Cloud and EVault Endpoint Protection Your best friend in Data Protection Diing Yu Chen Director, Asia Pacific Controls how, when and where data is backed up and recovered from your cloud environment.
EVault, A Seagate Company A fully owned subsidiary of Seagate Cloud Connected Backup and Recovery since 1997 A DPE Top Deal Global Partner >43,000 customers worldwide >108 petabytes under management >15,000 data recoveries a month >98% customer satisfaction 2013 EVault, Inc. All Rights Reserved CONFIDENTIAL 2
Where Have All the Enterprise Endpoints Gone? Missing/Unaccou nted 11.3% Lost/Stolen 4.7% Endpoint Inventory (net) 84.7% Recovered 0.7% Percentage of total endpoint inventory (N = 150 Responding Companies) Source: Aberdeen Group, February 2010 2012 EVault, Inc. All Rights Reserved CONFIDENTIAL 3
Businesses Are Worried About Data on Endpoints - Workforce increasingly mobile - Increase content creation and data access by knowledge workers Over 52% of employees work from multiple locations outside HQ. Source: IDC Only 8% of corporate laptop data is actually being backed up to corporate servers today. Source: Gartner 44% is expected increase in data volume between now and 2021. Source: IDC - Data breaches are expensive and damage reputations - Nearly all companies have lost laptops or mobile data 89% of companies have experienced laptop loss. The average cost of a data breach in 2012 was $5.5 million. Average value of a lost laptop is $49,246 - Productivity is a competitive advantage Source: IDC Source: Ponemon Institute Source: Ponemon Institute 2013 EVault, Inc. All Rights Reserved CONFIDENTIAL 4
Top 5 Concerns For Endpoint Protection 1. Increased Mobility of Sensitive Business Information 2. Impact on Company/Organization and Reputation 3. Litigation and Security Risks 4. End-User Productivity, Convenience and Preference 5. Regulatory Compliance 2013 EVault, Inc. All Rights Reserved CONFIDENTIAL
Number 1 Obstacle to Deployment of Endpoint Solution Complexity of Endpoint Environment and Endpoint Solutions Aberdeen Report 2010 Laptop Lost or Stolen? 2013 EVault, Inc. All Rights Reserved CONFIDENTIAL 6
Enterprise Cloud to the Rescue Data Privacy Global Accessibility Reliability Security Cost Effective 7
EVault Endpoint Protection Turnkey backup and recovery for organizations concerned about laptop data availability and data loss
Keeping On-the-Go Employees Productive Employees are on the go. They depend on varying connectivity, and anywhere access to their data. Productivity Problems: File deletion, overwrite, corruption Travelling, not connected Device failure, loss Access to files without laptop With EEP: Users recover files, turn back the clock Local cache enables backup/restore without relying on connectivity Files accessible from mobile devices Mobile tethering detection halts backups over limited, expensive mobile connection 2013 EVault, Inc. All Rights Reserved CONFIDENTIAL 9
Mitigating Risks From Lost Devices 89% of companies have experienced laptop loss Source: IDC Average value of a lost laptop is $49,246 Source: Ponemon Institute Problems: Laptop containing sensitive data is lost or stolen Organization face fines Reputation is damaged IT is unable to determine what data was lost, how serious the incident is, what records to protect With EEP Admins Can: Perform remote wipe Identify data at risk based on recent backup Recover files for employee 2013 EVault, Inc. All Rights Reserved CONFIDENTIAL 10
Ensuring Data Availability During Employee Turnover 2012 employee turnover rate 37.1% Source: BLS.gov Problems: Employees do not return equipment Equipment is damaged / does not have needed data Not timely Employee takes data With EEP Admins Can: Suspend access to backed up data Perform remote wipe Recover files for manager 2013 EVault, Inc. All Rights Reserved CONFIDENTIAL 11
EVault's Cloud- Connected Technology Addressing: Limited bandwidth Increasing data privacy concerns
How It Works Data transfer technology overview Front-End Deduplication Adaptive Compression Bandwidth Throttling Management Console Data Store Key Escrow At Rest 256bit AES Encryption Local Cache Performance & Productivity Adaptive Compression and At Source Global Deduplication - Data is de-duplicated at source backed up quickly and securely in the background, minimizing the impact on end user productivity and network resources. - Reduces >90% of bandwidth requirements and shortens backup cycles. Network Cache In-Flight SSL Local and Network Caching - Backup to local cache provides protection and restore capabilities, even if the device is off-line (uploads to network cache when device is reconnected) - Optional network cache enable LAN speed backup/recovery. Data uploads are scheduled to minimize impact to bandwidth and costs. Bandwidth Throttling - Set and optimize bandwidth and maximize performance for end user and IT Device Level Keys End-to-End Security Device Level Keys - Separates data across customers, groups, users File/Folder Encryption - 256-bit AES/FIPS 140-2 In-Flight Encryption - 128-bit SSL stealth flight path At-Rest Encryption - No server side decryption 13
Addressing Limited Bandwidth Through caching and de-duplication Problems Solution Efficient Agent Solution Network Cache - Backing up a device over WAN can takes days or weeks - Concurrent backups causes network congestion - Maintenance windows result in unprotected devices - Compression and global de-duplication at source, saves >90% bandwidth and shortens backup cycles - On device cache enables backup and restore even when disconnected Optional Onsite Network Cache - Enables LAN speed performance - Uploads can be scheduled and controlled to minimize network impact and costs Network Cache Remote Office 1 Endpoint Protection Vault Network Cache Remote Office 2 Network Cache Remote Office 3 Endpoints Endpoints Endpoints 2013 EVault, Inc. All Rights Reserved CONFIDENTIAL 14
