Off-site data protection


In computing, off-site data protection, or vaulting, is the strategy of sending critical data out of the main location as part of a disaster recovery plan. Data is usually transported off-site using removable storage media such as magnetic tape or optical storage. Data can also be sent electronically via a remote backup service, which is known as electronic vaulting or e-vaulting. Sending backups off-site ensures systems and servers can be reloaded with the latest data in the event of a disaster, accidental error, or system crash. Sending backups off-site also ensures that there is a copy of pertinent data that isn’t stored on-site.
Although some organizations manage and store their own off-site backups, many choose to have their backups managed and stored by third parties who specialize in the commercial protection of off-site data.

Data vaults

The storage of off-site data is also known as vaulting, as backups are stored in purpose-built vaults. There are no generally recognized standards for the type of structure which constitutes a vault. That said, commercial vaults typically fit into three categories:
Hybrid on-site and off-site data vaulting, sometimes known as Hybrid Online Backup, involve a combination of Local backup for fast backup and restore, along with Off-site backup for protection against local disasters. According to Liran Eshel, CEO of CTERA Networks, this ensures that the most recent data is available locally in the event of need for recovery, while archived data that is needed much less often is stored in the cloud.
Hybrid Online Backup works by storing data to local disk so that the backup can be captured at high speed, and then either the backup software or a D2D2C appliance encrypts and transmits data to a service provider. Recent backups are retained locally, to speed data recovery operations. There are a number of cloud storage appliances on the market that can be used as a backup target, including appliances from CTERA Networks, Nasuni, StorSimple and TwinStrata.

Statutory obligations

Data Protection Statutes are usually non-prescriptive within the commercial IT arena in how data is to be protected, but they increasingly require the active protection of data. United States Federal entities have specific requirements as defined by the U.S. National Institute of Standards and Technology. NIST documentation can be obtained at http://csrc.nist.gov/publications/PubsSPs.html and commercial agencies have the option of using these documents for compliance requirements.
Statutes which mandate the protection of data are: