computing Computing is any goal-oriented activity requiring, benefiting from, or creating computing machinery. It includes the study and experimentation of algorithmic processes, and development of both hardware and software. Computing has scientific, ...

, off-site data protection, or vaulting, is the strategy of sending critical data out of the main location (''off'' the main ''site'') as part of a

disaster recovery plan Given organizations' increasing dependency on information technology to run their operations, Business continuity planning covers the entire organization, and Disaster recovery focuses on ''IT''. Auditing of documents covering an organization's '' ...

. Data is usually transported off-site using removable storage media such as

magnetic tape Magnetic tape is a medium for magnetic storage made of a thin, magnetizable coating on a long, narrow strip of plastic film. It was developed in Germany in 1928, based on the earlier magnetic wire recording from Denmark. Devices that use magnet ...

or optical storage. Data can also be sent electronically via a remote backup service, which is known as ''electronic vaulting'' or ''e-vaulting''. Sending backups off-site ensures systems and servers can be reloaded with the latest data in the event of a disaster, accidental error, or system crash. Sending backups off-site also ensures that there is a copy of pertinent data that isn’t stored on-site. Although some organizations manage and store their own off-site backups, many choose to have their backups managed and stored by third parties who specialize in the commercial protection of off-site data.

Data vaults

The storage of off-site data is also known as vaulting, as backups are stored in purpose-built vaults. There are no generally recognized standards for the type of structure which constitutes a vault. That said, commercial vaults typically fit into three categories: * Underground vaults – often converted defunct cold war military or communications facilities, or even disused mines. * Free-standing dedicated vaults * Insulated chambers sharing facilities – often implemented within existing record center buildings.

Hybrid on site and off-site vaulting

Hybrid on-site and off-site data vaulting, sometimes known as Hybrid Online Backup, involve a combination of Local backup for fast backup and restore, along with Off-site backup for protection against local disasters. According to Liran Eshel, CEO of CTERA Networks, this ensures that the most recent data is available locally in the event of need for recovery, while archived data that is needed much less often is stored in the cloud. Hybrid Online Backup works by storing data to local disk so that the backup can be captured at high speed, and then either the backup software or a D2D2C (Disk to Disk to Cloud) appliance encrypts and transmits data to a service provider. Recent backups are retained locally, to speed data recovery operations. There are a number of cloud storage appliances on the market that can be used as a backup target, including appliances from CTERA Networks, Nasuni,

StorSimple StorSimple was a privately held company based in Santa Clara, California, marketing cloud storage. History StorSimple was funded by venture capital from Index Ventures, Redpoint Ventures, Ignition Partners, and Mayfield Fund for a total of $31. ...

and

TwinStrata TwinStrata is a corporate cloud storage company with its head office in Natick, Massachusetts. The business was formed in 2007 by Nicos Vekiarides and John Bates and was acquired by EMC Corporation Dell EMC (EMC Corporation until 2016) is an A ...

.Boles, Jeff
Hybrid cloud backup: D2D2C emerging as a viable data backup strategy
SearchDataBackup, 2 May 2011

Statutory obligations

Data Protection Statutes are usually non-prescriptive within the commercial IT arena in how data is to be protected, but they increasingly require the active protection of data. United States Federal entities have specific requirements as defined by the U.S. National Institute of Standards and Technology (NIST). NIST documentation can be obtained at http://csrc.nist.gov/publications/PubsSPs.html and commercial agencies have the option of using these documents for compliance requirements. * History – today's regulatory requirements started with the "Rainbow" Series. Every organization has used these standards to develop "their" version of compliance – don't get wrapped around the NIC on compliance – use "Due Care" and apply "Due Diligence" and base your infrastructure using "SECURITY" as the foundation. Statutes which mandate the protection of data are: * Federal Information Systems Management Act (FISMA) – US * GAO Federal Information System Controls Audit Manual (FISCAM) – US * Health Insurance Portability and Accountability Act (HIPAA) – US * Sarbanes–Oxley (SOX) – US *

Basel II Basel II is the second of the Basel Accords, which are recommendations on banking laws and regulations issued by the Basel Committee on Banking Supervision. It is now extended and partially superseded by Basel III. The Basel II Accord was publi ...

– International – US * Gramm-Leach-Bliley (GLBA) – US * Data Protection Act 1998 – UK * Foreign Corrupt Practices Act ("FCPA") – US

Legal precedents

* Thomas F. LINNEN, et al v. A.H. ROBINS COMPANY, INC., et als, (Mass. Super. Court, No. 97-2307). * Linnen v. Robins, 1999 WL 462015, 10 Mass. L.Rptr. 189 (Mass Super. Court, 1999). * FJS Electronics v. Fidelity Bank * Zubulake v. UBS Warburg * Coleman (Parent) Holdings, Inc. v. Morgan Stanley & Co. Inc., 2005 Extra LEXIS 94 (Fla. Cir. Ct. Mar. 23, 2005).

References

* ''Protecting Data Off-Site''. Gerard Nicol 2006 {{DEFAULTSORT:Off-Site Data Protection Computer security procedures Corporate law Disaster recovery Backup

Data vaults

Hybrid on site and off-site vaulting

Statutory obligations

Legal precedents

See also

References