different versions of artificial intelligence (AI) and machine learning (ML) to perform anti-ransomware and DLP tasks.

A data protection technology may even appear as a feature in another pillar. Cloud represents a good example. There are different types of clouds (hybrid, public, purpose-build, private) that organizations may use. However, each cloud also affords different recovery options for which an organization may need to account.

The breadth of features listed depends on an organization’s objectives. Listing them all helps an organization assess and keep abreast of available features in each technology pillar. Listing only technology features germane to its own DR needs keeps an organization focused on solutions which meet those needs. If in doubt, initially list all available pillar features and then winnow these features down in the next step.

Prioritizing the Pillars

An organization now needs to determine which data protection technologies and features match their application and business DR requirements. Ideally, an organization will already know the DR requirements for its business as a whole and each application. Assuming it does, it can map those DR needs back to the specific data protection pillars.

For example, many organizations will map some or all application DR requirements to four pillars:

  • anti-ransomware
  • backup
  • restore
  • operations/orchestration

Some specific business- and mission-critical applications may map their needs to other DR data protection pillars. These may include Cloud, Clustering/High Availability, and Replication.

Finally, an organization will need to assess the sensitivity of the data it manages and protects. These needs may require an organization to use technologies found in the Data Loss Prevention (DLP) and Encryption pillars.

As an organization evaluates each data protection technology pillar, it may also evaluate the features in each pillar. An organization’s applications or business may not need every available feature a data protection technology offers. This would be an appropriate time to remove the features it does not need.

Assuming an organization’s needs line up as described, re-arrange the pillars in order of these priorities. Also, considering coloring each grouping of pillars according to the organization’s priorities. This illustration uses dark blue to reflect the highest priority, light blue for the second, and green for the lowest. Following these guidelines, after this step an organization’s DR Data Protection Pillars appear as follows:

The Four-fold Purpose

This process of identifying each data protection pillar, its features, and prioritizing all of them serves a four-fold purpose.

First, an organization formally quantifies the exact data protection technologies and features currently available. In so doing, it may define and understand these options and determine which ones apply to its environment. It also helps identify which data protection technologies and features matter in the context of DR.

Second, by prioritizing them, an organization can figure out which specific pillars and features matter to it and which ones do not. As the final image illustrates, an organization may not need every pillar or feature to create an effective, comprehensive DR strategy. Equally important, this final DR Data Protection Pillars image produces a visual representation of an organization’s ideal DR strategy and priorities.

Third, it may run this same evaluation process against the DR data protection and features it currently has in place. Using these pillars as a baseline, an organization can compare them to its current DR technologies and identify gaps between its current environment and the DR environment it wants to create. This makes it a more straightforward exercise to identify the exact technologies or features it needs to employ to achieve this ideal.

Finally, an organization can also evaluate new products or solutions based on how well they map to the DR data protection pillars. Minimally, an organization may more easily sort through vendor hype and determine if a product or solution merits further consideration. If a product or solution does not address or improve upon solutions already in place, why pursue it? Conversely, the product or solution may offer features that merit a change in an organization’s foundational DR Data Protection pillars.

The Pillars of a Next-gen DR Strategy

Building a comprehensive, cohesive DR strategy remains a large, complex challenge for most organizations. Too many organizations find themselves grappling with multiple data protection technologies and features. Further, they may deploy them without the ability to properly manage or orchestrate them.

Simply deploying more tools or solutions rarely works at a holistic level. Only by deploying the right blend of solutions based on predefined needs and established goals can an organization create a viable DR strategy. The DR Data Protection Pillars put an organization on this path toward building a next-gen DR strategy by helping them:

  • quantify available data protection technologies and their features
  • define an ideal DR strategy for their environment, to include defining the data protection technologies and features they need and want
  • assess their current environment
  • establish a methodology to evaluate new data protection technologies and feature even as it keeps their existing DR strategy in step with them


Jerome Wendt

Jerome Wendt, an AWS Certified Solutions Architect, is the president and founder of DCIG, LLC., a technology analyst firm. DCIG, LLC., focuses on providing competitive intelligence for the enterprise data protection, data storage, disaster recovery, and cloud technology markets.

Outsourcing: The Answer to Healthcare IT Challenges
The 2020 pandemic brought many issues for the healthcare industry, from hospitals overwhelmed by the amount of patients to a...
How to Defend Against Cyberattacks That Take Over Admin Accounts
In July, 45 high-profile Twitter accounts tweeted variations of the same offer: Send me any amount of Bitcoin, and I’ll...
How to Defend Against Cyberattacks That Take Over Admin Accounts
In July, 45 high-profile Twitter accounts tweeted variations of the same offer: Send me any amount of Bitcoin, and I’ll...
Tracey Rice Named to DRJ Executive Council
ARNOLD, Mo. – Tracey Rice was recently appointed to the Disaster Recovery Journal Executive Council. Rice is the senior vice...