You are on page 1of 11


Previous Next










Android and Apple devices make backup a challenge for IT. Look to smart policy, cloud services, and MDM for answers. >> By Ben DuPont


Virtualization technology improves backup >>

Do you store your VM images on a SAN? Want to back up your machines while they’re still running? Snapshot-compatible backup applications that leverage vendor APIs to do the heavy lifting are available for the major hypervisors. quires an API-compatible backup product for VMware. Acronis. VMs are composed of fixed configuration and disk files. Using hardware-assisted copy requires a SAN that’s compatible with vStorage API for Array Integration. and the underlying storage system was saddled with a significant amount of read I/O during backups. according to the latest VMware hardware compatibility list: FalconStor. It’s fast. imagine running traditional networkor agent-based backup over the internal hypervisor instead of across conventional network links. August 2012 2 Register 9-11 at the St. highly effective. Users griped. so VMware has eliminated VCB in favor of an integrated API called vStorage APIs for Data Protection. Doing the backup itself reJA KE MC TI G U E Real-World Insight Join us at the InformationWeek 500 Conference to hear a range of speakers. VM-level backup at a reasonable price. Calif. Three vendors have VAAI-ready SANs. . The machine is backed up. and to a lesser extent Microsoft. Other Capabilities Virtualization APIs can also grab flat-file backups from guest virtual machines. For instance. Quest. and spin it up anywhere. which is designed to keep as much data as possible in memory for faster reads and queries. Symantec. Volume Shadow Copy Service. including Procter & Gamble CIO Filippo Passerini.Previous Next practicalAnalysis Virtualization Technology Improves Backup And Recovery IT teams that have gone big on virtualization can take advantage of advances that simplify the process of backing up virtual machines. Third-party virtualization backup providers such as Veeam have taken full advantage of VADP and its Microsoft equivalent. Write to us at iwletters@techweb. Changes are redirected to a change file instead of the original volume. even if clients are using it.0. Other advances are transforming backup. and the snapshot is destroyed. EMC. and Syncsort are API certified. use the horsepower of the storage arrays to make copies of data to be backed up. VMware’s Virtual Machine Communication Interface allows machines on the same host to read data from one another at the speed of the internal machine bus. so it’s easy to grab a copy of a machine’s resource profile. LeftHand. It happens Sept. This meant IT had to deal with tedious configuration requirements. Jake McTigue is president of McTigue Analytics. and products that already excel at flat-file backups can leverage the APIs to do so better and with a smaller footprint. Regis Monarch Beach. particularly for large transfers or where the data is in running memory. but it required the use of a VMware Consolidated Backup proxy server. VADP is invoked directly by a backup application and is a configuration-free feature of vSphere. But most exciting is underlying storage’s involvement in the backup process. CommVault. Note that you’ll need to upgrade to vSphere 4 or later to take advantage of these APIs. to deliver low-cost. This approach works provided the storage array has enough spare capacity to accommodate the I/O. and HP. HewlettPackard. snag the associated disk files. VMware has performed backups this way since ESX 2. Dana Point. And VMware and Microsoft have improved this functionality. One example is SQL Server. They make API calls to take snapshots of VMs prior to starting the backup process. The latest storage APIs from VMware.

Our survey shows that 46% of respondents allow employee-owned August 2012 3 . Those employee-owned devices are likely to be Apple or Android products. IT wrestles with how to back up sensitive data that might reside on these platforms.Previous Next [COVER STORY] Android and Apple devices make backup a challenge for IT. By Ben DuPont A informationweek. and MDM for answers. Look to smart policy. cloud services. Mobile backups are also complicated by the fact that many smartphones and tablets are the property of the employee. not the employer—86% of respondents to InformationWeek’s 2012 Mobile Security Survey say they allow or plan to allow employee-owned devices. IT can’t simply deploy a software agent for full backups as it would with PCs or laptops because of restrictions built into mobile operating s smartphone and tablet use grows in companies.

