I D C

V E N D O R

S P O T L I G H T

Safeguarding Enterprise Laptops

August 2011
Adapted from Protection and Recovery of PC Data: The Intersection of Desktop Virtualization, Security, and Storage by Laura DuBois, IDC #221174

Sponsored by Druva
Firms are increasingly giving a higher priority to protecting and recovering data on laptops and mobile devices. Challenges they face include an ever-increasing volume of data, nonexistent backups (and thus nonrecoverable data), lack of policies, and lack of a consistent or reliable backup process for protecting user data on enterprise PCs or mobile devices. Moreover, traditional backup and recovery methodologies such as tape and disk are not well suited to protecting and recovering lost sensitive data on mobile devices, particularly over a WAN connection. IDC believes that cloud services can deliver a scalable and secure backup and recovery platform for mobile devices that is easier and less expensive to deploy and manage. This Vendor Spotlight examines the major forces driving the recent technology advancements and adoption of cloud-based data protection, backup, and recovery using deduplication and WAN optimization technologies. It also looks at the role that enterprise endpoint protection products vendor Druva plays in this strategically important market.

The Challenges of Protecting and Restoring Data on Enterprise Endpoints

The number of enterprise regional, branch, and home office locations is expanding through globalization, telecommuting, offshoring, outsourcing, and other business megatrends. This proliferation of distributed business operations, along with an increasing consolidation of enterprise datacenters, has created a need for greater control over and centralized management of data residing everywhere within the enterprise from the datacenter to distributed and mobile systems. With the accelerated use of laptops and mobile devices in the workplace, organizations are continuously seeking new and more efficient data protection, recovery, and backup solutions for enterprise PCs, smartphones, and tablets. The removable storage and compact size of PCs and mobile devices place these endpoint assets at high risk for loss or theft. Compromise or loss of sensitive corporate information can damage a corporate brand and shareholder confidence or can increase customer and/or employee concerns about data privacy. Traditionally, the backup of data on laptops and mobile devices was left to end users, who typically did one of more of the following: Created their own backups by burning local data to removable media Relied on folder-level synchronization between a user's local files/directories and a centralized file server Didn't do any backup at all

The consequences of these types of inconsistent backup practices jeopardized corporate and sensitive data. Prior experiences with data loss or file system corruption from hardware failure, security breaches, or malware emphasized the need for solutions to mitigate risk. In addition, legal and/or regulatory
IDC 1171

mandates and negative publicity about lost, stolen, or compromised PC assets containing sensitive corporate information are compelling companies to do a better job of managing and protecting data on all corporate devices. Increasingly, the backup of PC data has gradually become just one component of a much broader mandate by businesses to centrally lock down, secure, and manage functions and data on mobile and distributed assets. In addition to centralized protection, backup, and recovery solutions, many firms are applying additional controls, such as full-disk and file encryption; desktop and mobile data loss prevention measures; security auditing; and governance, risk, and compliance (GRC) initiatives. They are also protecting sensitive data by using encryption, installing autoerase applications that can be activated if a remote or mobile device is lost or stolen, as well as creating and enforcing policies that specify how individuals move, copy, or share sensitive corporate data. Many firms are augmenting these efforts with the use of various disk-based technologies, including snapshots, mirrors, and remote replication (synchronous and asynchronous) to create copies of their data for protection, rapid recovery, and to feed other processes such as backup. Conventional backup and recovery methodologies are not up to the challenge of adequately protecting burgeoning virtual and mobile environments or responding as rapidly as new requirements dictate. Therefore, firms are contracting with cloud service providers or investing in newer technologies to obtain more efficient and cost-effective data protection solutions that take advantage of storage optimization capabilities such as data deduplication, remote replication, and cloud backup services offerings and that can extend security and backup protection to mobile devices. These solutions are expected to control budgets by shifting spending from capex to opex to reduce backup capacity, shorten backup windows, and reduce network traffic. Consequently, IDC expects that backup services utilizing deduplication and cloud-based data protection and restoration capabilities will be able to more easily address the challenges of distributed businesses with mobile users and that the growth of these services will outpace the growth of on-premise data protection solutions.

Combining the Benefits of Deduplication and Cloud-Based Solutions

The complexity and the expense of securing, managing, and restoring data have been increased by distributed business operations, the proliferation of mobile business devices, and a continuous increase in the volume of data being created and transmitted. Conventional datacenter backup recovery and restoration solutions require access to the enterprise LAN or VPN for secure data transfer a resource that is often unavailable to remote workers. Using a WAN for backing up unencrypted sensitive data is neither a safe nor a viable solution. Furthermore, backing up redundant data or utilizing inefficient incremental and unintelligent data backup algorithms or technologies can quickly consume significant (and expensive) bandwidth and storage capacity. Restoration of this type of data may be rife with data incompatibility problems and can also cause storage and bandwidth bottlenecks. Deduplication addresses challenges associated with data management, backup, and network inefficiency. The use of data deduplication, in both midsize and enterprise environments, has become an attractive solution for firms attempting to handle their unabated storage growth. The significant growth of data, especially unstructured data, can be attributed to new applications, the proliferation of virtualization, the creation of electronic document stores and document sharing, the use of Web 2.0 technologies, and requirements to retain or preserve digital records. As data volumes grow, there is an increasingly disproportionate relationship between the number of IT personnel and the amount of storage requiring management. The use of deduplication can reduce the data footprint, allowing firms to keep their staffing and budgets in line.

