Category Archives: Uncategorized

Key Questions to Ask your Online Backup and Disaster Recovery Provider

October 8, 2012

Within recent years, the popularity of cloud based services has dramatically increased and therefore the online backup and disaster recovery market has become more competitive and saturated.

As there are now more competing companies who claim that they can successfully backup your data to the cloud and recover it in the event of a disaster, it is imperative that substantial research is carried out to confirm the legitimacy of the provider. To ensure this is the case, asking some simple questions and conducting some research about the service provider can go a long way to ensure that the chosen service provider can more than meet your requirements.

When researching which online backup provider will be able to meet your requirements, asking some standard questions about the service they offer can go a long way to help you determine how legitimate their service is. Finding out what software that they use, the hardware that they use to store data on and the location and level of certification of their data centres can quickly help you determine whether the service provider is using appropriate resources to protect your data.

The company�s current standing within the online backup and disaster recovery market and their current client will speak volumes about the service that they offer. Asking about the current client database that they currently have and whether they deal with other businesses that are in the same market sector can help to ease worries that they have the ability to help you meet any compliance regulations that you may be subjective too.

If you are also looking for a disaster recovery solution to reduce down time in an event of a disaster, further questions should be posed to the service provider. Gaining an idea of the number of recoveries the provider has performed and whether any tests are conducted and documented so you are assured that your data can be recovered if you were to suffer from a disaster and downtime is kept to a minimum.

The online backup and disaster recovery market has become saturated with a range of providers. As there are now more businesses all competing, it is vital that you conduct some research about the service provider and to ask questions about the solution to ensure that you will be utilising the services of a company who can provide the services to the required level.

“Good backups” at the top of Bruce Schneier’s internet security list

August 17, 2012

In a recent interview�carried out by�eSecurity Planet,�Bruce Schneier, a�well established security expert,�put having a good backup solution at the top of his internet security list. Schneier reasons that security attacks result in the loss of data and therefore being able to restore effectively is essential.

This starts with a reliable backup solution that consistently takes clean backups and a provider that has the setup to deal with its customers’ data demands.

Encryption

Part of a good backup solution is one that comes with data encryption as standard. In the interview, Schneier voiced his concern over the current encryption standards in the industry as “not that great, and getting worse”. From the customers’ point of view, one of the big hang-ups of out-sourcing data backup to a third-party provider is loss of control over that data. All customers should demand encryption of their data at all stages of the data handling process (at�source, during transmission and at the end-storage point) so that, in the event of an attack, their data is secure.�Providers who do not encrypt data put their customers at risk of a multitude of problems, which can cause the customer great distress.

This was evident in November of 2011, when backup tapes were stolen from an employee of Science Applications International Corp. (SAIC), a contractor of the Tricare Management Activity�(TMA), a healthcare program for serving and ex-military personnel and their families. In total, the details of 4.9 million beneficiaries were stolen, including names and social security numbers. As a result of the breach, lawsuits were filed against both SAIC and the U.S. Defense Department to the tune of $4.9 billion ($1000 for each beneficiary.)

Having encryption in this instance would have saved customers a great deal of distress and would have avoided the two hefty lawsuits filed against the Defence Department, not to mention the damage done to the reputations of both institutions.

Infrastructure

Another aspect of a good backup provider is having the correct infrastructure to deal with large amounts of sensitive data. In 2009, Carbonite�lost 7,500 customers’ data due to what it called, “defective hardware”. This resulted in Carbonite�suing the hardware provider, Promise, for providing them with faulty equipment. Whilst this is an understandable course of action from Carbonite, what worried many journalists and bloggers at the time is the reliance of Carbonite on a single service to protect their customers’ data. That is, putting all one’s eggs in a single basket.

One important aspect of data protection is having it backed up twice and stored in two separate locations – that is, a backup of the backup. It may be easy to think that there are already two copies of the data, one on site and one in the backup. However, the backup likely contains files that have been deleted from site, and many companies require these files be retained for compliance purposes. It is due to these files that a backup of the backup is important so as to ensure there are at least two copies of every single protected file at any one time. Had Carbonite taken the proper precautions of replicating their data between two geographically separate data centres their customers would not have been affected by the hardware failure described above.