x and 4. If you haven’t yet devel- informationweek.and corporate-owned devices. But IT doesn’t have any obligation to protect an employee’s personal information. For instance. “Our job is to make sure mobile users get access to the stuff they need securely. files. a phone’s contact list could have personal and business contacts.” says Finneran. That’s the wrong approach. Business documents saved as PDFs may be loaded into an e-reader app. some personal data may be intermingled with corporate backups. Thus. “What level of security is required is defined by the organization. Your policy must also address remote data wipes for just the same reason— personal data may be destroyed if a device is lost or stolen. such as photos and videos. While IT has more control over devices it deploys to users. Nearly three-quarters of the respondents to our InformationWeek Mobile Device Management and Security Survey have written policies or procedures regarding the handling of mobile data. A mobile device can quickly become a hodgepodge of business and private information. your policy must make it clear that while IT isn’t responsible for backing up your MP3 files or vacation photos. IT has an obligation to back up company data and to take steps to do August 2012 4 . and look to mobile device management software that can provide the kind of finegrained control necessary to enforce company policy on personal devices. followed by 36% that allow Android 3. many of the backup challenges are the same regardless of whom the device belongs to. consider cloud-based storage and synchronization services to back up essential corporate data. regardless of who owns the phone. applica- tions. IT’s first reaction to the bring-your-own-device phenomenon may be to write separate policies for employee. What you’ll find: > Pros and cons of cloud backup and sync services > Advice on policy and key MDM requirements Apple iOS devices to store corporate data. and other information. says Michael Finneran. Put It In Writing Start with well-defined policies that explain IT’s responsibilities regarding corporate data on both employee.x devices. and 28% that allow Android 2.x devices. separating personal and corporate data is really hard. A feasible mobile backup plan should address both employee. Of course. make sure your mobile device policy clearly describes the requirements for access.Previous Next MOBILE DEVICE BACKUP [COVER STORY] Get This And All Our Reports Our full report on backing up Android and iOS devices is free with registration. … and what users get access to is defined by their role. On the technology front.and company-issued devices.and IT-owned devices. This report includes 15 pages of actionoriented analysis. Download If you let employee-owned devices access company applications or data.” Your policy should be just as clear about where IT’s responsibilities lie regarding backups. an independent consultant and industry analyst (and InformationWeek contributor).

The operating systems for Apple and Android phones and tablets run applications in a sandbox that doesn’t permit apps to see data generated by other apps. make sure you get input from multiple sources. but not without some challenges. applications. including the OS. Backup Challenges Your IT organization probably has mechanisms in place to back up company laptops and PCs. IT organizations that want to perform a full backup will have to use workarounds. For more information on backing informationweek. legal. since Apple phones and tablets have to sync with iTunes to back up data (as well as to activate or update devices). A typical plan calls for backing up everything on the device. IT can deploy iTunes software on employees’ work computers using desktop management tools. Full backups including the OS are possible on mobile platforms. For Apple devices. security. including human resources.Previous Next MOBILE DEVICE BACKUP [COVER STORY] oped a mobile policy. and files such as Office . That means a traditional backup agent like the kind that runs on a PC can’t capture all the data on a mobile device. then iTunes automatically backs up the mobile device and stores that backup on the work computer. the workaround involves iTunes. If an employee syncs an iPhone or iPad to a work computer. That gives IT some measure of control over the data. and users themselves.

The Android OS doesn’t provide hooks needed for a full device backup. If IT activates the tablet or phone for the employee via iTunes. Some third-party services. Many companies don’t let rooted devices connect to corporate networks. A backup manager API is built into the Android platform. For example. such as an SD card. there’s a strong likelihood that they would activate and sync their mobile devices to iTunes running on personal computers. while personal data stays with the user’s computer. A device is rooted when the owner subverts system controls placed by the device manufacturer to get “root” or administrator access to the device. However. and then user applications communicate with that transport through the backup manager API. Apple has a manual for enterprise Does Your Mobility Policy Let Employees Use Personal Mobile Devices For Work? No. so that information important to the company is synced and backed up to a corporate PC. because employees with rooted phones may also be able to disable security features enabled by mobileR device management software.Previous Next MOBILE DEVICE BACKUP [COVER STORY] up Apple mobile devices. music files can be synced to a home computer and contacts to a work computer. will back up just about everything on an Android device except the operating system. such as Samsung and Motorola. For Android devices. Most Android smartphones come with a card slot into which the user can plug an external storage device. but we’re developing a policy 62% Data: InformationWeek 2012 Mobile Security Survey of 322 business technology professionals. it’s not much easier to do a full backup of the operating system and data. but each device maker. the software can be configured to enforce this separation of data. such as the password strength policy and autolock. providing another backup option for IT. given that many Apple devices are purchased by employees. such as MyBackup Pro. which may put backups outside of IT control. and IT can’t necessarily control where the backup lands. must create a customized backup transport. However. The upshot is that each individual application on the device must informationweek. it requires a diligent user who knows enough to back up the data and can then either save the data to a PC that IT regularly backs up or deliver the removable card to IT for backup. Apple also lets people sync different data types to different computers. Some backup agents can also back up data August 2012 6 . March 2012 have backup support built in by the application vendor. but the device has to be rooted to enable this. The Android device can be configured to save data to this external device. and we have no plans to allow this 14% Yes 24% No.

