GPSolo Magazine - December 2005
Backing Up in Cyberspace
R egulatory requirements, increased awareness about the value of off-site data backup, and this century’s man-made and natural disasters have highlighted the need for companies to store copies of their data in cyberspace. Law practices and other small and medium-sized businesses have embraced online backup technologies because they solve the numerous challenges presented by traditional backup media.
Protecting a law practice’s most critical asset—its data—can be a painstaking process for small firms and solos. The backup process is often cumbersome and highly dependent on manual intervention. Backup tapes need to be replaced, manually transported, and stored off-site. Unfortunately, the directives for off-site storage often are not followed, and the tapes are left on-site—which eliminates any possibility of their recovery from local disasters. Many solos or small law firms also tend to perform backup processes only periodically, if at all, leaving large amounts of data at risk for loss and damage. For remote offices of larger firms, data backup responsibilities are often left to non-IT professionals whose priorities are not the integrity and security of the firm’s data but, rather, keeping up with their own job responsibilities.
The ability to back up online and store data off-site was introduced around 2000, and the benefits that some services could provide became particularly clear for small and solo practices: ease of use, rapid deployment, consistent backup, round-the- clock monitoring, and user-initiated online data restoration. By outsourcing to an online backup vendor, small and solo practices can save time and money—there’s no need to hire extra IT staff or purchase disparate point products such as software, servers, tape cartridges, and tape drives, which typically are pieced together to make a backup system.
Online backup by itself, however, is not a good definition for a data backup plan. When choosing an off-site backup vendor, be sure the company offers an on-site backup option as well. Recovering data from an off-site location over an Internet connection can take a long time, depending on the amount of data needing restoration. On-site backups allow you to recover data instantly and to view previous versions of a file. On-site backup also gives additional insurance in the event that the remote storage
location itself suffers some natural or man-made disaster. And because online backups are commonly scheduled after business hours (to prevent a marked slowdown of other online activities), you will probably want on-site back up because it allows you to back up throughout the day.
Below are some additional factors to keep in mind when choosing a backup vendor.
Security. The biggest problem with online backup is security. Moving confidential data beyond a company’s firewall is nerve-wracking for any business—particularly a law practice. A reliable backup provider should address security and confidentiality concerns with advanced encryption technologies, ideally AES 256-bit encryption, and should offer dual-level data protection at both the law firm site and the off-site storage location, plus firewalls and digital certificates.
User-level backup. Many providers back up only at the server level, but a firm’s most critical data files are often stored on laptops and desktop PCs, so protecting those machines is essential.
Backup methodology. Most vendors offer a variety of schedules for making automatic backups; these may be based on individual schedule, preset time increments (hourly, weekly, etc.), or even real-time “continuous data protection,” or CDP, where any new or changed entry is instantly backed up. CDP offers the greatest protection but is not recommended for online purposes because it negatively impacts computer and network speeds. Look for a vendor that compresses data and, ideally, stores only the new or changed data; that way, you’ll be able to use your contracted storage space more efficiently and keep backup costs low.
Connection speed. Confirm that the backup vendor you’re considering can support your practice’s Internet connection speed. Some require a broadband connection such as DSL or cable, whereas others can support dial-up. Dial-up users planning to implement an online backup plan should seriously consider switching to broadband, however.
Network throttling. One of the biggest complaints about online backup is that network service slows to a snail’s pace while data is being sent off-site. A vendor that utilizes network throttling technology can prevent this. Throttling processes recognize usage and Internet traffic patterns and schedules backup sessions so they do not disrupt the company’s productivity. If the backup vendor does not have this capability, the next best option is a service that backs up data on a predetermined schedule, preferably after working hours. Of course, scheduled backup sessions leave large amounts of unprotected data at risk; this is where on-site data backup can help bridge the gaps between scheduled sessions.
Data recovery. Many online backup providers tout “instant” data recovery, but they’re not always telling the truth. For example, if the backup service does not include browsing capabilities so you can easily find the information you want to recover, locating specific data could take a long time. Be wary of providers that set limits on the number of data restores a business can initiate, and ask for a demonstration of a file recovery to ensure you and your employees are comfortable with the process. Some online backup vendors can recover data only to the original server that was being backed up. If the original server is flooded, destroyed by fire, or wiped out by a virus, so is your data.
Archiving. Be certain that the provider’s data storage/archiving capabilities are in line with your business needs or any state or insurance requirements, rules, or regulations that relate to data management or storage. Some providers allow data storage for a maximum period of only two weeks, while others store data for up to seven years. If you’re concerned about keeping data for extended periods of time, certain backup vendors can transfer data to tape or disk offline.
Storage. Off-site backups should be stored in a secure data center located fairly far from your practice. In the event a local disaster closes or destroys your office or the city or state in which you do business, your data will remain unaffected. This is another reason to look for a vendor that provides both on-site and off-site capabilities. Should a disaster affect the storage facility, your on-site backup is still available.
