OPINION / Remote backup and restore for laptops: A six point checklist

Federal, state and local government agencies are increasingly under pressure to satisfy information security requirements for multiple regulatory mandates, including FISMA, FIPS, HIPAA and others. One of the thorniest compliance issues facing agencies is maintaining continuous data protection for laptops in the field.

Fortunately, thanks to advances in backup technologies and system architecture over the past several years, government agencies of all sizes now have the means to reliably backup and restore data on laptop hard disks, as part of their overall data storage and recovery operations.

Ideally, a remote backup solution should minimize or eliminate security risks by allowing IT departments to control and protect data in the field, regardless of the location or condition of the laptops themselves.

Although individual agency requirements may vary, the following questions provide a reliable benchmark for evaluating laptop data backup solutions:

Is data safe?
Is there a low impact on bandwidth during daily operation?
Can policy and operations be centrally controlled?
Is data 100 percent recoverable?
Is the total cost appropriate to the agency's budget?
Is there a low potential for human error?

Let's look at each of these criteria in more detail.

Data safety
Not all security architectures used in laptop data backup solutions are created equal. Be wary of solutions that maintain a copy of your agency's data in a location beyond your control, or fail to encrypt it during transmission and storage. Backup solutions obviously should not create additional security risks, so review procedures carefully to ensure data is protected in transit and at rest.

Low bandwidth
Since laptops have intermittent and sometimes slow connections to the Internet, the amount of bandwidth consumed by a backup solution has a major impact on how quickly and successfully backups are completed. Look for solutions that use de-duplication to reduce bandwidth requirements. This process maintains a history of the files that have been backed up and only transmits changes made to existing files as well as small markers indicating duplicate data within each file. De-duplication eliminates the need to re-send the entire file once an initial copy has been captured.

Central control
Managing backups and restoration from a central console allows agencies to set and enforce backup policies in an automated fashion, without end-user intervention. Online back-up services often lack this centralized command-and-control capability, and allow end-users to disable or skip scheduled backups. Furthermore, without centralized control, agency IT departments have no way to assure that data stored on a cloud service provider's servers are no longer accessible by employees after they have left the organization.

100 percent recoverability
Data backups that cannot be fully recovered are no better than having no backup at all. Remote backup solutions for laptops should maintain a complete record of each backup step, and notify administrators if there is an error, locally or remotely. In addition, online backup providers are currently unable to backup files that are in use at the time of a backup. Meanwhile, some backup solutions duplicate the original file structure. Sometimes, a confusing file structure or files with obscure names can prevent a clean restore. This issue is compounded when applications store information in files with unintelligible names or obscure locations, by default; as is the case with many e-mail programs. It is a recommended best practice to run regular test restores against a data set on the backup to identify any problems and resolve them before critical data is lost or put at risk of loss.

Appropriate total costs
Prices vary widely between remote backup solutions for laptops, so calculating total cost requires some legwork. For example, hosted solutions usually involve recurring fees and may charge additional fees per gigabit of data and for each endpoint. Meanwhile, maintenance fees may be listed separately, or bundled into the pricing. It's also important to project costs into the future, since data storage capacity needs might increase over time. A 10GB online data backup subscription will only meet an agency's needs for a limited time, depending on the amount of data the organization generates. Monthly fees can quickly balloon beyond authorized budgets with no reductions in sight.

Training costs for administrators, and end-users, if applicable, must also be calculated. Simpler and easier to use solutions can significantly reduce implementation, operation, and maintenance costs. Finally, appliance-based solutions that include backup software reduce overall costs by eliminating per-user and per-gigabit fees common in online solutions.

Low potential for human error
Solutions that require employees to actively decide when (or if) to backup their data are a recipe for missed or no backups. Policy-based, centrally-scheduled backup cycles virtually eliminate data loss due to human error. Evaluate whether solutions can operate unattended, and if they require a user to accept prompts or provide guidance in case of network interruptions or media errors.

Conclusion
Performing remote backups on laptops in the field no longer requires superhuman IT powers. A wide range of options, both premises- and cloud-based, are now available that enable government agencies, big and small, to extend continuous data protection outside the firewall. Use this six-point checklist to find the solution best suited to your agency's business, technical needs and budget.

Alan Arman is the founder and CEO of 3X Systems, a provider of remote data backup technology. He can be contacted at alan.arman@3X.com