Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

DWPIA Whitepaper - Three C’s for Data Protection: Comprehensive, Convenient, and Cost-effective


Published on

The ever-increasing digitization of information: documents, customer records, employ-ee records, financial records, and media collections (photos, music, etc.), is forcing companies to store more and more data. The expansion of data in our lives seems inevi-table and the Internet is certainly the driving force. More and more, we rely on data to run our businesses. Today, protecting our data means protecting our livelihoods.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

DWPIA Whitepaper - Three C’s for Data Protection: Comprehensive, Convenient, and Cost-effective

  1. 1. White Paper A White Paper from DWP Information Architects, Inc. This report is not intended to answer every question you might have about the subject at hand. This report consists of the opinions and current thoughts of the author at the time of pub- lication. This report is intended to give general advice and information with regard to its subject mat- ter. It is distributed with the understanding that the author, publisher, and DWP Infor- mation Architects are not ren- dering specific advice for any specific company or organiza- tion. DWP Information Architects would be happy to review your current systems and to offer appropriate context-specific advice. DWP Information Architects and the authors will not be lia- ble to any person or organiza- tion for any actions they take as a result of the information contained in this report. In other words, you’re responsi- ble for your own actions. Telephone: 866-995-4488 Email: Web: Three C’s for Data Protection Comprehensive, Convenient, and Cost­effective By Praerit Garg and Denis Wilson The ever-increasing digitization of information: documents, customer records, employ- ee records, financial records, and media collections (photos, music, etc.), is forcing companies to store more and more data. The expansion of data in our lives seems inevi- table and the Internet is certainly the driving force. More and more, we rely on data to run our businesses. Today, protecting our data means protecting our livelihoods. Why, then, do most small to medium businesses (SMBs) fail to have a data protection plan? The U.S. Bureau of Labor Statistics reports that the majority of SMBs never recover from a catastrophic data loss. Unlike the loss of physical assets such as build- ing and equipment, which can be replaced quickly through insurance payouts, lost data offers very little recourse. Moreover, data theft can be just as damaging — if not more. It is no surprise that data protection is now a top of mind concern for most SMBs. It can be the difference between being in business and not. A data protection solution must succeed across three dimensions in order to meet the needs of SMBs: Comprehensive – it must address all facets of data protection – human errors, hardware/software failures, disasters such as theft, fire, flooding, etc. Convenience – it must be set-and-forget. SMBs are strapped for resources so any solution that requires constant care will not be effective. Cost­effective – last, but not least, it must fit an SMB budget. SMBs have a very limited budget for IT overall – a few hundred dollars per month is pretty typi- cal. Data protection is only one part of the overall IT budget. Any solution needs to have a price that doesn’t change dramatically month to month ‐‐particularly with ever increasing amounts of data. Curerent Data Protection Solutions Onsite disk backups – According to research from IDC, 58% of SMBs only do lo- cal backup. Local backups are a critical first step in any good data protection A Product of Web: Email: DWP Information Architects Inc. Phone 866-995-4488
  2. 2. Page 2 Ph: 866-995-4488 Email plan. There are several well-known backup applications on the market. Both the Windows and Mac operating systems have native applications and there are several third party applica- tions from vendors like StorageCraft and Symantec. Local backup provides adequate protection against common data loss associated with human errors, hardware failures, etc. However, local backups alone are not a sufficient data protection solu- tion. They do not protect against situations of theft, natural disasters like flooding or fire, or multiple hardware failures that could be caused by something as simple as a power surge. Tape rotations – The IDC research indicates that about 16% of SMBs use tapes for backup. Historically, tapes have served as a popular backup medium because they are portable and inexpensive. This meant that a business was able to get both onsite and offsite data protection using a tape rotation strate- gy. That said, industry data show that 50-70% of tape-based backups cannot be restored. With 1TB USB hard drives now available for $100 or less, tapes are nearly, if not already, obso- lete. External hard drives – They are a good replacement for tapes. They provide high capacity, are very fast, and are