Backup Anytime

How far you should go with regard to data protection used to be a personal choice and was based on perception and budget. In a time (not too long ago) when many very small businesses had near no backup solution and depend on the occasional internal manual data dump, larger companies took great steps to protect their data.

An example is Microsoft which has always taken a worst case scenario attitude. It is common for larger companies to suffer detrimental press coverage (and worse) as a consequence of even a minor data infringement. While Microsoft suffer from comment abuse across the web from bloggers unhappy with software or bundling, their is (considering their long held global presence) little real comment or info regarding Microsoft data outages. Their worst case scenario attitude has paid off.

So what use is this information to small business?

Given significant advances in technology boundaries and even greater cost reductions, many smaller companies are simply unaware of the level of data protection they can avail of for minimal investment relative to what significantly weaker protection would have cost in time past.

The problem here is that small business (in the absence of professional advice) commonly search for and find cheap products based on obvious price cuts rather than suitable solutions in markets they are not familiar enough with to recognise greater value.

An example would be a very small business operator who purchases a large volume hard drive in Maplin, PC world or even Aldi based on an awareness that this drive is significantly reduced in price. This information is obvious as a consequence of advertising but that does not make the purchase suitable to the problem being addressed. The likelihood is that the 500 Gig hard drive is capable of storing significantly more data then the purchaser needs. Worse still it could encourage the owner to “backup” irrelevant data thus complicating the store for index purposes and risking non compliance with data protection legislation.

All that aside, the proud owner of the new device still does not have a proper backup system. The external drive amounts to a high risk bulk store and could bring with it a false confidence which could further increase risk.

So what should our man be doing?

He should ask himself the following questions.

How much data do I need to backup?

Do I have a safe place to keep it?

Will I have the time to manage it without exception?

What type of indexing and searchability do I want to en-corporate?

How far back do I want to Be able to restore?

What (data wise) is the worst possible thing that could happen?

Armed with these questions he should approach a number of data backup specialists and seek advice followed by quotations. So far he has spent nothing and he will gain an insight in the the value available in the quality end of the market and will have been able to compare them.

He doesn’t have to go with any of them but either way he will be informed.

In summary

A big hard drive is not a backup, it is a big hard drive. If you disagree with this comment you should seek professional advice before disaster strikes. You don’t have to drop, lose or break your external drive. It will (as an absolute certainty) fail one day all on it’s own.

Regular readers on this blog will be aware about how much we harp on about encryption. There are good reasons for this.

Encryption is the reason you can securely use online backup.

If there was no such thing as encryption, online backup could not be a reality. Online backup without encryption would effectively reduce (to put it mildly) your level of data protection as it would be no more than an unprotected ftp of data.

Encryption is a double edged sword.

Your encryption code is your link to your data. Given that encryption is used to prevent others from accessing your data, it could also lock you out if you do not retain your encryption code.

If you lose your encryption code you should address the problem without delay.

If you lose your encryption code and your system is still running smoothly, you can simply change your code. If however you do not address this in a timely manner and subsequently your system is stolen or completely destroyed and you have failed to change your encryption code, the protection applied to your data to prevent unauthorised persons from accessing it will also apply to you.

Easily cracked encryption serves no real purpose.

If an encryption system is set to allow easy code cracking in order to facilitate users who do not manage (simply mind or replace if lost) their code, this would also facilitate non authorised users in any hack attempts. Therefore, no such compromise will be made by any quality data backup provider with regards to encryption method or level.

Failure to manage encryption code is the number one reason for a client to lose data and an online backup provider to lose clients.

Given a quality online backup system, the main differential between the client and the provider with regard to data retrieval is the encryption code. A provider will not retain a copy of the encryption code (outside of extraordinary circumstances in which the client requests and the provider agrees) and the client is therefore the only safeguard for the code. If a client loses a code (and this is not discovered ’till post disaster recovery requirement) the provider can only offer the following options to the client.

1. Find the code.

2. Authorise an encryption code crack attempt.

An encryption code crack attempt can take time (up to a week) and cost money (in the order of Euro 1000) and is far from guaranteed if the encryption is strong and genuine leaving circa 50% success rate.

This could potentially leave a client in a situation in which their data is not retrievable and even given a positive outcome could more the sour the client-provider relationship

Clients should be warned about their encryption responsibilities before acquiring service.

We have a policy of making very clear to clients verbally and in their contract the full extent of their simple but essential responsibilities regarding their encryption code.

Clients should be reminded frequently about their encryption code responsibilities.

We include text in every backup email notification (successful, exception an failure) reminding clients of the importance of safely maintaining their encryption code.

Modifying an encryption code from a functional system should be a very straightforward task.

Backupanytime clients may change their encryption code with or without reference to us through a simple function in their client software. Full instructions are provided on our website and are available from tech support.

Clients should notify their provider of encryption code changes in the rare event of the client also retaining a copy of the code.

It is standard and good practice for a client to be the only code holder. In the rare event of the provider being a joint code holder, the provider should be notified of any client code changes as the old code retained by the provider would be of no use in a disaster recovery scenario and the client despite any prior arrangements would be the only viable code holder.

Someone in your organisation should be fully aware of everything in this post.

If you use online backup and don’t have an encryption code, don’t know what its for and are not familiar with any such responsibility, there is something radically wrong and you need to contact your provider immediately.

The process of minding the code is not complicated.

We have outlined the consequences of a worst case scenario in this post. None of this make the process of minding and managing encryption codes difficult. The clients task with regard to the encryption code is to mind it. A lost code should be replaced immediately. Any concerns about how should be addressed to your provider without delay.