1
2	Components of Information Security 5. Storage A. Primary disk storage systems Encryption hardware/software
3	Real-world Risk Identity Theft Fastest growing crime in the U.S. according to the FTC In 2005 alone, ~10 million U.S. adults were victims of data breaches Accounted for $15 billion in corporate financial losses
4	Real-world Risk Just one LTO-3 Tape Cartridge Can Hold 800GBytes of Data Enough capacity to store significant personal information on all 290 million Americans Recently Reported Incidents of Lost Tapes When Who Accounts breached Feb 2005: Bank of America 1,200,000 March 2005: Time Warner 600,000 April 2005: Ameritrade 200,000 June 2005: Citigroup 3,900,000 December 2005 Marriott Corp 200,000 December 2005 LaSalle Bank 2,000,000 Data Breaches - The list you don’t want your company’s name to be on… Polo Ralph Lauren, DSW Shoe Warehouse, Lexis/Nexis MCI, Wells Fargo, The University of California City National, Wachovia, Commerce Bancorp, PNC Financial Services
5	Real-world Risk Impact of Identify Theft on Companies Damaged reputation / eroded consumer trust Lost revenues Eroded investor trust Legislation in place in most states, and at the Federal level Penalties in the hundreds of millions of dollars to corporations for losing a single tape’s worth of data Must notify every customer of the possibility of their data being mishandled and exposed Fines/penalties on individuals As high as $150,000 per person
6	Backup Tapes – Not Secure Tapes Everywhere Onsite Tapes Daily incremental and weekly full backups Sitting on top of the tape library Stored in IT cubicles, on shelves, desk drawers On top of file cabinets In cardboard boxes on the floor Typically 3-5 weeks of backup sets stored onsite Offsite tapes Weekend full backups of ALL data Tapes trucked off to tape storage warehouses Stored in car trunks, IT staff home basement Typically 5-26 full backup sets stored offsite Only 7% of all companies polled in 2005 encrypt all of their backup tapes 60% do not encrypt any tapes
7	Encrypt Everything? Application/OS/Network Oracle Encryption Wizard, Microsoft EFS, etc. Software encryption hurts performance Network encryption appliances are expensive ($100K ea) This encryption thwarts tape drive compression during backups Backups consume twice as many tapes Backups take twice as long to run Server and Storage device Trusted Platform Module PCs with encryption chips – not supported by Windows yet Seagate 2.5” Momentus disk drives - supports TPM – laptop theft Encryption boards are being added to tape libraries/drives Compress first, then encrypt backup data
8	Disk as a Secure Alternative to Backup Tapes Disk Data Resides Completely Within a Data Center Protected by network security infrastructure Protected by data center facility security systems Disk to Disk Backups Between Data Centers Replicated backups at second site provide fast disaster recovery Leverage standard VPN encryption Added Benefits Disk backups and restores are faster than tape No more tape management issues (swapping, labeling, erasing,..) No more backup tapes stored at third-party warehouses No more backup tapes handled/shipped on trucks
9	"Cross site disaster recovery" Cross site disaster recovery Each site is a DR site of the other Backup replication Secure Facility security Network security VPN Encryption and Decryption Only segments of updated files are transmitted across WAN
10	Why Use Disk For Backups Now? Backup storage capacity demands are great Tape has been the only cost effective media for storing backup data Multiple days / weeks of full / incremental backups 10x to 30x the capacity of primary storage In 2006.. SATA drives - 25% the price of primary disk storage But still too expensive to store multiple full backups New Byte-level Delta technology required Eliminate all redundancy in backup data 20:1 reduction in backup storage capacity Disk backups with byte-level delta technology compete favorably with traditional tape costs
11	Byte-level Delta Applied to Backup Data
12	"Only Different bytes sent between..." Only Different bytes sent between sites Today’s delta computed at primary site Delta sent through WAN Today’s full backup created at remote site from yesterday’s full backup + today’s delta As much as 26,000:1 data reduction Example A 5GB database backup would normally take 8 hours to send to a second site via T1 With Byte-level Deltas, it only takes minutes to transfer deltas
13	Byte-Level Delta Storage Efficiency
14	Summary Tape is Removable Media - Not Secure Real-world examples of significant corporate information loss Encryption Solves Some Security Issues, But Creates Other Operational Issues Impedes backup performance Adds backup cost Cost-effective & Secure Disk-based Backups are Possible Leverage low-cost, high-capacity SATA drives Faster backups and restores from disk Two-site deployment provides fast & simple site disaster recovery Byte-level Delta ~20:1 reduction in SATA disk storage capacity consumption ~50:1 reduction in WAN bandwidth required between sites Secure All data encrypted between sites with standard VPN encryption
15	Thank You www.exagrid.com 800-868-6985