27 Jul 2020
As with most services, data backup is available from many different vendors – but then what does each vendor’s interpretation of backup actually mean in reality?
Backup isn’t backup at all, for instance, if it won’t work for your specific circumstances.
Got a huge amount of data? A slow backup might never finish the job. Got mission-critical data that would need restoring rapidly back into your systems before any other type? Well, some backups might just not enable you to prioritise and expedite the restore in that way.
So, we decided to compare some of the market’s highest-profile backup vendors – Acronis, Carbonite, SolarWinds and Veeam - to establish what their take on backup really means, and give you a clearer picture of the solutions you might choose for your organisation.
On paper, German backup provider Acronis seems to score as highly as any other (and higher than some) on the backup basics - that is, the ability to perform and schedule backups, and keep them backed-up data secure.
Nonetheless, Acronis’ definition of data backup prompts some questions we think you should also consider.
Encryption, for example, is mentioned – but not encryption of data at rest in their data centres, so if your organisation is sensitive to regulatory interpretation, an alternative provider might be a better choice.
The data centre itself also raised some alarm bells for users from our point of view, for two reasons.
Firstly, we could find no clear statement to the effect that the data centre is based in the UK, and secondly, we could find no clear statement as to the presence of a second data centre in the UK (or anywhere else) to take over from the first should the first go down. There are of course potential data privacy and business continuity issues for you to consider here. (We do know, however, that their support team is based out of Bulgaria.)
For users looking to back up very large volumes of data – 5TB or more – Acronis make no claim to be able to handle this kind of workload, and neither do they have an instant data restore capability, so assuming you had been able to back up your entire data set in the first place, you would have to wait for it to download in its entirety before you could access and restore any part of it.
This process can take days in any event, but as we believe Acronis also throttle access to their cloud servers to economise on bandwidth, users should be aware it could, in fact, be quicker to have Acronis courier the data to you from Germany on a disk.
(This is a paid service that we know Acronis customers have in the past elected to use.)
Carbon is the basic element of all life, and Carbonite is basic backup with a pronounced US flavour to it.
With Carbonite, backup means a service that isn’t incremental – in other words, it backs up all your data every time, rather than just the bits that have changed.
Clearly, this can work for small volumes of data that don’t grow daily, but if you have larger volumes of ever-evolving data and need to back them up regularly and frequently, there are going to be implications for how efficiently or completely that process can ever be achieved.
Likewise, as the restore process is not instant or on-demand, you could be up against inefficiencies both in backing up the data and retrieving it, potentially opening up a chasm between the two processes in which some parts of your data could, we believe, effectively become inaccessible.
Carbonite seems to score low on the security scale, too, with no secure data storage and no dual or even single UK data centre. Their data centres are US-based – one on the East Coast and two on the West – which means that if you back data up to them, you could also be in contravention of GDPR legislation. There is little UK provision for help when something goes wrong, either – no 24/7 support, no live chat.
Realistically, Carbonite would seem to answer the need for a very basic backup service along free or freemium lines – outsourced and cheap, but with significant limitations and accompanying risks that it is imperative you understand from the outset.
SolarWinds’ claim to handle up to 5TB of backup seems like good news for organisations with large volumes of data, bringing it closer to at least some of what users require - yet it still doesn’t seem, on paper, to be quite the full ticket, we believe.
Again, in our view, the apparent absence of dual UK data centres (although they certainly have one), the lack of dedicated UK 24/7 support, and the fact that their live chat and email support comes out of the Philippines all ultimately raise questions for users around how suited to the UK market this service is - and what would happen to their data in the event of a data centre outage.
(It’s probably also worth mentioning here that SolarWinds variously reference data centres in between eleven and thirty other countries, with seemingly inconsistent certifications – so you have to ask yourself the question: is that where your UK data’s ultimately failing over to?)
And once more, security is an area we believe is a potential concern. With no secure data storage, and (once again) encryption claims that appear to sidestep the all-important question of encryption at rest, the service also has no instant data restore capability – so users need to be aware that the price of that powerful backup engine seems to be security, restore speed, and business recovery time.
Alright, let’s get the spy jokes out of the way right now: yes, Veeam’s software development all comes out of Russia, but it’s a US-headquartered company and it has carved a well-deserved niche for itself in onsite, disk-to-disk backup.
In this approach, massive virtual machine images of servers are created and held on-premise, ready to restore the servers and their data back to their precise original state should they go down, or find themselves maliciously locked or encrypted.
So, no cloud backup, then? Actually, yes – but this is where it starts to get problematic, because the cloud backup capability isn’t inbuilt; it’s a bolt-on that relies on a third-party cloud company to host it. This Cloud Connect module, as it’s called, can prove awkward for a few reasons.
Firstly, you have to take out two separate agreements, one covering the Veeam annual licences and one covering the use of Cloud Connect through the third-party cloud provider. This is an added layer of complexity to manage, not least because it’s down to you to select the provider in question, and to ensure that they are running the cloud hosting from within a compliant UK data centre. Get that wrong, and it’s all on you.
Secondly, Cloud Connect typically requires some 5 to 10 times more space on the backup than the data you are backing up actually occupies – so to back up a 1TB server, you could end up needing between 5TB and 10TB of backup space (and yes, the more space you use, the more you pay!)
But perhaps most worryingly of all, there appears to be documented evidence of Veeam’s cloud backup falling prey to ransomware, resulting in backed up data being deleted (here’s just one such case). Veeam’s not the only cloud backup solution to exhibit this weakness, by any means, but it’s a pertinent reminder of the importance of choosing a backup system that can’t be misconfigured in a way that permits this kind of compromise.
Cloud quirks, costs, and risks aside, it’s also fair to say that Veeam isn’t really adapted to small and medium business use. It’s not so much that it is aimed at backing up entire servers (in fact, it’s an excellent, on-site, disk-to-disk solution to enable larger companies to achieve this), but rather that it offers no options outside of this.
Basically, if you want to back up files, folders, and databases selectively, Veeam is the proverbial sledgehammer that can’t crack a nut.
No product or service is ever perfect, and one organisation’s ideal backup can be another organisation’s recurring nightmare, depending on factors ranging from security, to restore speed, to reliability, to regulatory compliance.
But when any vendor’s definition of data backup fudges references to any of the above, we think you deserve to be made aware – because it’s fudging we don’t have to do.