Addressing Increasing Data Privacy Concerns Through encryption and secure global de-duplication Problems Data is secured with a client or vendor managed encryption key To enable global de-duplication, data either needs to be decrypted vault side or have a master encryption key to unlock the data resulting in a potential security vulnerability and/or vendor access to data while at-rest. Is using a single encryption key spread across thousands of devices really a good IT security practice? Is my data really secure at rest if it is being decrypted during the de-duplication process? Who is managing my encryption keys and who has access to them? Per device keys keep data separated and reduces risk Lost of one key does not risk all devices / companies Data is never decrypted during deduplication. EEP: Splits files into data blocks Creates DNA of blocks Determines if block exists elsewhere Encrypts blocks before sending Optional Onsite Key Server Keys are escrowed and encrypted a second time with users password. 15
Reducing Enterprise EP Footprint Through secure global de-duplication Problems Massive duplication of documents, presentations and data files in any given Enterprise. Re-purposing of materials with minor alterations adds to the increasing bulk of end-user data 4 MB PPT 4 x N MB Solution Only the key copy is kept with all other indexed to the master copy Block level modifications are assigned to repurposed files making sure that the overall footprint remains manageable. 16
The EVault Difference Zero-impact backups with optional Network Cache Network Cache Benefits Local network caches enable LAN speed backup - Initial backup time is cut from days to hours - Typical backup and recovery speeds are cut by over 50% - Uploads can be scheduled and controlled to minimize network impact and costs Zero-Impact to Users Multiple policy controls designed to make use of idle CPU cycles avoids user impact - Incremental scan and backup frequencies minimize disk and network impact - Context aware backups adjust to mobile, Wi-Fi vs. standard connections Network Cache Network Cache 17
The EVault Difference Desktop agent designed for end user needs Intelligent Desktop Agent Lightweight - Typical: 20K Memory, 1% CPU Robust - Device with largest protected data set: - 5.6TB of data, 3.7M files (Ted Talks) Backup and Restore even when disconnected Adjusts to user activity and network connection Encrypts data before sending to Vault using encryption key unique to device De-duplicates data at source, reducing >90% of bandwidth requirements and shortens backup cycles 18
The EVault Difference Flexible deployment options built for a distributed environment Corporate Headquarters (With Network Cache) Remote Users (Without Network Cache) Remote Office (Without Network Cache) Remote Office (With Network Cache) Windows Azure Global datacenter footprint Ability to deploy multiple Endpoint Vaults in regional datacenters Local or geo redundant storage options Network Cache Network Cache EVault Endpoint Protection Network Cache Local drive cache Connectivity aware Global deduplication Adaptive compression Optional Windows Azure Geo Redundant Storage 19
The EVault Difference Streamlined deployment and centralized management Manage and monitor multiuser environments from central dashboard, create user profiles and device groups. IT Staff Leverage Active Directory integration to silently push mass deployments and updates. End-User Device Group End-User Device Group End-User End-User End Point End Point End-User End Point End-User End Point End Point End Point Leverage optional Network Cache to quickly complete initial backup and minimize network impact. Company Backup configurations and device policies automatically inherited during device activation. Backups begin immediately. 20
The EVault Difference Connectivity aware backups On-the-Go Employees - Mobile bandwidth is not consumed by backups - Backup automatically halts - Device cache backup is enabled - Block-level incremental backups minimize disk and network usage - At source de-duplication minimizes disk and traffic impact 3G/4G/LT E Mobile Broadband Network Detection / Selective Backup Selectively disable backups from running over LTE/3g connections or certain Wi-Fi networks while still caching locally for advanced RTO/RPO requirements. 21
The EVault Difference End-to-end security for data loss prevention Remote Wipe / Poison Pill Remotely wipe data with time-based policy triggers or on-demand when a device is lost or stolen. At Rest Encryption & FIPS 140-2 Files selected for protection are automatically encrypted at rest using 256-bit AES encryption. FIPS 140-2 encryption modules. Port Access Control Grant read/write access, or completely lock down ports via policy to ensure unauthorized users can t remove files via USB, CD-ROM, Bluetooth, or other port. Device Trace Deter theft and facilitate device recovery with automatic tracing of a device. Tampering Alerts Automatically detect attempts to circumvent the Port Access Control policy and provide full audit trail logs. Secure Datacenters Deploy in state-of-the-art Windows Azure data centers that are SAS 70 Type II, SSAE 16 audited and ISO 27001 certified. 22
24x7x365 Global Support West - San Francisco North America Region Europe Region Asia Pacific Region Mountain - Salt Lake Canada - Mississauga - Toronto East - New York N. Central - Chicago S. East - Ft. Lauderdale W. Europe - France N and Central - Europe - Netherlands - UK - Germany Asia - Singapore - Hong Kong - India EVault Office Sales Leadership LATAM - Mexico - Chile - Colombia - Argentina Australia 23
Global Language Support Endpoint user interface now available in 9 languages Based on the local OS: English Spanish French Portuguese German Polish Japanese Simplified Chinese Korean 24
Come for a demonstration at B20 Thank You