Corporations spend a lot of resources on network backup – not exactly their favorite budget item, but it must be done. However, in the recent past these same companies simply ignored mobile device backup. It’s not that these companies were blind to the security risk of unprotected data, rather that their backup choices were extremely limited.
The problem is that endpoint backup presents different challenges than network backup. Network backup has its own set of issues around data growth and storage performance, but it is a mature and product-rich area. Edge backup is not.
When remote users tried to use device backup – and were not on a VPN — they ran into serious issues, including long backup windows and poor performance.
Corporations reacted in different ways. Many of them simply ignored the problem, or deployed backup for laptops but not for smartphones and tablets. Others instructed end users to back up using services like Dropbox. (Users rarely bothered, and even when they did their Dropbox data was not encrypted.) Some corporations required mobile users to deploy localized backup for individual devices, which worked well enough on a single device level but did nothing for corporate data management.
It was still impossible for corporations to centrally manage, search, audit, and monitor data existing at the edge – at last count, about 28% of corporate data.
That percentage is growing along with the BYOD (Bring Your Own Device) phenomenon.
Today, this situation is changing. Once again corporations are looking at business-level data protection for remote devices. Risk of data loss or attack is a driving force; so are compliance concerns, security, audit and eDiscovery processes, and device management.
And this time they have some choices. A few data protection vendors have developed endpoint backup not only for laptops, but also for tablets and smartphones. Some of them add additional value such as file sharing, device management and eDiscovery. Not every vendor offers every feature, to say the least. However, development is proceeding in that direction and expanded edge protection products are available today.
Edge Data Protection Features
· Backup and Restore. The base architecture for effective edge backup is a central cloud-based repository. Data from individual devices backs up to the corporate cloud, which centralizes data in a secure and policy-driven environment. Central data storage also builds the foundation for federated search, global deduplication, secure encryption, and user access control.
· File sharing. A few of the edge data products also provide business-level file synchronization and sharing (“sync and share”). File sharing on an individual device level can be a backup alternative – witness the popularity of Dropbox, which in a pinch can act as backup. However, this is a consumer-level feature and will not do for corporate-wide secure file sharing.
· Governance. Many people confuse governance with security but they are not the same thing. Security protects data from accidental or malicious access, both digital and physical. Governance is the process of managing data according to regulatory guidelines and policies, which includes security but is not exclusive to it. Governance keeps data visible to compliance and litigation workflows, and proves data integrity.
· Federated Search. Federated search is the ability to aggregate search results from multiple storage locations. In the world of remote devices, federated search uses the cloud as a content store for multiple device data such as backup and replicated snapshots. This enables many searchers to quickly find the information they need from a variety of data sources. Some federated search features include the ability to track searches for compliance and eDiscovery. For example, detailed audit trails can track user and administrator activity in order to prove compliance, or to identify security breaches.
· Global Deduplication. Mobile devices are increasing exponentially. Along with the ease of sharing files among other mobile users, large volumes of duplicate files are growing along with them. This is also an operating system issue, such as iOS where applications are assigned their own data storage with no redress for duplicate files.
Just as on network backup, deduplication is a basic feature for controlling the size of backup data movement and storage. On the corporate network there may be differing backup schedules and even applications by server. But on the edge, with hundreds to thousands of devices within a single corporation, it takes global deduplication. Global dedupe recognizes file copies located on different devices, saves a single unique copy to the backup server, and only performs change detection on that single instance.
Vendors
Several data protection vendors provide some sort of edge data protection as a value-add. Of these, most of them only back up laptops – even then, only if the laptops establish a network connection. The vendors listed below are the exceptions. They support smartphones and tablets as well as laptops, backup to a central cloud location, and provide additional services.
Druva inSync pioneered continuous data protection for laptops in 2012. It protects these and other mobile devices on-premise and in the cloud. Druva was also the first edge protection vendor to introduce mobile file sharing that suits business requirements. Global dedupe keeps the backup process humming. CommVault Simpana Edge Data Protection backs up data from laptops, tablets and smart phones. It also offers automatic device discovery, IT central management and eDiscovery capabilities. CommVault introduced file sync capabilities in Q3 2013.
Datacastle RED provides device security management and data protection. In addition to device backup to the cloud, it offers a remote wipe capability. Datacastle white-labels its application for large OEM and service provider partners. Asigra’s Cloud Backup is a hardware- and software-agnostic backup product that backups up network and edge devices to a secure cloud repository. Although it lacks file sharing and formal eDiscovery features, its flexibility is attractive.
There are still surprisingly few edge data protection products that directly backup edge devices. There are fewer still that provide additional services such as file sharing, global dedupe and eDiscovery support. But corporations are becoming aware that device security is not the only protection that edge data needs, and some vendors are ready to serve them.
Christine Taylor is a well-known technology writer and industry-watcher.
Photo courtesy of Shutterstock.