Endpoint data backup is at the core of an enterprise data security strategy. Modern endpoint backup goes well beyond backup and restore, delivering risk reduction across the enterprise and addressing perennial IT and business problems.
Today, endpoint backup is being used to:
Gain visibility and control from a single console. Continuous endpoint data backup gives you complete visibility of the data living on, and moving to and from, your users' endpoint devices.
Endpoint backup makes life easier for IT staff and makes the enterprise more secure. The right solution offers a single console to manage thousands of users and device types and provides relief or recovery from:
Maslow's hierarchy of needs is a theory of human motivation often depicted in the shape of a pyramid with the most fundamental physiological needs at the bottom and increasingly higher-order needs built on top. At the apex is "self actualization," a psychological state in which an individual has fulfilled each previous level of need—e.g., food, shelter, safety, love, esteem— and is able to reach his or her full potential.
Similarly, when the basic needs of endpoint data protection and redundancy are met, the data set powers other activities in and on behalf of the enterprise.
When all the data is protected on a single platform, additional competencies can be built atop the archive to solve existing and future business problems.
Data migration is faster and foolproof. Legal hold becomes easy to manage. The collected data can be used to derive actionable intelligence—to make the enterprise more secure against insider threats.
Endpoint backup can show you:
Every IT and InfoSec professional today is concerned with doing more with less. With a single backup platform, the need for additional loss prevention, forensic and file integrity monitoring agents is reduced, as is the level of labor, energy and computing real estate on the client.
Capture and Store All End-User Data in Real Time, on a Single Platform
Data is encrypted, stored and accessible to end users and IT on a single platform. The data set empowers new capabilities.
Security tools provide insight into where data is and where it is moving so the organization can identify potential risks—such as insider threats.
Disaster Recovery and Business Continuity
Restoring data from a healthy, up-to-the-minute backup data set assures recovery from hardware failure, loss, theft, ransomware and disaster.
Use analytics to assess and anticipate the behaviors, needs, risks and aspirations of your customers and clients to fuel business growth.
With data migration tools, IT can image or reimage a device and let users migrate data at their convenience.
Locate the most sensitive data throughout your organization prior to an incident. Support the ability to audit and recover data, detect breach and remediate quickly.
Assign custodians, preservation policies and data collection with several mouse clicks, resulting in tremendous time and cost savings.
Turn big data into business advantage. As data science evolves, those companies who preserve historical data will have a certain advantage.
Research reveals that half of employees keep confidential corporate data when they leave organizations and believe it is their right. When data walks out the door, the organization is at risk of operational, financial, and reputational damage.
Shadow IT applications utilized by employees can provide hackers with access points via software vulnerabilities.
Disgruntled employees may delete files or destroy data in retaliation.
Sync and share technology. 28 percent of employees have uploaded sensitive data to the cloud.14
Selling corporate data. Some employees seek profit by selling data; others do it to watch their former company burn.
Social engineering via phishing, phone, malicious links and physical access are on the rise at companies of all sizes.
Malware infection and logic bombs purposely infect a network with malware or code "bombs" that destroy data at a future trigger date.
Poor password security. Weak passwords, shared passwords and sticky note password reminders substantially reduce security.
Software updates. Updates—including security patches—are ignored giving hackers a short runway into the network.
With modern endpoint back up, the enterprise will:
The progression of endpoint technology is relentless. Enterprise IT is constantly moving users from old machines to new devices and software, making data migration a critical and time-consuming part of tech refresh—always with inherent risk of data loss.
Each device refresh occupies both IT and the end user for two to three hours—leaving users without a means to accomplish their work and forcing IT staff to dedicate weeks of time to finish large-scale migrations. And when a data migration fails, as 38 percent do, the timeline extends.
A modern endpoint backup solution continuously and automatically moves data from the device to the cloud—and back again to a new machine whenever you need it. The best part? The end user can manage the entire data migration process herself.