many of these services support some form of centralized management for IT. Asigra’s DS-Mobile Client can back up contacts. and Office files. On the Android platform. etc. While not technically a backup. On iOS and Android platforms. The data remains on the Exchange server so that it can be synced among multiple devices ( stored on premises or in Druva’s cloud. On iOS.). If IT is concerned about Office files. settings. Many cloud backup vendors also resell Asigra’s client to support mobile device backup for their customers. Druva’s application. Exchange servers are already part of a company’s centralized backup program. Asigra also offers a cloud-based backup service that supports mobile devices. calendars. Note that if you store corporate data on an SD card. There’s one kind of data that’s relatively easy to back up: email. This is particularly true for companies using Microsoft Exchange. and call history. call logs. photos. In addition. videos. mobile phone. it may want to consider cloud-based synchronization services such as Box or Dropbox. Office files are likely to be the most sensitive corporate information that gets used on mobile devices.Previous Next MOBILE DEVICE BACKUP [COVER STORY] on an SD card. including updates and changes. such as being able to create and monitor Write It Down Does your company have written policies and procedures pertaining to mobile and portable devices or the handling of mobile data? 2011 2010 Yes 73% 75% No. the data won’t be protected by device encryption and will be readable by any application on the device. The company provides a variety of services. so corporate email doesn’t need to be backed up on individual mobile devices. When it comes to Office files. pictures. inSync. calendar and contacts. in the cloud. the user can manually share files with inSync. Microsoft offers an ActiveSync agent that synchronizes email and attachments between the Exchange server and mobile devices. these file synchronization services do store copies of files. IT can have backups informationweek. which will back them up. desktop. and videos. If a mobile device is lost and subsequently wiped clean. Druva is one option. Consider Cloud Android and iOS devices do support backups of certain user data such as device settings. but there’s no easy way for a company to back up that information to a central location—unless IT is willing to consider cloud-based backup. administrators can schedule backups of contacts. apps. and SMS. photos. including backup for laptops and mobile devices. calendar. but policies are being considered or are under development 21% 22% No 6% 3% Data: InformationWeek Mobile Device Management and Security Survey of 323 business technology professionals in August 2011 and 307 in March 2010 August 2012 7 . text messages. provides administrator-controlled backup for Apple and Android devices. the client can back up contacts. the owner can still recover files from one of these services.

For instance. Respondents to InformationWeek’s Public Cloud Storage Survey rated data encryption as the third most important feature of a cloud storage system. Box announced new security and administration features to make it easier for IT to manage users and files. Similar options include Syncplicity. On the Android platform. in May. While IT may be uncomfortable with putting corporate data into the cloud. which EMC recently acquired. data should be encrypted both in transit and at rest. Syncplicity. users are flocking to these offerings with or without IT’s approval. a file synchronization and sharing platform designed for enterprise use that supports mobile devices. Other products that combine cloud synchronization with administrative controls include Trend Micro Safe Sync and Mezeo. IT may be better served by getting out in front by offering a version that allows Which Centrally Controlled Features For Tablets And Smartphones Most Interest You? Compliance and policy settings 53% Policy enforcement 51% Device updates 44% Management of physical devices 40% Auditing 34% Remote selective data wipe 34% Remote full data wipe 30% Support for multiple device types 29% Over-the-air provisioning and updates 26% Application whitelisting some measure of administrative control. users can update existing files and create new ones. August 2011 informationweek. supports administrative controls such as revoking user accounts and setting and resetting passwords.Previous Next MOBILE DEVICE BACKUP [COVER STORY] corporate accounts for users. Apple iPhone users can upload and view . and have them synced via the service to be available elsewhere. the fact is. Dropbox launched a Teams version of its service that adds administrative functions such as the ability to add and remove users from the service. Meanwhile. Going Cloud? Get Encryption When using a cloud-based service. just behind the ability to August 2012 8 21% Remote troubleshooting 20% Jailbreak and rooting detection 18% Schedule backup and restore 11% Data: InformationWeek 2011 Mobile Device Management and Security Survey of 323 business technology professionals.

