Workers are more mobile than ever and taking data along on a variety of devices that require new methods of delivering, protecting and backing up corporate data.
Hear no evil, see no evil and speak no evil has been the traditional IT approach to remote and mobile backup. Because mobile devices are easily stolen or lost, or may be dropped or damaged in some other way, the data they carry is in jeopardy at almost any given time. Nearly every mobile user can cite an instance of data loss and the risk continues to grow. A few years ago, typical users were limited to a single laptop; today, most also carry a tablet device and smartphone. Three devices means triple the odds that something will happen to one of them. And all those mobile gadgets may contain corporate assets of undetermined value or provide access to them.
Recently, a colleague on a business trip stepped out of his rental car for a quick lunch. A smash-and-grab thief made off with his bag, including a corporate laptop and an iPad. This colleague had dutifully backed up his data regularly to an external solid-state drive (SSD) and various thumb drives -- but those were also in the stolen bag. Gone in the proverbial instant was every copy of every document he had created over the previous two years, including some sensitive ones. His company had no corporate mobile backup strategy. Chances are the thief was only interested in quickly “flipping” anything saleable, not the data. Nevertheless, the moral of the story is that even tech-savvy users who properly back up data aren’t immune to data loss.
If data loss is inevitable and users harbor hundreds of gigabytes of unprotected data, why are IT organizations so reluctant to address the issue? Probably because it’s so difficult to implement a corporate strategy. Users are also notorious for failing to back up data even when facilities to do so are available, and IT is still wary of problems that can significantly impact user help desk call volumes. It’s simply easier to let user error and neglect remain the user’s problem. Willful ignorance, however, is never a best practice.
As my colleague’s incident indicates, data backup is by no means the entire solution. Dealing with mobile data is a data management problem. Stolen laptops represent a significant risk to corporate security because it’s very easy to get data off a laptop even when it’s password protected. And laptops often have cached access credentials that provide easy access to corporate networks.
Addressing these issues, or at the very least minimizing them, need not be onerous. Cloud-based data protection services give IT groups viable options for complete hosted services that can deliver best-practice functionality with minimal impact on the IT staff.
Understanding mobile issues
As with any IT endeavor, the mobile data problem consists of people, process and technology. Among the emerging technological challenges of mobile backup is the diversity of devices. Users are remarkably creative at connecting devices to the corporate network, with or without corporate blessing. In a company population of thousands of users, a virtual market lineup of devices is inevitable, including every conceivable release of software for each. The possible permutations are almost endless.
On the people side, the full gamut of users must be considered. Although the workforce is becoming increasingly computer literate, IT organizations can’t assume that the literacy will translate into good practices. IT managers are accustomed to engineering systems to peak workloads, not average loads. Similarly, they must design a mobile backup system to address the lowest common denominator of expertise. In other words, it must be usable by the least-savvy user with a minimum of technical support. Even among younger workers who grew up with computers, backup is a far from familiar process.
Process is the key to making any mobile backup offering work. Certainly, it would be simple to supply a USB thumb drive to each user with instructions to copy their “My Documents” folder and any other important files every Friday. It’s a simple solution, and a simple process that nearly any user can handle. Nevertheless, few IT professionals would give that approach a chance of success because user discipline in following such a process is almost nil. Moreover, it doesn’t inherently solve the lost and stolen data issue as users must also keep off-site copies (as my colleague learned). Any successful mobile device process will have to be entirely transparent to the user, occur automatically, entail no user intervention whatsoever and fully secure the data.
Follow the data
Considering those requirements, it may seem to be a daunting task to address. The key to getting a grip on it, however, is to follow the data. Although many devices may be permitted access to corporate assets, many of them don’t store corporate data. This breaks the problem into two categories: data access and data storage. Most organizations already have data access standards and any device that can meet the technical requirements may be used. IT organizations set the standards and the onus is on the user to comply. If an access device is compromised, access credentials can be immediately changed.
