Secure Online Backup with unparalleled support

Author Archives: wwo

How Many Backups Are Enough?

October 15th, 2012 | Posted by wwo in Backup Concepts & Methods - (0 Comments)

A lot of people ask whether they should have multiple backup systems, and we usually answer yes. But care should be taken in configuring each backup system, so that there are no conflicts, or worse yet, surprises at restore time.

Since the days of DOS, the Microsoft operating systems have included a file attribute known as the “archive bit.” The archive bit is there for the specific purpose of noting whether a file has been backed up since the it was last changed. When the file is created or modified in any way, the archive bit is set “on.” When a backup system has backed up the file, the backup system may set the archive bit “off.” When there is only one backup system, this strategy is extremely effective. The backup system can rely on the status of the archive bit to determine whether any given file needs to be considered for backup.

However, imagine what happens with two backup systems, where each relies on the archive bit. A file is changed at 10:00am and the first backup runs at 6:00pm. The first backup notes the file has changed, backs it up, and sets the archive bit “off.” Then the second backup runs at 3:00am and skips every file changed before 6:00pm! Therefore one backup system will have backed up some of the changed files, and the other backup system will have backed up others. Neither will have a complete set, so really, both are less than useful.

With many backup systems, including Enveloc’s, there are ways to set it up so the archive bit status is not changed, or not considered. “Copy” mode creates a backup of every file but does not change the archive bit, so that the other system can consider just new or changed files. Or, instead of using the archive bit, with Enveloc you can backup based on the “Modified Date.” Or, you can use Disk Imaging as part of your backup strategy, keeping a complete copy not only of every file, but of the entire disk.

Making multiple backups can provide a deeper level of data security, but be sure you do it right. Call us at 877-368-3562 if you need help or ideas on how to make a reliable configuration.

Great Technical Support

August 27th, 2012 | Posted by wwo in Disaster Recovery | Restoration | Uncategorized - (0 Comments)

“Please tell the boss of Enveloc he has great people for tech support. I have spoken with Josh and Ross…”

This is typical of the unsolicited messages we get. So how do we achieve great technical support? Here is what we do or strive to do:

1. Always have the phone answered by a human being, not a machine. This has been our practice for the past 16 years and we’re not going to change it.
2. Train the tech guys. As talented and educated as they are, they still need to understand the nuances of our product. We run on every Windows operating system, so they need to understand the quirks and differences in those. Our wide variety of clients use every kind of Anti-Virus and Firewall imaginable, and sometimes these products have a bearing on how ours works. So the tech guys need to be aware and know the answers in advance so you, the client, don’t have to discover them for yourself.
3. Keep enough tech support available so there is rarely any wait time. Most clients are as busy or busier than we are, and keeping you waiting does not engender a warm and fuzzy feeling. Sometimes a wait is unavoidable, but we do the best we can. If necessary, the boss will handle tech calls, too.
4. Establish simple and effective procedures and stick to them. There is a method behind our madness, and we have discovered over the years that following procedures makes for efficient support.
5. Don’t ever give up. Sometimes a problem arises that seems to be unsolvable. Sharing it with another set of eyes or thinking creatively often brings the solution into focus.

Try us and see if you agree that Enveloc Remote Backup not only gets the job done, but when you need great technical support, we deliver.

When was the last time you called any company’s Technical Support line and were not extremely nervous that:

• You’d have to wade through a dozen or more voice menu options
• You’d have to listen to advertisements or music on hold for 10 or 20 minutes
• You’d finally get connected to a script-reading monkey who didn’t know a bit from a byte

Sound familiar?

It is aggravating. Modern technology is supposed to make life easier, not more complex. No machine works perfectly forever so problems or questions will always pop up at some point, and that is precisely the moment you don’t need any further frustration.

Being in the on-line backup business, we are particularly sensitive to the fact that often when people call, they are in a serious bind because they have accidently erased a file, or their disc has crashed, or some other calamity has destroyed important data. They don’t need additional hassle.

Although we make it easy to restore data through our software, we also know that even technically proficient people sometimes encounter situations they do not understand, and need someone with experience to guide them through it.

Therefore at Enveloc, the phone is always answered by a human being and that one of our US based trained technicians are available, on average, within 30 seconds. This has been our practice for the past 16 years.

So when we say to call if you need assistance, we mean we are truly standing by to provide it.

Competent, helpful support should be ready when you are- in minutes, not days.

Competent, helpful support should be ready when you are- in minutes, not days.

Hurricane Season Approaches

May 21st, 2012 | Posted by wwo in Disaster Recovery - (0 Comments)

Each year, Gulf and East Coast residents flinch a little when June 1 approaches. The beginning of the Atlantic Tropical Cyclone Season (the official name for hurricane season in the eastern United States) brings memories of Ivan and Katrina, and for us older folks, Frederick and Betsy and Camille. These storms killed people. They also did a world of damage, especially for those living or working close to the water.

