One thing is certain: data loss is inevitable. An estimated 6 percent of all PCs will suffer at least one episode of data loss per year. Indeed, 20 percent of laptops will suffer hardware related data loss in their first three years of use. A CBI/FBI survey revealed that 52 percent of respondents discovered unauthorized access to their systems, and 47 percent had experienced laptop theft.1 A recovery plan that includes offsite storage as a fundamental component will offer a degree of protection that can not be duplicated with an onsite-only solution.
1. 2006 CSI/FBI Computer Crime and Security Survey,” Computer Security Institute / Federal Bureau of Investigation.
Disasters and Consequences
According to an article in Pacific Business News, “Of all businesses that close following a disaster, more than 43 percent never reopen. An additional 29 percent close permanently within two weeks.”2 There are a variety of reasons for the high failure rate, and a variety of controls that can be implemented to minimize the damage. Among those controls is a plan for your data that has it stored securely in a place other than the one being rebuilt.
Disaster can strike in a variety of forms. Most commonly, the word “disaster” evokes images of earthquakes, fires, floods, landslides, hurricanes, and tornados. These typically fall into the category of natural disasters. There are a number of increasingly common man-made threats that can similarly destroy data and render a business non-functional. These directed threats include viruses, hackers, sabotage, and burglary.
Prior to offsite replication, system administrators would most commonly back up to portable media and either walk critical data offsite themselves or pay a service to vault it. A visit to the “Chronology of Data Breaches” at http://www.privacyrights.org instantly and often shockingly demonstrates the pitfalls of physically moving data. The Data Breaches list is littered with examples of lost or stolen data. This risk inherent to portable media can now be avoided with a better and more secure backup solution.
April 27, 2006 – Long Island Railroad (Jamaica, NY)
Data tapes containing personal information including names, addresses, Social Security numbers and salary figures of “virtually everyone” who worked for the agency was lost by delivery contractor Iron Mountain while en route. Data tapes belonging to the U.S. Department of Veteran’s Affairs may also have been affected.
May 15, 2007 – IBM (Armonk, NY)
An unnamed IBM vendor lost computer tapes containing information on IBM employees – mostly exworkers – including Social Security numbers, dates of birth, and addresses. They went missing in transit from a contractor’s vehicle.
In addition to grave financial risks, losing data can place an organization in violation of numerous government regulations that often mandate reporting of the event. The Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Sarbanes-Oxley Act of 2002 (SOX), Gramm-Leach-Bliley Act (GLBA), and Rule 26 of the Federal Rule for Civil Procedure all require secure data storage, backup, and recovery capabilities. Executives and boards of directors with fiduciary responsibilities are now often liable for proper protection of information.
Securely Stored Data
To create an offsite copy of critical data, the Barracuda Backup Service sends data, to one of two secure data centers via the Internet using an encrypted IP tunnel. Before data is transmitted, those shredded and cataloged parts are symmetrically encrypted (AES256 bit) then compressed for transfer and remote storage efficiency. The symmetric key to unlock those parts is in turn asymmetrically encrypted (RSA1024 bit). The United States Government has approved 192-bit AES encryption as an acceptable method for protecting Top Secret information.3 Not only does the Barracuda Backup Service encryption method exceed that specification, but across the Internet, data is protected by three separate encryption algorithms two layers deep.
The last copy is created when replication occurs between the two data centers. All data is mirrored from one to the other and can be accessed from either. Barracuda Networks distributes data for each customer across two geographically dispersed data centers to minimize the potential impact of an event at either location. Each data center is highly secure including alarms, controlled access, fire suppressors, redundant bandwidth, and emergency power generators – everything necessary to ensure valuable data is not in danger.
3. Lynn Hathaway (June 2003). “National Policy on the Use of the Advanced Encryption Standard (AES) to Protect National Security Systems and National Security Information”(PDF). http://www.cnss.gov/Assets/pdf/cnssp_15_fs.pdf
Planning for Recovery
Don’t Get Caught Unprepared
The overwhelming dependence of modern businesses and organizations on information to operate and remain profitable dictates the necessity of an affordable plan that allows for full and immediate recovery. A business should never be in a position where all of their data exists on a single device or at a single location. As a result of advances in technology and design, organizations can now manage these together at an affordable rate.