A Buyer\'s Guide - What to look for in online backup and recovery services - 2010
Upcoming SlideShare
Loading in...5
×
 

A Buyer\'s Guide - What to look for in online backup and recovery services - 2010

on

  • 544 views

 

Statistics

Views

Total Views
544
Views on SlideShare
544
Embed Views
0

Actions

Likes
0
Downloads
3
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

A Buyer\'s Guide - What to look for in online backup and recovery services - 2010 A Buyer\'s Guide - What to look for in online backup and recovery services - 2010 Presentation Transcript

  • …Welcome to … A Buyer’s Guide - What to Look For in Online Backup and Recovery Services 2010 Bob Chaput 615-656-4299 or 800-704-3394 bob.chaput@datamountain.com Data Mountain, LLC 1 © 2009 Data Mountain LLC | All Rights Reserved.
  • Background & Motivation • We are often asked, "How do I go about selecting an online data backup and recovery service?” • Unfortunately, in this market, unlike in the insurance marketplace, we do not have an A.M. Best, a Moody, a Standard and Poor or a Wiess Research publishing financial strength ratings on industry players. Nor do we have a J.D. Powers & Associates! • To help organizations navigate through a market where there are new players almost every week and horrific stories of lost data almost every month. 2 © 2009 Data Mountain LLC | All Rights Reserved.
  • Objectives Today Learn all the right questions to ask and how to be assured that: • Your business goals (RTO, RPO, DLE) will be met • Your data will really be protected • You can actually recovery your data • Your data will be secure at all times • Your service provider has been and will be here for the long-haul 3 © 2009 Data Mountain LLC | All Rights Reserved.
  • Discussion Agenda 1. Quick Introductions 2. Case for Action – Why Bother 3. Common Threats 4. Where/How Data Backup Fits into Business Resumption Planning 5. Seven (7) Critical Questions 6. How Online Data Backup and Recovery Works 7. Summary 4 © 2009 Data Mountain LLC | All Rights Reserved.
  • About Your Speaker – Bob Chaput • President – Data Mountain LLC • 30+ years in Business and Technology • Executive | Educator |Entrepreneur • Global Executive: GE, JNJ, HWAY • Responsible for largest healthcare datasets • 25 years DR / BC experience • 20 years Regulated-Industry Experience • BA, MA – Mathematics; GE – FMP; Vanderbilt; HPI • Numerous Technical Certifications • Serve customers of all sizes in all industries • 6 years - Channel Partner/Reseller for Iron Mountain Digital • Expertise and Focus: Healthcare, Financial Services, Legal • Member: ACHE, NTC, Chambers, Boards • Passion: Helping business owners and managers manage risks:  Risk of being out of regulatory compliance  Risk of going out of business  Risk of throwing money away on phony/ineffective solutions 5 © 2009 Data Mountain LLC | All Rights Reserved.
  • Discussion Agenda 1. Quick Introductions 2. Case for Action – Why Bother 3. Common Threats 4. Where/How Data Backup Fits into Business Resumption Planning 5. Seven (7) Critical Questions 6. How Online Data Backup and Recovery Works 7. Summary 6 © 2009 Data Mountain LLC | All Rights Reserved.
  • Why Bother? Lost data exposes your business and clients to business disruption and possible legal set backs Business and client data is more visible and valuable than ever… and more vulnerable than ever And, now, it’s law !!! (GLBA, HIPAA, HITECH, SOX, SEC Rule 17a, PCI DSS, FACTA, State Regulations, etc) 7 © 2009 Data Mountain LLC | All Rights Reserved.
  • HIPAA Security Rule – Example § 164.308 Administrative safeguards. • (7)(i) Standard: Contingency plan. Establish (and implement as needed) policies and procedures for responding to an emergency or other occurrence (for example, fire, vandalism, system failure, and natural disaster) that damages systems that contain electronic protected health information. • (ii) Implementation specifications: • (A) Data backup plan (Required). Establish and implement procedures to create and maintain retrievable exact copies of electronic protected health information. • (B) Disaster recovery plan (Required). Establish (and implement as needed) procedures to restore any loss of data. • (C) Emergency mode operation plan (Required). Establish (and implement as needed) procedures to enable continuation of critical business processes for protection of the security of electronic protected health information while operating in emergency mode. • (D) Testing and revision procedures (Addressable). Implement procedures for periodic testing and revision of contingency plans. • (E) Applications and data criticality analysis (Addressable). Assess the relative criticality of specific applications and data in support of other contingency plan components. © 2009 Data Mountain LLC | All Rights Reserved.
