- Ironclad Windows backup on a budget
- Sleeping laptops leave encryption at risk
- Windows OneCare doesn't fit all
- HP adds data protection options for SMBs
- Unencrypted tapes? I blame the developers
- Newsworthy: Sepaton turns the table on deduplication
- Newsworthy: EMC improves on VTL
- Newsworthy: new secure mini drive from Maxtor
- Can a tape drive be sexy?
- Learning how to secure those tapes
July 04, 2008 | Comments: (0)
Ironclad Windows backup on a budget
Creating an effective backup for Windows is a challenge -- largely because the OS lacks a powerful, simple tool like Linux's dd, for example. However, there are many options for establishing a worthwhile backup system for Windows, some of which are free or rather inexpensive.
I mention this because a friend -- I'll call her Laura -- recently asked for help setting up a backup system for her two Windows XP machines. A freelance writer by trade, Laura uses a desktop and a laptop, both of which are connected to a LAN and, via router, to the Internet.
Laura had been backing up her laptop data to a large USB drive -- an unreliable approach at best. Busy, distracted, or on deadline, she often forgot to perform her manual backup, and she was well aware that, should a major disaster hit, her single-copy backup strategy left her valuable data vulnerable. When I asked how often she ran a defrag, Laura answered, "Yeah, that's another thing I forget to do. Can that be automated?"
Laura, like many nongeek computer users, knew exactly what she wanted to achieve but didn't know what tools to use. She also knew how much she wanted to spend: $1,000 or less.
Together, Laura and I came up with the following recovery objectives:
- Copies of all personal files and directories should be available on both machines
- New files should be backed up at least once a day
- Backup should be automated to avoid human error and forgetfulness
- Copies of all files should be stored regularly to a separate location
- Routine maintenance tasks should be simplified and automated where possible
Our next step was to discuss how to reach those objectives. Laura turned down my suggestion of an online backup service because she gets Internet access via satellite, and her provider sets a monthly cap on the amount of data downloaded and uploaded. With that option off the table, we focused on tools for local backups.
The temptation to use tape reels was strong, but I resisted. Instead I suggested an Iomega Rev drive, which combines the safe transport of a tape cartridge with the random access of a disk drive.
Here, I use the term cartridge loosely, because there is no tape reel in the Rev, just a 2.5-inch drive that has been stripped of read/write heads, motor, and other components, leaving only the platters in a 3-inch-square medium that is a mere 3/8 inch thick.
Iomega recently announced a new 120GB cartridge and drive, which fits Laura's budget and capacity requirements perfectly. In addition to an external USB Rev drive, we bought four additional cartridges to create a five-day outside rotation. It turned out that Laura already had a security box with enough room for the cartridges at her bank. Problem solved.
With that settled, we looked into backup applications. Why plural? Although I don't wear both a belt and suspenders to keep my trousers from falling, when it comes to backups, I like to have more than one layer of protection. Also I don't believe in complicated backup tools because you end up paying more attention to their intricacies than to your data. It's a distraction nobody can afford.
I also believe strongly that backups shouldn't get in the way of productive work, which is why I decided against CDP (continuous data protection) and similarly automated tools. I've tried some of those applications and have concluded that the finer recovery granularity they offer doesn't compensate for how much they slow my system down. Besides, Laura had made it clear that daily backups were acceptable.
Laura already had recovery disks for both machines from the manufacturers, so I only had to make sure she created updated images of her boot drives should either one ever fail. To do that, I set her machines to run a scheduled DriveImage XML session every month, targeting the Rev drive, which is connected to the desktop and shared with the laptop. I suggested that she keep only the last two images of each drive; older copies would probably not prove useful.
To meet the requirements of forgiveness and ease of use, I scheduled two daily backups.
The first backup runs on the laptop with Microsoft SyncToy, a great, little-known tool with powerful options to keep two directories in sync. The target of that SyncToy run is a symmetrical shared folder on the desktop, which, if something goes wrong with the laptop, will give Laura a working machine, missing at worst only one day of data. Laura can live with that, but occasionally, when there are critical documents that can't be left as a single copy until the next backup, she can make ad hoc copies to the desktop share.
