Contenu connexe
Similaire à Guide to Choosing Online Backup Services
Similaire à Guide to Choosing Online Backup Services (20)
Guide to Choosing Online Backup Services
- 1. …Welcome to …
A Buyer’s Guide - What to Look
For in Online Backup and
Recovery Services
2010
Bob Chaput
615-656-4299 or 800-704-3394
bob.chaput@datamountain.com
Data Mountain, LLC
1
© 2009 Data Mountain LLC | All Rights Reserved.
- 2. Background & Motivation
• We are often asked, "How do I go about selecting an
online data backup and recovery service?”
• Unfortunately, in this market, unlike in the insurance
marketplace, we do not have an A.M. Best, a Moody,
a Standard and Poor or a Wiess Research publishing
financial strength ratings on industry players. Nor do
we have a J.D. Powers & Associates!
• To help organizations navigate through a market
where there are new players almost every week and
horrific stories of lost data almost every month.
2
© 2009 Data Mountain LLC | All Rights Reserved.
- 3. Objectives Today
Learn all the right questions to ask and how to be
assured that:
• Your business goals (RTO, RPO, DLE) will be met
• Your data will really be protected
• You can actually recovery your data
• Your data will be secure at all times
• Your service provider has been and will be here
for the long-haul
3
© 2009 Data Mountain LLC | All Rights Reserved.
- 4. Discussion Agenda
1. Quick Introductions
2. Case for Action – Why Bother
3. Common Threats
4. Where/How Data Backup Fits into Business
Resumption Planning
5. Seven (7) Critical Questions
6. How Online Data Backup and Recovery Works
7. Summary
4
© 2009 Data Mountain LLC | All Rights Reserved.
- 5. About Your Speaker – Bob Chaput
• President – Data Mountain LLC
• 30+ years in Business and Technology
• Executive | Educator |Entrepreneur
• Global Executive: GE, JNJ, HWAY
• Responsible for largest healthcare datasets
• 25 years DR / BC experience
• 20 years Regulated-Industry Experience
• BA, MA – Mathematics; GE – FMP; Vanderbilt; HPI
• Numerous Technical Certifications
• Serve customers of all sizes in all industries
• 6 years - Channel Partner/Reseller for Iron Mountain Digital
• Expertise and Focus: Healthcare, Financial Services, Legal
• Member: ACHE, NTC, Chambers, Boards
• Passion: Helping business owners and managers manage risks:
Risk of being out of regulatory compliance
Risk of going out of business
Risk of throwing money away on phony/ineffective solutions
5
© 2009 Data Mountain LLC | All Rights Reserved.
- 6. Discussion Agenda
1. Quick Introductions
2. Case for Action – Why Bother
3. Common Threats
4. Where/How Data Backup Fits into Business
Resumption Planning
5. Seven (7) Critical Questions
6. How Online Data Backup and Recovery Works
7. Summary
6
© 2009 Data Mountain LLC | All Rights Reserved.
- 7. Why Bother?
Lost data exposes your business
and clients to business disruption
and possible legal set backs
Business and client data is more
visible and valuable than ever…
and more vulnerable
than ever
And, now, it’s law !!!
(GLBA, HIPAA, HITECH, SOX, SEC Rule 17a, PCI DSS,
FACTA, State Regulations, etc) 7
© 2009 Data Mountain LLC | All Rights Reserved.
- 8. HIPAA Security Rule – Example
§ 164.308 Administrative safeguards.
• (7)(i) Standard: Contingency plan. Establish (and implement as needed) policies
and procedures for responding to an emergency or other occurrence (for
example, fire, vandalism, system failure, and natural disaster) that damages
systems that contain electronic protected health information.
• (ii) Implementation specifications:
• (A) Data backup plan (Required). Establish and implement procedures to create
and maintain retrievable exact copies of electronic protected health
information.
• (B) Disaster recovery plan (Required). Establish (and implement as needed)
procedures to restore any loss of data.
• (C) Emergency mode operation plan (Required). Establish (and implement as
needed) procedures to enable continuation of critical business processes for
protection of the security of electronic protected health information while
operating in emergency mode.
