The ever-increasing digitization of information: documents, customer records, employ-ee records, financial records, and media collections (photos, music, etc.), is forcing companies to store more and more data. The expansion of data in our lives seems inevi-table and the Internet is certainly the driving force. More and more, we rely on data to run our businesses. Today, protecting our data means protecting our livelihoods.
DWPIA Whitepaper - Three C’s for Data Protection: Comprehensive, Convenient, and Cost-effective
1. White Paper
A White Paper from DWP
Information Architects, Inc.
www.dwpia.com
This report is not intended to
answer every question you
might have about the subject at
hand. This report consists of the
opinions and current thoughts
of the author at the time of pub-
lication.
This report is intended to give
general advice and information
with regard to its subject mat-
ter. It is distributed with the
understanding that the author,
publisher, and DWP Infor-
mation Architects are not ren-
dering specific advice for any
specific company or organiza-
tion.
DWP Information Architects
would be happy to review your
current systems and to offer
appropriate context-specific
advice.
DWP Information Architects
and the authors will not be lia-
ble to any person or organiza-
tion for any actions they take
as a result of the information
contained in this report.
In other words, you’re responsi-
ble for your own actions.
Telephone: 866-995-4488
Email: info@dwpia.com
Web: www.dwpia.com
Three C’s for Data Protection
Comprehensive, Convenient,
and Costeffective
By Praerit Garg and Denis Wilson
The ever-increasing digitization of information: documents, customer records, employ-
ee records, financial records, and media collections (photos, music, etc.), is forcing
companies to store more and more data. The expansion of data in our lives seems inevi-
table and the Internet is certainly the driving force. More and more, we rely on data to
run our businesses. Today, protecting our data means protecting our livelihoods.
Why, then, do most small to medium businesses (SMBs) fail to have a data protection
plan? The U.S. Bureau of Labor Statistics reports that the majority of SMBs never
recover from a catastrophic data loss. Unlike the loss of physical assets such as build-
ing and equipment, which can be replaced quickly through insurance payouts, lost data
offers very little recourse. Moreover, data theft can be just as damaging — if not
more. It is no surprise that data protection is now a top of mind concern for most
SMBs. It can be the difference between being in business and not.
A data protection solution must succeed across three dimensions in order to meet the
needs of SMBs:
Comprehensive – it must address all facets of data protection – human errors,
hardware/software failures, disasters such as theft, fire, flooding, etc.
Convenience – it must be set-and-forget. SMBs are strapped for resources so any
solution that
requires constant care will not be effective.
Costeffective – last, but not least, it must fit an SMB budget. SMBs have a very
limited budget for IT overall – a few hundred dollars per month is pretty typi-
cal. Data protection is only one part of the overall IT budget. Any solution needs
to have a price that doesn’t change dramatically month to month ‐‐particularly
with ever increasing amounts of data.
Curerent Data Protection Solutions
Onsite disk backups – According to research from IDC, 58% of SMBs only do lo-
cal backup. Local backups are a critical first step in any good data protection
A Product of Web: www.DWPia.com Email: info@DWPia.com
DWP Information Architects Inc. Phone 866-995-4488
2. Page 2 Ph: 866-995-4488 Email info@dwpia.com
plan. There are several well-known backup applications on the
market. Both the Windows and Mac operating systems have
native applications and there are several third party applica-
tions from vendors like StorageCraft and Symantec. Local
backup provides adequate protection against common data loss
associated with human errors, hardware failures, etc. However,
local backups alone are not a sufficient data protection solu-
tion. They do not protect against situations of theft, natural
disasters like flooding or fire, or multiple hardware failures that
could be caused by something as simple as a power surge.
Tape rotations – The IDC research indicates that about 16%
of SMBs use tapes for backup. Historically, tapes have served
as a popular backup medium because they are portable and
inexpensive. This meant that a business was able to get both
onsite and offsite data protection using a tape rotation strate-
gy. That said, industry data show that 50-70% of tape-based
backups cannot be restored. With 1TB USB hard drives now
available for $100 or less, tapes are nearly, if not already, obso-
lete.
