Backup Anytime

Backing up household data to the office!

Data transfer trends must have gone full swing, at least for the first time. There was a time when small business owners brought data home. It was considered a backup. Often it was not encrypted and held on tape media. We can wince at the thought but back then this was common practice. The data was often compressed and this practice which served only as a space saving exercise was considered by many to offer a level of protection. Of course it was not encryption and could be converted back by anyone with a modicum of computer experience.

The next step was encryption for the masses. Unfortunately the uptake was not very high at small business level and the precarious physical carriage of unencrypted tape became an absolutely unnecessary and commonly continued daily procedure for many business people.

Online backup has been around for some time but has only become common as costs fell relative to doing things incorrectly and awareness increased. Most responsible businesses now use some form of online backup and it is fast becomming a ubiquitious factor in data protection at all levels.

So what has this to do with “backing up household data to the office”?

We are getting there. Please bare with us. Some readers may be a few steps behind you. We are not talking here about people bringing their personal data in to the office and adding it to the company backup. This does go on but is hardly news. No, here we are talking about what relatively recently was the house of the future and is now a set of household features which most young people will now consider when buying a home.

Even those with myopic thinking or a distaste for technology in the home environment will agree not only that the implementation of technology in the home offers living improvements and the possibility of environmental benefits but also that if it is done tastefully it should not impede on the human and earthy element of what we call home. Indeed, the magna carta of technology in the home should be that it assists without encroaching and provides benefit without becoming an intrusive feature. 

So, here it is. The home with automation and device to device communication. You washing machine alerts the manufacturer as a component failure looms. Your heating manages itself based on instruction, experience and conditions. Your security system alerts you and law enforcement in an intelligent manner reducing false alarms and increasing response rate. Your air and water heating sources know when you are there, when you are not and when you are due to arrive. Your bath knows what temperature is harmful to a human being and will not allow this to occur. Your doors will lock automatically when you retire for the evening and they will all close and disengage locks in the event of a fire which you and fire services will know about before the standard nineties detector would have got it’s first sniff.

Your TV system knows who is watching and provides preferred and allowed content choices. Your home audio system switches speakers on and off as people wander about the house and provides the content of their choice. Visitors even family members can only enter those rooms to which they have authority. Bins text you and alert you to the fact that they need to be collected. If they aren’t, they contact the refuse company.

The list goes on and only stops somewhat short of a good imagination. All of these processes ranging from the simple throught to the ridicilous have one thing in common. Data. This data is important. The more the system is used and as dependency on it for convenience and more importantly safety, increases so does the danger imposed if it is lost.

The advent of the technology based home has brought about an increase in the important of managing home data. Some of the devices involved will in time come with their own online backup system which retains essential data at manufacturer level. A comprehensive approach to home technology data protection is however required. This has started with some homes having what is effectively a central server through which much of the communication takes place.

A first step has been to carry copies of that data off site. This is akin to the old commercial tape system and the passage of time dictates that the family home of today should have better data protection than the medium sized company of the nineties. It is for this reason that online backup will become standard protection at device and home server level.

Some of this will happen without the homeowners involvement (outside of signing a consent box on say, white goods purchase) and will involve a device sending protected and normally non personal data (althought there is an argument that the type of wash you put on and when you put it on is personal) to a manufacturer server. This will also assist the manufacturer with warranty cost management and quality control making all connected clients beta testers.

There will however be some level of homeowner managed online backup here with everything from personal computer data, owned entertainment media, home server data, kitchen device data, security system and cctv data being encrypted and sent through online backup. The issue is, where does home owner managed online backup data go? Even the most basic of online backup accounts at quality level exceed in price the amount that a home owner is likely to pay and the quantities of data may be excessive. The office is the likely destination with home owners using products like logmein backup to backup data to the office.

In time of course, all things being equal, there will be affordable home online backup options. When there is a large enough market, providers will employ innovation and efficiency to tap in to it at a price conducive to uptake. Watch this space, you won’t have to watch for long. It’s here and happening now. What we are waiting for is the mass market.

No need to backup your data. Just buy it back on eBay!
Tuesday 26 August 2008

Considering selling a computer? Consider the data you may be providing with it!

Andrew Chapman, an eBay buyer got more than he bargained for after buying a used computer on eBay. The system which came for £35 also came with a considerable quantity of sensitive data. The data related to Natwest and Royal Bank of Scotland. The previous owner of the system was a company called Mail Source. A Mail Source spokesperson described the incident as “an honest mistake”, whereas RBS on the other hand said “We take this issue extremely seriously and are working to resolve this regrettable loss as a
matter of urgency.” The information may even include customers’ signatures along with phone and account information.
Mr. Chapman, reported the incident as soon as he realised the information was on the computer. He said: “I was appalled, that sort of thing shouldn’t have been listed on there.” A spokesperson for eBay, said that this should not have occurred. The Information Commissioner’s Office has confirmed that an investigation is to be launched.

This type of incident may be quite common. The distinguishing factors here are the sensitivity and quantity of the data coupled with the conscientiousness of the buyer. It is more than likely that systems with private information are commonly sold on auction sites. Add to this that even where there is a will to delete sensitive data pre sale, the new owner could quite easily undelete or resurrect drive shadow information.

Just as computers can be repaired, reused and resold, so can data.

Many of our post address the issue of protecting data from the bad guys (hackers) while a recent post  http://backupanytime.com/blog/?p=90 looked as (philosophically) the possibility of being requested to hand data to the good guys. (law enforcement)

Given that the data is encrypted, the topic ran from the legal question to the technical question. One stark anomaly which was missed is the presence of data which the online backup provider can read. How can this be given that data is encrypted?

