4. inSync Cloud FAQ 3
Overview
What is inSync Cloud?
inSync Cloud is a fully automated endpoint data protection and governance solution offered as a software-as-a-
service (SaaS). inSync Cloud provides the highest IT control and governance over endpoint data along while delivering
an empowering, non-intrusive end-user experience. With inSync Cloud customers benefit from instant provisioning,
access to data centers across the globe, on-demand storage scalability, and centralized management.
How is inSync Cloud different from other cloud-based backup solutions?
Unlike other cloud-based endpoint backup solutions that are mere extensions of consumer offerings, inSync Cloud
offers a true enterprise-grade service:
ƒƒ A Scalable, Elastic Cloud - Powered by Amazon Web Services (AWS), inSync Cloud provides on-demand storage
scalability along with instant provisioning and access to data centers across the globe
ƒƒ Industry-leading SLA's – inSync Cloud delivers industry-leading service uptime (99.95%) and data durability
(99.999999999%)
ƒƒ Enterprise-grade Recovery Point Objective (RPO) and Recovery Time Objective (RTO) - Using Continuous Data
Protection (CDP), inSync Cloud maintains infinite restore points to achieve desired Recovery Point Objectives
(RPO). Each restore point facilitates instant access and immediate restoration of data to meet stringent Recovery
Time Objectives (RTO).
ƒƒ Enterprise-grade Security – Encryption in transit and in storage, along with industry-first two-factor encryption key
management, ensures complete data security and privacy in the cloud
ƒƒ Certified Cloud – Druva’s cloud operations are ISAE 3000 Type II certified and the AWS cloud infrastructure used
by inSync has multiple certifications including SOC 1/SSAE 16/ISAE 3402, SOC 2, SOC 3, PCI, ISO, and FedRAMP.
ƒƒ A Solution to the Bandwidth Bottleneck - Advanced WAN optimization and global, client-side, app-aware
deduplication technologies deliver 10x faster data syncs
ƒƒ CloudCache for easing rollout and device refresh: A flexible cache facilitates large dataset caching to optimize
WAN traffic while providing end-users LAN-like speeds on backups, restores and syncs.
What key features does inSync Cloud offer?
Unified Endpoint Cloud – An integrated solution for endpoint backup, file sharing, DLP, and data analytics with
centralized user and policy management
90% Storage and Bandwidth Savings – inSync’s global, client-side, app-aware deduplication technology saves over
90% on storage and bandwidth requirements, and its advanced WAN optimization analyzes available networks to
optimize the data transfer for latency resulting in 10x faster backups. For more information look at www.druva.com/
insync/laptop-backup
Non-intrusive End-User Experience – In addition to faster backups, inSync’s dynamic resource throttling results in a
virtually invisible backup experience for end users. Bandwidth is throttled as a percentage of what is available to cater
to mobile users who connect over multiple networks of varying bandwidth, and CPU is throttled depending on other
applications running concurrently to ensure that the backup process remains virtually invisible. inSync automatically
resumes any backups and restores interrupted due to network disconnects.
5. inSync Cloud FAQ 4
End-to-end Security - Network communication between client machines and the cloud is encrypted using 256-bit
SSL encryption. inSync Cloud encrypts data in storage using advanced 256-bit AES encryption (NIST standard) and
utilizes unique key management ensuring end-to-end security of your data. Druva has no access to customer data,
guaranteeing complete data privacy. For more information look at www.druva.com/insync/enterprise-security
In addition, inSync’s integrated Data Loss Prevention (DLP) reduces the total economic impact of lost or stolen devices
by encrypting data on endpoints and providing remote wipe and geo-tracking capabilities. For more information look
at www.druva.com/insync/data-loss-prevention
Centralized Management and Data Governance – A single Web console allows admins to manage all users, groups,
and policies across the enterprise. Integrated Data Analytics gives administrators simple yet powerful tools to analyze
and identify usage trends, globally search and filter files and folders across all devices, and set up real-time alerts
to deal with IT issues proactively. Tamper-proof audit trails provide a 360-degree view of all endpoint data related
activities by both admins and users. For more information look at www.druva.com/insync/data-analytics
IT-managed File Sharing – inSync’s integrated file sharing and collaboration module enables employees to easily
share files and collaborate with each other while empowering IT with visibility, control and security of corporate data.
For more information look at www.druva.com/insync/file-sharing-collaboration
Anytme, Anywhere Access and Restore - inSync Cloud allows end users to instantly access their data from any
browser and from smartphones/tablets including iOS, Android, and Windows 8 devices. For more information look at
www.druva.com/insync/mobile-data-protection
How does inSync Cloud provide continuous data protection?
