Off-site Data Protection
Encyclopedia
In computing
Computing
Computing is usually defined as the activity of using and improving computer hardware and software. It is the computer-specific part of information technology...

, off-site data protection, or vaulting, is the strategy of sending critical data out of the main location (off the main site) as part of a disaster recovery
Disaster recovery
Disaster recovery is the process, policies and procedures related to preparing for recovery or continuation of technology infrastructure critical to an organization after a natural or human-induced disaster. Disaster recovery is a subset of business continuity...

 plan. Data is usually transported off-site using removable storage media such as magnetic tape
Magnetic tape data storage
Magnetic tape data storage uses digital recording on to magnetic tape to store digital information. Modern magnetic tape is most commonly packaged in cartridges and cassettes. The device that performs actual writing or reading of data is a tape drive...

 or optical storage
Optical storage
Optical storage is a term from engineering referring to the storage of data on an optically readable medium. Data is recorded by making marks in a pattern that can be read back with the aid of light, usually a beam of laser light precisely focused on a spinning disc. An older example, that does...

. Data can also be sent electronically via a remote backup service
Remote backup service
A remote, online, or managed backup service is a service that provides users with a system for the backup and storage of computer files. Online backup providers are companies that provide this type of service to end users ....

, which is known as electronic vaulting or e-vaulting. Sending backups off-site ensures systems and servers can be reloaded with the latest data in the event of a natural disaster, accidental error, or system crash. Sending backups off-site also ensures that there is a copy of pertinent data that isn’t stored on-site. Off-site backup services are convenient for companies that backup pertinent data on a daily basis (classified and unclassified).

Although some organizations manage and store their own off-site backups, many choose to have their backups managed and stored by third parties who specialize in the commercial protection of off-site data.

Data vaults

The storage of off-site data is also known as vaulting, as backups are stored in purpose built vaults. There are no generally recognized standards for the type of structure which constitutes a vault. That said, commercial vaults typically fit into three categories:
  • Underground vaults - often converted defunct cold war military or communications facilities, or even disused mines.
  • Free-standing dedicated vaults
  • Insulated chambers sharing facilities - often implemented within existing record center buildings.

Hybrid on site and off-site vaulting

Hybrid on-site and off-site data vaulting, sometimes known as Hybrid Online Backup, involve a combination of Local backup for fast backup and restore, along with Off-site backup for protection against local disasters. According to Liran Eshel, CEO of CTERA Networks, this ensures that the most recent data is available locally in the event of need for recovery, while archived data that is needed much less often is stored in the cloud.

Hybrid Online Backup works by storing data to local disk so that the backup can be captured at high speed, and then either the backup software or a D2D2C (Disk to Disk to Cloud) appliance
Cloud storage gateway
A cloud storage gateway is a network appliance or server which resides at the customer premises and translates cloud storage APIs such as SOAP or REST to block-based storage protocols such as iSCSI or Fibre Channel or file-based interfaces such as NFS or CIFS....

 encrypts and transmits data to a service provider. Recent backups are retained locally, to speed data recovery operations. There are a number of cloud storage appliances on the market that can be used as a backup target, including appliances from CTERA Networks, Nasuni, StorSimple and TwinStrata.

Statutory obligations

Data Protection Statutes are usually non-prescriptive within the commercial IT arena in how data is to be protected, but they increasingly require the active protection of data. United States Federal entities have specific requirements as defined by the U.S. National Institute of Standards and Technology (NIST). NIST documentation can be obtained at http://csrc.nist.gov/publications/PubsSPs.html and commercial agencies have the option of using these documents for compliance requirements.
  • History - today's regulatory requirements started with the "Rainbow" Series. Every organization has used these standards to develop "their" version of compliance - don't get wrapped around the NIC on compliance - use "Due Care" and apply "Due Diligence" and base your infrastructure using "SECURITY" as the foundation.


Statutes which mandate the protection of data are:
  • Federal Information Systems Management Act (FISMA)
  • FEDERAL INFORMATION SYSTEM CONTROLS AUDIT MANUAL (FISCAM)
  • Health Insurance Portability and Accountability Act
    Health Insurance Portability and Accountability Act
    The Health Insurance Portability and Accountability Act of 1996 was enacted by the U.S. Congress and signed by President Bill Clinton in 1996. It was originally sponsored by Sen. Edward Kennedy and Sen. Nancy Kassebaum . Title I of HIPAA protects health insurance coverage for workers and their...

  • Sarbanes-Oxley (SOX)
    Sarbanes-Oxley Act
    The Sarbanes–Oxley Act of 2002 , also known as the 'Public Company Accounting Reform and Investor Protection Act' and 'Corporate and Auditing Accountability and Responsibility Act' and commonly called Sarbanes–Oxley, Sarbox or SOX, is a United States federal law enacted on July 30, 2002, which...

  • Basel II
    Basel II
    Basel II is the second of the Basel Accords, which are recommendations on banking laws and regulations issued by the Basel Committee on Banking Supervision...

  • Gramm-Leach-Bliley (GLBA)
  • Data Protection Act 1998
  • Foreign Corrupt Practices Act ("FCPA")
    Foreign Corrupt Practices Act
    The Foreign Corrupt Practices Act of 1977 is a United States federal law known primarily for two of its main provisions, one that addresses accounting transparency requirements under the Securities Exchange Act of 1934 and another concerning bribery of foreign officials.- Provisions and scope...

     - The FCPA of 1977

Legal precedents

  • Thomas F. LINNEN, et als v. A.H. ROBINS COMPANY, INC., et als, (Mass. Super. Court, No. 97-2307).
  • Linnen v. Robins, 1999 WL 462015, 10 Mass. L.Rptr. 189 (Mass Super. Court, 1999).
  • FJS Electronics v. Fidelity Bank
  • Zubulake v. UBS Warburg
  • Coleman (Parent) Holdings, Inc. v. Morgan Stanley & Co. Inc., 2005 Extra LEXIS 94 (Fla. Cir. Ct. Mar. 23, 2005).

See also

  • Backup
    Backup
    In information technology, a backup or the process of backing up is making copies of data which may be used to restore the original after a data loss event. The verb form is back up in two words, whereas the noun is backup....

     - as off-site data protection is part of a comprehensive backup strategy.
  • Remote backup service
    Remote backup service
    A remote, online, or managed backup service is a service that provides users with a system for the backup and storage of computer files. Online backup providers are companies that provide this type of service to end users ....

  • Comparison of online backup services
  • Bare-metal restore
    Bare-metal restore
    Bare-metal restore is a technique in the field of data recovery and restoration where the backed up data is available in a form which allows one to restore a computer system from "bare metal", i.e...

The source of this article is wikipedia, the free encyclopedia.  The text of this article is licensed under the GFDL.
 
x
OK