The third prong of my backup strategy for Laura is Windows Live OneCare, (yes, another Microsoft tool, but we are in Microsoft land, after all). OneCare does more than just backups, and it includes, for example, a firewall plus virus and spyware protection. Tune-up, a OneCare feature, can be set to automatically check for updates and run defrags.
I have scheduled OneCare to run daily backups on the laptop only, close to the wee hours of the morning, again targeting the same Rev drive used by DriveImage. OneCare will manage updates on both machines and defrag the drives once a week.
It may seem odd to run a backup to the Rev drive over the network, but OneCare treats the Rev drive as a local device, and "to protect the user," it refuses to consider that drive as a backup target. However, OneCare will blindly accept any network share as a backup device. To work around that bug, I left the Rev drive connected to the desktop and created a shared folder for consumption by the laptop and the OneCare backups.
So there you have it. Laura spent about $800 to purchase the Rev drive and cartridges, plus $50 for the annual subscription to OneCare. In my estimate, this setup should serve her well for at least three years, making her data protection cost less than $30 per month. Three years from now, who knows? Windows OneCare may have learned that the Iomega Rev is an "external" drive.
I explained to Laura that she should leave her machines on at night so that the scheduled backups -- spaced across the night to avoid conflicts -- can run. She also has two daily chores: Swap the latest Rev cartridge with the oldest copy in her bank vault, and check the OneCare status report for errors.
Does my backup strategy have weak points? Of course; any backup strategy does. The human factor is always a weak point. For example, if Laura forgets to rotate the cartridges, her data protection shield will weaken sensibly. Still she will have at least two up-to-date copies of her data, plus a relatively old one at the bank, to fall back on.
If you feel strongly about your backup strategy, send a description my way, and I will be glad to review it and make suggestions, or just congratulate you, as the case may be.
Posted by Mario Apicella on July 4, 2008 03:00 AM
March 07, 2008 | Comments: (0)
Sleeping laptops leave encryption at risk
Equipped with a can of air spray and sophisticated data hunting techniques, attackers can rebuild disk encryption keys from fragments of data in memory
Just when you thought you could sleep easy with disk encryption, here comes a wake-up call from the Center for Information Technology Policy at Princeton University. In just a few pages, the center's research team proves that disk encryption is easy to defeat if your attacker is skilled and determined enough.
When the laptop is in sleep mode, whatever is stored in memory remains in memory, including encryption keys. Big deal, you might think, the laptop asks for a password whenever anyone tries to use it.
That’s where many people, including me, are wrong. As the Center for Information Technology Policy researchers explain, a bad guy can get to the encryption keys, bypassing the password as if it wasn’t even there:
The attacker will then insert a special thumb drive into the laptop, yank out the laptop’s battery, quickly replace the battery, and push the power button to reboot the laptop. The encryption keys will still be in memory -- the memory will not have lost its contents because the laptop was without power only momentarily while the battery was out.How can the encryption keys be still in memory after yanking the battery out? Some memory cards maintain 50 percent or more of their content intact for a minute after powering down, the researchers found. Some for longer, but an attacker doesn't have to take that chance: As the study shows, using an air-duster can upside down can lower the temperature of a memory card to -50 C (-58 F).
At that temperature, the cards they tested maintained a perfect or near-perfect image of their content for a minute or longer, long enough to copy the data in memory to another medium. At even lower temperatures, such as what you can attain by using liquid nitrogen, the researchers saw very little RAM reading errors after 60 minutes.
To complete the story, once memory content has literally been frozen, the attacker can boot from a thumb drive that contains a small OS kernel plus an application that will quickly copy whatever RAM content has not overlapped to the same USB drive. Stage three: Using a data-sniffing application, the attacker is able to rebuild or retrieve the encryption keys and can now copy the content of your drive, in the clear, to another device.
If you doubt any of what I just described, I urge you to read the report in its entirety.
For example, the research team had little trouble building an application capable of finding or recreating keys from fragments of data in memory:
To reconstruct an AES key, we treat the decayed key schedule as an error correcting code and find the most likely values for the original key. Applying this method to keys with 10% of bits decayed, we can reconstruct nearly any 128-bit AES key within a few seconds. We have devised reconstruction techniques for AES, DES, and RSA keys, and we expect that similar approaches will be possible for other cryptosys.Mind boggling? I agree, but the good news is that the techniques the researchers used are probably way over the head of the average crook. The bad news is that if you carry desirable enough information, your opponents will have a sufficient incentive to come after your laptop.