Endpoint backup collects and centralizes user data and organizes it in a user archive—with no requirement for a side-by-side device replacement. Because it's automatic and continuous, there's no need for a time-consuming initial backup prior to migration. The user's archive is already complete. Moreover, after IT images the new device, they can transfer responsibility for data migration to the end user—cutting hours from daily IT schedule and thousands of hours from the overall refresh timeline.
Modern endpoint backup also allows the user to take a customized approach to restoring data on new or reimaged devices. Data can be selectively or entirely restored.
The must-haves when counting on endpoint backup to support data migration include:
If data migration requires a duration of quarantine to ensure all data has been successfully transferred, the organization pays for the decommissioned and the new machine. With an annual rotation of 30,000 machines, double payments add up fast.
Litigation has always been expensive, but with the mobile workforce driving an explosion in electronically stored information (ESI), corporations are watching legal costs skyrocket as legal counsel (and IT) work to identify, collect, review and present data for litigation. It's time to take a proactive approach. Continuous endpoint backup works on top of user backup archives to streamline legal hold, simplify eDiscovery and protect your organization from the rising costs of litigation.
When employee devices are backed up, IT has visibility— via historical archive—of every version of every file, wherever employees are stationed.
This approach to legal hold eases pressure on IT and Legal departments and protects the organization from omitting relevant data during production. Most significantly, the proactive process of data protection prevents a reactive process when litigation is threatened and saves the organization many, many thousands of dollars.
File-server backup is great for a predictable, controlled, contained environment that undergoes scheduled backups and updates. But the inevitable has happened. Office employees save information to desktops; mobile workers do the same with laptops; and backup admins have lost control. Add to that, bring your own device (BYOD) and IT consumerization, and the backup market has now shifted to the other end of the spectrum: an unpredictable, multi-OS, de-centralized environment where file servers don't serve. Servers hold and secure massive amounts of data and are integral to enterprise data governance, but using them to recover lost or damaged files requires time, a trained professional and the patience of a saint. For painless recovery from data loss or malware that encrypts files and asks for ransom, endpoint backup is the clear leader.
To back up to network file servers, users must be connected to the network physically or virtually. Code42 CrashPlan securely backs up files whenever the device is connected to WiFi.
If it's automatic, server backup typically runs once every 24 hours at night when machine resources can be fully utilized—leaving 24 hours of end-user data at risk each day before backup runs.
Code42 CrashPlan securely backs up files whenever the device is connected to WiFi.
CrashPlan is a lightweight agent on the device that works automatically and continuously to back up every version of every file to a secure cloud location. Data is encrypted both in transit and at rest.
Endpoint backup and file sync-and-share software solve two fundamentally different problems and are complementary, not synonymous. Endpoint backup creates a second copy of every file, while OneDrive and other sync-and-share tools store a small subset for sharing among people, teams and geographies. Endpoint backup is automatic and continuous, and it protects all the data on a device regardless of how it's used or shared.
All for one and one for all. What makes sync and share software so powerful is also what makes it dangerous: Edits made to a synced document in real time alter the document in real time. So, for example, if an end user accidentally deletes a critical document on his smart phone, it will be deleted from the archive. If the user discovers his mistake, he can typically go back to the file sync-and-share tool within 30 days to recover the deleted document. If not, it's gone for good.
But only one guarantees easy ransomware recovery. In a ransomware attack, file sync-and-share software would enable an employee whose data has been encrypted to roll back each file stored in the sync-and-share archive individually. Whereas endpoint backup enables a point-in-time restore of all files at once or a selective restore of the files an employee needs immediately.
If data security and recovery are your primary objectives, local deduplication is more secure and more reliable than global deduplication.
Backup vendors that promote global deduplication say it minimizes the amount of data that must be stored and provides faster upload speeds. What they don't say is how data security and recovery are sacrificed to achieve these "benefits."
Here's a key difference: with local deduplication, data redundancy is evaluated and removed on the endpoint before data is backed up. Files are stored in the cloud by the user and are easily located and restored to any device. With global deduplication, all data is sent to the cloud, but only one instance of a data block is stored.
They tell you: "You'll store less data!"