Granularity

For some businesses, high granularity is a must because of industry regulations. Granularity refers to the number of points in time from which a restore can be performed. Some companies are required by law to keep specific data for many years. If that data is changing on a day to day basis and you are running a daily backup, this can produce a huge amount of backup data.

A good backup solution will allow you to adjust the granularity of the data you can recover. In the above example of keeping data for several years you could only keep the daily backup for the last month, and then a single snapshot of the data per month afterwards. This can reduce the size of the backup data significantly. Some solutions offer extremely granular options, others are more simplistic and some might not even keep more than a single backup of a file.

Incremental

Incremental backups only react to the block changes made to a file. This helps keep protected data sizes to a minimum rather than taking full backups each time. However, this is where the different backup solutions begin to diverge greatly.

Tape solutions taking incremental backups can cause issues when it comes to restoring those files. To recover a single file you would need to restore from multiple tapes, the first being from the last full backup, and then from each incremental backup tape since then. If you were only performing incremental backups, this would take a very long time and so tape backup solutions must run a full backup periodically to ensure the number of tapes required to restore from is kept minimal. Additionally, the time required to restore would be significant due to the time taken to find the tapes and then place them in the tape drive one by one. Although an autoloader can significantly simplify this process, you then have to battle with seek times.

Disk-based solutions with the right software can perform incremental backups forever and never need that extra time to perform another full backup. At the remote site the software can merge incremental change files with full backup files automatically to ensure that you never need to transfer more than a few files to perform any recovery. Additionally, recovery is much quicker because disk access is much quicker, and with online backup solutions data is transferred virtually across a wire and not physically saving even more time. These solutions can recover files in a matter of seconds.

De-duplication

Many disk-based and online backup solutions are capable of de-duplicating data. They recognise files that are identical and backup only one copy, therefore reducing the size of the backup and reducing storage costs for the customer. Other solutions perform similar de-duplication but at the block level, identifying even small parts of different files that are identical, providing even more backup size reductions at the cost of additional processing.

Whilst some tape solutions do offer de-duplication, in practise the restore procedure can be a painfully long-winded nightmare, as this article adequately explains.

Conclusion

When choosing a backup provider, always make sure that they can meet your requirements with regards to essential characteristics, such as security, restores and data centre tier.�Regardless of your preferred backup solution type, there are good and bad providers and only by finding out how a company works can you�gauge whether or not they will prove to be reliable. A good place to start is Backup Review.

Carbonite�s �unlimited online backup� deemed not unlimited

August 14, 2012

In relation to a recent blog entry by Sam last week where he discussed consumer vs. enterprise online backup, it would seem that one consumer product has been misleading its customers through one of its advertising campaigns.

An article published by Cloud Pro last week reported that the Advertising Standards Agency (ASA) had ordered consumer product Carbonite to revise its use of the phrase �unlimited online backup� on its UK website.

The article published by the ASA states that the ASA received no response from Carbonite Inc. following their enquiries and their assessment was that �although unlimited amounts of data could be uploaded, we noted that if data uploads exceeded 200GB, less bandwidth would be available resulting in slower back up. Because it did not make this clear, we concluded the ad was likely to mislead�.

The findings of the ASA found that the advertising campaign in question was in breach of six advertising codes, one of which cites that all �marketing communications must state significant limitations and qualifications. Qualifications may clarify but must not contradict the claims that they qualify�. Subsequently, the ASA has told Carbonite Inc. that they should make clear any reduction in upload speeds when using the online backup product.

Carbonite responded directly to Cloud Pro saying that they were not contacted by the ASA and that �the Carbonite home service is unlimited as we offer unlimited backup space.� We don�t offer or claim to offer unlimited bandwidth [and] we hope that � with more information on Carbonite�s backup processes � the ASA may reconsider their decision.�

The packages offered by Carbonite range from Home to HomePremier, as well as a package for small businesses. However, the limitation to bandwidth could become a major issue in the future, especially if you are a small business looking to upload your entire company data to the cloud.