Druva inSync’s CDP technology creates granular and point-in-time recovery points, each of which functions as a full
restore point. Users can browse through any point in the past and instantly click to restore files and folders within
that point.
Based on customers’ specified retention policy, old revisions (restore points) can be aggregated or deleted. A
compaction routine further physically deletes data from old revisions and reclaims storage space for future use.
Infrastructure
Where is inSync Cloud hosted?
inSync Cloud is hosted by Amazon Web Services (AWS), which delivers a highly scalable cloud-computing platform
with high availability, durability, and flexibility. AWS provides end-to-end security and privacy of data.
What are the key infrastructure components of inSync Cloud?
The key components of inSync Cloud in AWS are –
ƒƒ Amazon Elastic Compute Cloud (EC2), which offers scalable compute capacity on the cloud
ƒƒ Amazon Simple Storage Service (S3), a fully redundant data storage infrastructure for storing and retrieving any
amount of data, at any time, from anywhere
6. inSync Cloud FAQ 5
ƒƒ Amazon DynamoDB, a fully managed NoSQL database service that provides fast and predictable performance
with seamless scalability
ƒƒ In addition, Amazon RDS, a scalable relational database, is used to store configuration data
Where are the data centers located?
Druva inSync Cloud offers customers access to data centers located in multiple geographic regions - US East (N.
Virginia), US West (Oregon), US West (N. California), Ireland, Singapore, Tokyo, Sydney, Sao Paulo, and GovCloud
(US). In addition, each region offers multiple availability zones for high availability. Druva customers select the data
center regions that they want to use.
If additional data centers are brought online, how do customers control
whether their data is saved in these data centers?
When additional data centers are made available by AWS, inSync Cloud will make these regions accessible in the
product and enable customers to create new storage volumes and assign new users in these regions if they so desire.
What standard(s) or framework(s) does the infrastructure comply with?
AWS has achieved compliance with the following standards and/or frameworks -
ƒƒ SOC 1/SSAE 16/ISAE 3402 and SOC 2 and SOC 3
AWS publishes a SOC1 Type II report that is a replacement of the SAS70 Type II report. The SOC 1 report audit
attests that the AWS control objectives are appropriately designed and that the controls safeguarding customer
data are operating effectively. In addition to the SOC 1 report, AWS publishes a SOC 2 Type II report and a
SOC 3 report.
ƒƒ PCI DSS Level 1
AWS is Level 1 compliant under the Payment Card Industry (PCI) Data Security Standard (DSS).
ƒƒ ISO 27001
AWS is ISO 27001 certified under the International Organization for Standardization (ISO) 27001 standard.
ISO 27001 is a widely adopted global security standard that outlines the requirements for information security
management systems.
ƒƒ FedRAMP
AWS has achieved Agency Authority to Operate (ATOs) under the Federal Risk and Authorization Management
Program (FedRAMP) at the Moderate impact level for AWS GovCloud (US) and all US regions.
ƒƒ DIACAP and FISMA
AWS enables US government agencies to achieve and sustain compliance with the Federal Information Security
Management Act (FISMA).
ƒƒ ITAR
The AWS GovCloud (US) region supports US International Traffic in Arms Regulations (ITAR) compliance.
For more information look at http://aws.amazon.com/compliance
7. inSync Cloud FAQ 6
What physical mechanisms are employed to protect inSync Cloud
infrastructure resources and data assets?
Redundancy - AWS data centers are designed to anticipate and tolerate failure while maintaining service levels and
are built in clusters in various global regions. inSync Cloud provides multi-zone replication of various elements of
customer data including configuration, metadata and the actual data, thereby ensuring that customer data is available
in multiple availability zones to handle failure of any zone.Fire Detection and Suppression – AWS reduces risk with
automatic fire detection and suppression equipment. The fire detection system utilizes smoke detection sensors in
all data center environments, mechanical and electrical infrastructure spaces, chiller rooms and generator equipment
rooms. These areas are protected by either wet-pipe, double-interlocked pre-action or gaseous sprinkler systems.
Power - The data center electrical power systems are designed to be fully redundant and maintainable without impact
to operations, 24 hours a day, and seven days a week. Uninterruptible Power Supply (UPS) units provide back-up power
in the unlikely event of an electrical failure for critical and essential loads in the facility. Data centers are equipped with
generators to provide back-up power to the entire facility.
Climate and Temperature - Climate control is required to maintain a constant operating temperature for servers
and other hardware, which prevents overheating and reduces the possibility of service outages. Data centers are
conditioned to maintain atmospheric conditions at optimal levels. Personnel and systems control temperature and
humidity at appropriate levels.
