- Eric Slack, Evaluator Group
Historically, backup protected a company from the risk of losing data due to infrastructure failure or human error. If a system went down or someone deleted a file by mistake, a backup was there to save the day.
Employees are becoming more mobile, using smartphones and tablets to access and modify files. As a result, there is a growing interest in protecting data on mobile devices, not just servers, desktops and laptop computers.
Companies need to have comprehensive endpoint data protection that includes mobile device backup, but most smartphones and tablets are largely inaccessible to third-party applications. Endpoint backup solutions typically use an agent installed on the device to access and back up data continuously to a central location or cloud. However, mobile device manufacturers don't really allow this approach. For the most part, a mobile device app can only access data created by that specific app.
In addition, smartphones and tablets don't always store most of the files that users view and work on locally. Users typically download files from a cloud file-sharing service and either run them on a mobile app for that file type or access an application running in the cloud.
Many of these cloud-based file storage services also enable file sharing within groups of employees and even people outside the company, creating a new cloud storage category: enterprise file sync-and-share (EFSS) solutions.
Does this mean a company's backup solution doesn't need to support mobile devices? No, but it does mean its endpoint backup process must include the EFSS solution used by its employees. The good news is that many endpoint backup applications now have an EFSS option.
File sync and share
EFSS is part of the IT landscape in most companies as a way to facilitate remote file access, empower a mobile workforce and to share appropriate files with partners, customers and suppliers.
On a desktop or laptop, these services typically synchronize a dedicated folder with a folder in the cloud and then share it with other users who can access and make changes to the files on a mobile device. When the file is saved, it's resynchronized with the shared copy in the cloud. While this creates a secondary copy of a file in an alternate location, file sync and share is not the same as backup.
VDI platforms and mobile device support
Many virtual desktop infrastructure (VDI) applications now include some form of mobile device support. In theory, this lets employees use their smartphones and tablets to run these virtual desktop applications. It should also provide data protection since those files are resident on the VDI server, not the mobile device. But there are some challenges with mobile VDI applications.
Not all VDI platforms support mobile devices. Porting an application to a small screen that doesn't have a keyboard or mouse isn't trivial, and many VDI applications do a poor job of it. This can frustrate employees used to sophisticated apps designed for mobile devices to such an extent that they download their own apps to complete their work.
Why EFSS isn't backup
With a typical file sync-and-share solution IT isn't storing the data, it's somewhere in the cloud, outside the company's firewall. Effective backup is comprehensive and automated -- a set-and-forget process -- whereas EFSS is a manual process that only protects files that are saved to the sync folder.
Backup software typically offers versioning so users can roll back to an earlier version when a file is accidentally deleted, changed or corrupted. With most sync-and-share solutions, versioning is variable, if it's available at all. EFSS also uses continuous updating, which can be a problem with regard to data protection since corrupted data can overwrite good data and you wouldn't know it. By creating a dedicated copy, backup can eliminate this risk and satisfy regulatory compliance in the process.
While file sync-and-share solutions are here to stay with mobile workers and their mobile devices, they don't provide effective data protection by themselves. The best way around this is to find an endpoint backup solution that supports mobile devices and incorporates file sync and share. Fortunately, there are several products on the market that do.
Druva inSync and inSync Share
inSync can be run in Druva's cloud infrastructure using Amazon Web Services (AWS) or deployed on premises in a scalable architecture that's compatible with object storage platforms from AWS, OpenStack and EMC Atmos. inSync actually backs up iOS, Android and Windows devices directly, the only solution of the four we list here that does. It also offers cross-platform restore capabilities that can be user or IT initiated.
To help increase efficiency, the product has global deduplication, WAN optimization, bandwidth throttling and auto-resume to handle interruptions, plus multi-threading. inSync offers automated installation, centralized IT administration and monitoring, remote wipe, geo-location and device encryption.
inSync Share is Druva's file-sharing module that allows access to any files or folders backed up on any device, with the ability to save favorites locally on that device for offline access. Users can also leverage snapshots to provide access to previous file versions.
Code42 CrashPlan and SharePlan
Code42's CrashPlan can be implemented on-site, as a private cloud, as a public cloud or both. CrashPlan continuously backs up computers in the background and supports direct access of those backed up files on iOS, Android, Windows phone and Kindle devices. It leverages deduplication, compression and load balancing for network efficiency and offers data security features such as end-to-end encryption, remote device wipe and two-factor authentication.
SharePlan, Code42's EFSS solution, was developed internally and uses the same CrashPlan engine, which allows it to be more tightly integrated into the company's endpoint backup product and improves efficiency. If a device is lost, SharePlan can initiate a selective kill, meaning specific folders are removed without wiping the entire device.
EMC MozyEnterprise and MozySync
EMC's MozyEnterprise is a cloud-only endpoint backup solution that backs up desktops and laptops, but not mobile devices. Instead, like most of these products, it provides access to backed-up files from iOS and Android devices. Mozy uses block-level, incremental backups and bandwidth throttling to improve network efficiency, but not deduplication or other data reduction technologies. MozyEnterprise provides encryption, simplified administration and support for Active Directory.
MozySync is a sync-and-share app that creates a sync folder on the user's computer and keeps it updated with their folder in the cloud. The mobile device app for MozySync provides access to the Sync folder from smartphones and tablets, and allows email attachments and documents from other apps to be uploaded to the Sync folder.
CommVault Edge is a module for the company's Simpana enterprise backup solution that supports laptops and computers and allows users to access their backed-up files from iOS, Android and Windows devices. It uses global, source-side deduplication, bandwidth throttling and policy-based automation to maximize efficiency.
In 2013, CommVault added file sync-and-share functionality called Edge Sync and Edge Access that synchronizes files between desktops and laptops and creates a "personal data cloud" that's accessible to users on mobile devices.
Security vs. backup
While most of the data that needs to be protected isn't stored locally on a mobile device, there are still some risks an endpoint backup solution won't address. Email messages, texts and social media communications can all contain sensitive company information. Ensuring these aren't available to anyone who steals or simply looks at a smartphone while the device is unattended is important. Also, smartphones and tablets can, to a certain extent, represent an intrusion risk to the company's IT infrastructure.
For these reasons, data loss prevention (DLP) and mobile device management (MDM) applications need to be considered. DLP typically routes Internet traffic through a corporate DLP server and then monitors devices while in use, blocking transmissions to and from them when a potential breach is detected. MDM ensures OS and application software is updated and that data protection and security programs are working.
Now that employees work on their mobile devices, simply backing up smartphones and tablets isn't enough to ensure an organization's data is safe. For one thing, most backup solutions that directly back up mobile devices are cloud-only consumer devices, not enterprise-grade backup solutions that also support laptops and desktop computers. In addition, most of the data a company needs to protect isn't stored on mobile devices but in cloud file-sharing services.
But assuming data is safe because it's in the cloud is naïve. Sync-and-share services don't provide the level of data protection that a bona fide backup solution does.
Comprehensive endpoint data protection is needed, but it must include a sync-and-share capability employees will use.
About the author:
Eric Slack is an analyst at Storage Switzerland, an IT analyst firm focused on storage and virtualization.