2011 IDC

By sending less data over local or remote network links, data deduplication technology optimizes available physical and virtual infrastructure and significantly improves backup performance and backup times. It is more efficient at leveraging random access disk storage for improved recovery performance compared with sequential access methods such as physical tape. Deduplication can also increase data security and reliability and improve service-level response times. Until recently, data deduplication incurred an incremental cost. Embedding this functionality within broader data protection platforms and offering this capability as part of a cloud services solution makes it a more affordable option within the reach of many smaller companies. Additionally, cloud services provide more dynamic data protection, recovery, and backup environments capable of extending these services to PCs and mobile devices. Cloud services eliminate most of the integration and manual tasks associated with data backup, security, and restoration tasks that are routinely performed by IT staff and inconsistently performed by remote/mobile users. They provide a solution that ensures a predictable, scalable, and secure operating environment. Cloud services are easier and faster to deploy, simpler to manage, and quicker to generate measurable business value. They also offer a simplified way to help organizations move from their existing infrastructure to a service-oriented model, thereby improving the way data protection recovery and backup needs are provisioned, priced, and delivered. From a physical perspective, incorporating the benefits of data deduplication into cloud-based data protection recovery and backup service solutions removes the burden of many datacenter managers who are also dealing with limited infrastructure in terms of power, cooling, and floor space. The pairing of these technologies not only aids in accelerating storage efficiency by reducing costs but also alleviates physically constrained datacenters. Today, numerous ISVs offer a variety of cloud storage services featuring deduplication, which can deliver the benefits of both solutions to organizations.

Trends Toward More Efficient Backup and Recovery Solutions

The accelerated adoption of virtual servers and mobile devices is driving IT organizations to review and transform their data protection architectures and processes. At the same time, business conditions and users are demanding faster and more reliable backup, restore, and recovery solutions. This shift in protection priorities is a result of the value of user data as well as the value of IT staff time and expense required to recover data. In addition, consequences of stolen or lost data are increasing corporate awareness of the need for more centralized control of remote IT assets. To handle these demands, firms are investing in new technologies or contracting with cloud service providers to obtain more efficient ways to protect and back up their mobile devices. The adoption of data reduction technologies such as deduplication and public cloud backup services is helping to spur worldwide growth of data protection and recovery solutions. IDC anticipates increased demand for deduplication as part of new installations of integrated data protection and recovery solutions. Meanwhile, cloud backup and recovery services are enabling firms to achieve new economies of scale with more capabilities. In many instances, cloud-based services will enable standalone backup and recovery solutions to be replaced by WAN-based data protection, replication, and deduplication for remote and branch office data. Utilizing cloud and data deduplication will continue to markedly improve bandwidth and storage utilization while supporting faster backup and restoration, especially for remote or mobile users. More advanced solutions will further resolve the growing challenges of managing distributed business and budgeting requirements.

2011 IDC

Considering Druva
Founded in 2007, Druva Inc. provides enterprise-class products for continuous data protection and availability. With headquarters in Mountain View, California, and Pune, India, the company recently introduced two new products: inSync Cloud, an on-demand, automated, cloud-based solution that provides online backup of PCs and desktops to a secure virtual, private cloud with instant data access and recovery, and inSync SafePoint, a lightweight data loss prevention solution for PCs and desktops. Druva inSync Cloud delivers highly scalable cloud-based endpoint protection of sensitive data on laptops as well as throughout the enterprise. Companies can benefit from Druva's backup and recovery solution without speed and bandwidth constraints, additional expense of deduplication, or the complexity of traditional data protection solutions. inSync provides enterprise-scale SLAs for RPO (near-continuous data protection with multiple restore points) and RTO (instant restores). Druva employs an innovative application-aware deduplication technology, which allows only unique copies of a file to be backed up. The company claims that this technology, when used in conjunction with its integrated WAN optimization, can deliver as much as a 90% savings in bandwidth and storage. Intelligent user and storage capacity management on the servers enables administrators to create and control centralized backup policies. Robust data security between the client and server is provided through a multipronged approach. Druva uses the Amazon Web Services cloud platform for high availability and data durability. Druva's solution uses 256-bit SSL network encryption, which secures data in flight, and 256-bit AES encryption, which secures data at rest. The backup server is policy driven and accepts only inbound backup or restore requests from administrators or authorized end users. Administrators can configure backup frequency for users as well as when backup windows occur to optimize the use of network bandwidth during business hours. According to Druva, inSync Cloud enables customers to achieve the following additional benefits: Druva's solution can be deployed within a few minutes with a quick setup combined with automated mass deployment of clients. Druva guarantees 100% accuracy in deduplication for backups, not only on individual laptops but also across multiple laptops in the organization. Backups do not impact PC performance. Its laptop clients run entirely as a background process to ensure that the productivity of remote users is not interrupted by an unscheduled or unexpected backup. Druva guarantees stringent service-level agreements for performance and data availability of backed-up data. Data that has been backed up can be immediately accessed over the Internet with a browser or a smartphone (iPhone/Android) or a tablet (iPad/Android) and restored in minutes. Advanced reporting capability includes various alerts as well as server performance and user statistics.

