With the growing bring-your-own-device (BYOD) movement, managing mobile device backup is quickly becoming an issue for a majority of data storage administrators.
The bring-your-own-device (BYOD) movement means that in most companies a lot of employees are using their own laptops, smartphones and tablets to do company work when they're on the road or even when they're in the office. People use these devices, particularly tablets, for content creation and content consumption. That means they're not just reading documents, but making notes, editing files and otherwise working with data that must be protected.
Employee-owned laptops are being brought into companies, but phones (and increasingly tablets) may represent the bigger data protection challenge for IT because they're more easily lost or stolen, and incorporating them into a traditional backup plan isn't as simple as it may be for other endpoint devices. There are fewer iOS and Android device options available from traditional backup application vendors and non-traditional alternatives, such as cloud services for backup, sync and file sharing, may not meet IT requirements for protecting and controlling corporate data.
The BYOD battle
One alternative would be to provide company-purchased smartphones to employees and prohibit the use of personal devices for company business. Aside from the cost of this option, many companies see the use of mobile devices as a way to enable people to do their work whenever and wherever they want, which can promote collaboration and better productivity. It's harder to attract good employees if your company is perceived as too restrictive, and requiring a separate cellphone for company calls could fall into that category.
If there's no getting around the use of personal devices to handle company data, then IT will have to assume the responsibility of adding smartphones and tablets to their list of endpoint devices that must be backed up.
The risks of mobility
The first consideration around data protection for portable devices is the potential loss of corporate data if the device is lost or stolen. Regular, automatic backups can address this, but a bigger risk may be from potential intrusion to the larger corporate infrastructure if one of these mobile devices is compromised. Part of the reason for this is that users often neglect to set passwords for their phones and tablets, and when they do use a password it's often the simple four-digit variety that's relatively easy to crack.
This may be considered more of a security issue, but while we're focusing on backup there are other services corporate IT should take into consideration to address security concerns. It's important to understand what some of these security functions are since they may be part of a comprehensive data protection strategy that includes backup. Data loss prevention (DLP), mobile device management (MDM) and remote wiping are security offerings that are being deployed in conjunction with backup to protect corporate assets on employee-owned smartphones and tablets.
DLP is a comprehensive software solution that discovers, monitors and protects confidential data, typically on endpoint devices. Much more than just protecting data, it monitors devices while in use and can block transmission into and out of them when it discovers a potential breach. DLP products typically route all Internet traffic through a corporate DLP server that controls what gets into and out of endpoint devices.
MDM solutions are software products that help to monitor and manage mobile devices to ensure they're being protected with updated backup and security applications. In that regard, backup is just one of the functions these products can manage. MDM software also reduces the overhead on IT administration associated with deploying and updating applications on mobile devices.
Remote wiping allows IT to delete some or all of the data, profiles and personal settings stored on a mobile phone or tablet that has been lost or stolen. This type of protection is limited, however, because the device must be connected to the Internet for the remote wipe command to be executed. Many data protection and security applications designed to run on mobile devices include a remote wiping function. In addition, Apple has a Find My iPhone service that can wipe settings and personal information, and Android tablets and smartphones can be similarly wiped using Google Sync.
There are a number of products that provide mobile device backup, three of which are described below. It's surprising to see how many backup programs don't back up data on tablets and smartphones. Of all the traditional enterprise backup vendors, CommVault Systems Inc. is the only one that can back up mobile devices.
It's interesting to note that although many vendors say their products "support" mobile devices, they don't actually back up data from that device. They only allow backed up data to be viewed on or restored to a mobile device, but that data was previously backed up from servers or desktops in a traditional backup infrastructure.
Asigra Inc. Asigra is the software infrastructure application used by many cloud backup providers. Asigra's DS-Tablet Client and DS-Smartphone Client install on the appropriate mobile devices and collect data for transmission to the cloud provider's network at specific scheduled times. This automated process includes block-level deduplication and compression to reduce WAN bandwidth. Users can also do manual, one-click backups or initiate a restore themselves without involvement by the company or their cloud provider. iOS clients are downloaded from the Apple App Store, while Android clients can be downloaded from the Android Market or Amazon Appstore.
CommVault. Simpana Edge Data Protection is an optional module for CommVault's enterprise backup application that supports direct backup of Android, iOS and BlackBerry devices. The product has built-in, policy-driven capabilities for client discovery and automated backup agent deployment. Simpana provides HTTPS protection, built-in Secure Sockets Layer and data encryption to help secure data transfers without a virtual private network (VPN). Users can be authorized to control backups and restores for their own devices, as well as other backup clients in the environment. Simpana Edge Data Protection uses global, source-side deduplication and can leverage "opportunistic" scheduling rules to minimize the impact of backup activities on users.
Druva. Druva's inSync product is designed for endpoint data protection for laptops, desktops, smartphones and tablets. It provides full support for iOS and Android devices, and partial support for Windows mobile devices. It's the most complete and feature-rich product of the three described here. Companies can deploy inSync in their data centers or use Druva's cloud service to host the application. inSync leverages global deduplication and bandwidth throttling with auto-resume to optimize the backup window. Users can self-deploy a mobile app using an ID and a password, allowing them to add devices without IT involvement. Druva offers a DLP module add-on with on-device data encryption, remote wiping and geo location of lost devices.
Mobile device backup not a standard option (yet)
As mentioned earlier, it's somewhat surprising to find how few backup applications actually support iOS and Android devices. There are a couple of reasons for this. First, larger, traditional backup companies may not be thinking such support is essential, since most of these devices have some sort of embedded backup/sync service, like Apple Inc.'s iCloud. While these are largely consumer services that put data outside of corporate IT control, they may still be seen as a free alternative to a backup application's mobile device agent.
Another reason is that backup isn't the foundational data protection tool for mobile devices that it is for other endpoint systems, such as desktops and laptops connected to the corporate LAN or VPN. The risks associated with mobile devices are more than just the potential loss of the files a person had on their particular tablet or smartphone. Security is at least equally important, so companies are looking at DLP and MDM offerings because backup isn't all they need.
There are other ways to protect files that users access, create and modify on their mobile devices. Cloud file sync-and-share services are becoming popular choices as data repositories for remote access; they provide IT with a way to protect these company data assets as long as users keep their files uploaded and there are sufficient security measures in place. The bring-your-own-cloud problem is becoming the next "BYO" issue for IT, but there are many available options, including having the company stand up its own private cloud.
The mobile backup bottom line
While few traditional backup vendors currently support iOS and Android devices, there are backup products that can run in the corporate data center and/or in the cloud to provide most of the traditional backup protection that IT is looking for. Larger companies that simply want to add smartphones and tablets to their list of endpoints backed up with their existing enterprise software may be surprised at the slim pickings. But for companies willing to use a dedicated backup product for their mobile device backup, there are several to choose from, especially among smaller vendors.
However, IT may want to address issues beyond backup by taking a broader look at ameliorating the risks brought on by employees using their own mobile devices at work to do company business. Security in the form of DLP and MDM solutions should be part of the mix for many companies.
About the author:
Eric Slack is a senior analyst at Storage Switzerland.
- Simplified Data Protection for Remote & Branch Offices –Druva Software
- Data Protection for Endpoints: Why it's Harder to Protect Data on the Move –Carbonite
- Protecting Your Distributed Data With The Cloud –Druva Software
- Addressing Cyber Security Concerns of Data Center Remote Monitoring Platforms –Schneider Electric