If your hard drive fails and you don’t have up-to-date, functioning backups, you call in the data recovery experts. It’s kind of like sending your drive in for emergency surgery—down to the sterile environment the engineers have to operate in. Chances are, your drive is dead for good, but it might be possible to give your data a new lease on life.

On February 16th I received an invitation to interview Bay Area data recovery company DriveSavers, accompanied by a press release announcing their introduction of industry standards for data recovery. I’ve written about DriveSavers and their Museum of Bizarre Disk-asters in the past, and happily took the opportunity to interview Chief Information Security Officer Michael Hall on February 19th, 2009.

While the issue of “securing data, even during data recovery,” to quote the first message I got from Margie Schaffner at BLASTmedia, is certainly an important one, I knew that my readers would want to hear about more than just industry standards, so I put out a call on LinkedIn for questions to ask Michael. I organized the questions into four basic categories and consolidated the ones that overlapped.

Note: I have edited Michael’s responses (which I recorded) just slightly, mostly to make them more appropriate for the written form of this blog. In some cases, where he provided the answer to a later question earlier in the discussion, I have relocated what he said. I sent him a draft of this post to check for accuracy before releasing it, and a few responses have been filled in or corrected through those e-mail discussions.

Questions About DriveSavers

What differentiates you from Ontrack Data Recovery? Both companies have nearly identical taglines of being the world leader in data recovery services. (Note: when I asked the question, I expanded it to include competitors in general. When Michael answered the question, Michelle Taylor, Director of Communications at DriveSavers, edited it slightly, so the style of the response is more formal than the rest of Michael’s answers.)

The primary difference between us and any other data recovery company is our certified secure environment and unparalleled customer service. We adhere to very strict and stringent government security protocols, and we are also certified SAS 70 Type II compliant. We have the fastest standard service available and we meet those turnaround times about 99% of the time. Our actual facility has certified ISO 5, 6 & 7 cleanrooms, expert engineers and advanced technologies which enable us to maximize the success of every data recovery. We defend and protect our customers’ information from security breaches here. No one else is going to be able to hack into our network and gain access to our customers’ information. I’m not sure what Ontrack’s network infrastructure is like; I know that what differentiates us from all other data recovery companies is that we adhere to very high security standards and we have met or exceeded all those standards and we have certifications to prove it: they’re available for viewing on the website.

What determines your prices?

It’s based upon the capacity of the device itself and the turnaround time that the customer is requesting. We have a number of different options there. We have what we call the economy 5-7 day turnaround; we have a standard service, which is a 2-3 day turnaround; and we also offer priority service, which is an immediate turnaround. That means an engineer is going to be dedicated to that job from the time it hits our facility until it’s completed, to expedite the recovery process for them and get the dataset in their hands as quickly as we possibly can. So it’s basically capacity and how quick they want their data.

How are you going to make data recovery affordable for the average Joe or Jane who didn’t make a backup? (To which Sallie adds: how much slack do we want to cut people who don’t make backups?)

What we see with individuals and small businesses is that they almost never have an on-site IT person. They have a consultant who comes in and configures their backup, or their network topology, or their security, or their entire infrastructure. They put it in place, tell people how to use it, and then they walk away. They don’t come back and periodically check things. What we see more than anything is that when something’s been configured as a backup, no one’s ever taken the time to actually validate the configuration by doing a test restore to another device or checking the integrity of the data. What we see oftentimes is that whoever put the backup program in place, it worked fine for what the customer had at that point in time, but say they go from a simple database program to a SQL server, or they change their e-mail program to an Exchange server. Those files are open files; they’re constantly changing.

When they established their backup system initially, they didn’t have to worry about open files. So now they’re doing backups with open files, but they don’t have “backup an open file” option in their backup program. So they’re backing up an Exchange server and they’re backing up everything except the two open files that they need.  The same thing holds true with SQL. You can back up the entire SQL directory—except for the database. And then they have some sort of natural disaster—hardware failure or an earthquake or a power surge—and their hardware goes down. They think they’re fine until they try to do a restore, and then they realize that the whole system was configured incorrectly.

