Off-site backup is a method of backing up data to a remote server or to media that is transported off site. The two most common forms of off-site backup are cloud backup and tape backup. During cloud backup, also referred to as online backup, a copy of the data is sent over a network to an off-site server. A third-party cloud service provider typically hosts that server, but an enterprise can also own it.
To start the cloud backup process, an organization can either send its data over a network or use cloud seeding to send a disk drive or tape with data to a cloud service provider. The organization then schedules and runs regular backups, typically through a web browser. The remote files and folders appear as they are stored off site.
During the tape backup process, data is copied from primary storage to a tape cartridge. For off-site data protection, an organization would then transport the tape cartridges to another location.
Disk is a preferred medium for backup because of its greater speed and access than tape. Tapes are now used more often for long-term archiving or disaster recovery (DR). Disk could be an option for off-site backup, but it is much less durable than tape and prone to damage in the transport process.
The historical "3-2-1 Rule of Backup" states that an organization should have three copies of data on two different media, with one copy of the media placed off site. Off-site backup is important in the event of a disaster, ransomware attack or other incident at the main data center. When such an incident occurs, an organization will recover by retrieving the backed up data from the cloud or tape cartridges. While local backup offers quicker access, off-site backup serves as a critical safety net.
The cloud is a prime target for SMBs to back up data in a cheaper and easier way. An SMB might also use an external hard disk drive (HDD) for its off-site backup. While it's easier to back up to an HDD, it's not as portable or durable as tape. Tape is usually more of a target for enterprises and industries such as media, entertainment and life sciences that need to store large amounts of data. In addition, an SMB usually has fewer resources than an enterprise to move tapes offsite.
Keys to implementation
In implementing off-site backup, an organization needs to be wary of cost, more so with the cloud than with tapes. Cloud-based backup costs -- which typically involve capacity, frequency, bandwidth and the number of users -- can escalate quickly. Organizations should conduct a long-term cost projection to avoid a surprise years down the line when the amount of data stored in the cloud grows.
A retention plan to delete backup data that's no longer needed should also be implemented. For example, pricing for Amazon Glacier, one of the cheapest cloud-based options and a common archiving platform, started at .4 cents per gigabyte per month as of September 2018. While that might sound cheap, it will cost nearly $5,000 per year to store 100 TB of data off site. In addition, costs associated with getting data out of the cloud can be high.
Tape backup costs increase over time as well, due to the price of additional media and the off-site storage.
Security is another consideration. For cloud off-site backup, data moving across the public internet to a cloud provider's server should be encrypted at the original location, in transit and at rest on the provider's server. Users must then verify that the data is the same as it was previously and not corrupted, and that it will be available for DR.
Analyst George Crump explains why organizations are still using tape for backup.
Tape security is mainly referred to in terms of the physical. To limit the chance of tapes being stolen, an organization should ship them as soon as they're done writing to them, and then ensure that the off-site storage location is secure. A service-level agreement (SLA) will state who has access to the tapes and how long the recovery time should take. Like with the cloud, encryption is important. Linear Tape-Open 8 (LTO-8), released in late 2017, features the 256-bit Advanced Encryption Standard as well as the write once, read many (WORM) capability.
Unlike with the cloud, drive maintenance is a challenge with tapes. An organization using tape for off-site backup must ensure the equipment undergoes proper, consistent maintenance or risk issues with performance.
One common approach to off-site backup is disk-to-disk-to-tape (D2D2T), which writes a backup to disk, copies it to tape and then ships the backup off site. This process ensures a local backup with a quick restore time in the disk, plus a cheaper off-site backup copy on tape.
The distance from the primary data center to the off-site backup data center can vary by region. If an organization is in an area where hurricanes often hit, for example, the off-site storage -- on tape or in the cloud -- should reside outside the hurricane zone. If an organization is not in an area where natural disasters often occur, the off-site backup location can be closer but still far enough away that any incident at the primary location won't affect the secondary site.
Off-site vs. on-site
On-site backup, or local backup, provides quicker recovery points than off-site backup. If an employee deletes a file, for example, an organization can get it back in moments from a local disk backup. In addition to being on site, disk also offers random access for quicker recovery.
Retrieving data from the cloud or getting tapes back from an off-site location, on the other hand, can take a long time. Cloud recovery times can be highly variable. If numerous organizations are trying to get data from the cloud during a regional disaster and bandwidth is limited, the process slows down dramatically.
Explore data protection uses for cloud storage.
However, a local backup won't work for recovery in all scenarios. For example, a natural disaster that destroys a primary data center or a ransomware attack that spreads across a network will render most local backups useless. In those cases, off-site backup becomes critical to a business' recovery. If an organization has backup data in the cloud, it can access that information from essentially anywhere. However, in the case of a virus, it will need to verify that the backups are clean. Off-site tape backups are the most secure retrieval option in a ransomware attack because they are offline.
Tape is more durable and lasts longer than disk. The cloud can last the longest of the three, as long as the service provider remains in business and doesn't suffer an outage during the recovery time.
Common features to look for
There are many cloud backup providers in the market. Feature sets vary, so it's important to carefully analyze products, set up a comprehensive SLA and understand the cost structure.
- Hybrid cloud backup, which includes cloud-based backup and local backup.
- Disaster recovery as a service (DRaaS) that enables an organization to fail over into the cloud.
- Data management. Many vendors are moving in this direction, offering more than just data protection.
- File sync and share
Tape backup offers data protection features such as encryption, partitioning through the Linear Tape File System and WORM.
There are also several different methods for off-site backup:
- Backing up data to the public cloud, such as AWS or Microsoft Azure.
- Backing up to a service provider's private cloud, with online backup services in a managed data center.
- Cloud-to-cloud backup for data created in the cloud that needs backup.
- Taking physical media off-site; the most common option is tape backup, but disk drives are a possibility as well.
Off-site backup features a range of capacity, frequency, speed and cost.
LTO-8 tapes provide up to 12 TB of uncompressed data storage and 30 TB compressed. Tape is a good platform for unstructured data backup and today's massive data growth, as well as off-line protection from cyberattacks. The cloud can provide a seemingly unlimited amount of capacity, but costs rise dramatically as storage use increases.
Disk backup on site and cloud-based backup off site offer a higher frequency of backups than off-site tapes. Often, tape backup is a nightly process. In addition, transporting tape to an off-site location comes with its own risks, such as transportation issues.
Speed of recovery varies significantly. Disk is the fastest for restores. The cloud can be quick for a small amount of data, but retrieving a large volume of data can take longer than desired, especially if bandwidth is limited. It also takes a long time to access data on off-site tapes, but those are often only used in the most extreme DR situations.
Cost also fluctuates, especially within cloud backup. The cloud is cheap, sometimes even free, for a small amount of data. In addition, providers offer managed online backup services, taking some of the grunt work out of the process. Tapes require more responsibility on the part of an organization. However, cloud costs rise with time, and additional users, workstations and capacity.
An organization needs to test its backups to ensure they will work in the event of an unplanned incident. The cloud makes it easy to test backups, as a user can log in and open up a backup file. The tape backup testing process requires more manual, physical work.