How can we defend our laptops now that we know of this vulnerability?
The first, obvious, remedy is to always power off your laptop before walking away from it. Another suggestion is to evaluate carefully the encryption tools you use. By definition, software encryption tools will keep -- and possibly leave for a long time -- keys in memory in some shape or form. By contrast, a quick check with Seagate -- which offers the Momentus FDE family of laptop drives with hardware encryption -- triggered this response (PDF):
DRAM attacks to hardware-based full disk encryption (FDE) drives, the technology that powers the Seagate Momentus 5400 FDE.2 drives for laptop computers, are not possible, because the cryptographic key never leaves the hard drive. The key is not stored in DRAM, but in the ASIC chip that implements the encryption algorithm, which is built into the drive.That's what Larry Swezey, Consumer and Commercial HDD director for Hitachi GST had to say. As you know, Hitachi offers optional hardware encryption on all Travelstar 2.5" drives:
When used together with the ATA HDD locking feature, encryption can prevent an attacker from gaining access to the data. Even if the attacker were to physically remove the disks and read them on some specialized equipment such as that used by data recovery services, the data itself would be encrypted and hence not understandable.However, Swezey offered a note of caution about attacks to the DRAM content:
It is conceivable that the software will indeed have the drive password present in the system DRAM so the attacker can gain access to that password.In summary, a laptop mounting a drive with hardware encryption is less vulnerable, while providing faster access and easier administration, but the drive encryption barrier could still be penetrated if we let a smart attacker break into the laptop memory.
Check out my in-depth review of the Momentus FDE and a rival drive from Hitachi GST with BDE (Bulk Drive Encryption).
Do you use encryption on you laptop? How secure do you feel?
Posted by Mario Apicella on March 7, 2008 03:05 AM
June 09, 2006 | Comments: (0)
Windows OneCare doesn't fit all
Have you checked out Windows Live OneCare, the latest service offering from Microsoft? If not, give it a try.
Won't cost you a dime because Microsoft has a 90 days no charge trial, which should give you enough time to make up your mind. If you decide to keep it, the service costs about 50 dollars per year, for up to three PCs or laptops.
First things first: What exactly is OneCare? It's a monster combo that promises protection from viruses and spyware and includes also a two- way firewall. In addition, OneCare will automatically do backups for you and will tune up your system for performance, all in one package that's supposed to update itself automatically.
Obviously that automatic backup part captured my attention, but to be quite frank I was also getting tired of installing and maintaining separate firewall, spyware and virus protection applications on my machines.
I had tried in the past other combos, for example Zonelabs' ZoneAlarm Pro but was not too happy with what they offered.
So, care to know what are my first impressions after one day or two of using OneCare?
So far so good, but with some disappointments. Starting from the good, OneCare does a good job installing itself smoothly and keeping a low profile on my machines. That's good! I don't want any primadonna application getting in the way when I am working, like now.
Also good: The firewall inside OneCare is smarter than others. For example, when I launched Outlook for the first time I did not have to set a firewall rule: OneCare recognized that application and opened a discrete message informing that Outlook had been allowed to access the Internet.
The same happened when I launched Internet Explorer and Firefox. However, if the application is not recognized OneCare will show a message such as this View image and wait for instructions. Cool!
I did not use OneCare long enough to say anything one way or the other about spyware or virus protection, but you may want to check what Roger Grimes recently had to say about OneCare and the MS-Word bug.
Another thing I like? Full disk scan and other possibly long and disruptive tasks such as tune ups (disk cleanup and defrag, for example) can be scheduled to run off the prime time.
Same for backups, but that's where my disappointment with OneCare is. Unfortunately someone in the OneCare team (or whatever the project name was) decided that storing backups on internal disk drive was unacceptable.
So here I am with a 500GB SATA drive that I use only for backups, and OneCare doesn't let me write backups to it. To add insult to injury, the backup application added the content of that SATA drive to the stuff in need of backup, estimating that everything would fit in just 51 CDs. Obviously I canceled that job.