  • Discussion Agenda 1. Quick Introductions 2. Case for Action – Why Bother 3. Common Threats 4. Where/How Data Backup Fits into Business Resumption Planning 5. Seven (7) Critical Questions 6. How Online Data Backup and Recovery Works 7. Summary 9 © 2009 Data Mountain LLC | All Rights Reserved.
  • All Types of Disasters Strike • Natural / Environmental – Tornado, Hurricane, Earthquake, Snow storms, etc. • Intentional Acts of Destruction – Viruses, Worms, Spyware, Arson, Terrorism, etc. • Unintentional Acts of Destruction – Cable cut, Plumbing, Employee error, etc. “Every state in the country will suffer a natural disaster in the next two years.” U.S. Small Business Administration (SBA) 10 © 2009 Data Mountain LLC | All Rights Reserved.
  • Facts and Reality • 93% of companies that experience a significant data loss will be out of business within five years. • Of the companies that lose their data in a disaster, nearly 50% never reopen their doors at all! • 7 of 10 SMBs that experience a major data loss go out of business within a year. (Source: U.S. Department of Labor; University of Texas; DTI/Price Waterhouse Coopers) 11 © 2009 Data Mountain LLC | All Rights Reserved.
  • More Reality… Relevant Data Loss and Data Breach Statistics • 1 in 10 …laptop computers will be stolen within the first 12 months of purchase • 97% …of lost and stolen notebooks are never recovered • 50% …of organizations reported laptop theft • Every 43 seconds …a computer is reported stolen • Every 3 days … an information security breach is reported in the Bad stuff happens to data and U.S. computers all too often…and • 82% …of all PC’s will be mobile devices the 2008, is increasing… by trend increasing 4 times as fast as PCs • 4,425 …laptops reported left behind in Chicago taxis during a six month period • 56 million …individuals affected by significant U.S. data security breaches, 2005 • 1 billion …PC users expected by 2010, up from 660-670 million today • 57% …of corporate crimes are linked to stolen laptops. The latest crimes of espionage and sabotage are theft of executive personnel devices to access vital financial or personnel data. (data source: http://datarevoke.com) 12 © 2009 Data Mountain LLC | All Rights Reserved.
  • Discussion Agenda 1. Quick Introductions 2. Case for Action – Why Bother 3. Common Threats 4. Where/How Data Backup Fits into Business Resumption Planning 5. Seven (7) Critical Questions 6. How Online Data Backup and Recovery Works 7. Summary 13 © 2009 Data Mountain LLC | All Rights Reserved.
  • Elements of Business Resumption Planning Business Continuity Data Backup Plan and Restoration Plan Disaster Recovery Plan © 2009 Data Mountain LLC | All Rights Reserved. 14
  • Discussion Agenda 1. Quick Introductions 2. Case for Action – Why Bother 3. Common Threats 4. Where/How Data Backup Fits into Business Resumption Planning 5. Seven (7) Critical Questions 6. How Online Data Backup and Recovery Works 7. Summary 15 © 2009 Data Mountain LLC | All Rights Reserved.
  • Seven (7) Critical Questions 1. Does the service provide a complete, end-to-end data protection process? 2. Does the service meet your business, business continuity, disaster recovery business and data retention objectives? 3. Does the service provide reliable data protection? 4. Does the service provide for easy, fast, accurate and complete recovery? 5. Is the service fully automated, providing efficient, “hands free” operations? 6. Does the vendor have long-term experience in this business, financial stability and a long-term future? 7. Does the service provider meet or exceed your industry standards for Security and Regulatory Compliance for encryption, etc? 16 © 2009 Data Mountain LLC | All Rights Reserved.
