R

Previous Next
informationweek.com

THE BUSINESS VALUE OF TECHNOLOGY

AUGUST 2012

Previous

Next

Previous

Next

Previous

Next

Download

Subscribe
Android and Apple devices make backup a challenge for IT. Look to smart policy, cloud services, and MDM for answers. >> By Ben DuPont

PLUS

Virtualization technology improves backup >>

Previous

Next

practicalAnalysis
Virtualization Technology Improves Backup And Recovery
IT teams that have gone big on virtualization can take advantage of advances that simplify the process of backing up virtual machines. VMs are composed of fixed configuration and disk files, so its easy to grab a copy of a machines resource profile, snag the associated disk files, and spin it up anywhere, anytime. And VMware and Microsoft have improved this functionality. Do you store your VM images on a SAN? Want to back up your machines while theyre still running? Snapshot-compatible backup applications that leverage vendor APIs to do the heavy lifting are available for the major hypervisors. They make API calls to take snapshots of VMs prior to starting the backup process. Changes are redirected to a change file instead of the original volume. The machine is backed up, even if clients are using it, and the snapshot is destroyed. VMware has performed backups this way since ESX 2.0, but it required the use of a VMware Consolidated Backup proxy server. This meant IT had to deal with tedious configuration requirements, and the underlying storage system was saddled with a significant amount of read I/O during backups. Users griped, so VMware has eliminated VCB in favor of an integrated API called vStorage APIs for Data Protection. VADP is invoked directly by a backup application and is a configuration-free feature of vSphere. Third-party virtualization backup providers such as Veeam have taken full advantage of VADP and its Microsoft equivalent, Volume Shadow Copy Service, to deliver low-cost, highly effective, VM-level backup at a reasonable price. Other Capabilities Virtualization APIs can also grab flat-file backups from guest virtual machines, and products that already excel at flat-file backups can leverage the APIs to do so better and with a smaller footprint. But most exciting is underlying storages involvement in the backup process. The latest storage APIs from VMware, and to a lesser extent Microsoft, use the horsepower of the storage arrays to make copies of data to be backed up. This approach works provided the storage array has enough spare capacity to accommodate the I/O. Doing the backup itself reJA KE MC TI G U E

Real-World Insight
Join us at the InformationWeek 500 Conference to hear a range of speakers, including Procter & Gamble CIO Filippo Passerini. It happens Sept. 9-11 at the St. Regis Monarch Beach, Dana Point, Calif.

quires an API-compatible backup product for VMware. Acronis, CommVault, EMC, HewlettPackard, Quest, Symantec, and Syncsort are API certified. Using hardware-assisted copy requires a SAN thats compatible with vStorage API for Array Integration. Three vendors have VAAI-ready SANs, according to the latest VMware hardware compatibility list: FalconStor, LeftHand, and HP. Other advances are transforming backup. For instance, imagine running traditional networkor agent-based backup over the internal hypervisor instead of across conventional network links. VMwares Virtual Machine Communication Interface allows machines on the same host to read data from one another at the speed of the internal machine bus. Its fast, particularly for large transfers or where the data is in running memory. One example is SQL Server, which is designed to keep as much data as possible in memory for faster reads and queries. Note that youll need to upgrade to vSphere 4 or later to take advantage of these APIs. Jake McTigue is president of McTigue Analytics. Write to us at iwletters@techweb.com.
August 2012 2

Register
informationweek.com

Previous

Next

[COVER STORY]

Android and Apple devices make backup a challenge for IT. Look to smart policy, cloud services, and MDM for answers. By Ben DuPont

A
informationweek.com

s smartphone and tablet use grows in companies, IT wrestles with how to back up sensitive data that might reside on these platforms. IT cant simply deploy a software agent for full backups as it would with PCs or laptops because of restrictions built into mobile operating systems. Mobile backups are also complicated by the fact that many smartphones and tablets are the property of the employee, not the employer86% of respondents to InformationWeeks 2012 Mobile Security Survey say they allow or plan to allow employee-owned devices. Those employee-owned devices are likely to be Apple or Android products. Our survey shows that 46% of respondents allow employee-owned
August 2012 3