Thus, the key issue can be narrowed to mobile storage management. Devices that store corporate data are usually issued by the company and can be loaded with a standard image that includes data management components. Devices not issued by the company shouldn’t be allowed to store data. This may be difficult to enforce technologically, but is possible through clearly defined policies and enforcement.
Developing coherent data management policies begins with understanding the nature of the data to be addressed. Here again, it can be simplified by sorting out the possibilities. Most users will store email, documents, presentations, spreadsheets and the like. Any specific corporate applications will certainly fall under the corporate data management and protection umbrella. Similarly, email can be controlled and projected on corporate servers. Research In Motion’s (RIM) BlackBerry servers form a corporate messaging platform that makes corporate control simple, but RIM’s market share has been declining steadily. Instead, users are bringing their own Apple and Android devices to access corporate email. This makes data protection at the data center level a “must.”
It’s debatable whether data protection or encryption forms the foundation of solid mobile data management. Most organizations address data protection first. However, it’s one thing to suffer lost productivity and intellectual property, and quite another to put the organization at risk for monetary loss, regulatory fines and public embarrassment for lost confidential information. Organizations with Health Insurance Portability and Accountability Act (HIPAA) or financial information stored on mobile devices will definitely want to make encryption a high priority. Data encryption techniques are generally transparent to users and are one of the easiest ways to keep the bad guys from accessing sensitive data.
The other critical data management component is a backup agent that facilitates automatic backup to a hosted data center whenever the user connects to a network or the Internet. The backup agent will usually be deployed as a standard part of the system image build for any corporate-issued device. The agent can be pre-configured to back up certain directories, drives or entire systems. Although some organizations may choose to back up entire systems to facilitate bare-metal restore, most organizations today are primarily concerned about the data. If an entire device is lost or fails, it will be replaced with a new one, usually by a corporate support group. This will include a new image with up-to-date drivers onto which the data is recovered automatically by the backup/restore agent.
Although the basic functionality of backup agents may be similar, the way they work can be quite different. Some may deduplicate, compress and encrypt data. They may facilitate point-in-time recovery, document versioning and continuous data protection. Some will provide file-level backup while others operate at the block level or even the byte level. Each of these capabilities comes with pros and cons, so IT buyers need to determine which is best suited to their workload mix.
Considering cloud services
Commonly known services such as Barracuda, Carbonite, Mozy and others offer cloud-based backup capabilities that make laptop backup simple without impacting corporate IT infrastructure. Although these services are most frequently used for personal and small business backup, corporate offerings are also available. Recently, Mozy began offering support for Apple and Android devices. This service is aimed at two use cases: file access from smartphones and tablets, and photo access and sharing.
Cloud-based file sharing services are evolving for both personal and business use. Examples include Egnyte and Mozy Stash. The real use for these services is convenience, not data protection or data management per se. They’re designed to facilitate syncing between same-user devices or file sharing without data transfer within workgroups (i.e., using a link). Although file-sharing services move the data onto managed storage where it may be backed up, backup policies and data retention policies aren’t key features in their value propositions.
One product with interesting advances for corporate users is Druva Inc.’s inSync backup service. Designed originally for laptop backup, inSync offers deduplication, block-level backup and a hashing algorithm that avoids sending blocks already stored in the primary location. However, inSync goes a step further by tracking sensitive files by device, making discovery or security possible regardless of the device type or location. It also allows data to be deleted remotely in the event of a lost or stolen device. With its incorporated data encryption, inSync makes it very difficult for data thieves to find anything useful.
There is no 12-step program for IT organizations that are in denial about the risks of mobile data loss, but perhaps there should be. Like backup and recovery that has evolved into a more holistic data protection undertaking, remote and mobile backup protection is becoming more-inclusive mobile data management. Organizations mustn’t ignore it, but given the easy-to-implement and cost-effective cloud offerings available, they don’t have a reason to ignore it anymore.
BIO: Phil Goodwin is a storage consultant and freelance writer.