We see innumerable data recoveries that come to us because of that same scenario right there.

How do you know when the cost of recovering data is greater than the value of the data?

That’s something you have to determine yourself. The easiest way to look at it is, how long will it take you to re-create the data yourself manually? How many man-hours is that going to take? How many temps will you have to get all the paper trail that you’ve got back into electronic format—if you have a paper trail at all? How much are you willing to pay to keep your business running?

Are you hiring?

Not at the moment.

An Ounce of Prevention…

Isn’t prevention (e.g. Business Continuity Planning) a better investment than data recovery?

A Business Continuity Plan is imperative to any business, no matter how small or large. You have to have contingencies in place and have a pre-set plan: “If this happens I can do that. If that happens, I can do this.” That’s part and parcel of doing business. Is it more important to do that than pay for data recovery after the fact? Absolutely. If your Business Continuity Plan is written properly and it’s comprehensive and inclusive, you’ll probably never need to use us. Why wouldn’t you be proactive on the front end to take care of that. What we see, though, is even with Business Continuity Plans, there’s that 2% you can’t account for. Natural disasters. Simultaneous catastrophic hardware of the main device and the backup device. There are corporations that have us at the very bottom of their Business Continuity Plan. If all this does not work, here’s your last stop, and it’s a data recovery company.

What are you doing to integrate a “prevention” mode so that people can do encrypted, compressed off-site backups via the Internet (automatic of course), so that data recovery is more easily accomplished should it ever be needed?

We don’t offer offsite backup solutions for customers, but we are huge proponents of customers having that in place, and we can point people to different companies that handle that kind of program. We’re not going to offer it. Our primary focus is only on data recovery.

The Data Recovery Process

What is the most common reason for needing data recovery services?

About 80% of what we see is electromechanical failure. The reason we have the museum of Bizarre Disk-Asters is that it’s an unbelievably great visual representation of what can happen. But 98% of the time, that’s not what happens. You don’t have a fire, you don’t have a flood. A hard drive is a mechanical device. It’s not a question of whether it’s going to fail—it’s when it’s going to fail. A hard drive has a Mean Time to Failure rate attached to it; that’s the life expectancy for the device. 98% of the time either the drive dies on its own, or it’s been fried in a power surge. That will cause your drive to fail a whole lot quicker than being run over by a bus.

What kind of data is hardest to recover?

That’s a very open question. We work on all platforms. Any operating system. Any type of electronic device. Our rule of thumb is, if you can write a 1 and 0 to it, we’ll take it off of it. Some are more difficult than others, but I don’t know that I could definitively say “This is the hardest thing to recover.” Sometimes the hardest things to confirm [recovery of] are proprietary software applications that have been written specifically to a type of business or to an individual, where they’re not off-the-shelf applications that we can easily access and figure out. When we have situations like that, we try to work with the person who wrote the application or the customer to gain access to the application in order to confirm the data set for them.

What percentage of the time do you have success with recovery?

We have an overall success rate, but I’m not sure what it is.

The website says “the highest in the industry,” but doesn’t give any numbers. A later e-mail discussion with Michelle Taylor produced the following answer:

One of the most telling reasons we know we have the highest data recovery rate in the industry is that the majority of the drives we see at DriveSavers have visible signs of previous data recovery attempts. In some cases, these attempts have caused so much damage that the data is unrecoverable. But, in most cases we are able to retrieve data that others could not.

What state is the data in when you recover it? For instance, if you recover a Word document, do you get the whole thing? Paragraphs? Sentences?

Our intentions are to get the dataset back to the user in the state it was when they were using it. Sometimes that’s not physically possible. Usually that occurs when there’s damage on the device itself that renders a portion of it completely inaccessible. If the data has been physically scraped off the platter and it’s just dust in the bottom of the drive, we’re not going to get that back—no one is. Our rule of thumb is to get back the original data set in its original form.

