Because security is the chief obstacle to more companies utilizing cloud backups, cloud data storage products have to comply with a series of best practices. It must encrypt data in transit, usually through a secure socket layer connection if you are using the Internet to transport the data. It must store data as encrypted in the cloud via a state-of-the-art encryption protocol along the lines of a 256-bit AES encryption. And, finally, the cloud data storage provider needs to support strong, enforceable authentication with features like password expiration and complexity.
Cloud data backup also carries with it compliance issues. Public companies, or anyone working in industries subject to enhanced regulatory requirements, should look at cloud data storage providers that adhere to SSAE 16/SOC 1. It’s critical that the service provider performs the more stringent Type II audit as it’s the only one that allows the auditor to share his opinion on whether the controls tested work well enough to provide some guarantee that the control objectives were achieved during the testing period.
While security and compliance would rank at the forefront of any list of features and considerations you must evaluate when trying to find the right cloud data storage product for your organization, they are not alone. Here’s a look at some other factors to consider:
Hybrid vs. pure cloud backups. In a pure cloud backup scenario, agents on protected servers and desktops perform backups directly to the cloud. Quick setup and minimal maintenance are benefits of this service. A pure cloud data storage product is best-suited for personal backups and backups for smaller firms with limited amounts of data to protect (typically a few terabytes). The drawbacks of backing up directly into the cloud are performance and bandwidth challenges because of latency and bandwidth limits of available Internet connections; these shortcomings are most important when restoring data.
Latency and limited bandwidth are mitigated by hybrid cloud backup products that use an on-premises disk or gateway as the initial backup target from which the data is replicated to the cloud. The on-premises intermediary usually caches the most recent backups for on-premises restores, minimizing tedious recoveries from the cloud; it also moves data into the cloud asynchronously. For a pure cloud backup solution without the on-premises intermediary for quick restores, it’s essential to understand all restore options, including the ability to have backups shipped to you on a disk or NAS device; restore options become more relevant as the amount of data stored in the cloud grows. Similarly, some MSPs accept the initial full backup on an external storage device (known as “seeding”) to avoid a time-consuming first backup over the Internet.
Efficiency. Backup processes that are OK for on-premises backups may be unacceptable for cloud backups. For instance, the ability to perform sub-file backups of changes to files is an indispensable feature in a cloud backup product. With email personal folder files (.PST files) that can grow beyond gigabytes, and large Excel spreadsheets and PowerPoint presentations spanning tens of megabytes, being able to only back up file changes to the cloud rather than complete files is a non-negotiable feature for a cloud backup product. Similarly, the ability to perform continuous incremental backups minimizes the amount of traffic for each backup. The traditional weekly full and daily incremental backup discipline frequently used for on-premises backups doesn’t work for backing up data into the cloud. Limited network bandwidth makes efficiency one of the primary virtues in a cloud backup product. So anything that can help reduce the amount of data to be moved into the cloud is critical.
Compression and source-side deduplication are two technologies that help minimize the amount of traffic sent into the cloud. Data deduplication reduces bandwidth usage and also helps cut the cost of backing up to the cloud. Because cloud storage pricing is usually based on gigabytes stored, compression and dedupe are instrumental in lowering monthly fees. To maximize data reduction, some MSPs deduplicate on the source side and one more time in the cloud. While the scope of source-side dedupe may be limited to a single or few hosts, dedupe in the cloud can be performed against all data, resulting in significant additional data reduction.
KEY CLOUD BACKUP CHECKLIST GUIDELINES
Enlarge KEY CLOUD BACKUP CHECKLIST GUIDELINES diagram.
“We deduplicate and compress before we send data across, and we deduplicate one more time once data is in the cloud,” said Karen Jaworski, senior director of product marketing at i365, a Seagate company and backup MSP.
Transport. Besides source-side dedupe, cloud backup products differ in the way they manage available bandwidth. The ability to limit and throttle bandwidth while backups are in progress helps minimize the impact on users and other apps sharing the Internet connection. Moreover, being able to configure multiple bandwidth limits for different times of the day helps optimize the balance between backup performance and the impact on other users. Some cloud service providers, such as AT&T, give customers the option to use a multiprotocol label switching (MPLS) circuit instead of the Internet; this option is relatively cost-effective for customers who already use MPLS. The quality of service (QoS) feature of MPLS lets users label backup data as low-priority traffic, eliminating the impact on other users and applications altogether. This is especially attractive for midsized and large companies with many users and a lot of protected data.
Backup managed service providers
Handing off backups to a managed service provider is the quickest way of getting backups into the cloud and the method with the fewest internal IT requirements. MSP offerings are available as pure cloud backup products where the user installs agents on desktops and servers that directly back up data into the cloud; they’re also available as hybrid cloud backup products where the cloud service vendor provides a managed on-premises gateway to store backup data locally before replication into the cloud.
MSP offerings range from consumer, small office/home office (SOHO) and small- and medium-sized business (SMB) products to cloud backup services targeted at the enterprise. “While the sweet spot for cloud-based backup is still the small to midsized company, larger enterprises have started leveraging the cloud to supplement internal backups, especially for DR [disaster recovery], remote office and end-user data protection,” said David Chapa, senior analyst at Milford, Mass.-based Enterprise Strategy Group (ESG).