• (D) Testing and revision procedures (Addressable). Implement procedures for
periodic testing and revision of contingency plans.
• (E) Applications and data criticality analysis (Addressable). Assess the relative
criticality of specific applications and data in support of other contingency plan
components.
© 2009 Data Mountain LLC | All Rights Reserved.
- 9. Discussion Agenda
1. Quick Introductions
2. Case for Action – Why Bother
3. Common Threats
4. Where/How Data Backup Fits into Business
Resumption Planning
5. Seven (7) Critical Questions
6. How Online Data Backup and Recovery Works
7. Summary
9
© 2009 Data Mountain LLC | All Rights Reserved.
- 10. All Types of Disasters Strike
• Natural / Environmental
– Tornado, Hurricane,
Earthquake, Snow storms,
etc.
• Intentional Acts of
Destruction
– Viruses, Worms, Spyware,
Arson, Terrorism, etc.
• Unintentional Acts of
Destruction
– Cable cut, Plumbing,
Employee error, etc.
“Every state in the country will suffer a natural disaster in the next
two years.”
U.S. Small Business Administration (SBA)
10
© 2009 Data Mountain LLC | All Rights Reserved.
- 11. Facts and Reality
• 93% of companies that experience a significant data loss will be out
of business within five years.
• Of the companies that lose their data in a disaster, nearly 50% never
reopen their doors at all!
• 7 of 10 SMBs that experience a major data loss go out of business
within a year.
(Source: U.S. Department of Labor; University of Texas; DTI/Price Waterhouse Coopers)
11
© 2009 Data Mountain LLC | All Rights Reserved.
- 12. More Reality…
Relevant Data Loss and Data Breach Statistics
• 1 in 10 …laptop computers will be stolen within the first 12 months
of purchase
• 97% …of lost and stolen notebooks are never recovered
• 50% …of organizations reported laptop theft
• Every 43 seconds …a computer is reported stolen
• Every 3 days … an information security breach is reported in the
Bad stuff happens to data and
U.S.
computers all too often…and
• 82% …of all PC’s will be mobile devices the 2008, is increasing…
by trend increasing 4 times
as fast as PCs
• 4,425 …laptops reported left behind in Chicago taxis during a six
month period
• 56 million …individuals affected by significant U.S. data security
breaches, 2005
• 1 billion …PC users expected by 2010, up from 660-670 million
today
• 57% …of corporate crimes are linked to stolen laptops. The latest
crimes of espionage and sabotage are theft of executive personnel
devices to access vital financial or personnel data.
(data source: http://datarevoke.com) 12
© 2009 Data Mountain LLC | All Rights Reserved.
- 13. Discussion Agenda
1. Quick Introductions
2. Case for Action – Why Bother
3. Common Threats
4. Where/How Data Backup Fits into Business
Resumption Planning
5. Seven (7) Critical Questions
6. How Online Data Backup and Recovery Works
7. Summary
13
© 2009 Data Mountain LLC | All Rights Reserved.
- 14. Elements of Business Resumption Planning
Business
Continuity Data Backup
Plan and
Restoration
Plan
Disaster
Recovery Plan
© 2009 Data Mountain LLC | All Rights Reserved.
14
- 15. Discussion Agenda
1. Quick Introductions
2. Case for Action – Why Bother
3. Common Threats
4. Where/How Data Backup Fits into Business
Resumption Planning
5. Seven (7) Critical Questions
6. How Online Data Backup and Recovery Works
7. Summary
15
© 2009 Data Mountain LLC | All Rights Reserved.
- 16. Seven (7) Critical Questions
1. Does the service provide a complete, end-to-end data
protection process?
2. Does the service meet your business, business continuity,
disaster recovery business and data retention objectives?
3. Does the service provide reliable data protection?
4. Does the service provide for easy, fast, accurate and
complete recovery?
5. Is the service fully automated, providing efficient, “hands
free” operations?
6. Does the vendor have long-term experience in this business,
financial stability and a long-term future?