Wait, there is more. OneCare rejects also network drives as backup targets, so mapping a drive from one of the servers in my lab wasn't an option either. Also impossible was using one of my NetGear SC101 because they appear as internally mounted drives. Apparently, OneCare doesn't know or doesn't care that you can set those devices hundreds of feet away from the computer.
What can you use as backup target with OneCare? CDs and DVDs plus external drives, which in this peculiar view of the world means drives over an USB or Firewire connection. I didn't have handy an eSATA drive to see if that works too.
Did Microsoft hear from me about this? You bet! From a polite next-day e-mail message I learned that " ...the Product Group is considering adding this feature [backup to network drives and to non-OS internal drives] into Windows Live OneCare in a later version because they have received many similar feedback...".
Geesh! Why am I not surprised? Perhaps because many home users have their own peer network? Or because many are smart enough to install a second drive or to custom order a PC with two drives?
Not to mention corporate users doing a backup of their laptops on their network share, from where eventually it will be included in the company data protection cycles.
For now, as backup target for my laptop I am using a cute 2.5" 60 GB USB Store-It Drive from Pexagon Technology. It's small enough to take with me on the road and Pexagon has engraved my name and phone number on the case (will do the same for any customer), which should make it easier to find it if it gets lost (or may be not if the people who find it don't like you).
Even though the backup is a partial disappointment, I am otherwise "first impression" happy with OneCare. I have only one throat to choke now to keep my PCs healthy and protected, and judging from the first few days I should spend less of my time baby-sitting computers, be they mine or not.
For example, I can check how everything is going on just one screen View image instead of squinting over 3 or 4 different applications.
When (if?) the "Product Group" unleashes network and internal drive backups I have another suggestion for them, continuous backups. Anyway, I'll wait. I learned long time ago to never ask developers more than one thing at a time.
Posted by Mario Apicella on June 9, 2006 10:56 AM
May 24, 2006 | Comments: (0)
HP adds data protection options for SMBs
HP adds data protection options for SMBs
Posted by Mario Apicella on May 24, 2006 07:02 AM
May 15, 2006 | Comments: (0)
Unencrypted tapes? I blame the developers
Products that blend storage and security leave me perplexed: is a storage solution the best place where to start protecting your data?
Probably not. Moreover, I would argue that when sensitive information remains unencrypted the business process that generates that data has been poorly implemented.
In a perfect world, the decision to secure data should be made by the application that creates it, but that rarely happens. Part of the problem is that developers have little interest and motivation to protect data outside of their coding universe.
Not convinced? Then explain why the same development team that would never allow sensitive data to reach a non-secure Web page, finds acceptable to write the same data, unencrypted, to a local drive.
Nevertheless, when data disclosure or a breach of security becomes news we always blame and try to correct the storage solution. Storage vendors, eager to differentiate their products from competitors', are quick to follow on that: After all storage security is an easy to sell band-aid.
Take for example the BrightStor Tape Encryption for mainframe that Computer Associates is announcing today. Starting at $60,000 (yes everything made for those big irons is expensive) you get the ability to encrypt what you put on tape, and from any application, I am told.
It gets better: You can manage encryption from one of the popular mainframe security applications including IBM RACF and CA ACF2 or Top Secret. Moreover BrightStor Encryption will add little if anything to backup time because the chips on the big iron will do the heavy lifting.
For a busy computer operations managers encrypting those tapes with little overhead is a blessing, but to be on the safe side (s)he will probably encrypt more data than needed, which will further complicate a few things, key management for example.
Will we ever see data protection starting at the beginning of the data life cycle?
Obviously, storage vendors alone can't provide a solution to that problem, but Tapestry MyView, a new application that Brocade coincidentally also released today seems to be an interesting step in the right direction.
Essentially MyView integrates with Microsoft Active Directories to give administrators better control over users' access rights across the whole company. MyView is not meant to log file access, but records accurate historical records, for example changes in access rights, that would make many auditors smile.
Will any of these two products make your data more secure? Yes, but for the big changes look outside of the storage universe. It may seem a paradox, but your data will probably become more secure when you won't find "storage" and "security" in the same sentence anymore.
Posted by Mario Apicella on May 15, 2006 07:31 AM
May 05, 2006 | Comments: (0)
Newsworthy: Sepaton turns the table on deduplication
Find this post here.