What’s your opinion of online backup systems (like Carbonite) and how difficult is it to resurrect information if one is backed up in that manner?

Most online backup companies have step by step instructions for restoring the backup set back to the customers system. It is a good idea to test the procedure ahead of time so that you know exactly what is required on your end to complete the restoration.

And how easy is it for DriveSavers to recover data if the online backup service suffers a loss?

If an on-line backup service needs to use our services we still have the ability to recover the data. Usually they will be utilizing a raid configuration to store data. We have an enterprise division that is dedicated to performing data recovery on multi drive raid systems.

Is it easier or harder to recover data from the new solid-state disks in netbooks and laptops than from traditional hard drives?

Any time a new technology comes out, we spend a tremendous amount of R & D on it to make sure that we can recover information from solid-state devices, and we are able to do it.

Data Recovery Standards

Security standards are nice; do they map to an ISO standard?

Since this information was on both the press release and the DriveSavers website, it didn’t seem necessary to ask it again. The standards, and the certifications, fall into several categories:

• ISO 5 (Class 100) Cleanroom Certification
• Cisco Self-Defending Network Certification
• SAS-70 Type II Compliance Certification
• Encryption Training Certification
• Manufacturer authorization

There have been numerous cases of recovered data being sold or released without the owner’s consent. You have other cases of Geek Squad employees making private copies of sensitive information when they repair hardware for a customer. How do companies like DriveSavers talk to this? “Trust me” only goes so far.

All the certifications mean you don’t have to take their word for it. In fact, the page listing them is entitled “Demand Proof.” In addition, according to Michael, “We perform background checks on all our employees. They have to sign a security policy; we have everything in place to inhibit that from happening. Only certified cleared engineers have access to the customers’ information. We hire the most qualified and credible people.”

Explain the standards for the SOHO user who doesn’t understand what those certifications mean:

An ISO-certified cleanroom increases the chances of a good recovery, because we’re not introducing any kind of foreign objects to the media as we’re going through the recovery process. So you’re going to maximize your bet right off the bat. Secondarily, we’re in compliance with the international technology control audits. We have everything in place to ensure that integrity of their data is not compromised while it’s at our facility. We monitor our facility and our network 24/7. We’re certified to handle any type of encryption recoveries and we have the manufacturer authorizations to be able to work on the devices themselves.

For an individual customer or small-business user, even though it’s your individual drive, you have to bear in mind that even though it’s your personal drive, there’s a high likelihood that there’s information on that drive that you don’t want shared. How many people use an accounting program? If you’re using Quicken or QuickBooks or any program of that type, your credit information is on that program. Your bank account numbers are in that program.

If you’ve set up your computer properly, it shouldn’t be able to be hacked at your house, but if you send it off-site, who do you trust, and why? Anybody can say they have a cleanroom; can they show you the certification? Anybody can say they have a secure network; can they show you the certification?

Here’s another classic example. How do other data recovery companies handle recycling customers’ drives? How many times have you seen something in the news about “I bought this drive on eBay and it had another person’s information on it when I got it.” If a customer sends us a hard drive and it is completely physically done, it’s of no value to them, it’s out of warranty from the manufacturer, and they don’t want it anymore, and they tell us to recycle it, we’re going to physically degauss the hard drive with a Department of Defense-approved degausser to render it 100% inaccessible before we recycle it.

That’s as opposed to throwing a whole bunch of drives in a pile and taking them to a recycling center. Those drives get bought in bulk and then sold on eBay.

The security criteria and protocols that we have in place are just as important when dealing with individuals as with corporations. You hear of innumerable instances of laptops with 50,000 social security numbers getting stolen. If mine was on that laptop, I would be upset. But at the same time, my social security number is on my hard drive, and it wouldn’t matter if it was one of 50,000 or one of one. A lot of people have a file that shows their passwords, or their PIN number for their ATM machine.

Special thanks to everyone on LinkedIn who provided these great questions.