External hard drives – They are a good replacement for
tapes. They provide high capacity, are very fast, and are eco-
nomical and portable. Like tapes, external hard drives address
some of the limitations of local backups. They can be taken
offsite. This means that if a process is setup to regularly rotate
external hard drives, you not only have a good local backup but
also one that is offsite and may be just a few days old. The
challenge with this solution (and tape) is the high human in-
volvement which, by its very nature, is error prone. Some per-
son or persons in an organization must now take the responsi-
bility for diligently following the process. In SMBs, there is
always a shortage of human resources and this task is not
something that is core to the day to day functioning of the busi-
ness. As a result, it rarely happens. Even in the situations
when it does happen, the manual transportation process has
risks – dropping and damaging the drive, losing it somewhere
on the way, theft, etc.
Data centerbased online backups – Increasingly, data
center-based online backups are becoming a choice for a set-n-
forget data protection solution. With the ubiquity of Internet
access and ever growing bandwidth, online backups are becom-
ing an attractive alternative. Not only is the data now backed‐
up offsite, it is done so automatically with no constant human
involvement.
Despite the attractiveness of this solution, the IDC data sug-
gests that only 10% of SMBs are using online backup solu-
tions. This is surprising given the fact that online backup solu-
tions have been around for over 10 years. There may be sever-
al reasons that help explain this slow adoption in the market:
Cost. Storing data in data centers is prohibitively expen-
sive – as much as several dollars per GB per month in
some cases. This adds up quickly for an SMB– several
hundred dollars per month for just a few 100 GBs of da-
ta. In contrast, a hard disk rotation solution using a couple
of 1TB external hard drives can be implemented for a one-
time cost of about $200.
Security. A significant concern with online solutions
has been around the security of the data stored in data
centers. Copies of sensitive data are sitting in some re-
mote data center. What kind of security does the facility
have? Who has access to the facility and what kind of
trust can be placed on these unknown individu-
als. Additionally, the stored data is co‐mingled with
the data from other companies– potentially competi-
tors. What types of data isolation, access controls, and
protective measures are in place to ensure there is no
breach? None of these issues are relevant in the disk
rotation solution because the disks are under the control
of the business.
Time to initial backup. With limited upload band-
width, companies with large data sources aren’t particu-
larly motivated if it is going to take several weeks to get
that first backup uploaded. Online vendors must pay
substantially for data center bandwidth so they tend to
“throttle” incoming traffic across multiple clients to
manage their costs. By comparison, backup to an exter-
nal hard drive is blazingly fast.
Time to restore. Given the rare nature of disaster, even
if a company does overcome the hurdle of time to initial
backup (a one‐time event), restore becomes an even
greater challenge. Again, given limited bandwidth and
backend throttling by the vendors, a restore could take
many days to complete for companies with substantial
amounts of data. By comparison, it is much quicker to
restore data from a local drive and in the case of a real
disaster, bring back the one that was rotated offsite.
Maturity of backup software. One of the most prob-
lematic aspects of data protection is doing a restore after
a data loss. Anyone with data protection experience will
be quick to remind that backup is easy, restore is
hard. The true strength and quality of backup software
is only evident when a restore is necessary. This makes
selection of the right backup software critical. Most
online backup services require use of their own backup
software. These new applications do not have the ma-
turity of local backup solutions that have existed for
years. Asking customers to switch to untested, unprov-
en backup solutions creates significant friction.
Support. When a disaster happens, the last thing a busi-
ness owner wants to do is call an 800 number and be
placed on hold. This adds insult to injury. SMBs need
local help from someone who understands their systems
and who can start the recovery process right away. Most
online backup solutions are impersonal web and phone
based services. This makes gaining customer trust in-
creasingly difficult.
Despite these challenges, some online solutions address these
issues with varying degrees of effectiveness:
Cost – has been decreasing as the cost of storage hardware
has decreased. That said, online storage services remain
several orders of magnitude more expensive than local stor-
3. Page 3 Ph: 866-995-4488 Email info@dwpia.com
age. For example, you can easily buy a 1TB USB drive for
$100. The cost to backup 1 TB of data using an online service
can be $500 per month.
Freakonomics, right? This is due to the simple fact that the
cost of hardware is only a small fraction of the overall costs of
running a data center. The capital and operational expenditures
required to build and run a data center account for as much as
82% of fully loaded costs. In addition, data centers need to be
over-provisioned in order to handle potential demand. This, of
course, increases the overall costs that ultimately must be paid
by customers.