Posted by Mario Apicella on May 5, 2006 07:47 AM
April 17, 2006 | Comments: (0)
Newsworthy: EMC improves on VTL
Adds entry level unit and more features
Posted by Mario Apicella on April 17, 2006 09:35 AM
April 17, 2006 | Comments: (0)
Newsworthy: new secure mini drive from Maxtor
Maxtor is shipping a new portable drive
Posted by Mario Apicella on April 17, 2006 08:22 AM
March 15, 2006 | Comments: (0)
Obviously not, I wouldn't go that far myself. However, there is something extremely intriguing in tape drives (and tape libraries) that no other piece of hardware in the data center can emulate.
Perhaps it's because of the convergence of highly sophisticated mechanical and electric engineering. Perhaps it's because of its whirling and purring but I find a tape drive several order of magnitudes more interesting to watch than other IT stuff.
Anyhow, if you are only mildly interested in tape drives don't miss this new one from Sun StorageTek, the T10000.
Here is what the T10000 looks like but the photo doesn't tell how impressive its specs are.
A complete data sheet is here but don't overlook that the T10000 can store 500 GB on single cartridge without compression, which, even though surpassed by other tape drives is still a remarkable capacity. However, its transfer rate, 120MB per second without compression is first class.
You can buy one now for $37,000, I hear from Sun, but a mainframe version should be available later this year.
Posted by Mario Apicella on March 15, 2006 11:26 AM
January 09, 2006 | Comments: (0)
Learning how to secure those tapes
I got quite a response to the last Storage Insider column focused on media security.
To say that readers and vendors find that topic important is an under statement. There is an urgency for more information on storage security that, interestingly enough, is equally strong among both potential buyers and sellers.
Obviously vendors (and perhaps reporters?) need to do a better job of informing the public of what products and services are available in that area.
Spectra Logic seems to be ahead of the pack on this. As you may know, last year they began offering tape libraries with integrated encryption together with an update kit for some models.
If you are interested to learn more about encrypting data on tapes register for a free Webinar from Spectra Logic that should be available later this month.
If you know of other Webinars or interesting training material on this or other topics please let me know.
Posted by Mario Apicella on January 9, 2006 02:48 PM
August 17, 2005 | Comments: (0)
If you've been thinking that it's time to do something to bullet-proof your small-to-midsize business critical data and systems such as financial transactions, patient records or your email and Web retail storefronts you've been thinking right. Fifty percent of companies that lose their data go out of business immediately and ninety percent don't survive more than two years, according to research firm Baroudi Bloor International. That's a lot of unnecessary risk for something so preventable.
The causes and instances of data loss are much more commonplace than you might think - it's rarely an act of God. In fact, it's usually just an easily corrected system or user error, if you've protected your data correctly. Only three percent of all data loss is caused by fire, flood and other such disastrous events. The most common causes are hardware or system malfunction (44 percent), human error (32 percent), software corruption (14 percent) or viruses (7 percent).
There are very good reasons for protecting your important business data, according to Bob Schaefer, CEO of Breece Hill, whose company manufactures iStoRA, an integrated disk and tape-based backup, recovery and archiving appliance. "Obviously, you need it to run your business. But beyond that, businesses face a growing list of strict legal requirements, and the need to be prepared for any potential lawsuits or audits that might follow events such as an employee termination, worker injury or the sale of the company."
Here are Five Things to Know:
1. Backup Often and Wisely
Market research firm Gartner says that less than 1% of small businesses perform daily backups, and Enterprise Strategy Group analyst Peter Gerr says that backup is always at the top of business concerns - it either takes too long, or users can't verify that it's actually working.
Backing up everything on a daily basis can be extremely costly and time-consuming, so it's important to identify only the data that changes. For the average business, the percentage of data that changes daily is somewhere between 2-5%.
For example, a graphic arts agency that develops intricate print designs and continuously backs up large image files, page layouts and video work will quickly break the bank on storage hardware alone. By implementing a backup function that's able to sense changes reasonably well and back up just those files that have been altered, the business is protected at far less cost.
On the other hand, a specialty manufacturer of high-end audio products may only need to backup once a day, but will require it to be a bullet-proofed backup. While the rate of change is slow, each order is vitally important to the business.
"By limiting what your business backs up to only that which changes daily, huge time and cost savings can be made," said Schaefer.