If you’ve never heard of journalspace, don’t feel bad—I hadn’t either until it popped up in my Google Alerts for “Backup.” My ignorance notwithstanding, the blog hosting company had been around for 6 years and had 14,000 visitors each month. Now all those blogs have vanished, with the bloggers left struggling to retrieve their posts from the Google cache if they didn’t have backups of their own.

So what happened? Someone—or something—erased all the data on the journalspace server. There were no backups. One of my Scary Statistics posts mentions that 60% of companies that lose their data go out of business within 6 months. Journalspace was forced to shut its doors much sooner than that.

The story has been all over the net—just look at my Backup Bookmarks posts over the past few days for a collection of links. Feel free to go read them for more details, or look at the journalspace blog. (Since they’re putting their domain name up for sale, that link may not be good for long.)

What I want to concentrate on here are two lessons we can all learn from this catastrophe.

RAID Is Not Backup

I once compared some form of backup or another to RAID, and some kind(?) person was quick to point out to me the error of my ways. Now that I own three different RAID devices (the Maxtor Shared Storage II, the Buffalo LinkStation Mini, and the Buffalo Quattro), I understand RAID a bit better. By using a “mirroring” array, RAID can help protect you from data loss. Because all data is written to two or more disks simultaneously, you’re still safe if one of those drives fail. That was the case with my first Maxtor Shared Storage II, Teras. One day the drive started making horrible clicking noises. Fortunately for me, I had Teras in RAID 1 (mirroring) configuration, and only one of the two drives inside the box was damaged. The wizards at Seagate/Maxtor were able to retrieve the data from the other drive for me without trouble, and I restored that data to the replacement MSS-II (named Teratides, which means “son of Teras”) fairly easily from the USB drive Jay sent it back to me on.

If you’re running a server, you definitely want RAID—the higher level, the better. Servers are generally on 24/7 and that kind of wear and tear makes it more likely one of the disks will go.

But RAID is no substitute for backup. It doesn’t protect against viruses, theft, human error, or natural disaster. Anything deleted from the first drive automatically disappears from all the mirroring drives. Journalspace had two drives in a mirroring (RAID 1) configuration, and no backups. They learned the limitations of RAID the hard way.

Don’t Count on Your ISP for Backups

Some hosting companies make backups of their clients’ data, and some don’t. Even if yours does, remember that it’s your data and therefore your responsibility to protect it. Make a backup onto your own computer. I don’t know what provisions the journalspace platform made for its users to back up their blogs, but one reason I like WordPress is the ease of backing up my blog content. Just install the WP-DB-Backup plugin and tell it how often to e-mail your backup to you. Restoring the data or moving it to another blog is easy.

Store Backups Off-site

There’s a possibility that what happened to journalspace was the result of sabotage by a disgruntled former employee of their datacenter. When you keep your backups in your office, anyone who has access to the physical location of your computer also has access to your backups. While you want some backups close at hand, you also need to keep copies of your most critical data somewhere else.

My heart goes out to all the people who have lost their jobs. I hope none of journalspace’s former customers goes out of business because of it. And I don’t want anyone who reads this blog to have to experience that kind of pain.

Back up. Back up. Back up.

The Ur-Guru and I have just returned from a week of Extreme Tourism in Chicago. He took 28 GB of photos. Each night he copied them all from his camera’s 8 GB Compact Flash card onto the two portable hard drives he’d brought along. (One serves as the original, one as the backup, and then he clears off card so he can take more pictures.)

We also fixed my father’s wireless router, so there’s wi-fi in his 45th-floor apartment again, but I had to use webmail for outgoing messages because RCN (Dad’s cable Internet provider) appears to block any outgoing traffic from non-RCN senders.

Anyway, I’m back home with another guest post for you, this one from Ken Colburn of Data Doctors.

---

Data Disasters: did you forget your mobile workforce?

