It can be a viable means of disaster recovery for some companies and not for others. How do you know if it's right for your company? Following are his answers to common questions about electronic vaulting.
Q. What is the main difference between conventional off-site data security methods and electronic vaulting?
A. Electronic vaulting is primarily a data transport mechanism to move back-up data from your data center to an off-site security facility. Data is taken off-site electronically, rather than by over-the-road transport.
Q. Is this as simple as placing a mirrored server off-site?
A. No. The mirrored server is a fail-over system which takes over processing in the event of primary system failure. If all on-line copies of data are subject to a disaster such as a virus infection or sabotage, then having only a fail-over system will not suffice.
Q. What can EV do for my company that conventional data security measures can't?
A. EV offers increased protection from data loss, reduced complexity, reduced risk and more efficient file recovery.
Q. Increased protection? How?
A. First, the immediacy of electronic transmission allows data to be sent offsite more frequently. And backup is simultaneous to both the EV site and your current on-site backup. You can even backup data over the weekend, so tapes don't wait for Monday morning's pick-up. All of this means that if a disaster strikes, data loss is minimized. Finally, a secure EV service will store your fail-safe backup data to magnetic tape and then protect it off-line to complete the security loop. The service will also require third-party validation and an audit trail for access to all recovery data.
Q. Does EV really make the information security process less complex?
A. It can. Requirements for equipment, maintenance and space are reduced at your data center, enabling a lights out environment. And like conventional data security, EV also transfers responsibility for several tasks to your security service, including capacity planning, recovery logistics and recovery data staffing.
Q. How does EV reduce data risk?
A. Electronic transmission of the data ensures its integrity at the security site, because it has not been exposed to external influences that may arise in physical transport. This includes not only environmental factors faced going to and from the transport vehicle, as well as in it, but also human influences from shipping and handling. In short, data is transported off-site so quickly and so directly that it experiences virtually no external vulnerability.
Q. Does EV have any internal vulnerabilities?
A. Yes. Virtually all EV services store data on magnetic media. Some, however, have an automated system handling media storage and retrieval. This automated system can be accessed by computer, which means your data is still essentially on-line and thus not fully secure from on-line threats. A complete EV security program will take the magnetic media with your data and vault it away from any externally accessible system, taking it off-site, off-line and out of reach.
Q. Does EV help facilitate data recovery in the event of a disaster?
A. Yes. But most companies don't have connectivity between their off-site silos and their hotsite. In that case, electronic transportation costs can be prohibitively expensive - a link large and fast enough to handle the volume of data needed to restart business following a disaster is very costly. It is often more cost-effective and efficient to recover from magnetic tapes.
Q. What about the cost issue?
A. Electronic vaulting does involve a higher expense than conventional data security. Much of the added expense comes from transmission charges - the amount of information to be transferred is growing faster than transmission costs are decreasing. The sheer volume of information needed for recovery requires a lot of bandwidth, and making that bandwidth available on demand is an expensive proposition. When considering EV services, the determining factor is whether you feel your data is sensitive enough, or requires frequent enough backup, to merit the extra cost.
Q. Are there different ways to go about implementing EV?
A. Currently, there are three common approaches to electronic vaulting:
- Channel extension - this system backs up to offline or near-line tape, and does not require a backup CPU. However, it requires a separate hotsite for recovery.
- Network fail-over system - this system does not require a separate hotsite and is protected from most incidental events, but the fail-over server is online, making it vulnerable to hackers or viruses.
- Off-site fail-over system - this system, also network-based, is protected from acts of nature and incidental events, and does not require a separate hotsite, but still the fail-over server is online.
Q. So what is the best way to secure an EV system?
A. First, do not consider your redundant fail-over systems (hotsite) to also represent a fail-safe recovery backup. You should ensure your fail-safe backups are protected from all threats that can come from a single disaster, and are at an adequate distance from the data center. This must be done regardless of how the data is collected and transported. Finally, and very importantly, make sure your EV service does in fact secure your fail-safe backup data off-line. That protects it from hackers, viruses and other electronic intrusion, whether intentional or inadvertent.
Kevin Koski, VP/Technology at Data Base, Inc. is an authority on EV and has lectured on the topic at major IT conferences.