Previous

Next

MOBILE DEVICE BACKUP

[COVER STORY]

Get This And All Our Reports

Our full report on backing up Android and iOS devices is free with registration. This report includes 15 pages of actionoriented analysis. What youll find: > Pros and cons of cloud backup and sync services > Advice on policy and key MDM requirements

Apple iOS devices to store corporate data, followed by 36% that allow Android 3.x and 4.x devices, and 28% that allow Android 2.x devices. A feasible mobile backup plan should address both employee- and corporate-owned devices. While IT has more control over devices it deploys to users, many of the backup challenges are the same regardless of whom the device belongs to. Put It In Writing Start with well-defined policies that explain ITs responsibilities regarding corporate data on both employee- and IT-owned devices. On the technology front, consider cloud-based storage and synchronization services to back up essential corporate data, and look to mobile device management software that can provide the kind of finegrained control necessary to enforce company policy on personal devices.

Download

If you let employee-owned devices access company applications or data, make sure your mobile device policy clearly describes the requirements for access. ITs first reaction to the bring-your-own-device phenomenon may be to write separate policies for employee- and company-issued devices. Thats the wrong approach, says Michael Finneran, an independent consultant and industry analyst (and InformationWeek contributor). Our job is to make sure mobile users get access to the stuff they need securely, regardless of who owns the phone, says Finneran. What level of security is required is defined by the organization, and what users get access to is defined by their role. Your policy should be just as clear about where ITs responsibilities lie regarding backups. IT has an obligation to back up company data and to take steps to do so. But IT doesnt have any obligation to protect an employees personal information, files, applica-

tions, and other information, such as photos and videos. Of course, separating personal and corporate data is really hard. A mobile device can quickly become a hodgepodge of business and private information. For instance, a phones contact list could have personal and business contacts. Business documents saved as PDFs may be loaded into an e-reader app. Thus, your policy must make it clear that while IT isnt responsible for backing up your MP3 files or vacation photos, some personal data may be intermingled with corporate backups. Your policy must also address remote data wipes for just the same reason personal data may be destroyed if a device is lost or stolen. Nearly three-quarters of the respondents to our InformationWeek Mobile Device Management and Security Survey have written policies or procedures regarding the handling of mobile data. If you havent yet devel-

informationweek.com

August 2012 4

Previous

Next

MOBILE DEVICE BACKUP

[COVER STORY]

oped a mobile policy, make sure you get input from multiple sources, including human resources, security, legal, and users themselves. Backup Challenges Your IT organization probably has mechanisms in place to back up company laptops and PCs. A typical plan calls for backing up everything on the device, including the OS, applications, and files such as Office documents. Full backups including the OS are possible on mobile platforms, but not without some challenges. The operating systems for Apple and Android phones and tablets run applications in a sandbox that doesnt permit apps to see data generated by other apps. That means a traditional backup agent like the kind that runs on a PC cant capture all the data on a mobile device. IT organizations that want to perform a full backup will have to use workarounds. For Apple devices, the workaround involves iTunes, since Apple phones and tablets have to sync with iTunes to back up data (as well as to activate or update devices). IT can deploy iTunes software on employees work computers using desktop management tools. If an employee syncs an iPhone or iPad to a work computer, then iTunes automatically backs up the mobile device and stores that backup on the work computer. That gives IT some measure of control over the data. For more information on backing
informationweek.com