eco- nomical and portable. Like tapes, external hard drives address some of the limitations of local backups. They can be taken offsite. This means that if a process is setup to regularly rotate external hard drives, you not only have a good local backup but also one that is offsite and may be just a few days old. The challenge with this solution (and tape) is the high human in- volvement which, by its very nature, is error prone. Some per- son or persons in an organization must now take the responsi- bility for diligently following the process. In SMBs, there is always a shortage of human resources and this task is not something that is core to the day to day functioning of the busi- ness. As a result, it rarely happens. Even in the situations when it does happen, the manual transportation process has risks – dropping and damaging the drive, losing it somewhere on the way, theft, etc. Data center­based online backups – Increasingly, data center-based online backups are becoming a choice for a set-n- forget data protection solution. With the ubiquity of Internet access and ever growing bandwidth, online backups are becom- ing an attractive alternative. Not only is the data now backed‐ up offsite, it is done so automatically with no constant human involvement. Despite the attractiveness of this solution, the IDC data sug- gests that only 10% of SMBs are using online backup solu- tions. This is surprising given the fact that online backup solu- tions have been around for over 10 years. There may be sever- al reasons that help explain this slow adoption in the market: Cost. Storing data in data centers is prohibitively expen- sive – as much as several dollars per GB per month in some cases. This adds up quickly for an SMB– several hundred dollars per month for just a few 100 GBs of da- ta. In contrast, a hard disk rotation solution using a couple of 1TB external hard drives can be implemented for a one- time cost of about $200. Security. A significant concern with online solutions has been around the security of the data stored in data centers. Copies of sensitive data are sitting in some re- mote data center. What kind of security does the facility have? Who has access to the facility and what kind of trust can be placed on these unknown individu- als. Additionally, the stored data is co‐mingled with the data from other companies– potentially competi- tors. What types of data isolation, access controls, and protective measures are in place to ensure there is no breach? None of these issues are relevant in the disk rotation solution because the disks are under the control of the business. Time to initial backup. With limited upload band- width, companies with large data sources aren’t particu- larly motivated if it is going to take several weeks to get that first backup uploaded. Online vendors must pay substantially for data center bandwidth so they tend to “throttle” incoming traffic across multiple clients to manage their costs. By comparison, backup to an exter- nal hard drive is blazingly fast. Time to restore. Given the rare nature of disaster, even if a company does overcome the hurdle of time to initial backup (a one‐time event), restore becomes an even greater challenge. Again, given limited bandwidth and backend throttling by the vendors, a restore could take many days to complete for companies with substantial amounts of data. By comparison, it is much quicker to restore data from a local drive and in the case of a real disaster, bring back the one that was rotated offsite. Maturity of backup software. One of the most prob- lematic aspects of data protection is doing a restore after a data loss. Anyone with data protection experience will be quick to remind that backup is easy, restore is hard. The true strength and quality of backup software is only evident when a restore is necessary. This makes selection of the right backup software critical. Most online backup services require use of their own backup software. These new applications do not have the ma- turity of local backup solutions that have existed for years. Asking customers to switch to untested, unprov- en backup solutions creates significant friction. Support. When a disaster happens, the last thing a busi- ness owner wants to do is call an 800 number and be placed on hold. This adds insult to injury. SMBs need local help from someone who understands their systems and who can start the recovery process right away. Most online backup solutions are impersonal web and phone based services. This makes gaining customer trust in- creasingly difficult. Despite these challenges, some online solutions address these issues with varying degrees of effectiveness: Cost – has been decreasing as the cost of storage hardware has decreased. That said, online storage services remain several orders of magnitude more expensive than local stor-