2. Prioritize Data for Disaster Recovery
Another aspect to backing up data is making sure that the systems and data your business absolutely needs will be there in the case of a disaster. This means that you need to look at your overall data picture, and decide what's critical, what's important, and what you can do without. It's critical that an online retailer keep its Web store up and running, but it can do without its print services, at least for awhile.
So the next step is to prioritize each system and its related data - key systems for most small businesses include email, telephones, databases, file servers and Web servers. Typically, systems are prioritized into three categories that require differing levels of recovery time, from zero to days: redundant (immediately), highly-available (minutes to hours), and backed up (four hours to days).
"As a manufacturer of high tech storage products, including the iStoRA appliance, we have a high rate-of-change that forces us to keep more data on disk for immediate restore than many other businesses," comments Breece Hill's Schaefer. "For us, it's essential to keep our most important data, such as engineering drawings, supplier specifications, and up-to-the-minute materials pricing, on disk for at least three weeks."
3. Archive Important Data for the Long Term
Now it's time to consider your data archive. First, you'll need to figure out how long to keep data. Federal and state regulations and policies dictating the length of time that your data must be retained vary by state, and can be anywhere from seven years for equity or stock transaction records, to 17 years for certain HIPAA regulations, and up to the life of a patient for others.
Government contractors or companies working with government contractors, face other requirements, including the type of media used. Optical disk, for example, can survive the electrical pulse that follows nuclear war. But in most other cases, it's simply important to choose a system and/or storage location that will achieve your company's needs. But remember, penalties for non-compliance with data retention requirements are stiff.
If you're going to have to keep data for twenty years or more, you'll need to identify a physical storage location. Some businesses will choose a full-service company such as Iron Mountain, that picks up, stores and delivers data when it's needed. But it's more realistic that the data goes offsite, and is stored in the safety of person's home.
"But remember, however you choose to store data," said Schaefer, "it must be stored in a climate controlled and electrically neutral environment."
4. It's Smart to Comply Now
There's been a lot of buzz in business and industry media recently about 'compliance.' What it really means for the small business is that you'd better know what regulations affect your business, and what that means for your data storage system.
Some of the most important recent regulations to affect the small-to-midsize business include the Sarbanes-Oxley Act (SOX), which has implications for financial reporting, and the Health Insurance and Portability and Accountability Act (HIPAA), which applies to the maintenance, security and storage of health care records. There are also a variety of human resources-related regulations applicable to programs like worker's compensation at the state level, and payroll regulations such as the Federal Insurance and Contributions Act (FICA) at the national level.
Compliance requirements are tightening across the board. For example, if your business sells bolts to Lockheed Martin, you may be required to comply with stricter Department of Defense regulations for military contractors. The same is true for independent broker/dealers and the Securities and Exchange Commission, service providers to major utilities and Homeland Security regulations, as well as small-to-midsize businesses and local, state and federal regulations of all shades.
"The bottom line is, you had better comply," adds the Breece Hill executive.
5. How to Store Data Cost-Effectively and Easily
Most small-to-midsize businesses don't have free IT resources to set-up and manage a storage solution, so it's important to work with a value-added reseller that understands your business. It's also important that the solution fit easily into your company's existing system, and is as manageable and turn-key as possible.
Over the long run, most mid-size businesses are better off buying an integrated solution. The upfront cost may be a bit more, but in the long run, the time, money and effort spent on a custom, or 'home-grown' solution will be far greater. Not only will you need a professional to install it, but they'll need to help maintain and tune it as well.
Today, there are all-in-one storage appliances that include integrated disk for short-term backups and archiving; tape for long-term archiving; as well as the software and server components that that help to prioritize and store data appropriately such as Breece Hill's iStorRA.
"The beauty of the integrated appliance," concludes Schaefer, "is that you have all of the storage media components in a single box that's easy to use. And if anything goes wrong, you've got just one number to call 'one throat to choke.' "
So there you have it- the basics for protecting your business from the very real threat of catastrophic data loss. When researching solutions, make sure that you work with a professional or value-added reseller who's familiar with your type of business as noted above, data protection requirements do vary significantly, depending on your industry. And remember, without your business' data, there is no business at all.