Consequently, this is another example where a consumer product can limit and threaten a business�s ability to carry on if it were to experience large or total data loss.� A reputable enterprise level solution has no limitation on its upload speed whatever the data size. In addition, any true enterprise level solution, especially one providing online backup as a service, would offer the ability to upload the initial or seed data to a USB hard drive in an encrypted format on site. This is then transferred and uploaded quickly to its data centre. Since every subsequent backup is incremental and encrypted also, backup windows are short ensuring all data is sent quickly and securely.

Solar Storm Alert: Is Your Data Protected?

August 9, 2012

Experts from around the world are on alert and are monitoring the sun closely as it reaches a peak in its ten year activity cycle. Because of the increased activity, the likelihood of earth being hit by a solar storm in the fore coming months has increased.

Mike Hapgood, a space weather specialist at the Rutherford Appleton Laboratory stated, “Governments are taking it very seriously. These things may be very rare but when they happen, the consequences can be catastrophic.”

Although there is only a 12% chance of earth being hit by a solar storm each decade, it has been over 150 years since earth last suffered from a major solar storm and therefore some would say that we are due to bit hit by one. The last major solar storm occurred in 1859 and is known as the Carrington Event. This resulted in the largest ever known solar flare being produced. It was reported that an aurorae borealis (Northern Lights) was witnessed around the world but was spectacularly evident over the Caribbean.

In more recent times, a solar storm on a much smaller scale was blamed for damaging the power network in Quebec, Canada in 1989. This left thousands of people living in the city without electricity for nine hours.

A solar storm occurs when magnetically charged plasma is thrown out from the sun. This sends millions of tonnes of gas through space, which can reach earth in just over a day. Available warning time is therefore very short. If this gas hits earth, geomagnetic storms are triggered. This can result in significant damage to national power grids being caused as some of the transformers will melt. There is the potential that satellites will be either damaged or destroyed and radio communications may be disrupted.

If a solar storm does hit earth, the resulting consequences could be potentially very severe. As it has been so long since a solar storm last hit earth, it is impossible to contemplate the potential devastation that may well be caused due to technological advances that have been made and the ever increasing reliance we have on them.

Therefore, from a business point of view, the importance of having an adequate data backup solution and disaster recovery solution in place is becoming more important. If a natural disaster such as a solar storm does hit earth, it is impossible to know which areas in the world will be affected and therefore it is very important that we act proactively and not reactively to ensure the consequences are not too severe.

People may think that they will never suffer from such an event and this may end up being true but surely having the peace of mind, knowing that if your business suffered from any kind of disaster, the impact will be significantly reduced. An event such as a solar storm hitting earth is very rare but the need to ensure that your data is fully protected is becoming more important as we are set to suffer from more adverse weather conditions which may pose different problems for businesses that they have never experienced before.

Lord Chris Smith, the Chairman of the Environment Agency, stated, �The weather extremes which we�ve seen this year � with widespread floods almost immediately following a long term drought – have brought the importance of resilience into sharp focus. Climate change science tells us that these are the sort of weather patterns we are going to have to get used to, so taking action today to prepare and adapt our homes, businesses, and infrastructure is vital.�

Are you worried about solar storms? Should we all be?

Business Continuity Planning and the Cloud

August 8, 2012

IT operations are a crucial aspect of most organisations. One of the main concerns therefore, is business continuity, since companies rely on their information systems to run their operations. If a system becomes unavailable, company operations may be impaired or stopped completely. Consequently, it is necessary to provide a reliable infrastructure for IT operations, in order to minimize any chance of disruption. Information security is equally a concern.

As a consequence of these concerns and the increase of the uptake of cloud computing, businesses and government organisations are now scrutinizing data centres to a higher degree, as it is imperative that they assure the integrity and functionality of their hosted computer environment as much as they do their local environment.

It is notable then, that data centre problems have been prevalent in the news recently. In July, for example, there was a major power cut at Level 3�s data centre in East London, which knocked dozens of company�s offline, as well as many websites and hosted solutions. The outage was allegedly due to an electrical fault which occurred at 3.35am, yet the�ADSL customers were still offline at 8.21am.