7. Does the service provider meet or exceed your industry
standards for Security and Regulatory Compliance for
encryption, etc? 16
© 2009 Data Mountain LLC | All Rights Reserved.
- 17. Business Objectives
• RTO – Recovery Time Objective
• How fast does the business / process need to be operational again?
• OR, said another way, what is the maximum allowable downtime for
that process?
• RPO – Recovery Point Objective
• Back to what point in time is it acceptable to resume / restart / recreate
operational activity?
• OR, said another way, how much data, time, productivity can we
afford to lose?
• DLE - Data Loss Event
• Not all “events” are created equal – not equal impact and not equal
frequency or probaility… against which “events” are going to focus?
17
© 2009 Data Mountain LLC | All Rights Reserved.
- 18. Data Loss Event Pyramid
Against Site
which Data
Loss Events
are you
building
System Severity
your plan?
Database / Exchange
Multi-Files / Folders
Single File
© 2009 Data Mountain LLC | All Rights Reserved.
Frequency 18
- 19. Discussion Agenda
1. Quick Introductions
2. Case for Action – Why Bother
3. Common Threats
4. Where/How Data Backup Fits into Business
Resumption Planning
5. Seven (7) Critical Questions
6. How Online Data Backup and Recovery Works
7. Summary
19
© 2009 Data Mountain LLC | All Rights Reserved.
- 20. How It Works:
Automated Server Data Protection and Recovery
Microsoft® , Linux®,
or Sun® Solaris®
Server
Continuous Secure and safe
Backup • National underground Data Center Mirrored
facility (NUS) Data available Data Center
• Fully automated for recovery
backup • End to End 256-bit
• Rapid recovery AES Secure
Authentication
• Secure socket layer
(SSL)
TCP/IP
Centrally managed Flexible bandwidth
• 24/7/365 web portal management
• Remote administration • Bandwidth throttling
and monitoring • Unique delta backup
and restore technology
• Optional TurboRestore
Remote recovery appliance
Administration • Off-Site
and Monitoring • Out of Reach
24/7/365
20
© 2009 Data Mountain LLC | All Rights Reserved.
- 21. Onsite Recovery Appliance:
Fast Local Restore
Linux®, Sun®
Solaris® or
Microsoft® Server
OPTIONAL Data Center Mirrored
Onsite Data available Data Center
for recovery
Appliance • Optional onsite device
stores recent history
• Fast local restore for
excellent RTO
TCP/IP
• Self-managed with no
human intervention
• “Extra peace of mind”
Remote
Administration • Off-Site
and Monitoring • Out of Reach
24/7/365
21
© 2009 Data Mountain LLC | All Rights Reserved.
- 22. Business Resumption Planning Resources
Visit: http://www.datamountain.com/Resources/Disaster_Recovery_Planning/
• National Institute of Standards and Technology (NIST) “Risk Management
Guide for Information Technology Systems”
• FEMA Emergency Planning Guide
• An Overview of the Disaster Recovery Planning Process
• Sample Business Recovery Plan
• NIST Security Controls: Covers 17 key security focus areas, including risk
assessment, contingency planning, and incident response, for protecting
Federal computer systems
22
© 2009 Data Mountain LLC | All Rights Reserved.
- 23. Discussion Agenda
1. Quick Introductions
2. Case for Action – Why Bother
3. Common Threats
4. Where/How Data Backup Fits into Business
Resumption Planning
5. Seven (7) Critical Questions
6. How Online Data Backup and Recovery Works
7. Summary
23
© 2009 Data Mountain LLC | All Rights Reserved.
- 24. Best Practices:
What To Look For When Selecting A Solution
Address Entire Data Protection Process
Meet Your Business Objectives RTO/RPO/DLE
Reliable Backup and Recovery …and Track Record
Fast and Accurate and Complete Recovery
Free of Manual, Complex Tasks
Vendor Experience, Longevity and Experience
Meet Your Security/Privacy Regulatory Requirements
© 2009 Data Mountain LLC | All Rights Reserved.