A hard drive crashes every 15 seconds…

2,000 laptops are stolen or lost every day…

1 in 5 computers suffers a fatal hard drive crash during their lifetime…
31% of PC users have lost all of their files due to events beyond their control…

60% of companies that lose all their data will shut down within 6 months of the disaster…

The overall average failure rate of disk drives is 100% – all drives eventually fail…

And another hard drive just crashed while you were reading this.

Will one of yours be next? Are you prepared?

If you ask your IT department, they will assure you that the primary servers are being backed up every day and that an off-site data storage component is in place, so no matter what happens, the company is covered.

What most IT departments fail to recognize is that as much as 60% of a company’s mission critical data resides on hard drives that are not being backed up.

Your mobiles sales team, your CEO’s laptop, remote users or offices; the list can go on.

The assumption by the IT staff that all the users are following the company policy for backing up critical data is generally flawed.

In reality, getting 100% compliance from all users is virtually impossible because of a single hurdle; human nature. Everyone knows that a hard drive could fail at any moment, but no one thinks it’s going to happen to them, so they will do it tomorrow.

In providing data recovery services for over a decade, a pattern has emerged as more companies rely on computers; critical data is being lost on a regular basis.

The proliferation of the laptop computer as well as the increase in remote workers and even the digital camera (of all things) are primary drivers.

I regularly run into mobile salespeople throughout the country and in every discussion I hear the same thing: “I would be totally screwed if my laptop crashed or got stolen” and it’s usually followed by “my IT guys just don’t understand”.

Digital cameras have also increased the need for data recovery because digital images are not thought of as “data”… until they are gone! We routinely see a drive in for data recovery that has thousands of mission critical images on it that no one thought to backup or were so large that they did not fit into traditional backup procedures.

Even with the realization that their future is in jeopardy, statistically only 1 in 4 users will regularly back up their files. Why? It’s generally too technical or time consuming.

Another common mistake that some IT departments make is assume that if the critical data is being backed up and we can replace a laptop with an image of the corporate software, we have everything covered.

We routinely see customers pleading for help because they installed a special program that only they needed and no one took this into consideration during their disaster planning.

In a perfect IT world, everyone is using the exact same software on every remote or mobile system, but the reality for most is that no two computers are exactly the same.

Some of the biggest offenders of not following the IT department standards are upper management and they often times have some of the most mission critical data on their systems.

100% of all Data Loss is PREVENTABLE!

There are a number of personal backup solutions that IT departments should consider implementing as an additional layer for their mobile workforce.

We have been working with folks on backup procedures for long enough to understand some of the biggest roadblocks…users don’t know how to backup and even if they do, they don’t have any idea where on the hard drive this data resides, much less taking the time to actually do it.

The best chances for success and a huge time saver for the IT department for when (not if) a hard drive crashes is an automatic whole drive imaging system. (The expense of one data recovery will usually pay for 4 or 5 personal backup systems.)

If you can reduce the point of failure down to “can I get my users to plug this device in” your chances of success are much higher.

By eliminating all of the technical aspects of the backup process you can expect non-technical mobile and remote users to be much more successful in protecting themselves.

One solution is to install an automated imaging program that automatically fires whenever the external backup device is plugged in and/or setting a scheduler to automatically backup (and pester the user when it has not been done) to an external device.

Another great option for field personnel is an automated Internet based backup service. Once the client software is installed, it can automatically push copies of critical data up to a secured Internet server and be setup to pester users whenever it does not occur.

The bottom line on covering your bases is to really cover all your bases, so don’t forget your mobile and remote users!

External backup solution:
http://www.datadoctors.com/products/datavault

Online backup solution for businesses (Free 30-day trial): http://www.rdbup.com/partner/?id=datadrs

Is this the late-late-early show or the early-early-late show? Looking at my calendar and asking myself what the chances are that I’ll manage to write a second column by Friday (when I have to get up at 4:30 AM to get ready for the BACN meeting at 7:30 AM), I decided just to post-date this and send it out now.