and Wyse.3 Network encryption 4. and on-demand access. Many cloud storage and file synchronization services also encrypt the data stored on their How Important Are These Features in Cloud Storage Services? 1 Not important Ability to move data between cloud and on-premises storage Very important 5 4. Twelve other features rank higher. and Box encrypts data at rest using 256-bit AES. April 2011 they aren’t important—they’re a necessary part of a mobility strategy to get control over smartphones and tablets. and the key can only be recovered when a user logs in. The probability of such an occurrence is low. Backup and security strategies must be joined at the hip. Most August 2012 9 . our 2011 Mobile Device Management and Security Survey finds. this potentially opens the door to unauthorized access to your information by a rogue employee or outside attacker. you can look for a vendor that supports a distributed key management system.3 Ability to establish and enforce retention policy 4.3 Data encryption 4. The question then becomes one of trust. just three support remote backup: Fiberlink. Only 11% list “scheduled backup and restore” as a feature of interest from MDM. Unfortunately. ask the vendors how backup figures into their road maps. autolock makes the device inaccessible if a person fails to enter the correct password after a predetermined number of tries. Also.4 (Mean average) On-demand access 4. such as Druva. Not that informationweek. In the meantime. such as compliance and policy settings. only a handful of MDM platforms address backup. Of 11 products in the InformationWeek Mobile Device Management Buyer’s Guide.Previous Next MOBILE DEVICE BACKUP [COVER STORY] move data between cloud and on-premises storage. Here’s why. In Druva’s approach. and remote wipes. because MDM is essential to protecting data on employee. The first line of defense MDM provides is a strong password that allows access to the user interface. planning to adopt. IT isn’t demanding backup from MDM vendors yet. For instance.and company-owned devices. don’t ignore MDM if backup capabilities aren’t fully fledged. or assessing public cloud storage services. SugarSync encrypts all stored files using 128-bit AES. Don’t Forget MDM Mobile device management systems probably won’t solve your backup problem. That attitude may change as smartphones and tablets become more ingrained in corpo- rate workflow and as the devices’ ability to create content improves. Sybase. As you evaluate MDM products. Encryption is the next line of defense. part of the encryption key is encrypted with the user’s password. If the provider manages the decryption keys. neither Druva nor the customer has direct access to the encryption key. but if it represents a risk you don’t want to take.2 Data: InformationWeek Public Cloud Storage Survey of 229 business technology professionals at companies using. policy enforcement. Most cloud backup and synchronization services support encryption in transit—the procedures and protocols for encrypting data as it travels over networks are well established.