It's true that global deduplication reduces the number of files in your data store, but that's not always a good thing. Storing less data sounds like a benefit, especially if you're paying for endpoint backup based on data volume. But other than potential cost savings, how does storing less data actually benefit your organization?
For most organizations, the bulk of the files removed by the global deduplication process will be unstructured data such as documents, spreadsheets and presentations—files that are not typically big to begin with—making storage savings resulting from global dedupe minimal. The files that gobble up the bulk of your data storage are those that are unlikely to be floating around in duplicate—such as databases, video and design source files.
What they don't tell you: Storing less data doesn't actually benefit your organization. Smaller data stores benefit the solution provider. Data storage costs money and endpoint backup providers pay for huge amounts of data storage and bandwidth every month. By limiting the data stored to one copy of each unique file, the solution provider can get away with storing less data for all of its customers, resulting in smaller procurement costs each month—for them.
Vendors that offer global dedupe also fail to mention that it puts an organization at risk of losing data because (essentially) all the eggs are in one basket. When one file or data block is used by many users but saved just once, (e.g., the HR handbook for a global enterprise, sales pitch decks or customer contact lists) all users will experience the same file loss or corruption if the single instance of the file is corrupted in the cloud.
They claim global dedupe leads to faster uploads. Speed gains achieved by utilizing global deduplication are mostly undetectable. A quality endpoint backup solution will provide fast data uploads regardless of whether it uses global deduplication or local deduplication.
What they don't tell you is global deduplication comes at a cost: restore speeds will be orders of magnitude slower than restoration of data that has been locally deduplicated.
With global deduplication, all of your data is stored in one place and only one copy of a unique file is stored in the cloud regardless of how many people save a copy. Rather than store multiples of the same file, endpoint backup that utilizes global deduplication maps each user to the single stored instance. As the data store grows in size, it becomes harder for the backup solution to quickly locate and restore a file mapped to a user in the giant data set.
Unique files or data blocks are indexed as they come into the data store and are not grouped by user. When the data store is small, it's relatively easy for the system to locate all of the data blocks mapped to one user when a restore is necessary. As the data store grows in size, the process of locating all of the data blocks takes longer. Global deduplication slows the restore process and forces the end user to wait at the most critical point in the process—when he or she needs to get files back in order to continue working.
Ready to adopt an enlightened data security strategy to protect your enterprise? You already know that endpoint data backup is the essential core, but how do you find the right solution? Here's what to look for:
Code42 CrashPlan provides centralized, cloud-based endpoint backup that works across geographies, platforms and devices. It's simple to manage, simple to scale and offers powerful features to solve other data collection, migration and security problems.
The enterprise is not homogenous anymore. Apple devices set the standard in the consumer market, and executive and employee preferences for Apple devices have pushed Apple market share up in the enterprise. 92 percent of companies support Macs today.
Code42 CrashPlan backs up every file on Windows, Linux or OS X laptops and desktops—with a consistent experience across all platforms. It restores files to any computer or mobile device (including iOS, Android and Kindle Fire devices) any time, from anywhere, without requiring a VPN connection.
Code42 CrashPlan is a cloud-based SaaS backup that offers secure, non-stop protection for all end-user data on a centralized platform. When data is secured on a single platform, it enables self-service file recovery and data migration, data governance functions such as data retention rules, regulatory audits and compliance, and inplace legal hold.
Code42 CrashPlan provides complete control and visibility, granular administration, monitoring and reporting, and the ability to scale to many terabytes and many thousands of users—without adding IT headcount, headaches or in some cases, hardware.
True data privacy means only the enterprise can view data content. Code42 CrashPlan deduplicates locally, encrypts data in transit and at rest, and enables the cloud customer to hold encryption keys in any cloud deployment. On-premises key escrow ensures that only the customer can view decrypted data—keeping it safe from the cloud vendor, government surveillance and blind subpoena.
Breaches continue to increase—76 percent of organizations were breached in 2015 (2016 Cyberthreat Defense Report)—and endpoint devices are the weakest link in your security profile. Code42 CrashPlan ensures recovery of data—no matter the cause, without paying a ransom, without the original device, without the former employee. It's an investment in business continuity, risk mitigation and peace of mind.