Previous

Next

MOBILE DEVICE BACKUP

[COVER STORY]

up Apple mobile devices, Apple has a manual for enterprise deployments. Apple also lets people sync different data types to different computers. For example, music files can be synced to a home computer and contacts to a work computer. If IT activates the tablet or phone for the employee via iTunes, the software can be configured to enforce this separation of data, so that information important to the company is synced and backed up to a corporate PC, while personal data stays with the users computer. However, given that many Apple devices are purchased by employees, theres a strong likelihood that they would activate and sync their mobile devices to iTunes running on personal computers, which may put backups outside of IT control. For Android devices, its not much easier to do a full backup of the operating system and data. The Android OS doesnt provide hooks needed for a full device backup. A backup manager API is built into the Android platform, but each device maker, such as Samsung and Motorola, must create a customized backup transport, and then user applications communicate with that transport through the backup manager API. The upshot is that each individual application on the device must
informationweek.com

Does Your Mobility Policy Let Employees Use Personal Mobile Devices For Work?
No, and we have no plans to allow this

14%
Yes

24%
No, but were developing a policy

62%

Data: InformationWeek 2012 Mobile Security Survey of 322 business technology professionals, March 2012

have backup support built in by the application vendor, and IT cant necessarily control where the backup lands. Some third-party services, such as MyBackup Pro, will back up just about everything on an Android device except the operating system, but the device has to be rooted to enable this. A device is rooted when the owner subverts system controls placed by the device manufacturer to get root or administrator access to the device. Many companies dont let rooted devices connect to corporate networks, because employees with rooted phones may also be able to disable

security features enabled by mobileR device management software, such as the password strength policy and autolock. Most Android smartphones come with a card slot into which the user can plug an external storage device, such as an SD card. The Android device can be configured to save data to this external device, providing another backup option for IT. However, it requires a diligent user who knows enough to back up the data and can then either save the data to a PC that IT regularly backs up or deliver the removable card to IT for backup. Some backup agents can also back up data
August 2012 6

Previous

Next

MOBILE DEVICE BACKUP

[COVER STORY]

on an SD card. Note that if you store corporate data on an SD card, the data wont be protected by device encryption and will be readable by any application on the device. Theres one kind of data thats relatively easy to back up: email. This is particularly true for companies using Microsoft Exchange. Microsoft offers an ActiveSync agent that synchronizes email and attachments between the Exchange server and mobile devices. The data remains on the Exchange server so that it can be synced among multiple devices (laptop, desktop, mobile phone, etc.). Exchange servers are already part of a companys centralized backup program, so corporate email doesnt need to be backed up on individual mobile devices. Consider Cloud Android and iOS devices do support backups of certain user data such as device settings, calendar and contacts, photos, and SMS, but theres no easy way for a company to back up that information to a central locationunless IT is willing to consider cloud-based backup. Druva is one option. The company provides a variety of services, including backup for laptops and mobile devices. IT can have backups
informationweek.com

stored on premises or in Druvas cloud. Druvas application, inSync, provides administrator-controlled backup for Apple and Android devices. On iOS and Android platforms, administrators can schedule backups of contacts, pictures, videos, text messages, and call history. When it comes to Office files, the user can manually share files with inSync, which will back them up. Asigra also offers a cloud-based backup service that supports mobile devices. On the Android platform, Asigras DS-Mobile Client can back up contacts, calendar, call logs, settings, apps, and Office files. On iOS, the client can back up contacts, calendars, photos, and videos. Many cloud backup vendors also resell

Asigras client to support mobile device backup for their customers. Office files are likely to be the most sensitive corporate information that gets used on mobile devices. If IT is concerned about Office files, it may want to consider cloud-based synchronization services such as Box or Dropbox. While not technically a backup, these file synchronization services do store copies of files, including updates and changes, in the cloud. If a mobile device is lost and subsequently wiped clean, the owner can still recover files from one of these services. In addition, many of these services support some form of centralized management for IT, such as being able to create and monitor

Write It Down
Does your company have written policies and procedures pertaining to mobile and portable devices or the handling of mobile data?
2011 2010