  3. 3. Page 3 Ph: 866-995-4488 Email age. For example, you can easily buy a 1TB USB drive for $100. The cost to backup 1 TB of data using an online service can be $500 per month. Freakonomics, right? This is due to the simple fact that the cost of hardware is only a small fraction of the overall costs of running a data center. The capital and operational expenditures required to build and run a data center account for as much as 82% of fully loaded costs. In addition, data centers need to be over-provisioned in order to handle potential demand. This, of course, increases the overall costs that ultimately must be paid by customers. Security – most solutions now encrypt the data on a custom- er’s computer prior to sending it to the offsite facility. This, however, means that customers now have to manage their en- cryption keys. Losing these keys could render the data irrecov- erable. Creating and managing keys is yet another point of friction. Time to backup – a few solutions enable customers to have an onsite backup to a dedicated backup device which then trickles your data to their backend data centers over time. Some also allow you to mail in (e.g. via FedEx) a hard drive with the cus- tomer’s initial backup to their data center for fast upload. Each of these options typically costs thousands of additional dollars. Time to restore – some solutions offer overnight mailing of DVDs or hard drives to enable a quicker restore. This requires an additional fee. Maturity of backup software – most online solutions do not address this. In only one case where the vendor is providing an onsite + offsite solution, have we seen the use of industry standard backup software. Support – most online solutions do not have a strong local channel model. This is due to the high cost of goods, as dis- cussed earlier. This shrinks the target market significantly and leaves very little margin for the channel to be motivated to pro- vide local sales and the necessary support. To summarize, let’s evaluate the current data protection solu- tions across the three dimensions outlined above: Comprehensive – does the solution adequately cover all as- pects of the data protection problem? Convenient – how much effort needs to be expended regularly to achieve the necessary data protection with this solution? Is it really set-n-forget or not? Cost-effective – is the solution affordable to an SMB? Unfortunately, none of the current solutions on the market suc- ceed at being comprehensive, convenient, and cost- effective. The best you can do is achieve two out of three Cs. Creating a comprehensive, convenient, and cost- effective solution The Cooperative Storage Cloud takes the best attributes of each solution listed above and combines them into one compre- hensive, convenient, and cost-effective solution. Like disk rotation and online solutions, it is comprehen- sive. Like onsite disk backup and online solutions, it is con- venient. Like onsite disk backup and disk rotation, it is cost‐ effective. Here’s an easy way to think about it: imagine a disk backup and rotation solution without the need to rotate disks and store them off-site. You use your favorite backup software – we support them all. You configure the two disks you were going to do rota- tion with using storage space on an existing server or by adding USB drives, once. You configure your local backup to one of those to disks. The other is a “spare”. Using the power of the Internet and the innovative Co- operative Storage Cloud (CSC, for short) technology, you trade your local ”spare” disk for a much more relia- ble and secure virtual backup drive in the storage cloud. Your local backups are automatically mirrored to this virtual drive in the CSC. The result: a data protection solution that is comprehensive, convenient, and cost-effective. Achieving the Three C’s Comprehensive – the solution is comprehensive because it addresses all dimensions of data protection: Onsite local disk backup provides fast, efficient restore capability for most common data loss cases – human error, corruption, primary hardware failure, etc. Backups are done using any backup software that the you are comfortable with – e.g. built-in backup in Windows, StorageCraft ShadowProtect, Symantec Back- up Exec, etc. (We like to see backup software that does a comprehensive job of reporting, and the latter two choic- es are both good examples). Local backups are on the physical premises and are as protected as the live data. Solution Comprehensive Convenient Cost-effective Onsite disk backup No Yes Yes Tape rotation No No Yes Disk rotation Yes No Yes Data center-based online backups Some Yes No
