Nine Requirements When Selecting a Remote Backup Provider

Posted by Jim Van on September 23, 2011 under business continuity, data security, disaster recovery, security, small business | Be the First to Comment

The Remote (Online) backup industry is exploding. As with any ‘explosion’, there’s almost always a bubble (remember the dot com bubble? We’d prefer not to…it’s embarrasing). In any bubble, there are plenty of ‘experts’ selling their services, some of whom are experts, and some of whom will move on to the next big thing as soon as this bubble deflates.

Unfortunately, many businesses lack the knowledge about remote backup to ask the right questions of prospective suppliers. With hundreds of companies offering remote backup, it’s challenging to choose the right provider with whom one can entrust the company’s critical business data. Here are some minimal criteria that all providers should meet. If a prospective vendor doesn’t meet all of them, you might consider moving on and looking at another:

  1. Security: The Military and Government have security standards for the transfer and storage of data online. Why should your business be any different. 256-bit encryption is the current standard. Require it. We ARE discussing your company’s critical data files, aren’t we?
  2. Compliance: There are various regulatory standards that any reputable provider should meet or exceed. Among them: HIPAA, Saprbanes-Oxley(SOX),SEC,NASD compliance, SAS70, and ISO. Your prospective supplier should meet or exceed all of them. If they don’t, ask why.
  3. Location, Location, Location: Where, and in how many places, is your data stored? At least two redundant, geographically diverse locations in addition to the provider’s main data center should be in place. Each center should have high security, including a tight keycard or optical-type ID and access system, video surveillance, and limitations on just who has access to the storage system on which your backed up data resides. Those who do have access should have passed a solid background check, be bonded, and the company should carry a liability policy of at least $2 million.
  4. Hard-copies of your data: The ability to provide you with physical copies, whether DVD or some other medium, is critical. An online download of your backed up data should not be the only option available to you when you need to recover data. Some full data sets can take days to restore. The ability to overnight a complete data set to you is critical.
  5. Online restores: Does your provider offer an option of performing your initial backup via a hard copy? Whether hard drive, DVD or another medium, if you have a very large quantity of data to be backed up, an initial online backup could take days. In such a case, it’s often better to ‘seed’ an initial backup, by copying it to physical media, overnighting it to the data center, who then ‘seeds’ your vault and then receives incremental data as your files are changed to always have a fresh copy of your total data set available. Some places charge an outrageous fee for this service. Others are incapable of offering it at all. You can politely thank those providers for their information and then move on.
  6. Ensure that your data can be restored to a different system than the one from which it was backed up. Strange as it seems, some backups can only be restored to the systems from which they originated. Not so helpful when your business is swept away by a tsunami.
  7. Require a daily status: With nearly 40% of all restorations failing, according to a recent report by the Computer Security Institute, it’s critical that each backup is verified by the provider. It’s not outrageous to require a daily report. While you’re at it, find out the frequency, if any, of test restorations of your (not random) data. Weekly is good. Bi-weekly should be a minimum. Be prepared to pay dearly for daily tests, though. They’re really time-consuming.
  8. Support should be available: At least during normal business hours. So many online backup services are self-serve, which permits a provider to offer a better price to your business, as there’s much less overhead involved. But some support should be available, preferably by phone, but at a minimum by email. How quickly they respond is also a major factor. Why is support so critical? If you can’t properly get your backup running, or need to make changes, what’s the value of the backup service if you don’t have support?
  9. Service: On the same note, you should be able to contact the provider anytime you have a question regarding the backup service. A dedicated account manager is ideal, but not likely unless you’re spending $50 or more per month (if you’re average, you’ll be spending about half that). Still, you should be able to reach someone in a customer service role who can answer your questions about your backup strategy, or help you set one…

To some, the above requirements might seem stringent. To others, they might seem inadequate. However, having worked with backups for about 20 years, and watching the evolution to today’s solutions, which are primarily remote/online, the above points are a pretty accurate summation of lessons learned having been through thousands of backups and more than a fair share of restores, both successful and failed. Pay due diligence: after all, it’s your company’s lifeblood being backed up (or not) we’re discussing, right?

Share

Add A Comment

home top