Posts

Comparing Cloud-based services – Part 3: Backup and Recovery

Many Cloud-based services fall into one of these categories:

  • Productivity suites – Applications that help you be more productive
  • Storage – Storing, retrieving, and synchronizing files in the Cloud
  • Backup and Recovery – Backing-up data and being able to recover it
  • Prevention – Prevent malware, typically spam and related components
  • Search – Find items from either a holistic or from a specialty perspective

In this issue, we’ll explore popular options within Backup and Recovery, the highlighted item above, and compare them with one another.

Backup and Recovery automatically copies files and folders to an offsite location at periodic intervals.  It is similar to Storage, but is unique in that these files are held separately, unchanged, for the purpose of restoration (recovery) if the original files become unavailable.  Backups are typically encrypted and are somewhat resistant to malicious attacks; however, if the original files were infected before the backup process begins, the backup files will also be infected.

Recovery is the reason for backups.  The most common recovery scenarios:

  • A user changes a document and then wishes to retrieve the previous version.
  • Changes are saved to a template document, rather than creating a new file.
  • An upgrade to an application fails and corrupts its data files.
  • Access is needed to a deleted file.

Popular, Cloud-based, Backup and Recovery services include (alphabetically):

  • Carbonite – Extremely popular; starts at $59.99/year per device
  • Mozy – Also well-known with prices starting at $5.99/month for up to 50Gb
  • SOS Online Backup – Starts at $9.99/month for 100Gb; unlimited devices
  • SugarSync – More synchronization than backup starting at $7.49/month

Carbonite

Carbonite is automated, encrypted, and easy to use.  It is available for home users, but includes business-oriented plans.  Home-user plans are per-device; each device is priced at $59.99/year with unlimited backup.  Business plans start at $299.99/year with an unlimited number of devices.

Visit www.Carbonite.com.

Mozy

Mozy is a subsidiary of EMC, a Fortune 500 company in Hopkinton, MA.  Like Carbonite, they offer both home and business packages.

There is a free version, but most MozyHome plans start at $5.99/month per device with up to 50Gb. The business option, MozyPro, starts at $19.99/month for unlimited devices up to 50Gb; $26.98/month with servers.

Visit www.Mozy.com.

SOS Online Backup

Plans from SOS Online Backup do not restrict the number of devices, but their base plan is restricted to a single user starting at $9.99/month.  Plans that include unlimited devices and unlimited users start at $99.99/month and include monitoring, password encryption, and phone support.

Visit www.SOSOnlineBackup.com.

SugarSync

SugarSync is more of a folder-synchronization service than a backup service; it synchronizes a folder across multiple devices.  SugarSync is user-based with plans starting at $7.49/month per user; multi-user plans start at $55/month.

My take:  Of these four options, we hear more about Carbonite and Mozy than SOS Online Backup or SugarSync.  Although SugarSync is popular, it is not as good a backup and restore solution as the other three.

Mozy has the deepest pockets with a large corporate partner, but Carbonite has, at this time, greater momentum.  The monitoring and telephone support included with SOS Online Backup makes it attractive.

Visit http://pcsupport.about.com/od/maintenance/tp/online_backup_services.htm for an extensive review of 40 backup services by Tim Fisher at About.com.  Another comparison at http://www.toptenreviews.com/services/internet/best-online-backup-services/ ranks 10 services from one through 10.

Bryley Systems offers our Backup/Disaster Recovery (BU/DR) service for servers; it is a monitored, secure, service hosted within our data-center in Hudson, MA with onsite appliance included.  Please visit www.Bryley.com for details.

Protect your mobile device – Part 2: Training

Training is an important, early step in any process; informing end-users of the need to secure their mobile devices is critical. Recommended training topics:

● Why we need to authenticate and encrypt

● How to reduce the risk of loss or theft

● How to safely deploy new applications

● How to securely backup your data

 

Authenticate and encrypt

 

Authentication is the process of confirming that the end-user is authorized to use the mobile device in a prescribed manner. It is typically handled through a username with a complex password that is changed frequently.  (A complex password requires at least three of four character options – capital letter, lower-case letter, numeric, and special character – with at least eight characters.)

 

Increasingly, biometrics (fingerprint verification, eye-scans, etc.) are playing a role in authentication.

 

Sensitive data should be encrypted to make it unreadable if the device is lost or stolen. (Encryption scrambles the content, making it unreadable to anyone without the capability to unencrypt.) Authentication is required to unencrypt and access the data.

Reduce the risk of loss or theft

 

Cell phones are easy targets for theft; they can be sold on-the-street and are (still) easily programmed to a new service on a cellular network.

 

To prevent theft:

● Be vigilant; know where your cell phone is at all times and keep it close to your body. (It doesn’t always help: One of our clients had his cellphone taken right from his hand by a man on a bike on a busy city street; the bicyclist also gave him a kick to discourage pursuit.)

● Install phone-tracking software

● Install a physical locking device

 

Safely deploy new applications

 

Mobile-device users download applications through app stores installed on the device. App stores are increasingly targeted areas for malware distribution; only trusted and approved applications should be downloaded and deployed. (Most app stores have responded by requiring additional security precautions from their customers.)

 

For company-owned devices, end-users should have specific guidelines on what applications can or cannot be deployed; ideally, an enforcement mechanism would be installed on the mobile device to ensure these policies are followed. For employee-owned devices, this policy may need to be recommended rather than required.

 

Securely backup your data

 

To prevent loss or inadvertent deletion, data stored on a mobile device (pictures, documents, contacts, etc.) should be backed-up in an encrypted format to a separate, secure location.

 

Backups should be required on devices owned by the organization and strongly recommended for individually owned devices. Backups should be scheduled periodically and verified.

 

Online, consumer-oriented backup and file-storage applications – spritemobile, DropBox, Mozy, SugarSync – are somewhat restricted by the mobile-device operating system in what type of data that they can backup; typically contacts, calendars, tunes, and photos. Full backups are usually done through tethering (attaching the phone to an external device).

 

Visit Enterprise Security Policies for Mobile Device Backup and Restore atDummies.com for an informative article on mobile-device backup.

 

Next month (part 3): We will discuss enforcement, review a few tools, and wrap-up with first-step suggestions.