When Camille destroyed Pass Christian, Mississippi, in August, 1969, there weren’t many computers in use along the coast. I was on the scene three days after the storm and the devastation was incredible. Along US 98, which is mostly in sight of the beach as it runs from Mobile to New Orleans, entire buildings were nothing but a pile of rubble. Bare foundation slabs sat side by side with no other evidence that homes had ever been there.Public Use Image

Thirty-six years later, the damage from Katrina in August, 2005 was similar but more widespread. When Katrina hit, however, most businesses were using computers and many lost their data. Those that stored backup tapes in bank safe deposit boxes sadly discovered their backup tapes were waterlogged or washed out to sea. Many had no backup and even though they had insurance to rebuild their business, they could not recover their business data.

Last year it became painfully obvious that northern and inland areas are also subject to severe flooding as Hurricane Irene blew up the east coast and inland to eastern Canada. New England suffered significant damage from this storm, mainly from flooding rivers and creeks.

Don’t take a chance on high winds, high water, or other consequences of hurricanes destroying your business data. Download Enveloc Remote Backup and see how effective and economical a business data backup system can be.

By the way, the names for Atlantic hurricanes for 2012 are:
Alberto (already a named storm), Beryl, Chris, Debby, Ernesto, Florence, Gordon, Helene, Isaac, Joyce, Kirk, Leslie, Michael, Nadine, Oscar, Patty, Rafael, Sandy, Tony, Valerie, William

Restore Like a Champ

May 7th, 2012 | Posted by wwo in Disaster Recovery | Restoration - (0 Comments)

Late Friday afternoon one of our clients accidently deleted critical files from their server via a workstation. How did this happen? Their main practice software provider sent some less-than-crystal-clear instructions on how to correct an error caused by a power loss, and the user deleted all the files in a folder, not just certain ones. It could have happened to anyone.

So the user setup a Restore job and started downloading the 4 gigabytes of files that had been properly backed up with Enveloc. Unfortunately, the power outage must have affected their router because their internet connectivity was off and on. Power blinked again during the night and stopped their download.

Our response Saturday morning was to copy the Restore job to media and deliver it to the user. Had she been located farther than 50 miles, we would have sent it by overnight express. We also provided her immediate support to help her restore the files to an alternate folder so that her software provider could assist her in rebuilding her system. Now, Monday morning, they are back in business.

If you are using one of the consumer-oriented backup servers ask yourself this: when you urgently need a large set of data restored to keep your business running, will your backup service react as quickly? At no charge? With live human beings?

Try Enveloc today with our no-risk guarantee: if you are not completely satisfied within the first thirty days, there will be no charge.

Power to the People

April 23rd, 2012 | Posted by wwo in Uncategorized - (0 Comments)

Whatever happened to the SOPA and PIPA legislation of early this year? These acts were designed to protect Intellectual Property such as copyrighted material and trademarks on the Internet. Major providers such as Yahoo and Google would be required to remove access to “rogue websites operated and registered overseas.” The Senate bill, known by shorthand as PIPA, was officially S.968 – Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act of 2011. The so-called SOPA bill was the House version.

Most honest people applaud the efforts of the government to enforce protection of intellectual property rights. When an individual or company creates a trademark, or source code, or a work of art, or an invention, that person or organization has invested time and money and has every right to claim ownership. Our Constitution specifically empowers Congress to protect such rights in Article I Section 8: “To promote the Progress of Science and useful Arts, by securing for limited Times to Authors and Inventors the exclusive Right to their respective Writings and Discoveries.” Hence we have the U.S Trademark and Patent Office.

But the legislation known as SOPA and PIPA, well-intentioned as it was, created onerous conditions for Internet Service Providers, essentially making them the cops, and even the bad-guys, at their own expense and risk. Many, many people saw a lot of unintended consequences and unpleasant side-effects that could result from these new laws.Google's Anti-SOPA Protest

So the people spoke and the Congress listened. Such was the uproar on the grassroots level, from people of all political stripes, that thoughtful representatives and senators reconsidered the means they had chosen to protect intellectual property.

In a January 13, 2012 letter to Senate Majority Leader Harry Reid (D-Nev), Senator Jeff Sessions (R-Ala) cosigned the following:

“Since the mark-up, we have increasingly heard from a large number of constituents and other stakeholders with vocal about possible unintended consequences of the proposed legislation, including breaches in cybersecurity, damaging the integrity of the Internet, costly and burdensome litigation, and dilution of First Amendment rights. Moreover, in light of potential cybersecurity implications, we believe hearing from the Administration and relevant agencies is imperative. As always, our current fiscal crisis demands we carefully consider legislation that would cost taxpayers up to $43 million according to the Congressional Budget Office. These are serious issues that must be considered in a deliberative and responsible manner. This underscores the need to resolve as many outstanding concerns as possible prior to proceeding to floor consideration.”

Do not underestimate the power of a single voice, especially when it is combined with millions of others.

Make sure your voice continues to be heard by not forgetting your passwords with our free Password Keeper – PassLoc. Just fill out the form at right.