Security – most solutions now encrypt the data on a custom-
er’s computer prior to sending it to the offsite facility. This,
however, means that customers now have to manage their en-
cryption keys. Losing these keys could render the data irrecov-
erable. Creating and managing keys is yet another point of
friction.
Time to backup – a few solutions enable customers to have an
onsite backup to a dedicated backup device which then trickles
your data to their backend data centers over time. Some also
allow you to mail in (e.g. via FedEx) a hard drive with the cus-
tomer’s initial backup to their data center for fast upload. Each
of these options typically costs thousands of additional dollars.
Time to restore – some solutions offer overnight mailing of
DVDs or hard drives to enable a quicker restore. This requires
an additional fee.
Maturity of backup software – most online solutions do not
address this. In only one case where the vendor is providing an
onsite + offsite solution, have we seen the use of industry
standard backup software.
Support – most online solutions do not have a strong local
channel model. This is due to the high cost of goods, as dis-
cussed earlier. This shrinks the target market significantly and
leaves very little margin for the channel to be motivated to pro-
vide local sales and the necessary support.
To summarize, let’s evaluate the current data protection solu-
tions across the three dimensions outlined above:
Comprehensive – does the solution adequately cover all as-
pects of the data protection problem?
Convenient – how much effort needs to be expended regularly
to achieve the necessary data protection with this solution? Is
it really set-n-forget or not?
Cost-effective – is the solution affordable to an SMB?
Unfortunately, none of the current solutions on the market suc-
ceed at being comprehensive, convenient, and cost-
effective. The best you can do is achieve two out of three Cs.
Creating a comprehensive, convenient, and cost-
effective solution
The Cooperative Storage Cloud takes the best attributes of each
solution listed above and combines them into one compre-
hensive, convenient, and cost-effective solution.
Like disk rotation and online solutions, it is comprehen-
sive.
Like onsite disk backup and online solutions, it is con-
venient.
Like onsite disk backup and disk rotation, it is cost‐
effective.
Here’s an easy way to think about it: imagine a disk backup
and rotation solution without the need to rotate disks and
store them off-site.
You use your favorite backup software – we support
them all.
You configure the two disks you were going to do rota-
tion with using storage space on an existing server or by
adding USB drives, once.
You configure your local backup to one of those to
disks. The other is a “spare”.
Using the power of the Internet and the innovative Co-
operative Storage Cloud (CSC, for short) technology,
you trade your local ”spare” disk for a much more relia-
ble and secure virtual backup drive in the storage
cloud.
Your local backups are automatically mirrored to this
virtual drive in the CSC.
The result: a data protection solution that is comprehensive,
convenient, and cost-effective.
Achieving the Three C’s
Comprehensive – the solution is comprehensive because it
addresses all dimensions of data protection:
Onsite local disk backup provides fast, efficient restore
capability for most common data loss cases – human
error, corruption, primary hardware failure,
etc. Backups are done using any backup software that
the you are comfortable with – e.g. built-in backup in
Windows, StorageCraft ShadowProtect, Symantec Back-
up Exec, etc. (We like to see backup software that does a
comprehensive job of reporting, and the latter two choic-
es are both good examples). Local backups are on the
physical premises and are as protected as the live data.
Solution Comprehensive Convenient Cost-effective
Onsite disk backup No Yes Yes
Tape rotation No No Yes
Disk rotation Yes No Yes
Data center-based
online backups
Some Yes No
4. Page 4 Ph: 866-995-4488 Email info@dwpia.com
Data can be encrypted using any standard encryption tech-
nology. Some backup software includes built-in compres-
sion and encryption capability.
Using the NetCare-provided backup agent, local backups
are automatically mirrored into a virtual disk in the
CSC. This provides the offsite protection against local
disasters – theft, flooding, fire, etc. The backup agent en-
crypts the data locally (prior to mirroring to the cloud)
using a federally-certified, military-grade encryption algo-
rithm – 256bit AES. This ensures that no business data
leaves the customer’s systems without adequate protec-
tion.