- 25. Worst Practices:
What To Avoid When Selecting A Solution
Emphasizes backup and not recovery
Does not address RTO/RPO/DLE business objectives
Poor or non-existent track record of recovery
Cumbersome and slow online recovery processes
Unencrypted (ZIP) files sent for recovery
Lack of or poor Vendor Experience
Unencrypted media (DVDs/CDs) sent through mail
© 2009 Data Mountain LLC | All Rights Reserved.
- 26. Summary
• Get serious about real data protection
• Develop your critical questions and criteria
• Formalize your selection process
• Try, before you buy
• Remember the key pieces (prior slide)
• Remember: without your data, all else is for
naught!
Seriously consider offsite, electronic data
vaulting
Seriously consider Data Mountain!
26
© 2009 Data Mountain LLC | All Rights Reserved.
- 27. Cloud Storage Solutions
Portfolio
Connected® Back-Up eDiscovery Services
LiveVault® Server for PCs & Macs Organizes your data for fast
access for timely responses to
Backup Protects distributed corporate litigation inquires.
assets while greatly reducing
Provides continuous,
file share storage and
automatic back-up for
support requirements
enterprise remote offices or
small & medium-sized
businesses
Total Email Management
Suite (TEMS)
Provides indexed archiving, mailbox
management, security & redundancy
for email environment plus eDiscovery
Virtual File Store
Reduces costs associated with storing, managing
and protecting infrequently accessed “inactive”
data
Digital Record Center™ for Medical Images
Ensures regulatory compliance; Provides long-term archiving
and disaster recovery cost efficiently.
27
© 2009 Data Mountain LLC | All Rights Reserved.
- 28. Complimentary Assessment --
Data Disaster Recovery Preparedness
Thank you
for
attending!
www.DataMountain.com
28
© 2009 Data Mountain LLC | All Rights Reserved.
- 29. Contact
Bob Chaput
bob.chaput@datamountain.com
Phone: 800-704-3394 or 615-656-4299
Connect: www.linkedin.com/in/bobchaput
Follow me: Twitter.com/bobchaput
Data Mountain, LLC
29
© 2009 Data Mountain LLC | All Rights Reserved.
- 31. 1. Does the service provide a complete, end-to-
end data protection process?
a. Does it offer continuous, disk-based data protection (CDP) such that
it protects your data as it changes?
b. Does the service take your data offsite immediately providing
protection against site disasters?
c. Is your data then accessible from anywhere, anytime via a web-
enabled interface?
d. Does the service provide integrated archiving of long-term backups
in a secure offsite facility?
e. Is your data protected from virus, corruption and unexpected
events in the storage facility?
f. Does the service provide an optional local recovery appliance to
enable high-speed, local disk-based restores?
31
© 2009 Data Mountain LLC | All Rights Reserved.
- 32. 2. Does the service meet your business, business continuity,
disaster recovery business and data retention objectives?
a. Will the service enable you to meet your Recovery Time Objectives (RTOs) for your critical business
processes?
b. Will the service enable you to meet your Recovery Point Objectives (RPOs) for your critical business
processes?
c. Does the service protect you against all possible Data Loss Events and threats that may cause you to lose
data?
d. Does the service allow for recovery to alternative locations and alternative hardware platforms?
e. Does the service offer a choice of retention periods (e.g., 30-day, 3-month, 1-year, 7-years) appropriate to the
requirements for types of data stored?
f. Does the service provide for the migration of data as desired to a digital archive service?
g. Does the service provide for the recovery of data on demand through a complementary eDiscovery service?
h. Does the service provide support of all the platforms that you must protect – e.g., Windows®, Linux,
VMware®, etc?
i. Does the service offer pricing plans and architecture that makes capacity planning and budgeting easy and
predictable?
32
© 2009 Data Mountain LLC | All Rights Reserved.