Posted by on August 17, 2005 08:04 AM
August 12, 2005 | Comments: (0)
No, that's not a new tag line from a Microsoft ad, but a question that can now be answered with a little more awareness.
The topic is obviously protecting your computers from cyber crime, a task that we have grown used to delegate to things such as virus protection software or firewall systems.
That's not a bad approach, because frees precious IT time that can be better applied to taking care of business rather than patrolling the company cyber borders.
The down side is (yes there is always one) being less aware of actual threats and protection measures. For example, can you tell what vulnerabilities are you exposed to with, say, your backup application?
Probably, not. Well, now you can find out rather quickly, thanks to a new comprehensive National Vulnerability Database that consolidates known weaknesses collected by many public sources.
Let me quote from the horse's mouth: "NVD is a comprehensive cyber security vulnerability database that integrates all publicly available U.S. Government vulnerability resources and provides references to industry resources. It is based on the CVE vulnerability naming standard."
I was rather shaken after spending some time searching NVD: may I suggest that you do a few queries too?
The database is updated daily with newly found threats and weaknesses. Check it out: it may be scary to know your exposures, but not knowing them is certainly worse.
Posted by Mario Apicella on August 12, 2005 02:06 PM
June 02, 2005 | Comments: (0)
In case you are wondering, no, I am not going nuts nor am I writing this while intoxicated. "Have you done it today?" is the tag line of a new campaign to promote data backup awareness among end users and small businesses that Maxtor is rolling out for June.
To tell it as it is, in that campaign Maxtor is also pushing its new line of external drives, the OneTouch II. In fact, they are giving away one unit everyday for the month of June. If interested, follow this link, or pass it on to your friends and family.
That they buy or not a drive from Maxtor makes little difference to me, but any initiative that can make people more attentive to data protection is worth supporting.
Perhaps you work for a large corporation and think all your ducks are covered by your IT department? Well, better think again. Many people, and I mean MANY PEOPLE, do some office-related work on their home computers and there is nothing that can or will stop that from happening.
You may object that, even if those coworkers don't have backup procedures in place, most of the time only a few hours of work will be at risk, typically what one can accomplish during one evening or the week-end.
True, but what if a conscientious colleague is working on a long-term project in his/her spare time at home? In such cases, a backup of that PC would protect days, perhaps weeks worth of work, don't you agree?
Moreover, even loosing only a few hours worth of work is probably much more expensive than buying a drive such as the Maxtor OneTouch II or a similar model from other vendors.
I'll stop from playing Cassandra now, but please, do get yourself in the habit of "doing it" every day and, at least for June, become an evangelist of doing it and doing it well, as it should be. Still wondering what am I talking about? A proper backup of your PC, of course.
Posted by Mario Apicella on June 2, 2005 10:33 AM
March 01, 2005 | Comments: (0)
Doing data security by exception
Every time a new breach in data security hits the news I can count to hear from at the least two companies: Decru and Neoscale. Can't blame them, though, because there are so few opportunities for making someone listen to that rather unpleasant topic, data protection.
Let's face it: nobody likes to hear of possible impending doom and doesn't really matter if the Cassandra is your dentist or a security expert.
In case you are not familiar with those names, Decru and Neoscale both offer solutions to secure your storage infrastructure. How? Essentially using a better authentication scheme than just passwords, and various levels of fast, seamless data encryption.
Decru had this to say on the recent Choicepoint fiasco:
" ..we believe that the responsibility for data security belongs to the companies that house the data."
Difficult to disagree, but was that point really under debate? I probably don't know the facts well enough but don't remember Choicepoint denying its responsibility.
Also, in the Choicepoint episode data protection techniques such as encryption would probably not have made any difference.
However, data encryption helps if one of your media gets lost or is stolen. Take for instance the recent mysterious disappearance of those magnetic tapes at Bank of America.
So far there has been no indication of any disclosure, and I really don't know if those customer records were encrypted or not, but as a customer, I would feel a lot better knowing that they were.
Moving tapes to an outside vault, as Bank of America was doing, is a common daily activity in many data centers. If you haven't yet , could be worth adding another exception to your security checklist: "What if my tapes get lost?"
If the answer to that question is as unpleasant as a root canal, adding encryption could be the pain killer. And your customers would be grateful.