Every block of 64MB is encrypted using a 256bit random
key. This means that even in the highly unlikely event that
such a key is compromised; only one block of data may be
at risk. File and associated block information, including all
block keys, are stored securely in the Cloud Control
Only properly authorized and authenticated backup agents
running at the customer premises is able to store and re-
trieve file and block information from the Cloud Con-
trol. The information is always protected using SSL in
transit.
The backup agent itself must authenticate to the Cloud
Control using a large random key to gain access to file and
block information including keys that were used to encrypt
its blocks. An initial password is issued exactly once to a
trusted service provider during the software installation
process at a given customer site. It is immediately
changed by the software after the installation is complet-
ed.
This means that only the backup agent at the customer site
and the Cloud Control know the authenticating keys used
for storing and accessing customer specific file and block
meta-data. Furthermore, in the event of a disaster, a brand
new installation must be performed to recover the custom-
er data from the CSC. This requires a new key that can be
obtained only by the trusted service provider by doing a
reset operation in the Cloud Dashboard. Reset operation
renders the old keys useless eliminating any potential risk
associated with lost keys. This new key is also immediate-
ly changed after installation to ensure that only the backup
agent running at customer site has access to the sensitive
customer information. This approach enables a highly
secure yet fully automated key management solution.
The encrypted data blocks are redundantly dispersed to
thousands of other randomly selected participating systems
running at other customer sites in the CSC. Resulting in
unparalleled security, availability, durability and
speed. This is done as follows:
Each 64MB block of encrypted data is divided up into 64
1MB fragments. 32 1MB parity fragments are added to
make a total of 96 1MB fragments for every 64MB en-
crypted block. Parity fragments are generated using the
industry standard Reed Solomon encoding scheme which
enables any 64 out of 96 fragments to be sufficient for
recreating the block. These 96 fragments are then sent to
96 randomly selected computers operating within the
CSC.
Unparalleled Security: Dispersing the encrypted fragments
to random location implies that there is no one place where
the entire data set is stored outside of the customer’s premis-
es. In order to breach this security, 96 random computers
would have to be discovered and contacted for every 64MB
block. Each block would then need to be decrypted using a
random 256bit key which can only be obtained by first
breaching the Cloud Control. This process would have to be
repeated for every block for the entire file to be re-
assembled. This is truly superior to any other data security
solution in the market today.
High Availability: Using this technique means that as many
as 33 systems (each storing one fragment of the block) must
fail at the same time for the block to be inaccessible at that
instance. The probability that 33 out of the given 96 happen
to fail at the same time is infinitesimally small
Strong durability: With 32 parity fragments for every 64
original, the system has sufficient redundancy to protect
against any type of failure. As a comparison, RAID 5 has
only 1 parity fragment for every 4 original and is regarded as
a highly robust data storage system.
Blazing speed: Taking a 64MB block and transforming it
into 96 1MB fragments – each of which go to different loca-
tions on the Internet – enables the CSC to achieve very high
levels of parallelism during uploads and downloads. Assum-
ing sufficient bandwidth, the net effect of this is equivalent
to 64MB of data getting transferred in roughly the same
amount of time as it would take to transfer 1MB of data be-
tween a server in the data center and customer’s comput-
er! That is potentially a 64X increase in speed compared to
traditional data centers!
Convenient – the solution is truly “set and forget” with
several convenient attributes:
Simple to set-up. The system requires a 5 minute download
and installation of the backup agent software on a designated
computer at a customer site.
True set and forget. Once the software is setup, it never
needs to be touched again unless there is a human error,
hardware/software failure, or a disaster. It runs in the back-
ground and automatically mirrors the local backups into the
storage cloud per the configuration defined during setup.
Highly secure, yet no keys to manage. The CSC solution is
architected to be secure without compromising conven-
ience. As discussed earlier, each block of data is encrypted
using a random 256 bit key. From security perspective, this
means that no two blocks are encrypted using the same key
and having a key for one doesn’t mean you can decrypt an-
other block. What is even more important is the fact that
5. Page 5 Ph: 866-995-4488 Email info@dwpia.com
none of these keys needs to be stored and managed on the cus-
tomer site. They are stored securely in Cloud Control and
made available only to authenticated and trusted Symform soft-
ware running at the customer site over an SSL protected secure
channel.