Management - AWS monitors electrical, mechanical and life support systems and equipment so that any issues are
immediately identified. Preventative maintenance is performed to maintain the continued operability of equipment.
Availability and Durability
What SLA’s does inSync Cloud offer for service availability and data durability?
inSync Cloud will be available 24 hours per day, 7 days per week, excluding any scheduled (pre-determined window
in a week) or unscheduled (with an email notification to the customer a few hours before the event) maintenance.
inSync Cloud guarantees a 99.95% uptime SLA.
inSync’s high availability is achieved by multi-zone replication of configuration data, metadata and data to multiple
availability zones within each region.
Regarding data durability, inSync Cloud leverages Amazon S3’s storage, which is backed by the Amazon S3 Service
Level Agreement and is designed to provide 99.999999999% durability over any given year. The infrastructure is
designed to sustain the concurrent loss of data in two facilities.
Describe inSync Cloud’s business continuity plan
inSync Cloud service is designed for “continuous availability.” AWS has designed its systems to tolerate systems or
hardware failures without customer impact.
Availability - AWS data centers are designed to anticipate and tolerate failure while maintaining service levels. Data
8. inSync Cloud FAQ 7
centers are built in clusters in various global regions. In case of failure, automated processes move customer data
traffic away from the affected area. Core applications are deployed in an N+1 configuration.
inSync Cloud is architected to take advantage of AWS regions and availability zones. Distributing inSync Cloud
instances across multiple regions and availability zones provides the ability to remain resilient in the face of most
failure modes including natural disasters or system failures. In addition, data in all tiers of inSync Cloud (configuration,
metadata and data) are replicated synchronously across their availability zones.
Business Continuity Plan - The AWS Business Continuity Plan (BCP) drives standard practices to support ongoing,
worldwide business and the ability to scale to the increased scope of catastrophic events. Standard practices are
supplemented with dedicated preparation for significant disruptions. AWS maintains current response plans for a
series of disaster scenarios, and the response is tested in production by simulating disasters.
Testing - Druva tests critical systems under simulated conditions of catastrophic failure at least once annually and
uses routine maintenance intervals and external events as testing opportunities.
Certification
What external certifications exist for inSync Cloud operations?
Druva has completed an ISAE 3000 Type II certification by KPMG. The ISAE audit covers the following elements –
ƒƒ Description of Druva’s system related to general operating environment supporting inSync Cloud Operations
ƒƒ Design of controls related to the control objectives stated in the description
Druva has achieved TRUSTe EU Safe Harbor certification facilitating compliance with the European Union’s Data
Protection Directive and has passed a review by KPMG validating the company’s security and privacy controls for
handling HIPAA-compliant protected health information (PHI).
Data Security
How are users identified and authenticated for access to the service?
Backup and restore requests from the client are authenticated with a key that is generated on installation of the client.
Browser requests to access data over the web for viewing or for restores require users to login and authenticate with
their password. inSync supports integration with Active Directory for password authentication and integrates with 3rd
party identity providers for single sign-on services using SAML.
Can password policies be specified and enforced?
System password policies can be implemented for web restore passwords. In addition, Active Directory passwords,
which can adhere to specific password policies, can be used.
9. inSync Cloud FAQ 8
Is data encrypted in transit and at rest?
Yes, inSync Cloud encrypts data at rest using 256-bit AES encryption (NIST standard). Data is encrypted in transit
using 256-bit SSL encryption. For more information look at www.druva.com/insync/enterprise-security
Is access to cloud encrypted?
Yes all protocols associated with Druva cloud are encrypted. This includes the HTTPS based web-console access and
LDAPS support for Active directory integration.
Are data restores authenticated and encrypted?
Yes, data restores are always authenticated and encrypted. Restores using the inSync client installed on a user’s device
are encrypted using SSL. Web restores use secure HTTPS connections.
How are encryption keys managed?
Unlike competitive solutions that deploy a single encryption key across all customers and keep the key on the cloud
,inSync uses two-factor encryption key management.
ƒƒ A unique encryption key is generated per customer and is further encrypted using admin credentials. Only this
encrypted token is stored in the server.
ƒƒ Encryption key is derived from the token during a customer session using customer’s unique credentials.
ƒƒ Because of secure 2-factor encryption, no one, including Druva, can access customer data.
What is the process for administrator’s password recovery?