inSync SafePoint is an optional module that works in conjunction with Druva inSync for safeguarding sensitive data residing on PCs and Macs. Full support for mobile devices such as the iPad and the iPhone as well as Android-based devices and BlackBerry devices is expected to be available by the end of 2011.

2011 IDC

SafePoint is designed to provide a more cost-effective and less complicated solution to protect sensitive data on enterprise mobile devices. It employs file-level encryption and NSA-class remote data wipe functionality to remove sensitive data from a device if it is lost or stolen. SafePoint also includes device geolocation by accessing data from WiFi, GPS, or cell phone towers and using positioning algorithms to detect devices within 30 to 65 feet of their location. With SafePoint, Druva has addressed the complexity of endpoint protection technology that has traditionally been expensive, complex to deploy and maintain, or difficult for mobile device owners to use. Some of the features and benefits of this centralized policy-based software include: Encryption and decryption are automated and transparent to end users, requiring no additional steps or passwords. Encrypting File System (EFS) is used for strong file-level encryption on NTFS volumes with the 256-bit AES algorithm. Installation of the thin-client software requires no additional steps and has no effect on device operation or performance.

Druva claims that in some instances it has been able to reduce the total cost of operation including purchase, deployment, and maintenance by 10 times over some competitive data loss prevention solutions.

Challenges
The company does face some market challenges, however. As is typical with many new technologies, customer uncertainty and skepticism surrounding cloud services for data protection and backup is not insignificant. Druva needs to clearly communicate its current mobile and remote storage efficiency and ease-of-use propositions to customers while detailing the security, cost, and operational advantages. Druva will also have to compete with large, well-capitalized storage companies that want to exploit this segment. Therefore, the company will have to work that much harder to increase its name recognition with enterprise buyers.

Conclusion
IDC believes that the need to protect sensitive data residing on mobile and remote workers' PCs and mobile devices and the need for more centralized control of remote IT assets are growing in importance across the enterprise as a result of escalation in the use of these devices and numerous regulatory requirements. Moreover, companies simply cannot afford the consequences or negative ramifications when devices containing sensitive data are lost, stolen, or compromised. Recent developments in cloud services have created more dynamic data protection, recovery, and backup environments capable of extending these services to PCs and mobile devices. The combination of cloud services and deduplication technologies supports faster, transparent backup and restoration capability, especially for remote or mobile users, without the overhead and without impacting user productivity. Druva also delivers markedly improved bandwidth and storage utilization compared with the traditional backup and recovery methods. Furthermore, it gives firms a way to resolve the growing challenges of managing their distributed business and budget requirements. IDC believes that the market for these types of data protection, backup, and recovery solutions for enterprise PCs and mobile devices will grow in importance. Druva will have an opportunity for success within this market particularly with its cloud-based deduplication and WAN optimization solutions, as well as ease of implementation assuming the company can meet the challenges described in this paper.
2011 IDC 5

A B O U T

T H I S

P U B L I C A T I O N

This publication was produced by IDC Go-to-Market Services. The opinion, analysis, and research results presented herein are drawn from more detailed research and analysis independently conducted and published by IDC, unless specific vendor sponsorship is noted. IDC Go-to-Market Services makes IDC content available in a wide range of formats for distribution by various companies. A license to distribute IDC content does not imply endorsement of or opinion about the licensee.
C O P Y R I G H T A N D R E S T R I C T I O N S

Any IDC information or reference to IDC that is to be used in advertising, press releases, or promotional materials requires prior written approval from IDC. For permission requests, contact the GMS information line at 508-988-7610 or gms@idc.com. Translation and/or localization of this document requires an additional license from IDC. For more information on IDC, visit www.idc.com. For more information on IDC GMS, visit www.idc.com/gms. Global Headquarters: 5 Speen Street Framingham, MA 01701 USA P.508.872.8200 F.508.935.4015 www.idc.com

2011 IDC