  • Business Objectives • RTO – Recovery Time Objective • How fast does the business / process need to be operational again? • OR, said another way, what is the maximum allowable downtime for that process? • RPO – Recovery Point Objective • Back to what point in time is it acceptable to resume / restart / recreate operational activity? • OR, said another way, how much data, time, productivity can we afford to lose? • DLE - Data Loss Event • Not all “events” are created equal – not equal impact and not equal frequency or probaility… against which “events” are going to focus? 17 © 2009 Data Mountain LLC | All Rights Reserved.
  • Data Loss Event Pyramid Against Site which Data Loss Events are you building System Severity your plan? Database / Exchange Multi-Files / Folders Single File © 2009 Data Mountain LLC | All Rights Reserved. Frequency 18
  • Discussion Agenda 1. Quick Introductions 2. Case for Action – Why Bother 3. Common Threats 4. Where/How Data Backup Fits into Business Resumption Planning 5. Seven (7) Critical Questions 6. How Online Data Backup and Recovery Works 7. Summary 19 © 2009 Data Mountain LLC | All Rights Reserved.
  • How It Works: Automated Server Data Protection and Recovery Microsoft® , Linux®, or Sun® Solaris® Server Continuous Secure and safe Backup • National underground Data Center Mirrored facility (NUS) Data available Data Center • Fully automated for recovery backup • End to End 256-bit • Rapid recovery AES Secure Authentication • Secure socket layer (SSL) TCP/IP Centrally managed Flexible bandwidth • 24/7/365 web portal management • Remote administration • Bandwidth throttling and monitoring • Unique delta backup and restore technology • Optional TurboRestore Remote recovery appliance Administration • Off-Site and Monitoring • Out of Reach 24/7/365 20 © 2009 Data Mountain LLC | All Rights Reserved.
  • Onsite Recovery Appliance: Fast Local Restore Linux®, Sun® Solaris® or Microsoft® Server OPTIONAL Data Center Mirrored Onsite Data available Data Center for recovery Appliance • Optional onsite device stores recent history • Fast local restore for excellent RTO TCP/IP • Self-managed with no human intervention • “Extra peace of mind” Remote Administration • Off-Site and Monitoring • Out of Reach 24/7/365 21 © 2009 Data Mountain LLC | All Rights Reserved.
  • Business Resumption Planning Resources Visit: http://www.datamountain.com/Resources/Disaster_Recovery_Planning/ • National Institute of Standards and Technology (NIST) “Risk Management Guide for Information Technology Systems” • FEMA Emergency Planning Guide • An Overview of the Disaster Recovery Planning Process • Sample Business Recovery Plan • NIST Security Controls: Covers 17 key security focus areas, including risk assessment, contingency planning, and incident response, for protecting Federal computer systems 22 © 2009 Data Mountain LLC | All Rights Reserved.
  • Discussion Agenda 1. Quick Introductions 2. Case for Action – Why Bother 3. Common Threats 4. Where/How Data Backup Fits into Business Resumption Planning 5. Seven (7) Critical Questions 6. How Online Data Backup and Recovery Works 7. Summary 23 © 2009 Data Mountain LLC | All Rights Reserved.
  • Best Practices: What To Look For When Selecting A Solution Address Entire Data Protection Process Meet Your Business Objectives RTO/RPO/DLE Reliable Backup and Recovery …and Track Record Fast and Accurate and Complete Recovery Free of Manual, Complex Tasks Vendor Experience, Longevity and Experience Meet Your Security/Privacy Regulatory Requirements © 2009 Data Mountain LLC | All Rights Reserved.
  • Worst Practices: What To Avoid When Selecting A Solution Emphasizes backup and not recovery Does not address RTO/RPO/DLE business objectives Poor or non-existent track record of recovery Cumbersome and slow online recovery processes Unencrypted (ZIP) files sent for recovery Lack of or poor Vendor Experience Unencrypted media (DVDs/CDs) sent through mail © 2009 Data Mountain LLC | All Rights Reserved.
  • Summary • Get serious about real data protection • Develop your critical questions and criteria • Formalize your selection process • Try, before you buy • Remember the key pieces (prior slide) • Remember: without your data, all else is for naught!  Seriously consider offsite, electronic data vaulting  Seriously consider Data Mountain! 26 © 2009 Data Mountain LLC | All Rights Reserved.
