Secure cloud backup : Review
- 30 April, 2015 09:27
Following on from our Enterprise sync and share feature where we looked at how cloud services could act as shared storage to help productivity, the other side of the cloud coin is using this vast networked storage for secure backup, storing not just company data from servers or images of servers themselves in the event of a failure, but all data for all employees—across-devices, accessible anywhere, and most importantly of all, encrypted.
As with everything else however, you only get what you pay for. Some vendors focus primarily on secure backup services, while others will tie this in with sync and share capabilities. Others may offer a hybrid local/cloud solution to provide the best of both worlds: fast, secure, under your control local storage paired with often unlimited cloud storage accessible anytime from anywhere. It certainly sounds ideal, though hybrid solutions usually cost a little more (especially if they're managed solutions from the vendor).
Of course, as with anything cloud—but especially when it comes to backups where large volumes of data may be involved—the width of your pipe and limits on your service plan should be considered, especially if you're a small business. And there are, as you might expect, a large number of players in this market. More so than some of the other round-ups we've covered here on CSO.
To help you narrow down your options, here's our take on some of the more popular and well-known services, as well as some you may not have heard of. Use these as a springboard—again, there are plenty of other options out there—for your own research, and if you're not currently using a cloud backup service you may find reason to once you've seen what's on offer.
Backblaze www.backblaze.comBackblaze has made a name for itself in cloud backup, with its custom-built StoragePod rack servers and being one of the first vendors to offer to FedEx you a hard drive of your data in the event of a failure where time is of the essence (and bandwidth a scarcity).
Backblaze makes it easy to choose what data to backup by providing unlimited storage space, file size, and bandwidth to its servers—meaning, just backup anything and everything (and the desktop client can do this for you).
In terms of security data—as with all of the products we'll cover here—data is encrypted before uploading, transfers with an encrypted connection, and remains encrypted at rest. This can be done with a generated key that Backblaze stores in the event you forget (or otherwise lose) the key, or via a private encryption key: the ultimate, as no one—not Backblaze or questionable governments departments wielding signed papers—will be able to read or recover that data. Indeed, if you lose the key, then it's gone for good.
To streamline enterprise backup and security, Backblaze provides the ability for IT to access data on employee backups by encrypting multiple copies of a company-wide encryption key with a password (one for employee, one for IT, for example). Other enterprise features include a geo-location 'locate computer' option in the event a mobile device like a laptop is lost or stolen, which can even monitor which files are being copied off in the event of a theft; an administration interface for easy user and device management along with scheduling; and a mobile client for iOS and Android to provide access to view, download or share files stored on the Backblaze cloud.
Pricing is simple for business at $50 per PC (Windows or Mac) per year, which includes no limit on the size of backups as well as providing backup for data from any attached devices (external USB hard drive, for example) an employee may use.
Page BreakDruva www.druva.com Druva provides two core products to help businesses protect their data. For endpoints and employees there's InSync, comprising Endpoint Backup along with a range of optional modules: these include Data Loss Prevention, which manages mobile and BYOD endpoints with features such as encryption, geo-location, and remote-wipe; Data Governance, which provides for comprehensive tracking and reporting of all data on managed devices and associated user activity for compliance and eDiscovery requirements; and Secure File Sharing, allowing users to securely share files and data with other employees and external parties with abilities such as tracking, passwords and expiry dates.
The central Endpoint Backup itself leverages data de-duplication to save time, storage and bandwidth while providing continuous backup across desktop, laptop and mobile devices. Windows, MacOS X and Linux are all supported, too.
While InSync looks after employee data and endpoints, Phoenix is your server's best friend. A service specifically designed to backup and restore server data, it's not too dissimilar to InSync, but caters to servers with a server-centric administration console, faster rates for backup and restore, and the storing of multiple snapshots to allow restoration from different points in time.
Beyond Druva's own cloud, InSync can also be deployed on a private cloud or locally on-premise. Alternatively, or in addition to, an optional module called CloudCache provides for a local cache of the most recent snapshot backups in order to take advantage of local network speeds, acting as an intermediary step to the cloud and its larger volume but bandwidth limited storage.
Finally, as you would expect on a product of this class, all data is encrypted in transit and at rest using a private encryption key for an organisation. In terms of pricing there are three core plans (Business, Enterprise and Elite) with various tiers of features and cost, as well as the on-premise Private Cloud solution. By default 50G of storage per user is included, though an unlimited storage option is also available.
Rackspace www.rackspace.comRackspace is another well-known name in the business, and its products cover a range of services from managed cloud databases to e-commerce and website hosting. For secure backup services Rackspace provides Cloud Backup and the ancillary Cloud Files. These are two separate services with the latter being Rackspace's solution for public and private file-sharing as well as content delivery for web services. However, Cloud Backup uses Cloud Files to store its data so the two are interlinked, taking advantage of Cloud Files' redundancy and speed given its distribution of data stored in multiple locations around the world.