Posted by Mario Apicella on March 1, 2005 09:48 AM
February 15, 2005 | Comments: (0)
LiveVault adds local appliances to its backup service
You probably already know that LiveVault offers an automated online backup service that can take care of that often mismanaged chore for many small datacenters.
Just in time for Valentine's Day LiveVault announced new service options that should attract both SMBs and corporate remote offices. Those new options add speed and reliability to automated backups while living copies of protected data inside customers premises.
As you may remember from a previous review the LiveVault service scored well, but restoring a big chunk of data over a remote connection could take a long time.
Also customers were voicing what LiveVault calls an "emotional desire for onsite copies". To be fair, having a backup copy easily accessible can come handy in many cases, for example if you need to rerun the month-end book-closing.
InSync, one of the new services announced on February 14, addresses both those issues giving customers a local, networked appliance as immediate backup target .
In essence, the backup agent ( each protected server runs one) will save changes directly to the appliance, which in turn will forward those changes to the remote vault.
Even at 10Mbps, moving those changes at LAN speed beats using a remote connection and ensures continued data protection (and recovery) regardless of WAN vagaries, and yes, the appliance can cope with connectivity problems.
LiveVault must have learned that also large corporations want copies of their backups on premises, because their other new service, InControl consolidates backups from multiple remote branches to a single appliance installed at company's headquarters.
Each remote office can deploy or not a local appliance to speed up data protection and recovery. Either way, InControl backups don't have to be supervised by customer's staff.
Both InSync and InControl customers can choose to have their backups dumped to tapes and to have those tapes moved to another vault for added peace of mind.
With those new services and the improved, Web-based monitoring, LiveVault has probably the most convincing alternative to DIY (do-it-yourself) backups that I have seen.
As many CTOs learn the hard way, attaining ironclad data protection requires significant human and computing resources, not to mention relentless monitoring. If you have any reason to believe that your staff may be stretched too thin for that, LiveVault could be just the ticket.
Posted by Mario Apicella on February 15, 2005 10:43 AM
February 03, 2005 | Comments: (0)
.. to really mess things up, we all know that. Unfortunately it's not just theoretical knowledge: just about everybody working in IT has been involved or has witnessed some kind of computer mess.
And I don't mean a challenging and difficult job (we can discuss those situations some other time) but rather a human or computer error that leaves a mark bad enough to be remembered years later.
A good example of what I mean is in Chad Dickerson's Backing into disaster, where a CTO suddenly finds out in the worst possible way that their backups aren't any good.
It's a situation bad enough that just the thought gives chills to a seasoned professional like Chad. And with reason. In our trade you just don't lose data. It's inadmissible. It's a sin against nature much like a robot violating one of Asimov's Three Laws of Robotics.
Speaking of disasters, you may have followed the story of the two missing disks at the Los Alamos National Laboratory. The story broke last Summer but according to recent developments those disks were not really missing, actually they were never created.
Apparently no data was lost or improperly disclosed in the Los Alamos National Laboratory's incident, which sounds like an happy ending. Nevertheless, both snafus cost dearly and heads will probably roll in both cases.
Of course both those incidents could have been prevented with simple remedies such as cross checking facts and testing backup procedures.
For example, doing occasional restores is the best way to make sure that your backups are working as expected. Obviously, this did not happen in the messed backups story, but wasn't there a disaster recovery procedure in place? Did anyone ever test it?
If the answer to both questions is a blank stare that CTO has more to worry about than firing a few people with minimal disruption. The next time disaster strikes, that company might not survive.
What's the biggest computer mess you've been into? Let me know: will keep the names out of the story.
Posted by Mario Apicella on February 3, 2005 07:38 AM
| STORAGE SPRAWL PODCAST |
| Listen to the latest podcast: |
| MP3 • RSS • Get Podcast • Archive • Mobilize |
TOP STORIES
ADDITIONAL RESOURCES
- Application Grid: Oracle's Vision for Next-Generation Application Servers and Infrastructure
- Do you have the power to resolve technical issues with one call?
- Take control of your content- leverage Microsoft SharePoint
- Flexible, Scalable, Enterprise Storage for Virtual Infrastructures
- Four Steps to Disaster Recovery and Business Continuity Using iSCSI
- Virtual Servers Meet Virtual Storage