Ben DuPont is a software engineer and owner of Nebland Software. 27% plan a major initiative to deploy tablet computers by the end of the year. Consider this data point from the InformationWeek Global CIO Survey: 38% of executives plan a major push to get apps on mobile devices this year.Previous Next MOBILE DEVICE BACKUP [COVER STORY] Table of Contents MDM platforms support full device encryption. and that means critical business information will be on these devices. and other mobile sticking points while you still have some breathing make sure employees understand the potential to have personal data eliminated. can keep personal and corporate data separate. but you’ll also destroy whatever personal information was stored on the device. now’s the time. The other two critical MDM security features are device tracking and remote wipe. and you allow the use of personal devices. August 2012 10 . A remote wipe is tricky with a device owned by the employee—you’ll prevent sensitive information from being leaked. Meanwhile. Write to us at What Are Your Main Concerns About Using Cloud Storage Services? 2012 2011 Security 79% 79% Reliability and availability 52% 55% Performance 49% 51% Cost 39% 48% Regulatory concerns 38% 34% Data: InformationWeek State of Storage Survey of 313 business technology professionals in January 2012 and 377 in November 2010 have to deal with the problem just yet. Work In Progress Enterprise backup schemes for Android and iOS devices are still in their infancy. That’s a mistake. Device tracking will let you confirm the location of a user’s device. remote wipe will ensure that no one can recover the data. which IT may regard as a sign that it doesn’t informationweek. which means IT will have to address mobile backup sooner rather than later. Symantec says its MDM product. If it seems that the probability of recovering a device is low. If your policy requires that a device be wiped. Some of these apps will be for customers. For instance. start digging into the tricky policyRissues around the co-mingling of personal and corporate data. Symantec Mobile Management. but many will be for employees. If companies are rolling out tablets to employees. and it has to be backed up. which IT may find comforting in case a device is lost or stolen. At the very least. remote wipes. Look for an MDM product that can differentiate between private and company-owned data. And that loops us around full circle to backup. they expect a return in productivity. If you haven’t started thinking about mobile backup. Enterprise mobility is on the rise. Reports reports. InformationWeek Business Technology Account Manager. Manufacturing SALES CONTACTS—EAST Midwest.S. Sandra Kupiec (415) 947-6922.Previous Next Print. Strategic Development and Business E-mail: customerservice@informationweek. Mary Hyland (516) 562-5120. District Manager. (Pacific and Mountain states) and Western Canada (British Columbia.S. Monique Kakegawa (949) 223-3609. Jonathan Vlock (212) 600-3019. Reports lgarey@techweb.jhtml Events Get the latest on our live events and Net events at informationweek. SALES CONTACTS—WEST Western U. and Executive Sr. tbradeen@techweb. mgreenhut@techweb. Marketing. jsupinski@techweb. Cori Gordon (516) August 2012 11 . InformationWeek Business Technology Network Martha Schwartz Executive VP. District Manager. 1-877-652-5295 Web: wrightsmedia. Winnie Ng-Schuchman (631) 406-6507. and Editor in Chief. for original research and strategic advice How to Contact Us informationweek.S. Events.jhtml Editorial Calendar informationweek. VP. Research Rob Preston VP and Editor In Chief rpreston@techweb. Ashley Cohen (415) 947-6349. InformationWeek Business Technology Network Joseph Braue Sr. Coretta Wright (415) 947-6245.) 847-763-9588 (Outside U. Ray Capitelli (212) 600-3045. 408-416-3227 Andrew Conry-Murray Editor At Large 516-562-5692 Art Wittmann VP and Director. Quality READER SERVICES Phone: 888-664-3332 (U. Marketing List Rentals Specialists Marketing Services Sales Assistant. aicohen@techweb. Martha Schwartz (212) 600-3015. Alberta) Western Regional Sales Director. Quebec. TechWeb. 978-694-1681 Mary Ellen Forte Senior Art Director mforte@techweb. Reports awittmann@techweb. and instant analysis Electronic Newsletters Subscribe to InformationWeek Daily and other newsletters at informationweek. Editorial Director. InformationWeek Events. company. E-mail: PeterCan@SMS-Inc. cgordon@techweb. rduda@techweb. Include Business Contacts Executive VP of Group Sales. 724-266-1310 Sek Leung Associate Art Director sleung@techweb.) Stacey Peterson Executive Account MARKETING Copyright 2012 UBM Phone: 888-664-3332 ( UBM TECHWEB John Dennehy CFO David Michael CIO Scott Vaughan CMO David Berlind Chief Content Officer. VP. Jenny Hanna (516) Ed Grossman Executive VP. Kevin Bennett (415) 947-6139. mkakegawa@techweb. Letters to the Editor E-mail iwletters@techweb. Angela Lee-Moll (516) Chris Murphy Editor SALES CONTACTS—MARKETING AS A SERVICE Director of Client Marketing Strategy. Newsletters. rcapitelli@techweb. wng@techweb. ssilletti@techweb. and Eastern Canada (Saskatchewan. InformationWeek Business Technology Network. Marie Myers Sr.) Reprints Wright’s Media. cwright@techweb. informationweek. Robyn Duda (212) 600-3046. TechWeb TV Strategic Accounts District Manager. Light Reading Communications Network John Ecke VP of Brand and Product 414-906-5331 Lorna Garey Content Director. kbennett@techweb. Subscriptions Web: informationweek. InformationWeek Business Technology Network Fritz Nelson VP. Strategic Account Director. Salvatore Silletti (212) 600-3327. Northeast U. Promotions District E-mail: SALES CONTACTS—EVENTS Senior Phone: (631) 787-3008 x3020 Media Kits and Advertising Contacts Back Issues E-mail: customerservice@informationweek. skupiec@techweb. All rights reserved. UBM LLC Pat Nohilly Sr. and daytime phone number. Jeremy Cotton (415) 947-6237. Julie Supinski (415) 947-6887. Group 516-562-5933 Jim Donahue Chief Copy Editor jdonahue@techweb. Tara Bradeen (212) Inside Sales Manager East. Strategic Accounts Account Director. New Brunswick) District 847-763-9588 (Outside U. Michael Greenhut (516) Director of Client Marketing The destination for breaking IT news.