They are also both—along with Rackspace's other services—all driven under the hood using the OpenStack framework. As the name implies, OpenStack is an open-sourced cloud platform solution, designed in part by Rackspace and a collaboration with NASA. Which is quite the heritage, not that you'd notice the difference (unless it didn't meet your performance and reliability expectations!). More information on OpenStack can be found at www.openstack.org.
For Cloud Backup the service provides unlimited backups and no limits on file size, all encrypted with a private key. Data is compressed and de-duplicated before uploading to reduce bandwidth costs and storage volumes.
Backup and restoring can be managed through an online control panel or through client applications, for which Rackspace provides a market of third-party tools (or write your own through its API). This may be a selling point if you're after more flexibility (a number of third-party apps are on offer) or control (programming your own client to meet your company's specific needs).
Much like Druva's solution and some of the other products we looked at here, Cloud Backup can optionally be installed on local hardware, saving the cost of paying for Cloud Backup on Rackspace's cloud and instead paying only for storage costs of data through Cloud Files that Cloud Backup leverages.
Pricing is dependent on server level but starts at $10 a month per server for Cloud Backup, unless installed locally, while Cloud Files uses a tiered structure (that gets cheaper the more you store) starting at 10c per gigabyte per month.
Page BreakCarbonite www.carbonite.com Carbonite's offering is broken down into Pro and Server packages, in addition to an Appliance setup but more on that in a moment. The Pro package is designed for end-user backup and there is no limit on the number of users or devices. Instead, plans (both Pro and Server) are limited by a total storage volume.
Encryption is enforced through a Carbonite set key or optional private key, while a browser-based Admin Dashboard provides for account and user management as well as monitoring the status of device backups across the organisation. In the event of requiring an urgent backup, Carbonite provides a courier recovery service to ship a hard drive to you at cost.
File versioning is supported (up to three months) and unlike some other services we've looked at here, file sync and share capability is included in the Pro packages (provided as a separate client download).
Carbonite tries to keep things simple by providing unlimited devices and pricing only by storage space. The Pro plans start at $270 per year for the Basic package that includes 250GB upgrading to the Prime plan for 500GB at $600. The Server plans similarly start at $800 for Basic and 250GB of storage which can be upgraded to $900 a year for 500GB. There's a third tier which crosses both categories called the Server Pro bundle which is everything and the kitchen sink for $1000 a year. Extra storage can be purchased in 100GB blocks.
Alternatively, Carbonite also offers an appliance solution that consists of an on-site server that provides local backup storage for speed extending to data stored in Carbonite's cloud. This is $1200 a year and requires working with a third party to provide the hardware (and all are based in the US).
Carbonite's software supports Windows and MacOS X for desktop and server, and apps are available for iOS and Android accessing and sharing files.
While heavily marketed to the consumer, Crashplan also provides enterprise services and gives businesses the option of using Crashplan's cloud or managed on-site private cloud services installed on local hardware. In all cases Crashplan can backup data from Windows, MacOS X, and Linux clients with unlimited data storage (well, there may be a limit for your private cloud), along with no limits of file size and, impressively, versioning—meaning you can wind back to previous versions of a file indefinitely (well, to its original first state backup).
It also employs a smart backup service where the most recently changed files are backed up first, in addition to data de-duplication and compression. For restoring, users can restore to any supported device which includes the aforementioned Windows, MacOS X, and Linux platforms as well as Android, iOS and Windows Phone. The mobile client also supports geo-location and remote-wipe functionality.
Security is supported by private key encryption as well as the option for encrypted key databases to be stored on premises as part of a managed private cloud or private cloud installation, while a centralised administration console provides a comprehensive overview of all connected devices and status of backup retention as well as being able to set granular access and policy control. Like some of the other products covered here, in order to reduce bandwidth costs for initial backups, Crashplan can send you a hard drive to fill and send back and act as a 'Seed' for the backup.
Finally, although there's clients for all the major platforms and mobile operating systems, there's the option of creating your own programs to interface with Crashplan via the company's EDGE API platform.
With a private cloud installation pricing starts at $5 per user per month, or using Crashplan's cloud comes in at $10 per device per month. The core product can be extended with the company's file sync and share service, appropriately named Shareplan, for $10 per user per month.
www.mozy.com Mozy is another well-known vendor with a range of packages for home and enterprise use. The two core packages on offer for business are Mozy Pro and Mozy Enterprise, which are identical in the level of services they provide for backup and restore but the Enterprise package comes with greater granularity for control -- such as setting up sub-administrators from within company groups, or the option for a company-wide shared private encryption key.