IT infrastructure company�Pulsant�experienced a similar power outage at its data centre in Maidenhead at the end of May. Consequently, many websites were cut off from the internet and were left to sort themselves out the following day, once the electricity supply had been restored. In both cases, the Uninterruptable Power Supply (UPS) device that is supposed to protect computers and network equipment from unexpected power failures, failed.

Even giants like Twitter have hit the headlines for data centre failures. And while it is tempting to just accept that these things �happen�, this is little comfort for companies in the event of a data centre failure, network breakdown or power outage.

This not only emphasizes the need for an effective business continuity plan which covers your business�s live environment, but also its hosted infrastructure, i.e. the data centre.�As we have learnt from the examples previously cited, data centres are not always completely disaster proof, so the need to implement an effective business continuity plan which covers all areas of your business is imperative.

A further step to ensure business continuity in the event of a disaster is to ensure that business continuity planning and testing is a priority of your chosen data centre. For example, problems such as those noted above can easily be prevented by routine testing of UPS devices and power generators as part of a stringent business continuity plan. Ultimately, a company’s data is its biggest asset, and it is therefore in a company’s best interests to use the most secure, efficient and resilient hosting facilities.

Are your cloud provider’s business continuity plans sufficient?

Online Backup – Consumer versus Enterprise

August 1, 2012

A recent post to this blog received a number of comments questioning primarily the reliability of online backup solutions, as well as the security of the data.

Whilst these comments relate to valid concerns that should be considered when choosing a solution, the examples given, for the most part, seemed to relate to providers of consumer solutions, rather than SME level solutions.

There are several key differences between online backup solutions aimed at the consumer (home user) and business. This blog aims to discuss these distinctions and we welcome readers’ comments.

The distinctions stem from the cost of the two types of service. To put it simply, consumer and entry level business solutions put in much less investment, whereas the more comprehensive solutions aimed at larger businesses invest much more heavily in various areas.

Looking at this argument from a customer’s point of view, it is easy to see why providers of the consumer products keep costs down. The home user will, for example, use online backup for �pictures and videos of family holidays. Whilst this data holds precious memories, it will not incur costs to the user if data is lost, corrupted, or even stolen.

For this reason, consumer online backup providers will put low levels of investment into the initial development of the product as well as key areas such as staffing levels and hardware. This benefits the home user or very small business owner, as the relatively low level of investment on the provider’s side keeps cost down. The home user is likely to be backing up a small selection of data and therefore can manage the software themselves with few problems. The small business user, whilst requiring more frequent backups, is not likely to have acquired large amounts of data, and in any case will likely be restricted in their range of choice by their IT budget. For these types of customer, a provider which puts more emphasis on low cost rather than quality of overall service, is the right way to go.

However, when dealing with the data sizes of an SME, a more comprehensive and sturdy online backup�solution is required. For example, companies, even those with around 20 employees, can still have data in the region of 1TB, spread over several servers or machines, on different operating systems.�This can become a massive headache for whoever is lumped with the responsibility of making sure that this data is backed up on a regular basis, is held securely and reliably, and is�restorable in the quickest time possible.

On top of the daily management, if a business experiences data loss, for example, pay-roll or customer data, the lasting effects can be hugely costly to the business both in time as well as money.

This is where a managed service providers (MSP) come in. Having already invested in the software solution, the accompanying hardware and the knowledge and training of its staff, the MSP takes on the responsibility of monitoring backups and restores. Furthermore, the customer has direct access to an experienced team of engineers who work with backups on a daily basis to fix any problems just as quickly as they are discovered. The customer can even choose where their data is kept – in a shared data centre on the internet or �their own data centre connected to their office using a private link – and also the level of encryption they require to secure it. This frees up the employee previously responsible for backups and restores, allowing them to concentrate on other roles.

So, to conclude, the customer generally gets what they pay for. If the files to be backed up do not hold a monetary value (family photos, for instance), it does not make sense to invest in a high quality online backup solution. However, to many businesses, customers’ data is the most important electronic asset and is therefore worth a considerable amount. Accordingly, businesses should chose a solution and service that reflects their investments.