Yes

73% 75%
No, but policies are being considered or are under development

21% 22%
No

6% 3%
Data: InformationWeek Mobile Device Management and Security Survey of 323 business technology professionals in August 2011 and 307 in March 2010 August 2012 7

Previous

Next

MOBILE DEVICE BACKUP

[COVER STORY]

corporate accounts for users. While IT may be uncomfortable with putting corporate data into the cloud, the fact is, users

are flocking to these offerings with or without ITs approval. IT may be better served by getting out in front by offering a version that allows

Which Centrally Controlled Features For Tablets And Smartphones Most Interest You?
Compliance and policy settings

53%
Policy enforcement

51%
Device updates

44%
Management of physical devices

40%
Auditing

34%
Remote selective data wipe

34%
Remote full data wipe

30%
Support for multiple device types

29%
Over-the-air provisioning and updates

26%
Application whitelisting

some measure of administrative control. For instance, in May, Box announced new security and administration features to make it easier for IT to manage users and files. Meanwhile, Dropbox launched a Teams version of its service that adds administrative functions such as the ability to add and remove users from the service. Similar options include Syncplicity, a file synchronization and sharing platform designed for enterprise use that supports mobile devices. On the Android platform, users can update existing files and create new ones, and have them synced via the service to be available elsewhere. Apple iPhone users can upload and view files. Syncplicity, which EMC recently acquired, supports administrative controls such as revoking user accounts and setting and resetting passwords. Other products that combine cloud synchronization with administrative controls include Trend Micro Safe Sync and Mezeo. Going Cloud? Get Encryption When using a cloud-based service, data should be encrypted both in transit and at rest. Respondents to InformationWeeks Public Cloud Storage Survey rated data encryption as the third most important feature of a cloud storage system, just behind the ability to
August 2012 8

21%
Remote troubleshooting

20%
Jailbreak and rooting detection

18%
Schedule backup and restore

11%
Data: InformationWeek 2011 Mobile Device Management and Security Survey of 323 business technology professionals, August 2011

informationweek.com

Previous

Next

MOBILE DEVICE BACKUP

[COVER STORY]

move data between cloud and on-premises storage, and on-demand access. Most cloud backup and synchronization services support encryption in transitthe procedures and protocols for encrypting data as it travels over networks are well established. Many cloud storage and file synchronization services also encrypt the data stored on their systems. For instance, SugarSync encrypts all stored files using 128-bit AES, and Box encrypts data at rest using 256-bit AES. The question then becomes one of trust. If the provider manages the decryption keys, this potentially opens the door to unauthorized access to your information by a rogue employee or outside attacker. The probability of such an occurrence is low, but if it represents a risk you dont want to take, you can look for a vendor that supports a distributed key management system, such as Druva. In Druvas approach, neither Druva nor the customer has direct access to the encryption key; part of the encryption key is encrypted with the users password, and the key can only be recovered when a user logs in. Dont Forget MDM Mobile device management systems probably wont solve your backup problem. Not that
informationweek.com

How Important Are These Features in Cloud Storage Services?

1 Not important
Ability to move data between cloud and on-premises storage
Very important 5

4.4 (Mean average)

On-demand access

4.3
Data encryption

4.3
Ability to establish and enforce retention policy

4.3
Network encryption

4.2
Data: InformationWeek Public Cloud Storage Survey of 229 business technology professionals at companies using, planning to adopt, or assessing public cloud storage services, April 2011

they arent importanttheyre a necessary part of a mobility strategy to get control over smartphones and tablets. Unfortunately, only a handful of MDM platforms address backup. Of 11 products in the InformationWeek Mobile Device Management Buyers Guide, just three support remote backup: Fiberlink, Sybase, and Wyse. IT isnt demanding backup from MDM vendors yet. Only 11% list scheduled backup and restore as a feature of interest from MDM, our 2011 Mobile Device Management and Security Survey finds. Twelve other features rank higher, such as compliance and policy settings, policy enforcement, and remote wipes. That attitude may change as smartphones and tablets become more ingrained in corpo-