Customer support. Most online backup packages include round-the-clock service support. After all, these service providers have information that is critical to your business, and you should be able to access it at any time, any day of the year.
Cost and pricing. Pricing plans among online backup providers vary greatly. Vendors may charge based on the largest data “footprint” stored within a billing cycle, based on the average amount of data protected daily per month, based on the number of servers regardless of activity/size, or based on the number of gigabytes stored each month. Many users have no idea how much they spend on data protection because the fee includes software, hardware, employees, tapes or disks, communication costs, and sometimes off-site storage space. This makes it difficult to compare costs of outsourcing backups through different vendors. Off-site data vendor costs add up very quickly, so the projected growth rate of your company’s data requirements will be an important factor in figuring long-term costs.
Financial viability. Find out how long the vendor has been in business, the size of its customer base, long-term asset guarantees, and the existence of exit strategies to protect you if the company folds during your contract term. Be sure to check the vendor’s references from businesses with backup and restoration requirements similar to your own.
Guarantee. Your business depends on your data, so being comfortable with the terms and types of guarantees the vendor offers is crucial. Review what provisions exist to cover you if backup fails for a certain time period, if the vendor cannot recover your data, or if its own servers crash.
Open file backup . Most data recovery requests are the result of human error—a user accidentally overwrites a file, for example. Some vendors can initiate recoveries even if files (or databases) are open. Some vendors include open file backup in their basic package, and others charge an additional fee.
Business applications. The capabilities of backup vendors vary greatly. When evaluating backup options, ask specific questions to confirm that the solution you’re considering can back up the business applications your practice uses. Review case scenarios of documents you know were lost in your office. Some providers charge extra to support specialized applications such as Timeslip.
Worst-case scenarios. On August 31, 2005, Hurricane Katrina unleashed a storm so powerful that it wiped out New Orleans and surrounding areas of Louisiana, along with areas of Mississippi and Alabama. Research of natural disasters, fires, thefts, and system crashes/viruses suggests that at least 82 percent of the businesses will never reopen—owing to loss of critical data, not physical structures. Businesses that backed up data in cyberspace are the lucky ones and will most likely recover their data; those that backed up data to tape or disk on-site most likely face a greater challenge. Thankfully, disasters like Hurricane Katrina are rare; keep your focus primarily on a data backup solution that provides you with the convenience, protection, and productivity your business demands on a day-to-day basis. A backup solution that provides automatic local and off-site backup, without user intervention, is ideal.
To help with your vendor search, here is a list of leading online backup providers.
• Arsenal Digital Solutions. This storage management services company provides tape- and disk-based backup, off-site backup and restore, server and operating system recovery, and fully managed remote storage monitoring and management solutions. The company has data center facilities in 30 locations, can support all connection speeds with LAN and WAN connection support, and offers an on-site service and optionalencryption technologies (in 128-bit AES or proprietary formats). Daily backups are standard; ask about the risks of data loss between backups. Pricing ranges from $5 to $30 per gigabyte per month.
• Asigra (DS3 Datavaulting). This enterprise-class solution offers robust network throttling, scheduled backups, round-the-clock customer support, and up to 256-bit AES encryption. Asigra does not provide continuous data protection (CDP) or local backup capabilities. Pricing is volume based and varies from $7 to $15 per gigabyte per month, which includes two annual disaster-restore live drill events.
• BluePoint Data. A combination of IBM Tivoli and BluePoint’s own Osmosis replication software, this solution may be overkill for small and solo law practices. BluePoint Data offers continuous data protection capabilities; multiple data storage centers; and DES, triple DES, and AES encryption technologies. Hookup requires minimum DSL Internet speed connection. The company limits the number of free customer support calls, after which the customer is charged per call. Fees range from $1 to $10 per gigabyte per month.
• EVault. The company backs up data at the server level only; the schedule is set by the customer (not CDP). Data is held in a secure collocation facility, is accessible online, and can be moved to tape off-line. EVault offers 56-bit encryption at customer site, 56-bit DES, 112-bit triple DES, 128-bit Blowfish, and 128-bit AES. Pricing starts at $1 to $25 per gigabyte, based on volume, number of retentions, and length of service contract.
• LiveVault. The company guarantees 100 percent data recovery and offers round-the-clockcustomer support at no additional charge. AES encryption, digital certificates, and mutual authentication are built into the company’s security infrastructure; a self-contained on-site appliance is optional. Monthly prices start at $105 per server for continuous data protection and 30 days of restorable data. Internet restores are available at no charge.
• Lasso Logic. This vendor backs up data locally using an appliance on-site and a secure data center off-site. The system carries up to AES 256-bit encryption capabilities and enables CDP at the local level, with network throttling technology for off-site backup. Data recovery is instant at the user or server level; DSL is recommended. Pricing starts at $85 for up to 30 gigabytes per month. (Disclosure: The author of this article is general manager of Lasso Logic.)
Anna Yen is general manager of Lasso Logic, a business continuity company based in San Francisco, California. She can be reached at email@example.com.