Introduction We are often asked, "How do I go about selecting an online data backup and recovery service?" Our Data Mountain White Paper answers that question and this accompanying Buyer s Guide Checklist is designed to assist you even more. Over the years, we have assisted many customers in creating their evaluation criteria and making informed decisions about data protection solutions. Unfortunately, in this market, unlike in the insurance marketplace, we do not have an A.M. Best, a Moody, a Standard and Poor or a Wiess Research publishing financial strength ratings on industry players. Nor do we have widely published customer service ratings by a J.D. Powers & Associates in this industry. To help our customers navigate through a market where there are new players almost every week and horrific stories of lost data almost every month, we have gathered these evaluation criteria/questions and have form of a checklist of critical questions to ask. Our current checklist list follows: One can "clip the waves" and focus on seven (7) high-level questions OR take a "deep dive" and use more comprehensive fifty-two (52) questions as a guideline for determining which solution is best for your business. At end of the day, what you're seeking is: Assurance that your business goals (RTO, RPO, DLE) are being met Assurance that your data is really being protected Assurance that you can actually recover your data if a DLE occurs Assurance that your data is secure at all times Assurance that your service provider has been and will be here for the long-haul You data is more valuable and visible than ever; at the same time, it's more vulnerable than ever. Let's be sure you don't choose "Cousin Eddy's" backup service; there are a lot of them out there! And, to use the insurance analogy again, don t buy a life insurance policy that pays off 50% of the time you may be the other person! Call800 704 3394andaskabout our30 DayFreeTrialof, theworld spremiereserverbackupand recoveryservice. 2009 10DataMountainLLC AllRightsReserved Page1
1. Does the service provide a complete, end-toend data protection process? a. Does it offer continuous, disk-based data protection (CDP) such that it protects your data as it changes? b. Does the service take your data offsite immediately providing protection against site disasters? c. Is your data then accessible from anywhere, anytime via a web-enabled interface? d. Does the service provide integrated archiving of long-term backups in a secure offsite facility? e. Is your data protected from virus, corruption and unexpected events in the storage facility? f. Does the service provide an optional local recovery appliance to enable high-speed, local disk-based restores? 2. Does the service meet your business, business continuity, disaster recovery business and data retention objectives? a. Will the service enable you to meet your Recovery Time Objectives (RTOs) for your critical business processes? b. Will the service enable you to meet your Recovery Point Objectives (RPOs) for your critical business processes? c. Does the service protect you against all possible Data Loss Events and threats that may cause you to lose data? d. Does the service allow for recovery to alternative locations and alternative hardware platforms? e. Does the service offer a choice of retention periods (e.g., 30-day, 3-month, 1-year, 7-years) appropriate to the requirements for types of data stored? f. Does the service provide for the migration of data as desired to a digital archive service? g. Does the service provide for the recovery of data on demand through a complementary ediscovery service? h. Does the service provide support of all the platforms that you must protect e.g., Windows, Linux, iseries, VMWare, etc? i. Does the service offer pricing plans and architecture that makes capacity planning and budgeting easy and predictable? 2009 10DataMountainLLC AllRightsReserved Page2
3. Does the service provide reliable data protection? a. Does the service natively and inherently protect databases & open files such as Exchange, SQL Server, Oracle, and others without add-on software agents? b. Does the service provide end-to-end security including Encryption and Authentication? c. Does the service provider ensure recovery with an SLA backing the recoverability of your data? d. Is your data stored in more than one data center? Is it also mirrored in a redundant secondary data center? e. Does the vendor/service assure complete protection of backup and store jobs from node failures and network resilience problems? f. Does the service provide automatic checkpoint restarts if backup or restore jobs are interrupted? 4. Does the service provide for easy, fast, accurate and complete recovery? a. Does the service provide an optional Local Recovery Appliance to enable high-speed, local disk-based restores? b. Are you able to recover current data (within minutes), not just last night s backup image? c. Does the service provide for granular recovery down to folder and individual file levels, including multiple restorable images per day? d. Are you able to perform Change Only Recovery such as Delta Restore which provides huge performance improvements on recovery time? e. Does the service offer Full System Recovery (versus data only) backup and restore as integral part of service? f. Does this service offer free, unlimited, immediate Internet-based restores 24/7/365? g. Does this service allow for very large data sets to be shipped on secure, encrypted removable media for fast disaster recovery? 2009 10DataMountainLLC AllRightsReserved Page3
