In a recent interview carried out by eSecurity Planet, Bruce Schneier, a well established security expert, put having a good backup solution at the top of his internet security list. Schneier reasons that security attacks result in the loss of data and therefore being able to restore effectively is essential.
This starts with a reliable backup solution that consistently takes clean backups and a provider that has the setup to deal with its customers’ data demands.
Encryption
Part of a good backup solution is one that comes with data encryption as standard. In the interview, Schneier voiced his concern over the current encryption standards in the industry as “not that great, and getting worse”. From the customers’ point of view, one of the big hang-ups of out-sourcing data backup to a third-party provider is loss of control over that data. All customers should demand encryption of their data at all stages of the data handling process (at source, during transmission and at the end-storage point) so that, in the event of an attack, their data is secure. Providers who do not encrypt data put their customers at risk of a multitude of problems, which can cause the customer great distress.
This was evident in November of 2011, when backup tapes were stolen from an employee of Science Applications International Corp. (SAIC), a contractor of the Tricare Management Activity (TMA), a healthcare program for serving and ex-military personnel and their families. In total, the details of 4.9 million beneficiaries were stolen, including names and social security numbers. As a result of the breach, lawsuits were filed against both SAIC and the U.S. Defense Department to the tune of $4.9 billion ($1000 for each beneficiary.)
Having encryption in this instance would have saved customers a great deal of distress and would have avoided the two hefty lawsuits filed against the Defence Department, not to mention the damage done to the reputations of both institutions.
Infrastructure
Another aspect of a good backup provider is having the correct infrastructure to deal with large amounts of sensitive data. In 2009, Carbonite lost 7,500 customers’ data due to what it called, “defective hardware”. This resulted in Carbonite suing the hardware provider, Promise, for providing them with faulty equipment. Whilst this is an understandable course of action from Carbonite, what worried many journalists and bloggers at the time is the reliance of Carbonite on a single service to protect their customers’ data. That is, putting all one’s eggs in a single basket.
One important aspect of data protection is having it backed up twice and stored in two separate locations – that is, a backup of the backup. It may be easy to think that there are already two copies of the data, one on site and one in the backup. However, the backup likely contains files that have been deleted from site, and many companies require these files be retained for compliance purposes. It is due to these files that a backup of the backup is important so as to ensure there are at least two copies of every single protected file at any one time. Had Carbonite taken the proper precautions of replicating their data between two geographically separate data centres their customers would not have been affected by the hardware failure described above.
Granularity
For some businesses, high granularity is a must because of industry regulations. Granularity refers to the number of points in time from which a restore can be performed. Some companies are required by law to keep specific data for many years. If that data is changing on a day to day basis and you are running a daily backup, this can produce a huge amount of backup data.
A good backup solution will allow you to adjust the granularity of the data you can recover. In the above example of keeping data for several years you could only keep the daily backup for the last month, and then a single snapshot of the data per month afterwards. This can reduce the size of the backup data significantly. Some solutions offer extremely granular options, others are more simplistic and some might not even keep more than a single backup of a file.
Incremental
Incremental backups only react to the block changes made to a file. This helps keep protected data sizes to a minimum rather than taking full backups each time. However, this is where the different backup solutions begin to diverge greatly.
Tape solutions taking incremental backups can cause issues when it comes to restoring those files. To recover a single file you would need to restore from multiple tapes, the first being from the last full backup, and then from each incremental backup tape since then. If you were only performing incremental backups, this would take a very long time and so tape backup solutions must run a full backup periodically to ensure the number of tapes required to restore from is kept minimal. Additionally, the time required to restore would be significant due to the time taken to find the tapes and then place them in the tape drive one by one. Although an autoloader can significantly simplify this process, you then have to battle with seek times.
Disk-based solutions with the right software can perform incremental backups forever and never need that extra time to perform another full backup. At the remote site the software can merge incremental change files with full backup files automatically to ensure that you never need to transfer more than a few files to perform any recovery. Additionally, recovery is much quicker because disk access is much quicker, and with online backup solutions data is transferred virtually across a wire and not physically saving even more time. These solutions can recover files in a matter of seconds.
De-duplication
Many disk-based and online backup solutions are capable of de-duplicating data. They recognise files that are identical and backup only one copy, therefore reducing the size of the backup and reducing storage costs for the customer. Other solutions perform similar de-duplication but at the block level, identifying even small parts of different files that are identical, providing even more backup size reductions at the cost of additional processing.
Whilst some tape solutions do offer de-duplication, in practise the restore procedure can be a painfully long-winded nightmare, as this article adequately explains.
Conclusion
When choosing a backup provider, always make sure that they can meet your requirements with regards to essential characteristics, such as security, restores and data centre tier. Regardless of your preferred backup solution type, there are good and bad providers and only by finding out how a company works can you gauge whether or not they will prove to be reliable. A good place to start is Backup Review.
