What you will learn in this tip: Cloud backup offers many advantages for remote sites. The tricky part of backing up to the cloud is choosing the right provider to handle your organization's data. In this tip, you'll learn the best questions to ask potential cloud backup providers before you sign on the dotted line.
As far as employees are concerned, cloud backup is a set-it-and-forget-it operation that requires nothing from the people on-site and not much from the IT staff. Just decide what you want to back up, install an agent on your system and you're done.
However, the step before that, choosing the right cloud backup provider, requires a fair amount of work from IT staff. Cloud backup is a new technology, and providers are proliferating rapidly. But there really isn't a common body of agreed-upon best practices for providers, and as a result, you have to carefully consider a number of factors and not make assumptions when choosing a provider.
Are you the right size?
Restoring a large amount of data from a cloud backup can be slow due to the bandwidth limitations of the Internet. In some cases, a restore could take days or longer. This is why some vendors such as EMC’s Mozy and Venyu Corp. offer the option of receiving a copy of your backups on DVD or a portable hard disk if you need to restore your data.
Considering how long it can take to get a full download over the web, this may be a preferable (if expensive) option. Mozy charges $99 for 4.7 GB of backup data on a DVD, or $199 on a hard disk.
Not only does the narrow bandwidth increase restore times, many cloud backup providers are focused on backup and restore at the file and folder level, such as Carbonite Inc. In other words, they require you to designate the files and folders you wish to back up and don't allow you to designate larger storage chunks. Their systems get progressively clumsier as you move to the partition or disk array level. Carbonite also will not back up external hard disks or a network share.
Is the cloud backup provider reliable and stable?
A cloud backup provider's stability may be the most important factor in choosing a service. Most of the vendors are new, many of them are small and a lot of them probably aren't going to be around in a couple of years—at least not in their present form. If you choose the wrong vendor, you may be faced with having to move a terabyte or more of backed up data to another site in a matter of days.
While almost no one has much of a track record in cloud backup, a few vendors have been in the backup and archiving business for years, which builds confidence to their offerings. Also, several cloud backup providers are being acquired by large corporations, which should increase the stability of those vendors.
While it's important to have firm guarantees from the cloud backup vendor regarding what happens to your data if their business is disrupted, remember that those guarantees aren't worth much if the vendor suddenly goes out of business.
Did you read the fine print?
Cloud backup providers all offer essentially the same services, but there are enormous differences in exactly what they offer and how they do it. Some, such as Amazon's S3, basically rent you storage space. Others, such as Acronis Inc., are complete solutions that help you set up and manage your system backups and restores. Vendors such as Acronis also provide features like rule-based backup and centralized backup management. A few, such as AmeriVault from Venyu, are specifically designed to handle small enterprise backups and offer a number of services, such as management.
Some of the issues to look for include bandwidth throttling by the vendor, limits on the total amount of storage per account or what happens to the data at the end of the agreement. More obscure points, such as the venue for any legal actions, also need to be looked at carefully.
Are there weasel words in the agreement?
Look out for phrases such as “best efforts” and similar weasel words. You want an agreement that will nail contingencies down firmly. This is particularly important because cloud backup is still an evolving business and standard practices haven't really been established. Some other things to look out for in your service-level agreement are phrases like “reasonable time," compensation without specifying the amount, or how it is to be calculated. Also look out for restore times specified only in terms of the vendor's server performance, not including the network, and some really arcane ones like jurisdiction in the event of a suit. (If you're in South Carolina you do not want to have to file suit in the state of Washington, for example.)
The basic problem here is that the cloud backup business is still evolving and there is a lot of variations in the terms and the way they are interpreted. Some of the interpretations are reasonable. Some are not. Nail everything down.
Are the guaranteed recovery times acceptable?
Like any other backup vendor, a cloud backup provider should provide you with a guaranteed recovery time for your data. Is the time proposed (which should include transit time over the network) good enough for your purposes and what guarantees does the vendor offer?
Can the system do a bare-metal restore?
This is tricky because not all of the cloud backup systems routinely back up the operating system or the system state. However some are more capable than others in doing a bare metal or “close-to-bare-metal” restore.
For example, Zmanda Inc.’s cloud service can back up both the files and the system state, but you have to load a copy of the operating system onto the recovery system before you start the restoration process. Acronis’ cloud backup product (when combined with Acronis TrueImage), on the other hand, can perform a true bare-metal restore.
Are the legal questions covered?
Legal requirements, such as Sarbanes-Oxley and HIPPA, may require that you meet certain standards in safeguarding your data. Legalities become a special problem when cross-state or cross-border information flows are involved. Often you can be liable for data breaches even if you didn't know where in the cloud your data is stored. Requirements can change from jurisdiction to jurisdiction as many states and the European Union have very different requirements for protecting data.
Consult your legal department about your obligations and how your vendor proposes to meet them.
Are you secure end-to-end?
The basic principle of cloud security is that your data should never be exposed, either in transit or at rest. The first step is to encrypt your data before it leaves your server. The second is to make sure the data is safe in transit using SSL or some other method. The third step is to make sure it is stored and handled safely on arrival. Check your vendor's security policies and guarantees and see if they encrypt the data before it is transmitted. If not, invest in an encryption system of your own.
About this author: Rick Cook is a frequent contributor to SearchDataBackup.