At the end of April 2009, a computer hacker managed to steal over 8.2 million personal records from the State of Virginia’s Prescription Monitoring Program, containing information such as social security and driver’s license numbers. Along with the stolen data, the hacker reportedly erased all of the State’s database backups, leaving no way to get the records back. The hacker then put the only copy of the information up for a $10 million ransom and threatened to sell to it the highest bidder if the State refused to pay. This incident, along with many others, has shed light on a serious data security and recovery problem at government agencies of all levels, including cities.
With increased attention on government data security and new regulations like Red Flag, many cities are looking for new ways to protect and store data. While a city may have data backup and security measures in place, these technologies are often out of date and susceptible to attacks like the one suffered at the State of Virginia. Such data loss can have dire consequences for a city government as displayed by a recent University of Texas study showing that only 6 percent of companies that experience catastrophic data loss will survive for longer than a year. Granted, a city is not a private business but it can be equally impacted by data loss, affecting the delivery of services like police, fire and utilities to citizens.
Tape Backups and Data Loss
Many data security problems can be traced back to the way that data is saved and stored. According to ZDNet’s Robin Harris, 80% of all data loss can be tied to either hardware failure or human error. A primary reason for the high rate of data loss is due to the use of traditional tape-based methods to backup the information combined with poor procedures for storing the data.
Tape-based backups work by sending the city’s data to an onsite device which stores the information on tapes. Because the tapes can only hold so much information, many typically have to be used and they must be manually removed and stored in a safe place on a regular basis, introducing a number of points where data loss can occur. Let’s examine the challenges facing a tape-based backup system:
High Costs – Tape backups require the purchase of a tape drive, management software licenses renewed annually, and the on-going costs of the tapes themselves. Add this to the cost of the time spent daily by staff to manage the system and it becomes a heavy burden on already stretched IT budgets.
Unreliable Backups – Are the backup tapes regularly tested by your staff? Storage Magazine reports that 34% of organizations do not test their tapes. When combined with studies that show tape failure rates of anywhere from 40% all the way up to an astounding 70% for a full restore, the evidence suggests that relying solely on a tape-based solution does not seem so reliable.
Slow Speed – As data storage needs expand, the speed of tape backups is becoming a major hindrance to daily operations. IBM has recently quoted International Data Corporation (IDC) estimates that data storage needs could expand at approximately 50 to 80 percent each year for businesses, and cities are likely not far behind. As data storage increases, nightly backups may last well into the morning, bringing network performance to a crawl during city operating hours. Also, in the event of a full data restore from tape, bringing the city fully back online may take days.
Frequency – Because of the slow speed of tape, only daily backups may be plausible at most cities, meaning that if data loss or disaster does occur, the city could lose over a day’s worth of data. In the case of police departments or utilities, even a day without access to critical systems can cripple the department.
Questionable Security – Where are the tapes stored? Onsite? In a fire safe? Does someone take them home at night? Onsite tape storage can be susceptible to natural disaster or theft by criminals or disgruntled employees. Also, most tapes do not use encryption, a way of electronically locking data so that only someone with the proper key can open it. Without encryption, a thief can easily copy the data.
Labor Intensive – Tapes require a great deal of time and effort from staff, especially in the case of a full restore which can take a day to fully recover (or weeks if new hardware is needed). As cities cut budgets, IT staff members are being asked to do more with less and time spent managing tape backups can add an extra burden.
Disk-Based Backups – A Modern Approach
How can cities avoid these data backup and security pitfalls? One solution is disk-to-disk based systems. In this method, instead of sending data from the servers to a tape drive, the data is automatically sent directly to one or more storage servers, to be saved on hard disk drives that rarely need to be replaced and require little management.
While onsite disk-based backups have been around for a number of years, the need to purchase costly hardware and software has made it prohibitively expensive for all but the largest cities. However, a new method known as managed offsite disk backups has recently been gaining popularity by allowing cities to avoid purchasing expensive technology. In this solution, the city will only pay a monthly fee based on use, just like an electric or phone bill. Managed offsite disk backups also have a number of advantages, including:
Reduced Cost – Managed disk-based backups have absolutely no upfront hardware or software costs and do not require the purchase of any costly media. Instead, the service provider takes the responsibility of managing the hardware, software and data backups. Minimal labor is required from city staff.
Increased Backup Reliability – Disk-based backups are much more reliable than tape for two main reasons. First, the hard disk drives that store the data have a much lower failure rate than tape. Second, because the data is copied and stored at more than one location, even if a server fails, another can easily replace it. Furthermore, disk backups can be quickly assessed and tested for stability and consistency.
Increased Speed – The time needed to perform the backup is only hampered by the data speed of the city’s network. The faster the network, the faster the backups; with full restores happening in minutes or hours instead of days.
More Frequent Backups – Disk backups are automatically performed throughout the day rather than just once a night. Most disk solutions can backup every hour, and some high-end systems can even backup data instantly, leading to drastically less data loss if disaster or theft occurs.
Increased Security – Most disk backup solutions are encrypted, making the data nearly impossible to steal even if someone were to hack into the server or take the physical hard drive. Also, the most recent daily copy of the backup is sent to multiple offsite data centers, ensuring that the data is protected from even the worst onsite disaster or outright physical theft.
Labor-free For Staff – The city will no longer need to worry about storage, maintenance, software licensing, scheduling, or loading tapes because the service provider will handle everything related to the backups, freeing up staff to focus on more important projects.
As cities look for ways to reduce IT costs and meet ever-tightening restrictions on data security, managed disk systems with offsite data storage become an attractive method for drastically improving data recovery and security across every department. While tape will continue to be a backup strategy, managed disk-based systems have begun to take over as the primary source of disaster recovery. In fact, Gartner analyst Nikhil Pant estimates that by 2010, disk-based backup and disaster recovery will be the primary method of restoring lost data, due mostly to its low cost, high security, and effortless operation. With these systems in place, hackers such as the one who struck the State of Virginia will have a much more difficult time practicing their criminal art.