rate workflow and as the devices ability to create content improves. As you evaluate MDM products, ask the vendors how backup figures into their road maps. In the meantime, dont ignore MDM if backup capabilities arent fully fledged, because MDM is essential to protecting data on employee- and company-owned devices. Backup and security strategies must be joined at the hip. Heres why. The first line of defense MDM provides is a strong password that allows access to the user interface. Also, autolock makes the device inaccessible if a person fails to enter the correct password after a predetermined number of tries. Encryption is the next line of defense. Most
August 2012 9

Previous

Next

MOBILE DEVICE BACKUP

[COVER STORY]

Table of Contents

MDM platforms support full device encryption, which IT may find comforting in case a device is lost or stolen. The other two critical MDM security features are device tracking and remote wipe. Device tracking will let you confirm the location of a users device. If it seems that the probability of recovering a device is low, remote wipe will ensure that no one can recover the data. And that loops us around full circle to backup. A remote wipe is tricky with a device owned by the employeeyoull prevent sensitive information from being leaked, but youll also destroy whatever personal information was stored on the device. Look for an MDM product that can differentiate between private and company-owned data. For instance, Symantec says its MDM product, Symantec Mobile Management, can keep personal and corporate data separate. If your policy requires that a device be wiped, and you allow the use of personal devices, make sure employees understand the potential to have personal data eliminated. Work In Progress Enterprise backup schemes for Android and iOS devices are still in their infancy, which IT may regard as a sign that it doesnt
informationweek.com

What Are Your Main Concerns About Using Cloud Storage Services?
2012 2011

Security

79% 79%
Reliability and availability

52% 55%
Performance

49% 51%
Cost

39% 48%
Regulatory concerns

38% 34%
Data: InformationWeek State of Storage Survey of 313 business technology professionals in January 2012 and 377 in November 2010

have to deal with the problem just yet. Thats a mistake. Enterprise mobility is on the rise, which means IT will have to address mobile backup sooner rather than later. Consider this data point from the InformationWeek Global CIO Survey: 38% of executives plan a major push to get apps on mobile devices this year. Some of these apps will be for customers, but many will be for employees. Meanwhile, 27% plan a major initiative to deploy tablet computers by the end of the year. If companies are rolling out tablets to employees, they expect a return in productivity,

and that means critical business information will be on these devices, and it has to be backed up. If you havent started thinking about mobile backup, nows the time. At the very least, start digging into the tricky policyRissues around the co-mingling of personal and corporate data, remote wipes, and other mobile sticking points while you still have some breathing room. Ben DuPont is a software engineer and owner of Nebland Software. Write to us at iwletters@techweb.com.
August 2012 10

Previous

Next

Print, Online, Newsletters, Events, Research Rob Preston VP and Editor In Chief rpreston@techweb.com 516-562-5692 Art Wittmann VP and Director, Reports awittmann@techweb.com 408-416-3227 Andrew Conry-Murray Editor At Large acmurray@techweb.com 724-266-1310 Sek Leung Associate Art Director sleung@techweb.com Chris Murphy Editor cjmurphy@techweb.com 414-906-5331 Lorna Garey Content Director, Reports lgarey@techweb.com 978-694-1681 Mary Ellen Forte Senior Art Director mforte@techweb.com READER SERVICES
InformationWeek.com The destination for breaking IT news, and instant analysis Electronic Newsletters Subscribe to InformationWeek Daily and other newsletters at informationweek.com/newsletters/subscribe.jhtml Events Get the latest on our live events and Net events at informationweek.com/events Reports reports.informationweek.com for original research and strategic advice How to Contact Us informationweek.com/contactus.jhtml Editorial Calendar informationweek.com/edcal Back Issues E-mail: customerservice@informationweek.com Phone: 888-664-3332 (U.S.) 847-763-9588 (Outside U.S.) Reprints Wrights Media, 1-877-652-5295 Web: wrightsmedia.com/reprints/?magid=2196 E-mail: ubmreprints@wrightsmedia.com List Rentals Specialists Marketing Services Inc. E-mail: PeterCan@SMS-Inc.com Phone: (631) 787-3008 x3020 Media Kits and Advertising Contacts createyournextcustomer.com/contact-us Letters to the Editor E-mail iwletters@techweb.com. Include name, title, company, city, and daytime phone number. Subscriptions Web: informationweek.com/magazine E-mail: customerservice@informationweek.com Phone: 888-664-3332 (U.S.) 847-763-9588 (Outside U.S.)

