For all intents and purposes, the 31st of March is not a day that infers significance. It is the 90th day in the Gregorian calendar (leap years aside), and is the home for April Fools’ preparations everywhere. It has, however, given rise to something of note. Tuesday 31st March 2015 marks the fifth annual World Back-Up Day.
In 2011 a group of well-meaning Reddit users set out on a mission to encourage consumers and businesses to “take the pledge’ and backup their important files to avoid April Foolishness. The annual marker is a good reminder to everyone who stores digital files that we’re never more than a click, virus or spilled cup of coffee away from losing the things dearest to us. Devices may also get lost, stolen, or damaged. Even if this doesn’t happen, your current storage device may fail unexpectedly.
What we need from this point on (with the initiative having gained public attention), however, is focus. Driving backup awareness is a good thing. Yet, simply backing up without considering the merits of the different approaches and options available is risky, and could in fact be dangerous to device performance and the availability of treasured data itself.
On-site vs off-site
The basic merits of each approach are relatively simple – on-site (USBs, external hard drives) vs. off-site (cloud services like Dropbox) storage. External objects like hard drives are comparatively faster and safer from hackers, as the user remains in control of the data. Meanwhile, at least theoretically, cloud solutions are more open to hacking and data theft due to “public’ storage of information. External hard drives offer a much more linear pricing structure – you pay for the amount of memory you want, while cloud-based services are often used on a paid subscription basis.
Diving even deeper, though, an off-the-shelf USB drive is not the be all and end all. Do you want to leave a drive with all your files available to anyone who plugs it in, in the case of it being lost or stolen? You could buy an external drive and a physical safe to keep it in – which is going to win precisely zero awards for simplicity – or you can use encryption and authentication to protect your backup from prying eyes.
It’s important to realize that not all drives are created equal. This is particularly true for encryption. Protecting corporate data stored on computers, especially laptops and tablets, has become one of the highest-stake challenges facing businesses today. The mobile nature of today’s workers increases chances that corporate computers will be lost or stolen, which frequently results in a data breach. In order to prevent unauthorised access of data, all internal storage should be encrypted and require authentication, a strategy known as data-at-rest protection.
There are two basic options here – using software encryption or employing a self-encrypting drive.
The goal of encrypting data can be accomplished on both the older hard disk drive (HDD), which uses magnetic rotating platters to store data; and the newer solid-state drives (SSD), which use flash memory to store data. Both HDD and SSD are available as self-encrypting drives, or can have software encryption added.
On local machines such as PCs, laptops, and tablets, the easiest way to encrypt all data is to add software to the operating system (OS) – this encrypts all of the data blocks in the storage device – a method called software-based full disk encryption (SWFDE). However, this add-on software approach is increasingly being replaced with self-encrypting drives (SEDs), and for good reason.
Traditional HDDs are cheap but have the disadvantage of being limited by physics: the rotating speed of the HDD platters has a practical maximum of 7200rpm (for laptop HDDs), and the actuator speed is also limited. The result is that the latency (time to retrieve the data) is high.
Over the last several years, SSD storage devices have become increasingly available and affordable. There are no mechanical parts in the SSD, and all data is stored in chips; SSDs are much faster than traditional HDDs.
SSDs can be deployed in the same way as traditional HDDs, since they have the same form factors and interfaces. This means that SWFDE can also be used with an SSD as if it was a traditional HDD. However, there are a couple of drawbacks to this approach.
The performance of a traditional HDD stays pretty much the same over the lifetime of the drive. The rotation speed will not fluctuate and the magnetic surface, where the data is stored, has an unlimited capacity to read and write data.
Flash memory – the storage component in SSDs – has a limited capacity of writes. At a certain point a storage cell will “block,’ meaning further writing of that cell is not possible. The SSD controller has to find another location to write the data, which costs time. The associated degradation in performance might just be written off as “wear and tear’, but really it illuminates how much storage has become unavailable for writing.
When SWFDE is used, the OS or SWFDE application takes care of the encryption/decryption of data to and from the drive, but will cost further time and reduce performance. Wave’s testing found that using SWFDE reduces the write speed by 18.8% to 37.6% due to the extra CPU cycles required.
SEDs are HDDs or SSDs where the encryption is done in the hardware of the on-board drive interface. The encryption is done with hardware and the encryption speed is real-time; there is no performance difference between unprotected and protected HDDs.
Additionally, write optimization schemes will work to a greater extent as the encrypted data is also in control of the HDD controller. An additional advantage is that the SSD wear and tear is reduced, compared to SWFDE.
SED deployment time
Using SWFDE requires initial encryption of all of HDD data blocks. This process can be excessively time-consuming depending on the size of the HDD. However, the data on an SED is always encrypted. The only management activity is enforcing a PIN or password for the user to startup the disk. This basic management is, however, critical to protecting the data on the drive from unauthorized users. It usually takes less than two minutes to do the final user configuration when an SED is employed.
Self-encrypting drives have no performance reduction because the OS and CPU are not used for encryption – the encryption is handled by the hardware of the on-board drive interface.
As such, using a self-encrypting drive (whether SSD or HDD) has several prominent advantages over SWFDE. Data is always encrypted, the deployment takes minutes and there is no loss in device performance. Productivity and reliability are superior too.
While the World Backup Day creators are on to a good thing – encouraging the use of backup services – these are more considerations that need to be taken into account in this hyper-connected business environment. However, to make the smartest choice available, backing up files to an SED will ensure data is always protected and readily available.