Consumer backup services were popularized by Mozy (now part of EMC Corp.) and Carbonite. They’re pure cloud backup products, licensed to protect a single desktop or laptop, and may not have all the features expected in a business backup product. For instance, the Carbonite service doesn’t offer deduplication. “Deduplication is less required in our target market where the average amount of protected data is less than 50 GB,” said Pete Lamson, general manager of Carbonite’s Small Business Group. Both Carbonite (with Carbonite Business) and Mozy (with MozyPro) have expanded their offerings into businesses. While Carbonite targets small businesses with a simple and highly affordable backup service, MozyPro is aimed at small and large businesses alike.
Joining Carbonite with a focus on small companies with up to 50 users is Symantec Corp. with Backup Exec.cloud. “Backup Exec.cloud has centralized management and provides global visibility to protected hosts, and we try to make backup as simple as possible,” said David Mitchell, product manager for Symantec’s hosted endpoint protection.
For enterprises, IBM has rebranded and renamed its managed backup service offerings with a focus on resilience: SmartCloud Resilience. The IBM product spans the data protection spectrum from backup and recovery to archival and DR.
Hewlett-Packard (HP) Co.’s enterprise Electronic Vaulting Service is a managed server backup product powered by Asigra Software; HP’s Mobile Information Protection uses Autonomy Connected Backup, which HP has just made available as PC Backup Services for the SOHO and SMB markets, and is available through channel partners.
EVault has been offering managed backups since 1997, and the company has one of the most complete and feature-rich cloud backup offerings addressing the needs of small and large companies. Available as pure service, software, and physical and virtual appliances, it can be deployed on-premises, in a hybrid arrangement or as a pure cloud backup product.
Iron Mountain Inc., has one of the strongest brands in the backup world but its cloud message changed with the sale of its Connected Backup and LiveVault backup software to Autonomy. Iron Mountain is currently focusing on backup services rather than software development.
“We continue to offer cloud backup services for businesses,” said Ken Rubin, senior vice president and general manager of the Iron Mountain healthcare service. “For the healthcare and financial services sectors, we provide advanced solutions; for instance, for hospitals we offer a managed backup product with tight integration with all major PACS [picture and archival communication system] systems.”
Cloud-enabled backup apps and gateways
While small companies are more likely to opt for the MSP approach, larger companies are more apt to extend their existing backup infrastructure into the cloud using either their existing backup software or a cloud gateway. The incentives to expand the backup infrastructure into the cloud range from replacing off-site tapes with backups in the cloud to leveraging the cloud for backup jobs that can be performed more cost-effectively.
Cloud support in commercial backup applications varies considerably. CommVault Systems Inc. has added extensive cloud support and supports a wide range of cloud service providers (AT&T, Amazon, Microsoft, Nirvanix and Rackspace). Supported cloud providers appear as additional backup media and all backup features, such as deduplication, are available when backing up to the cloud. Archival into the cloud with stub support for on-demand retrieval of archived data and block-based replication of changes into the cloud for recovery into a compute cloud service such as Amazon Elastic Compute Cloud (EC2) are just a couple of features that distinguish CommVault Simpana. Similar to CommVault, both Symantec Backup Exec and NetBackup support backing up into the cloud, but they currently only support Nirvanix. Arkeia Network Backup supports replication of backup sets into Amazon and Nirvanix.
EMC Avamar and NetWorker currently don’t have out-of-the-box integration with cloud service providers. Instead, EMC is selling Avamar to MSPs. “We decided on Avamar to power our enterprise backup service because of its efficient source-side deduplication and scalable Avamar Data Store grid,” said Dick Mulvihill, co-founder and managing partner at Hexistor Data Protection Service LLC, a Chicago-based backup MSP.
IBM Tivoli Storage Manager (TSM) doesn’t currently support direct backups into the cloud. “We’re working with cloud gateway manufacturers such as Riverbed for cloud backup support; cloud backup gateways are simple and quick to set up and have the advantage of locally cached backups for quick restores,” said Steve Wojtowecz, vice president of storage software development at Tivoli.
Cloud gateways that move data into cloud storage are available from Nasuni Corp., Panzura Inc., Riverbed Technology Inc., StorSimple Inc., TwinStrata Inc., and others. While some gateways are touted as hybrid cloud storage products to extend on-premises storage into the cloud, Riverbed Whitewater’s focus is exclusively on cloud backup. Available in different configurations for small businesses to large enterprises, traditional backup applications back up to the Whitewater gateway appliance, which then deduplicates, compresses, encrypts and asynchronously moves data into supported cloud providers (which currently include AT&T, Amazon and Nirvanix). The StorSimple gateway stands out because of its extensive support of Microsoft SharePoint.
Cloud backup goes mainstream
Backup to the cloud is moving from a niche application into the mainstream, especially in the SOHO and SMB sectors, and it’s being used increasingly by larger companies to supplement their existing backup infrastructure. The increased adoption of cloud services by public companies and even government agencies suggests that security concerns with cloud services are slowly abating. However, proper due diligence must be taken when evaluating cloud backup, such as implementing solid backup processes and strong controls, to avoid unpleasant surprises.
Jacob Gsoedl is a freelance writer and a corporate director for business systems. He can be reached at firstname.lastname@example.org.
This article was originally published in Storage Magazine.
This article was also published on SearchDataBackup.com.
This was first published in January 2012