  • Cloud Storage Solutions Portfolio Connected® Back-Up eDiscovery Services LiveVault® Server for PCs & Macs Organizes your data for fast access for timely responses to Backup Protects distributed corporate litigation inquires. assets while greatly reducing Provides continuous, file share storage and automatic back-up for support requirements enterprise remote offices or small & medium-sized businesses Total Email Management Suite (TEMS) Provides indexed archiving, mailbox management, security & redundancy for email environment plus eDiscovery Virtual File Store Reduces costs associated with storing, managing and protecting infrequently accessed “inactive” data Digital Record Center™ for Medical Images Ensures regulatory compliance; Provides long-term archiving and disaster recovery cost efficiently. 27 © 2009 Data Mountain LLC | All Rights Reserved.
  • Complimentary Assessment -- Data Disaster Recovery Preparedness Thank you for attending! www.DataMountain.com 28 © 2009 Data Mountain LLC | All Rights Reserved.
  • Contact Bob Chaput bob.chaput@datamountain.com Phone: 800-704-3394 or 615-656-4299 Connect: www.linkedin.com/in/bobchaput Follow me: Twitter.com/bobchaput Data Mountain, LLC 29 © 2009 Data Mountain LLC | All Rights Reserved.
  • Backup material 30 © 2009 Data Mountain LLC | All Rights Reserved.
  • 1. Does the service provide a complete, end-to- end data protection process? a. Does it offer continuous, disk-based data protection (CDP) such that it protects your data as it changes? b. Does the service take your data offsite immediately providing protection against site disasters? c. Is your data then accessible from anywhere, anytime via a web- enabled interface? d. Does the service provide integrated archiving of long-term backups in a secure offsite facility? e. Is your data protected from virus, corruption and unexpected events in the storage facility? f. Does the service provide an optional local recovery appliance to enable high-speed, local disk-based restores? 31 © 2009 Data Mountain LLC | All Rights Reserved.
  • 2. Does the service meet your business, business continuity, disaster recovery business and data retention objectives? a. Will the service enable you to meet your Recovery Time Objectives (RTOs) for your critical business processes? b. Will the service enable you to meet your Recovery Point Objectives (RPOs) for your critical business processes? c. Does the service protect you against all possible Data Loss Events and threats that may cause you to lose data? d. Does the service allow for recovery to alternative locations and alternative hardware platforms? e. Does the service offer a choice of retention periods (e.g., 30-day, 3-month, 1-year, 7-years) appropriate to the requirements for types of data stored? f. Does the service provide for the migration of data as desired to a digital archive service? g. Does the service provide for the recovery of data on demand through a complementary eDiscovery service? h. Does the service provide support of all the platforms that you must protect – e.g., Windows®, Linux, VMware®, etc? i. Does the service offer pricing plans and architecture that makes capacity planning and budgeting easy and predictable? 32 © 2009 Data Mountain LLC | All Rights Reserved.
  • 3. Does the service provide reliable data protection? a. Does the service natively and inherently protect databases & open files such as Exchange, SQL Server, Oracle, and others without add-on software agents? b. Does the service provide end-to-end security including Encryption, Authentication and Digital Signatures? c. Does the service provider ensure recovery with an SLA backing the recoverability of your data? d. Is your data stored in more than one data center? Is it also mirrored in a redundant secondary data center? e. Does the vendor/service assure complete protection of backup and restore jobs from node failures and network resilience problems? f. Does the service provide automatic checkpoint-restarts if backup or restore jobs are interrupted? 33 © 2009 Data Mountain LLC | All Rights Reserved.
