Toronto-based software company Asigra has signed a deal with New Zealand-based cloud services firm Fronde to provide it with cloud backup software. Under the deal, Fronde has integrated Asigra’s software with Amazon Web Services, enabling it to back up customers’ data to the US company’s systems. Should CIOs rely on a US-based service like Amazon Web Services to back up their data to the cloud?
Asigra’s software can be used directly by enterprises to back up data remotely to various locations specified by the user, such as an alternative site of their own, for example. It can also be used by service providers like Fronde, which has integrated it with Amazon Web Services for its own customers.
One interesting thing about the Asigra/Fronde deal was the use of a Recovery License Model (RLM). Asigra introduced a pricing model 18 months ago that charged a fixed price, along with a variable price on top based on the overall percentage of data recovered in a year.
Asigra has covered all of its bases when checking the reliability of its own backups. “Asigra Cloud Backup checks for both data corruptions and logical inconsistencies caused by third party technologies, such as faulty RAID controllers, file systems, operation systems, disk subsystems, and network packet loss,” said the company in a statement to IT World Canada, adding that the checks were performed on both current backups being written to disk as well as previous backup data sets already on disk.
“If the autonomic healing module identifies any corrupt or problematic data, it automatically goes out to the source machine and captures it again,” the firm added.
What about Amazon’s reliability, though? The company’s cloud-based services have suffered several outages in recent years, including an outage in its EC2 compute cloud in 2011 that disrupted services along the eastern seaboard for several days.
A storm took out generators serving multiple generators with compute and storage resources on the east coast just over a year later. In October 2012, yet another outage hit storage services in the Eastern US, followed by another that December, which hit load balancers for “a prolonged period of time”.
“If you review it, Amazon’s outage history and availability performance is incredibly high,’ said Fronde in a statement. “Whilst isolated incidents do happen occasionally, it is possible to minimize service interruptions through best practice architecture and design practices. FCB is deployed in a multi-availability zone configuration offering increased levels of protection to outages.”
From a reliability perspective, companies should look at two things when considering a backup partner: a recovery time objective (RTO) and a recovery point objective (RPO). The RTO tells them how long it will take to restore the data that has been backed up. The RTO governs what point in time they should be restored to.
A company’s RTO and RPO requirements will depend on its own business needs. Any service provider should be able to provide these readily for a CIO considering its online backup service.
What about data privacy and sovereignty? The US Patriot Act is an oft-cited concern when storing data on US soil. In a document about AWS security, Fronde suggests that “typically, a government agency seeking access to the data of an entity will address any request for information directly to that entity rather than to the cloud provider.”
In some cases, though, experts suggest that cloud service providers may have been approached directly, but have also been subject to gag orders forbidding them from discussing such requests, using a legal instrument called a National Security Letter.
Few companies fight them, but when cloud service providers such as the email provider Lavabit have shut down their services and have been unable to discuss why, legal experts have suggested that it has been due to such gag orders.
In the Electronic Frontier Foundation’s 2014 report on which cloud service providers do more to protect their customers, Amazon scored joint second lowest, with just two stars out of five, showing that it fought for privacy rights in courts, and required a warrant for content. The firm was not telling users about government data requests, did not publish a transparency report, failed to publish law enforcement guidelines, and was not fighting for users’ privacy rights in Congress, the EFF said.
Ultimately, “customers must be responsible for their security in the cloud”, Fronde has said, and tells customers to seek advice about how best to protect their data.
Concern over US treatment of Canadian data has compelled some companies to launch Canadian-based data backup service to keep data firmly on Canadian soil. Firms likeBritelink, Digital Hero and CloudPockets offer Canada-based backup in the cloud.
However, the Canadian government also has significant access to data stored here, and so while concern over the Patriot Act is important, companies shouldn’t feel automatically safe because they have stored their data north of the border. The best course of action when using any backup service may be to use encryption. Asigra’s encrypts data at rest and in transmission, the firm says, and uses escrow to protect encryption keys.
This encryption protection is an important step in any data backup, whether it’s to servers that a company owns itself, or to a third party provider.
Whether you’re using a cloud provider or your own infrastructure, backups should be safe, secure, and reliable. effective governance of service level agreements, and proper encryption of data, should help you to guarantee the availability and security of your valuable data should the worst happen.