Additionally, for all of Mozy's plans, local storage can be integrated (note this can be sans server) as an intermediate step for faster backup and retrieval with its '2xProtect' service—essentially using local storage as a buffer to the cloud.
Similarly available with all plans is Mozy's file and sync service, allowing employees access to files on multiple devices. File versioning is supported as well, though at a limit of two months for Mozy Pro and three months for Mozy Enterprise.
Initial backups and emergency restores can be accelerated by sending or receiving hard drives with Mozy's Data Shuttle option. Even though all data is saved encrypted, the Data Shuttle feature encrypts all data with a second key which is then sent separate from the hard drives via SSL.
When it comes to restoring data, a recovery can be initiated via the client program or via Mozy's web portal, which is also where the administration console is based for managing users, setting backup and access policy, and monitoring the status of your company's data stored in the cloud. Security wise both company-wide and personal encryption keys per user are supported, while in terms of platform support all of Windows, MacOS and Linux have local clients as well as apps iOS and Android.
Pricing is starts as low as $10 a month for 10GB of storage with unlimited devices (implied desktops, laptops etc.) scaling to 1TB at $380 a month. Rather than split server backups into a separate plan, you can optionally add the 'Server Pass' to any billing plan, which adds a small overhead (for a 100GB monthly plan, adding the Server Pass adds $12/month to the cost), to take advantage of Mozy's server-centric features.
Depending on your cloud service provider you can download a set of Cloudberry programs to work with it. These include Explorer, which acts as a file manager interfacing to the cloud storage platform; Backup, to backup and restore data to the cloud provider in encrypted form; and Drive which allows users to map the cloud provider's storage as a local drive on the system.
While not offering as comprehensive a feature set as some of the other products we look at here, Cloudberry does break down secure cloud backup into its basic components and allows you to modularise what you need, right down to giving the flexibility of what cloud storage provider you want to use (or none at all, if you manage your own local or remote servers).
Each program is sold separately for a one-off license per computer. Drive is $30 per machine, Explorer is free unless you want to advantage of compression and encryption, in which case the Pro version is $40, and the core product Backup starts at $30 for the Desktop level and scale to the fully-featured Enterprise at $300. This version supports servers, bare metal backup and restore, and no storage limit—but keep in mind you may have a limit with your storage provider. Indeed, you also need to factor in the cost of your chosen cloud storage service as well.
A newer product, called Cloudberry Box, allows you to also synchronise data across remote computers with your cloud storage service being the only intermediary. Think of this as file syncing where you can ensure total control, with no third-parties (beyond encrypted storage) involved in synchronisation transactions between machines.
All up Cloudberry's products provide a more do-it-yourself option for secure cloud storage, and one where you have full control over the pipeline. The only downside is the products are Windows only, no MacOS X or Linux support, and no iOS or Android apps either.
Page BreakZoolz www.zoolz.com Touting the world's first tribrid cloud... yes you read that right, Zoolz aims to separate itself in the market by breaking its cloud storage services down into three categories: instant, cold, and local. These are synonyms for storing data on Amazon's S3 for 'instant' data that might need a quick turnaround, storing data on Amazon Glacier for 'cold' data that's rarely accessed but needs to be kept (for example for compliance purposes), and locally via a hybrid offering that utilises a local server to store backup data before being replicated to Amazon S3 or Glacier.
For security you can opt for an auto-generated key which will also be stored on Zoolz's servers or a private key which, like other products covered here, means only you can decrypt the data (and if the key is lost, so is the data).
To seed an initial backup Zoolz offers the 'Copy, Encrypt & Ship' service where the Zoolz client can be used to encrypt the first large backup to one or more hard drives to be shipped to Zoolz and transferred to the cloud, at an extra cost of course.
Zoolz makes no distinction between employee desktops and laptops and server backups, providing a one-size fits all plan that also includes unlimited users, devices (including externally attached storage), and machines.
For accessing data and restoring Windows and MacOS X are supported along with clients for iOS and Android, while administration of users and policies is provided by an online browser-based console. This includes features to streamline configuration for admins through its 'Smart Selections' category, easily including or excluding data types or directories from user devices (i.e. 'Documents', 'Email', 'Bookmarks' and the like).
Like its service offering pricing is flexible starting at $360 a year for 1TB (note this is 'Cold' storage) and again this covers unlimited users and devices. Alternatively, you can create your own payment plan with its 'Mix and Match' option that lets you specify the volumes of Instant storage and Cold storage along with the number of users and servers, though when we played with it we couldn't get the service offering to match the listed plans despite using the same values. As the main plans don't include 'Instant' storage, you'll need to use this option if you want to add Instant storage to your plan.
This article is brought to you by Enex TestLab, content directors for CSO Australia.