Globally, 80 percent of companies said they were at risk from insider attacks. 55 percent said privileged users posed the biggest internal threat. And low security awareness among employees continues to be the greatest inhibitor to defending against cyber threats. Code42 CrashPlan gives IT the ability to plug these human-factor security gaps—to see who had what data when and where data was moved. Visibility of content helps IT address the risk of inadvertent and accidental leaks, exposure of sensitive data outside authorized channels and malicious insider theft.
The number one driver of data migration is technology refresh, followed by consolidation and relocation. While data migrations are routine, they pose known risks— including data loss and corruption, unexpected downtime, lease overruns and technical compatibility issues.
CrashPlan secures a copy of each file before tech refresh and OS migrations in a secure backup location—and makes it easy for end users to conduct their own data migration after the device has been imaged—cutting an IT task from hours to moments.
Legal hold is expensive, disruptive and time consuming. Code42 CrashPlan leverages user backups to enable in-place legal holds and file collection without confiscating user devices. IT is able to offload the responsibility to legal personnel via a legal hold web app.
InfoSec experts agree that data breaches are inevitable in today's enterprise world. A modern endpoint data backup solution provides 100 percent visibility and attribution of file content on any device, enabling IT to quickly identify a threat, mitigate the impact to reduce costs and determine if data on compromised devices (including lost or stolen devices) requires the organization to notify agencies or individuals of breach.
The growing threats of data breach and cybercrime are driving new, heightened regulations in every industry. CrashPlan helps your enterprise meet evolving data privacy and compliance requirements—with features including flexible cloud options, robust security architecture, client-side encryption and real-time auditing and reporting—to minimize IT hassle and risk to the organization.
Businesses and organizations are subject to unique data privacy, compliance and regulatory rules governing how and where data is stored, transmitted and controlled. CrashPlan enables businesses to comply with evolving regulations through data destination choices, data visibility and auditing features.
Endpoint backup is the core of an enlightened data security strategy, but it's not the only tool in the toolbox. CrashPlan works seamlessly with full disk encryption and file sync-and-share solutions—such as Box, One Drive and Dropbox—to create a complete data protection plan.
The enterprise is focused on data security and protection for good reasons. With the ability to hold up to 2TB of data on a single device, the power to do more is exponential and the risk of data loss is amplified. Most disaster recovery plans focus on data center servers and disk arrays; but almost two thirds of corporate data lives outside the data center on laptops, and 99 percent of employees have sensitive data on their laptop or desktop.
Subscription, cloud-based endpoint backup with CrashPlan offers secure, non-stop protection for all end-user data on a centralized platform. When data is secured on a single platform, it enables self-service file recovery and a wide variety of higher order data utilities to solve business, legal and security problems across the enterprise.
Seventy percent of enterprise workforces will be mobile by 2020, making a scalable endpoint backup solution a necessity for modern enterprises. Only Code42 CrashPlan has built-in scalability with support for hundreds of thousands of concurrent users.
Modern enterprises make endpoint backup a critical element of their data security strategy because they value the data stored on endpoints.
Code42 CrashPlan gives IT a comprehensive, single point of visibility and control across every end user in the enterprise— making it easier to overcome insider threat and recover from any type of data incident. Code42 CrashPlan is modern endpoint backup that takes IT off the hook for data migration by enabling end users to recover their own work—all the way to self-service data migration.
The attack surface of the enterprise and the potential for breach and insider threat continue to grow. Code42 CrashPlan gives InfoSec visibility into data and data movement, so the enterprise can achieve full data attribution in response to breach. Code42 CrashPlan helps the enterprise meet risk, regulatory, and compliance requirements, and identify and monitor the source of data leakage.
Code42 CrashPlan is the foundation for rapid, comprehensive legal hold administration. Its legal hold web app gives legal teams the ability to select custodians, apply rules and collect files during eDiscovery or regulatory audits—and reap time and cost savings.