5. Is the service fully automated, providing efficient, hands free operations? a. Does the service have Set-it-and-forget-it capabilities? b. Does the service offer 24/7 proactive monitoring of your backup policies and centralized control of processes, status, inventories, and reporting? c. Are you automatically notified of any backup issues through an automated alert system? d. Is the task of reviewing and managing error logs each day automated? e. Are you able to perform restores anytime, anywhere you have web access? f. Are onsite appliances or devices integrated seamlessly into the backup process? g. Does the service provide data reduction technologies that include snapshots, filters, delta engine and automatic de-duplication of data? 6. Does the vendor have long-term experience in this business, financial stability and a longterm future? a. Has this vendor been in the data protection and/or online data backup and recovery business for 10 or more years? b. Is the vendor a reputable, publicly traded company listed on a major exchange? c. Does the vendor do business with large, known companies and businesses in your industry? d. Does this vendor s backup and recovery service form an integral part of a broader spectrum of information management and data protection services? e. Is this vendor leveraging existing capacity for additional revenue? f. Does this vendor offer a full spectrum of information management and data protection services? g. Has the vendors offering been proven and tested as evidence by thousands of customers and multiple Petabytes of data under management? h. Does the vendor have a full complement of engineering, operations and customer service staff dedicated to their data protection business? i. Does the vendor own all systems, facilities, processes, engineering and operational responsibilities for the service rather than outsourcing parts of it to others? 2009 10DataMountainLLC AllRightsReserved Page4
7. Does the service provider meet or exceed your industry standards for Security and Regulatory Compliance? a. Is this vendor a publicly traded company subject to, aware of and experienced in Sarbanes-Oxley-type regulations? b. Is your data encrypted at all times while in transit and at rest throughout the backup and recovery processes? c. Is the vendor expert in and compliant with (e.g., will sign HIPAA Business Associate agreement) privacy and security regulations including but not limited to: GLBA, SOX, HIPAA, FACTA, Patriot Act, PCI DSS, etc? d. Does the vendor offer encryption key escrow and the ability to retrieve lost encryption keys from escrow? e. Are all media restores completed using secure, encrypted removable media that meets regulatory requirements? f. Does service provider maintain the data vaults/storage facilities with proven track record in security? g. Are the service providers data centers locally globally to accommodate regional security and privacy regulations? h. Does the vendor maintain certifications appropriate to the data stored (e.g., PCI DSS compliance, SysTrust assurance, a BRUNS-Pak Level 9 or above rating)? Call800 704 3394andaskabout our30 DayFreeTrialof, theworld spremiereserverbackupand recoveryservice. 2009 10DataMountainLLC AllRightsReserved Page5
LLC Ourmission:bestresultsforourcustomers! Wehelpourcustomersprotecttheirdata assetsinmanyways,withsuperiorqualityand superbcustomerservice.wehavethebest tools,withoutadoubt.atthesametime,for DataMountain,theincreasinglymorecritical challengesofdatabackupandrecovery,data protectionanddisasterrecoveryareamatter ofbusinessriskmanagementandbusiness continuity.toolsandservicesaregreat;ours aretheverybestintheindustry.however,it's theoutcomesthatwecareaboutand emphasize regulatorycompliance,stayingin business,protectingassets,preservingwealth andreducingcosts.plainandsimple we offertheworld sbesttools/servicesatthe lowestpricesinthemarketplace. Tolearnmore,visit www.datamountain.com For more information on this White Paper please contact the following people: Bob Chaput President & CEO 615 656 4299 800 704 3394 bob.chaput@datamountain.com Daniel Boulton Account Executive 615 823 5489 800 704 3394 daniel.boulton@datamountain.com 2009DataMountainLLC AllRightsReserved Page6