Druva strongly recommends that an administrator create a secondary administrator account, as this results in the
creation of a new password, and consequently a new token. In the potential scenario where an admin forgets his or her
password, only a secondary admin can reset that password. Druva implements stringent password policies for inSync
Cloud and is unable to reset admin passwords for any customer.
Is there a security policies document for Druva employees and contractors for
handling cloud data?
Yes, Druva has documented and enforced security policies for inSync Cloud. A security handbook is also incorporated
for developers working on the cloud.
A copy of Druva’s security policies document is available to customers on request.
How does inSync Cloud provide protection against traditional network
security issues?
The AWS network provides significant protection against traditional network security issues. The following are
a few examples:
10. inSync Cloud FAQ 9
Distributed Denial of Service (DDoS) Attacks - AWS API endpoints are hosted on large, Internet-scale, world-class
infrastructure that has enabled Amazon to be the world’s largest online retailer. Additionally, AWS’s networks are multi-
homed across a number of providers to achieve Internet access diversity.
Man In The Middle (MITM) Attacks - All of the AWS APIs are available via SSL-protected endpoints, which provide
server authentication. Amazon EC2 AMIs automatically generates new SSH host certificates on first boot.
IP Spoofing - Amazon EC2 instances cannot send spoofed network traffic. The AWS-controlled, host-based firewall
infrastructure will not permit an instance to send traffic with a source IP or MAC address other than its own.
Port Scanning - Unauthorized port scans by Amazon EC2 customers are a violation of the AWS Acceptable Use Policy.
Packet sniffing by other tenants - It is not possible for a virtual instance running in promiscuous mode to receive or
“sniff” traffic that is intended for a different virtual instance.
Monitoring
Does Druva monitor metrics on inSync Cloud?
Druva inSync Cloud is extensively instrumented to monitor key operational metrics within AWS, which utilizes
automated monitoring systems to provide a high level of service performance and availability.
Data Access and Restore
What methods of data restore are supported by Druva Cloud?
Druva inSync Cloud supports secure data restores using the inSync application installed on the PC or any web browser.
The data can also be accessed remotely using any iOS, Android, or Windows Phone 8 smartphone or tablet.
ƒƒ The inSync iPhone/iPad app can be downloaded from Apple App Store
ƒƒ The inSync Android app can be downloaded from Google Marketplace
ƒƒ Windows Phone 8 app can be downloaded from Windows Phone 8 App Store
Are data restores authenticated and encrypted?
Yes, data restores are always authenticated and encrypted. Restores using the inSync client installed on a user’s device
are encrypted using SSL. Web restores use secure HTTPS connections.
Can I restrict web restores to particular IP addresses or users?
Admins can restrict the web-restore functionality to select groups of users (using profile settings). Web-restore
restrictions based on IP addresses are currently unavailable but are under consideration for future releases.
11. inSync Cloud FAQ 10
Can I turn off web or smartphone based restore?
Yes, admins can disable web or smartphone based access for any particular user group or for all users.
How can I facilitate high volume data transfers during rollout of endpoint
backup or device refresh?
You can seamlessly integrate inSync CloudCache, an on-site cache, to provide LAN-like speeds on backups, restores,
and data syncs with large data-set caching to and from the cloud. Flexible scheduling, bandwidth throttling, and cache
sizing dramatically simplify the rollout of endpoint backup or the device refresh process for tens of thousands of users
by utilizing WAN bandwidth during off-peak hours.
How can data be exported in bulk from inSync Cloud service?
An administrator can, in addition to performing a normal restore process, request a bulk export from inSync Cloud
to a physical device. Druva will ship the physical device to the customer at an additional cost. See pricing section for
more details.
Pricing
How is inSync Cloud priced?
Pricing information is available at http://www.druva.com/plans-pricing
How much does data export to a physical medium cost?
Bulk data export to a physical medium costs $500 per TB exported.
What’s the minimum subscription period?
The minimum subscription period for inSync Cloud is 1 year.
12. Druva, Inc.
Americas: +1 888-248-4976
Europe: +44.(0)20.3150.1722
APJ: +919886120215
sales@druva.com
www.druva.com
About Druva
Druva provides integrated data protection and governance solutions for enterprise laptops, PCs, smartphones and
tablets. Its flagship product, inSync, empowers an enterprise's mobile workforce and IT teams with backup, IT-managed
file sharing, data loss prevention, and rich analytics. Deployed in public or private cloud scenarios or on-premise, inSync
is the only solution built with both IT needs and end-user experiences in mind. With offices in the U.S., India and United
Kingdom, Druva is privately held and is backed by Nexus Venture Partners, Sequoia Capital and Tenaya Capital. For
more information, visit www.druva.com