Regular email reports. Clients receive a regular email report
providing them the status of their participation in the Coopera-
tive Storage Cloud.
Local support. In the event of a disaster, you will not be deal-
ing with an unknown voice across a phone line, but with some-
one they already know and trust.
Optional locally stored data. The unique mirroring technolo-
gy built into the CSC enables us to optionally host a hot
standby of your data at the our office. This means that busi-
nesses who want this level of support can recover and be opera-
tional within a few hours after a disaster. Time is money.
Multiple options for a large initial backup. The CSC is dis-
tributed across the Internet so there is no one data center where
customers must send their initial backups. You simply work
with your service provider to adopt the best strategy for pro-
tecting their initial backup. The options for initial backup are:
• Upload into the storage cloud at the your site. It will need
to be done only once. The time required to do this will
depend on the your bandwidth.
• Or simply create a copy and perform the upload to the
DWP site.
• Elect not to upload to the cloud, but simply keep a safe
offsite mirror. Use the storage cloud for mirroring incre-
mental backups only.
Costeffective – the solution is extremely affordable and cre-
ates an immediate ROI relative to the alternatives. For the
price of a couple of large hard drives plus an economical flat
monthly fee, businesses get a comprehensive, convenient data
protection solution. The best part is that the customer can use
as much storage as needed to achieve comprehensive data pro-
tection. No more per GB fees. No more increases in expenses
every year.
Call to Action
We encourage you to ask us to create a comprehensive, con-
venient, and cost-effective data protection solution using the
unique Cooperative Storage Cloud. You can stop worrying
about data loss forever.
We Can Help
DWP Information Architects is knowledgeable, profes-
sional, and experienced. We have built hundreds of
backup systems. Our clients have included many small
and mid-sized businesses.
We also manage networks and backup systems for
companies all across the Ventura, Santa Barbara and
Los Angeles counties.
If we can help you, please contact us today:
DWP Information Architects, Inc.
Phone 866-995-4488
Email info@dwpia.com
Web www.dwpia.com
6. Page 6 Ph: 866-995-4488 Email info@dwpia.com
About DWP Information Architects
DWP Information Architects is Ventura, Santa Barbara
and Los Angeles counties premier Microsoft Partner. We
were founded in 2002 and have been providing managed
care for computer systems since the day we opened our
doors.
We manage your entire I.T. (information technology)
system so you can do . . . whatever it is you do.
Because of our investment in the best people and the best
consulting tools available, we can provide a level of ser-
vice and support normally only available to very large
companies.
We make it possible for small and medium size business-
es (SMB's) to have:
A real, fulltime I.T. department
Service ticketing
Project management
Limited budget
24x7 monitoring
Automated patching of computer systems
Access to absolute top-notch tech support
And we do it for less than what most companies are pay-
ing for "a computer guy."
Company Overview
DWP Information Architects is a consulting firm that
specializes in managing your entire information tech-
nology infrastructure.
That means Internet connectivity, Windows operating
systems, and Microsoft Networks.
We can help you with:
General Tech Support
(Desktops, Servers, Monthly maintenance)
Setting Up Microsoft Windows networks
Microsoft Exchange Server
Microsoft Server 2012
Choosing, Installing, and Managing Email Services
Backups, Fault Tolerance, Failover Systems
Getting Connected to the Internet (Choosing an
ISP, Frame Relay, Other Options)
Keeping Your Network Up and On the Net
TCP/IP
Networking Domain Control
Troubleshooting
Choosing, Installing, and Creating Content for Web
Services
Remote Access Solutions
Fax Services
Security and Firewalls
Domain Name Service (DNS)
Maintaining your Network
Disaster Recovery Preparation and Services
Configuring Network Hardware, such as Routers,
DSU/CSUs, Hubs, Switches, etc.
DWP Information Architects, Inc.
Knowledgeable — Professional — Experienced
The author is Denis S. Wilson,
President and Principal Consult-
ant for DWP Information Archi-
tects Inc. in Thousand Oaks,
CA.
The co-author is Praerit Garg of
Symform in Seattle WA, a sub-
ject matter expert.
7. DWP Information Architects, Inc.
Knowledgeable — Professional — Experienced
Designing, building, and supporting networks for small and
medium sized businesses since 2002.
Call 866-995-4488