Stacey Peterson Executive Editor, Quality speterson@techweb.com 516-562-5933 Jim Donahue Chief Copy Editor jdonahue@techweb.com

Business Contacts
Executive VP of Group Sales, InformationWeek Business Technology Network, Martha Schwartz (212) 600-3015, mschwartz@techweb.com Sales Assistant, Salvatore Silletti (212) 600-3327, ssilletti@techweb.com District Manager, Cori Gordon (516) 562-5181, cgordon@techweb.com Inside Sales Manager East, Ray Capitelli (212) 600-3045, rcapitelli@techweb.com

UBM TECHWEB
John Dennehy CFO David Michael CIO Scott Vaughan CMO David Berlind Chief Content Officer, TechWeb, and Editor in Chief, TechWeb.com Ed Grossman Executive VP, InformationWeek Business Technology Network Martha Schwartz Executive VP, Group Sales, InformationWeek Business Technology Network Joseph Braue Sr. VP, Light Reading Communications Network John Ecke VP of Brand and Product Development, InformationWeek Business Technology Network Fritz Nelson VP, Editorial Director, InformationWeek Business Technology Network, and Executive Producer, TechWeb TV

Strategic Accounts
District Manager, Mary Hyland (516) 562-5120, mhyland@techweb.com Account Manager, Tara Bradeen (212) 600-3387, tbradeen@techweb.com

SALES CONTACTSWEST
Western U.S. (Pacific and Mountain states) and Western Canada (British Columbia, Alberta) Western Regional Sales Director, Kevin Bennett (415) 947-6139, kbennett@techweb.com Strategic Account Director, Coretta Wright (415) 947-6245, cwright@techweb.com District Manager, Jeremy Cotton (415) 947-6237, jcotton@techweb.com Account Manager, Ashley Cohen (415) 947-6349, aicohen@techweb.com

SALES CONTACTSMARKETING AS A SERVICE

Director of Client Marketing Strategy, Jonathan Vlock (212) 600-3019, jvlock@techweb.com Director of Client Marketing Strategy, Julie Supinski (415) 947-6887, jsupinski@techweb.com

Strategic Accounts
Account Director, Sandra Kupiec (415) 947-6922, skupiec@techweb.com

SALES CONTACTSEVENTS
Senior Director, InformationWeek Events, Robyn Duda (212) 600-3046, rduda@techweb.com

Copyright 2012 UBM LLC. All rights reserved.

UBM LLC
Pat Nohilly Sr. VP, Strategic Development and Business Admin. Marie Myers Sr. VP, Manufacturing

SALES CONTACTSEAST
Midwest, South, Northeast U.S. and Eastern Canada (Saskatchewan, Ontario, Quebec, New Brunswick) District Manager, Jenny Hanna (516) 562-5116, jhanna@techweb.com District Manager, Michael Greenhut (516) 562-5044, mgreenhut@techweb.com
informationweek.com

MARKETING
VP, Marketing, Winnie Ng-Schuchman (631) 406-6507, wng@techweb.com Sr. Marketing Manager, Monique Kakegawa (949) 223-3609, mkakegawa@techweb.com Promotions Manager, Angela Lee-Moll (516) 562-5803, aleemoll@techweb.com

August 2012 11