  4. 4. Page 4 Ph: 866-995-4488 Email Data can be encrypted using any standard encryption tech- nology. Some backup software includes built-in compres- sion and encryption capability. Using the NetCare-provided backup agent, local backups are automatically mirrored into a virtual disk in the CSC. This provides the offsite protection against local disasters – theft, flooding, fire, etc. The backup agent en- crypts the data locally (prior to mirroring to the cloud) using a federally-certified, military-grade encryption algo- rithm – 256bit AES. This ensures that no business data leaves the customer’s systems without adequate protec- tion. Every block of 64MB is encrypted using a 256bit random key. This means that even in the highly unlikely event that such a key is compromised; only one block of data may be at risk. File and associated block information, including all block keys, are stored securely in the Cloud Control Only properly authorized and authenticated backup agents running at the customer premises is able to store and re- trieve file and block information from the Cloud Con- trol. The information is always protected using SSL in transit. The backup agent itself must authenticate to the Cloud Control using a large random key to gain access to file and block information including keys that were used to encrypt its blocks. An initial password is issued exactly once to a trusted service provider during the software installation process at a given customer site. It is immediately changed by the software after the installation is complet- ed. This means that only the backup agent at the customer site and the Cloud Control know the authenticating keys used for storing and accessing customer specific file and block meta-data. Furthermore, in the event of a disaster, a brand new installation must be performed to recover the custom- er data from the CSC. This requires a new key that can be obtained only by the trusted service provider by doing a reset operation in the Cloud Dashboard. Reset operation renders the old keys useless eliminating any potential risk associated with lost keys. This new key is also immediate- ly changed after installation to ensure that only the backup agent running at customer site has access to the sensitive customer information. This approach enables a highly secure yet fully automated key management solution. The encrypted data blocks are redundantly dispersed to thousands of other randomly selected participating systems running at other customer sites in the CSC. Resulting in unparalleled security, availability, durability and speed. This is done as follows: Each 64MB block of encrypted data is divided up into 64 1MB fragments. 32 1MB parity fragments are added to make a total of 96 1MB fragments for every 64MB en- crypted block. Parity fragments are generated using the industry standard Reed Solomon encoding scheme which enables any 64 out of 96 fragments to be sufficient for recreating the block. These 96 fragments are then sent to 96 randomly selected computers operating within the CSC. Unparalleled Security: Dispersing the encrypted fragments to random location implies that there is no one place where the entire data set is stored outside of the customer’s premis- es. In order to breach this security, 96 random computers would have to be discovered and contacted for every 64MB block. Each block would then need to be decrypted using a random 256bit key which can only be obtained by first breaching the Cloud Control. This process would have to be repeated for every block for the entire file to be re- assembled. This is truly superior to any other data security solution in the market today. High Availability: Using this technique means that as many as 33 systems (each storing one fragment of the block) must fail at the same time for the block to be inaccessible at that instance. The probability that 33 out of the given 96 happen to fail at the same time is infinitesimally small Strong durability: With 32 parity fragments for every 64 original, the system has sufficient redundancy to protect against any type of failure. As a comparison, RAID 5 has only 1 parity fragment for every 4 original and is regarded as a highly robust data storage system. Blazing speed: Taking a 64MB block and transforming it into 96 1MB fragments – each of which go to different loca- tions on the Internet – enables the CSC to achieve very high levels of parallelism during uploads and downloads. Assum- ing sufficient bandwidth, the net effect of this is equivalent to 64MB of data getting transferred in roughly the same amount of time as it would take to transfer 1MB of data be- tween a server in the data center and customer’s comput- er! That is potentially a 64X increase in speed compared to traditional data centers! Convenient – the solution is truly “set and forget” with several convenient attributes: Simple to set-up. The system requires a 5 minute download and installation of the backup agent software on a designated computer at a customer site. True set and forget. Once the software is setup, it never needs to be touched again unless there is a human error, hardware/software failure, or a disaster. It runs in the back- ground and automatically mirrors the local backups into the storage cloud per the configuration defined during setup. Highly secure, yet no keys to manage. The CSC solution is architected to be secure without compromising conven- ience. As discussed earlier, each block of data is encrypted using a random 256 bit key. From security perspective, this means that no two blocks are encrypted using the same key and having a key for one doesn’t mean you can decrypt an- other block. What is even more important is the fact that