For operational reasons,  your provider likely has a record of the following details.

When your system connects. How long it stays connected. How much data (post encryption) is backed up. How much data (post encryption) is restored. Possibly the status of the backup. This is hardly a picture of your data but it was important to point out that the rule of their being an exception to every rule also points to online backup.

Your online backup provider should on request furnish you with details they keep and have access to regarding your online backups. This information in type and level is generally dependent on the software solution they use and their own in house policy. This may also extend to any partners your online backup provider has regarding online backup co-location.

Before you install or upgrade a data backup safety net you must first look at the requirements from the point of view of your organisation. Most quality data backup offerings are deeply configurable. Your provider will help you with this but you must impart certain information regarding or peculiar to your organisation.

So where do you start?

A generic data backup solution will offer a degree of protection from common problems. So you should start by identifying difficulties and risks more specific to your industry and particular company. This information will allow your provider to supply you with a safety net more appropriate to your needs.

You need to provide your intended data backup partners with the following information.

How much data do you currently backup?

What is your current data backup method?

What weaknesses in your curent data safety net made you decide to change?

Have you ever lost data? Regardless as to the level difficulty this cause (either way) detail the circumstances so your new data safety net can be configured to avoid a reoccurance.

If your office was completely destroyed, where would you work from (immedietly, even if it was a temporary location) This information will allow you data backup partner to assess any requirements the temporary site lacks in adcance of a disaster recovery requirement.

Who in your organisaton actually needs access to which data and more importantly, who, regardless of trust has access to data they do not need to access. A data safety net needs to protect you from yourselves.

What (if any) data privacy rules or policy have you implemented? Backing up data which is no longer relevant can affect compliance, bottom line and the ease of use of you data safety net

Who within your organisation is ultimately responsible for data backup? Who is their satnd in? These people need to be introduced at an early stage in the decision making process and introduces to any new provider so they can be trained and be know to outside support.

The above question is preliminary and should be added to by you, your internal backup administratore, external I.T. and your chosen data backup partners.

If you get this right from the outset and choose the right data backup partners you are more than half way to a much improved safety net.

The backupanytime team.

Source : online backup forum

Date : July 1 2008

Reproduction : As is with credits. Modified with permission.

Data protection and data backup. A comparison of differentials.

Data protection is commonly confused (to a degree) with data backup. Data protection and data backup have a certain amount in common but they are two crucially different areas. Their similarities extend to the facts that both exist for the purposes of protection and if ignored or implemented improperly can have devestating consequences.

Lets have a look at data backup first.
Data backup in its most raw format is the process of ensuring that all crucial data (data which is required for continuity) remains available subsequent to a data outage. The added variables for a modern data backup system are:

Relevance : Individuals and organisations commonly retain significantly more data than they need. A modern data backup system will include little more than is required.

Indexing : Having the data available as a bulk backup may not be helpful in the event of an urgent redistribution requirement. The data backup needs to be indexed.

Verification : A modern data backup system should involve a system of verification which ensures the end result is correctly correlated to the selection.

Reporting :
The data backups should be reported and the reports should include status, data inclusion, times, quantities and other appropriate information which may assist administration.

Automation : A modern data backup system should happen regardless of the availability or other activities of interested parties.

Management : While a high degree of automation is recommended, your data backups need to be monitored and ammended to allow for technical issues and changes in company data requirements.

Security : Your data backups should be secure. Encryption, firewalls, antivirus and monitoring need to be put in place.

Support : Should an issue arise with your data backup systems it will need to be addressed as a matter of extreem urgency. Data backup is strictly an non recursive issue. No amount of investment after the fact can negate the requirement for pre incident work.

Now lets have a look at data protection.
Data protection is concerned with ensuring you do not store data which is not appropriate to your storage and that the data you store is safe up to and including the privacy of all individuals and organisations about whoom the data relates. Even if you do protect your data store effectively you must also ensure your data store (no matter how safe it is) does not include data about other people or organisations which you are not entitled to store.
The concept of data protection is fairly straight forward. The implementation however of effective data protection can be quite complex. In addition to local juristiction legal requirements, which you must seek professonal advice on, here are some of the variable which are important to an effective data prtection policy.

Opt out facility and management :
It is imperative that communication recipients can opt out and that your system can facilitate this.

Data date.
Personal data generally will have an expiry date after which it may become irrelevant, useless or incorrect. Importantly it may also reach an age at which it is a breac for you to hold it, regardless of you intent.

Prior consent.
Information is a valuable tool for business. It is not just the type of information you collect and how you use it that matters but also how you collect it. Ensure you are entitled to have the data you store.

The good, the bad and the ugly data.
Your total data store will come from a mix of sources. This mix of data must not result in a local profile pertaining to a company or individual which is a combination of good and bad data resulting in incorrect reports.

Data travels a two way highway.
It is common for companies to focus their data protection efforts on ensuring the data they store is legal, correct and relevant. You must also however know who you have disclosed data to. This is actually one of the most importanat areas of data protection. Given the bast security, firewall, store relevance monitoring system in the world, one of the biggest risk of data protection breach is the data you send in good faith to third parties. You must have poloicy in place making clear what can and can not be sent and a record of who it was sent to.
A blog generally comes with a number of caveats to allow broad and general discussion. It is important however that we make you aware that our core competence is online backup (and even online backup comment in the blog does not constitute advice) and that while data protection may utilise information technology solutions it is a legal discipline and you should seek expert legal advice when prior to any hardware or software solutions to data protection.