  • 4. Does the service provide for easy, fast, accurate and complete recovery? a. Does the service provide an optional Local Recovery Appliance to enable high-speed, local disk-based restores? b. Are you able to recover current data (within minutes), not just last night’s backup image? c. Does the service provide for granular recovery down to folder and individual file levels, including multiple restorable images per day? d. Are you able to perform “Change Only Recovery” such as “Delta Restore” which provides huge performance improvements on recovery time? e. Does the service offer Full System Recovery (versus data only) backup and restore as integral part of service? f. Does this service offer free, unlimited, immediate Internet-based restores 24/7/365? g. Does this service allow for very large data sets to be shipped on secure, encrypted removable media for fast disaster recovery? 34 © 2009 Data Mountain LLC | All Rights Reserved.
  • 5. Is the service fully automated, providing efficient, “hands free” operations? a. Does the service have “Set-it-and-forget-it” capabilities? b. Does the service offer 24/7 proactive monitoring of your backup policies and centralized control of processes, status, inventories, and reporting? c. Are you automatically notified of any backup issues through an automated alert system? d. Is the task of reviewing and managing error logs each day automated? e. Are you able to perform restores anytime, anywhere you have web access? f. Are onsite appliances or devices integrated seamlessly into the backup process? g. Does the service provide data reduction technologies that include snapshots, filters, delta engine and automatic de-duplication of data? 35 © 2009 Data Mountain LLC | All Rights Reserved.
  • 6. Does the vendor have long-term experience in this business, financial stability and a long-term future? a. Has this vendor been in the data protection and/or online data backup and recovery business for 10 or more years? b. Is the vendor a reputable, publicly traded company listed on a major exchange? c. Does the vendor do business with large, known companies and businesses in your industry? d. Does this vendor’s backup and recovery service form an integral part of a broader spectrum of information management and data protection services? e. Is this vendor leveraging existing capacity for additional revenue only or is their service a core offering? f. Does this vendor offer a full spectrum of information management and data protection services? g. Has the vendors offering been proven and tested as evidence by thousands of customers and multiple Petabytes of data under management? h. Does the vendor have a full complement of engineering, operations and customer service staff dedicated to their data protection business? i. Does the vendor “own” all systems, facilities, processes, engineering and operational responsibilities for the service rather than outsourcing parts of it to others? 36 © 2009 Data Mountain LLC | All Rights Reserved.
  • 7. Does the service provider meet or exceed your industry standards for Security and Regulatory Compliance? a. Is this vendor a publicly traded company subject to, aware of and experienced in Sarbanes-Oxley-type regulations? b. Is your data encrypted at all times while “in transit” and “at rest” throughout the backup and recovery processes? c. Is the vendor expert in and compliant with (e.g., will they sign HIPAA Business Associate agreement?) privacy and security regulations including but not limited to: GLBA, SOX, HIPAA, FACTA, Patriot Act, PCI DSS, etc? d. Does the vendor offer encryption key escrow and the ability to retrieve lost encryption keys from escrow? e. Are all media restores completed using secure, encrypted removable media that meets regulatory requirements? f. Does service provider maintain the data vaults/storage facilities with proven track record in security? g. Are the service provider’s data centers locally globally to accommodate regional security and privacy regulations? h. Does the vendor maintain certifications appropriate to the data stored (e.g., PCI DSS compliance, SysTrust assurance, a BRUNS-Pak Level 9 or above rating)? 37 © 2009 Data Mountain LLC | All Rights Reserved.