  5. 5. Page 5 Ph: 866-995-4488 Email none of these keys needs to be stored and managed on the cus- tomer site. They are stored securely in Cloud Control and made available only to authenticated and trusted Symform soft- ware running at the customer site over an SSL protected secure channel. Regular email reports. Clients receive a regular email report providing them the status of their participation in the Coopera- tive Storage Cloud. Local support. In the event of a disaster, you will not be deal- ing with an unknown voice across a phone line, but with some- one they already know and trust. Optional locally stored data. The unique mirroring technolo- gy built into the CSC enables us to optionally host a hot standby of your data at the our office. This means that busi- nesses who want this level of support can recover and be opera- tional within a few hours after a disaster. Time is money. Multiple options for a large initial backup. The CSC is dis- tributed across the Internet so there is no one data center where customers must send their initial backups. You simply work with your service provider to adopt the best strategy for pro- tecting their initial backup. The options for initial backup are: • Upload into the storage cloud at the your site. It will need to be done only once. The time required to do this will depend on the your bandwidth. • Or simply create a copy and perform the upload to the DWP site. • Elect not to upload to the cloud, but simply keep a safe offsite mirror. Use the storage cloud for mirroring incre- mental backups only. Cost­effective – the solution is extremely affordable and cre- ates an immediate ROI relative to the alternatives. For the price of a couple of large hard drives plus an economical flat monthly fee, businesses get a comprehensive, convenient data protection solution. The best part is that the customer can use as much storage as needed to achieve comprehensive data pro- tection. No more per GB fees. No more increases in expenses every year. Call to Action We encourage you to ask us to create a comprehensive, con- venient, and cost-effective data protection solution using the unique Cooperative Storage Cloud. You can stop worrying about data loss forever. We Can Help DWP Information Architects is knowledgeable, profes- sional, and experienced. We have built hundreds of backup systems. Our clients have included many small and mid-sized businesses. We also manage networks and backup systems for companies all across the Ventura, Santa Barbara and Los Angeles counties. If we can help you, please contact us today: DWP Information Architects, Inc. Phone 866-995-4488 Email Web
  6. 6. Page 6 Ph: 866-995-4488 Email About DWP Information Architects DWP Information Architects is Ventura, Santa Barbara and Los Angeles counties premier Microsoft Partner. We were founded in 2002 and have been providing managed care for computer systems since the day we opened our doors. We manage your entire I.T. (information technology) system so you can do . . . whatever it is you do. Because of our investment in the best people and the best consulting tools available, we can provide a level of ser- vice and support normally only available to very large companies. We make it possible for small and medium size business- es (SMB's) to have:  A real, fulltime I.T. department  Service ticketing  Project management  Limited budget  24x7 monitoring  Automated patching of computer systems  Access to absolute top-notch tech support And we do it for less than what most companies are pay- ing for "a computer guy." Company Overview DWP Information Architects is a consulting firm that specializes in managing your entire information tech- nology infrastructure. That means Internet connectivity, Windows operating systems, and Microsoft Networks. We can help you with:  General Tech Support (Desktops, Servers, Monthly maintenance)  Setting Up Microsoft Windows networks  Microsoft Exchange Server  Microsoft Server 2012  Choosing, Installing, and Managing Email Services  Backups, Fault Tolerance, Failover Systems  Getting Connected to the Internet (Choosing an ISP, Frame Relay, Other Options)  Keeping Your Network Up and On the Net  TCP/IP  Networking Domain Control  Troubleshooting  Choosing, Installing, and Creating Content for Web Services  Remote Access Solutions  Fax Services  Security and Firewalls  Domain Name Service (DNS)  Maintaining your Network  Disaster Recovery Preparation and Services  Configuring Network Hardware, such as Routers, DSU/CSUs, Hubs, Switches, etc. DWP Information Architects, Inc. Knowledgeable — Professional — Experienced The author is Denis S. Wilson, President and Principal Consult- ant for DWP Information Archi- tects Inc. in Thousand Oaks, CA. The co-author is Praerit Garg of Symform in Seattle WA, a sub- ject matter expert.
  7. 7. DWP Information Architects, Inc. Knowledgeable — Professional — Experienced Designing, building, and supporting networks for small and medium sized businesses since 2002. Call 866-995-4488