Last week TechTarget sent me a link to an “e-zine.” I don’t know why they called it that; there’s no sign that you can subscribe and get new issues. It’s essentially a white paper and probably the reason I got a phone call and an e-mail message from a hapless salesperson at ASEMPRA whose marketing department doesn’t know enough to put a “Don’t contact me” checkbox on its download forms.

Anyway, the white paper is called “New Tools for Better Backups,” and, like most white papers, it focuses on enterprise technology: deduplication, storage resource management, VM (that’s Virtual Machine) Backups. The kind of thing that gives most of the folks who read this blog a serious case of My Eyes Glaze Over.

But in the midst of these articles was a full-page ad for the latest installment from the Backup Trauma Institute:

First, if you’ve never visited the Institute for Backup Trauma, go check it out. This award-winning campaign for LiveVault’s Continuous Data Protection services appeared in April 2005. It makes two major points: how much trouble a company can be in without reliable backups, and how problematic tape is as a backup medium.

Three years later, Iron Mountain owns LiveVault and John Cleese is dispensing advice of dubious friendliness regarding some important questions about compliance, security, and whether there is, in fact, a mountain of iron. My favorite question is “How can I get our executives in trouble?” but my favorite answer is “How do I keep Mr. Wiggles from destroying electronic evidence?” That one expounds on some really creative ways to destroy a hard drive.

Even though Iron Mountain’s solutions are aimed at the enterprise and may not be immediately useful to you, the Friendly Advice Machine is an entertaining diversion—and one that makes me glad I don’t have to worry about compliance, discovery, and managing millions of e-mails.

I thought I knew what I was going to write about for this week’s reminder. A few days ago, someone contacted me (through the Podcast Asylum, natch—perhaps I need to make my FileSlinger™ e-mail address easier to find on the Backup Blog) to ask about online backup, which has been the theme of the past couple of weeks.

The specific problem, however, involved an intersection of factors I don’t know enough about to explain: Vista x64, Office 2007′s .docx format, and Mozy, or rather why Mozy didn’t seem to want to back up .docx files from a Vista x64 PC.

I don’t use Vista, and don’t plan to, at least not for as long as I have this particular machine. The Ur-Guru says that the x64 version isn’t bad now that Service Pack 1 is available, but the overall Vista adoption rate is so low that the only pressure to “upgrade” comes from Microsoft. (Even the Ur-Guru only has it installed on one system, and that’s only because the software he develops has to work on it.)

As for Office 2007, while the Ur-Guru has been using it happily for some time, none of my clients use it, and I would be creating more problems than I was solving if I switched now. So I don’t know much about the new .docx format for Word files which Office 2007 for Windows shares with Office 2008 for Mac, except that it’s based on XML. And while I found a number of articles and blog posts talking about the difficulty people with older versions of Office have opening .docx files, I didn’t find anything that would explain why uploading them through an online backup service should be a problem.

Likewise, I found some “don’t use Mozy” stories from a few dissatisfied customers who had experienced file corruption or other problems, I didn’t notice anything specific to Vista. So that was the end of that idea.

This morning, however, while catching up on my C|Net newsletters, I saw an item in Gearlog that I couldn’t pass up mentioning: EDR’s Hard Drive Crusher, billed as “a new spin on destruction.”

Though this is by no means a data security blog/e-zine (blogzine?), I have mentioned before that if you are giving away a computer or a hard drive, you want it thoroughly erased. There have been special shredders for CDs and DVDs at least since I wrote about destroying outdated backups in 2003. And computer recycling facilities have powerful electromagnets designed for completely wiping the data off any magnetic drive.

The Hard Drive Crusher is not a home-office solution. For one thing, it weighs 85 lbs. For another, it costs $11,500. Even the Ur-Guru doesn’t go through enough disks in a year to make it a sensible purchase. But it’s the kind of thing your local electronics recycling center or data protection service might want to invest in, and let you use for a small fee if you don’t think a magnetic wipe or repeated overwriting of the drive is sufficient.

And it has to be a pile of fun to operate if you’re suffering from computer-induced frustration.