- 33. 3. Does the service provide reliable data protection?
a. Does the service natively and inherently protect databases & open files such
as Exchange, SQL Server, Oracle, and others without add-on software
agents?
b. Does the service provide end-to-end security including Encryption,
Authentication and Digital Signatures?
c. Does the service provider ensure recovery with an SLA backing the
recoverability of your data?
d. Is your data stored in more than one data center? Is it also mirrored in a
redundant secondary data center?
e. Does the vendor/service assure complete protection of backup and restore
jobs from node failures and network resilience problems?
f. Does the service provide automatic checkpoint-restarts if backup or restore
jobs are interrupted?
33
© 2009 Data Mountain LLC | All Rights Reserved.
- 34. 4. Does the service provide for easy, fast, accurate
and complete recovery?
a. Does the service provide an optional Local Recovery Appliance to enable high-speed,
local disk-based restores?
b. Are you able to recover current data (within minutes), not just last night’s backup
image?
c. Does the service provide for granular recovery down to folder and individual file
levels, including multiple restorable images per day?
d. Are you able to perform “Change Only Recovery” such as “Delta Restore” which
provides huge performance improvements on recovery time?
e. Does the service offer Full System Recovery (versus data only) backup and restore as
integral part of service?
f. Does this service offer free, unlimited, immediate Internet-based restores 24/7/365?
g. Does this service allow for very large data sets to be shipped on secure, encrypted
removable media for fast disaster recovery?
34
© 2009 Data Mountain LLC | All Rights Reserved.
- 35. 5. Is the service fully automated, providing efficient,
“hands free” operations?
a. Does the service have “Set-it-and-forget-it” capabilities?
b. Does the service offer 24/7 proactive monitoring of your backup policies and
centralized control of processes, status, inventories, and reporting?
c. Are you automatically notified of any backup issues through an automated alert
system?
d. Is the task of reviewing and managing error logs each day automated?
e. Are you able to perform restores anytime, anywhere you have web access?
f. Are onsite appliances or devices integrated seamlessly into the backup process?
g. Does the service provide data reduction technologies that include snapshots, filters,
delta engine and automatic de-duplication of data?
35
© 2009 Data Mountain LLC | All Rights Reserved.
- 36. 6. Does the vendor have long-term experience in this business,
financial stability and a long-term future?
a. Has this vendor been in the data protection and/or online data backup and recovery business for 10 or more
years?
b. Is the vendor a reputable, publicly traded company listed on a major exchange?
c. Does the vendor do business with large, known companies and businesses in your industry?
d. Does this vendor’s backup and recovery service form an integral part of a broader spectrum of information
management and data protection services?
e. Is this vendor leveraging existing capacity for additional revenue only or is their service a core offering?
f. Does this vendor offer a full spectrum of information management and data protection services?
g. Has the vendors offering been proven and tested as evidence by thousands of customers and multiple
Petabytes of data under management?
h. Does the vendor have a full complement of engineering, operations and customer service staff dedicated to
their data protection business?
i. Does the vendor “own” all systems, facilities, processes, engineering and operational responsibilities for the
service rather than outsourcing parts of it to others?
36
© 2009 Data Mountain LLC | All Rights Reserved.
- 37. 7. Does the service provider meet or exceed your industry standards for
Security and Regulatory Compliance?
a. Is this vendor a publicly traded company subject to, aware of and experienced in
Sarbanes-Oxley-type regulations?
b. Is your data encrypted at all times while “in transit” and “at rest” throughout the
backup and recovery processes?
c. Is the vendor expert in and compliant with (e.g., will they sign HIPAA Business
Associate agreement?) privacy and security regulations including but not limited to:
GLBA, SOX, HIPAA, FACTA, Patriot Act, PCI DSS, etc?
d. Does the vendor offer encryption key escrow and the ability to retrieve lost encryption
keys from escrow?
e. Are all media restores completed using secure, encrypted removable media that meets
regulatory requirements?
f. Does service provider maintain the data vaults/storage facilities with proven track
record in security?
g. Are the service provider’s data centers locally globally to accommodate regional
security and privacy regulations?
h. Does the vendor maintain certifications appropriate to the data stored (e.g., PCI DSS
compliance, SysTrust assurance, a BRUNS-Pak Level 9 or above rating)?
37
© 2009 Data Mountain LLC | All Rights Reserved.