A lot of people are especially concerned with backing up e-mail, often in the Outlook format. Here at Enveloc, we cover this important data set in several ways. Microsoft Corporation’s Outlook provides Contact, Task, Note, and Calendar utilities. All of this information is typically stored in one large file with the extension “.pst”. The size of the pst file depends on how many e-mails, contacts and calendar items you keep. With a little housekeeping each year, it’s easy to keep everything you need and also keep the pst files to a reasonable size of, say, a few gigabytes.Enveloc's Outlook Agent - Brick level backup and restore.

But before we talk about the housekeeping, how can you effectively backup a five gigabyte file that changes significantly every day? Because of the way Microsoft organizes the pst files, they change significantly whenever they are in use, too much for traditional block level analysis. At Enveloc we developed a method to backup each Outlook item- e-mail, calendar date, contact – as an individual file. We keep a table of metadata so that when you need to restore an item (or all the items in a folder, or all the folders in the pst), you can search by addressee, date, subject, etc. All these small files and metadata are encrypted, just like regular files, and transmitted as part of the backup set.

Why is this an advantage? It means that even though you might have thousands of emails and contacts, each time you backup, only the new or changed ones are saved. In practical terms, a 6 gigabyte Outlook data set can be backed up in 10 minutes each day. It also means that restoring lost items does not mean replacing the entire pst file, just adding back in the items that are missing.

Additionally, the user may back up the Email Accounts files as part of our regular file backup, and we offer on-site disc imaging to quickly backup the entire pst file as part of the disc image. With these backups you can restore the entire Outlook data set in case of a major crash.

Now about housekeeping. One method is to keep all important e-mails in your Inbox, not marking them as “read” until acted upon. Then, right after the end of each year, you can create an entirely new Outlook store (pst file) and name it, for example, “Archive_2012”. You can do this by clicking File/Data File Management/New and following the prompts. Inside Archive_2012 make an Inbox, Sent, and any other folder you need. Then arrange your emails in date order, and copy the previous year’s e-mails to the Archive pst. Then delete them from the current folders. Backup the Archive once and you’re done backing it up. This entire process takes a few minutes of work, though you may want to plan it just before lunch to allow time for the copy to complete.

If you’re not already using it, try Enveloc Remote Backup on your Outlook files and see how quickly and securely we can keep your e-mail, contacts, and calendar items.

We’ve talked about the importance of Encryption – in transit and at rest – but a lot of people have questions about the best way to keep up with their Passwords or Encryption Keys. As you’ve no doubt experienced, when asked to create a password these days, there is usually a requirement that there be some complexity: numbers, special characters, capital and lowercase letters. With complexity arises the problem of remembering your password.

Enveloc - PassLoc Secure Password Manager

Of course, you don’t have just one password. There is one for your bank account, another for your on-line mail service, Google or Yahoo or AOL or whatever you like, and still another for your favorite shopping site. And of course one for your backup system.

There are a number of good password keepers out there, and we’ve got a very simple, free-form one you’re welcome to use. But what happens if your computer crashes and you lose the password file that contains the password that restores your data? We’ll come back to that.

First, what is a good password strategy? In general, passwords based on personal or company information that is easily obtained from the internet – such as company or account name, actual first or last name, initials of the name, system name, etc. — are extremely easy to guess and should never be used. Similarly, common or easily guessed words such as “password,” “guest” or “admin” should be avoided. Hackers know all the tricks including reverse spellings and character replacements (substituting a “3” for an “E.” etc.) and have algorithms to handle such cases.

Passwords should also be discrete and not shared between multiple systems/services/applications. Using a single password is the equivalent of using a single key for your car, house, office, mail box, and safety deposit box – if you lose that key, you lose … and give away access to everything.

Use numbers, letters (both cases) and non-alphanumeric characters and avoid common English words or common numbers (like the current year) and you will have a good password.

PassLoc User Interface

Now, how to keep up with your passwords. Printing them out, sealing them in an envelope and keeping them in a locked safe, or safe deposit box, is one method, though not too practical. There may be one or two key passwords you’d keep like that: especially the password that protects your backups. That is the one password that you need to have written down, locked up, onsite and offsite.

For everyday use, a Password Manager is becoming essential. If you’d like to try ours, you can download it here for free. You just have to remember one password, and because you’ll use it frequently, you’re not likely to forget it. Make it a good one! And just in case, write it down and store it securely.

A lot of people wonder whether an internet-based backup system is just a gimmick, invented by geeks who thought it would be cool to backup across the internet. Geeks may have thought it up, but there are valid business reasons to backup to a geographically distant location on hard drives instead of tapes.

Daily Rotating Backup Tapes

In the early days of computing, way back about 15 years ago and earlier, virtually all backup was tape-based. There would be a stack of 10 tapes, labeled Monday1 – Friday1 and Monday2 – Friday2. Someone had the job to replace the tape in the tape drive and take the just-completed tape home, bringing from home the next tape to be overwritten. Larger companies would have a storage service perform this function, with the added benefit of storage in a secure, controlled environment. Other companies would store tapes in their bank’s safe deposit box. Still other companies would not bother to take their tapes offsite but keep them in a safe in the office. Or just leave them sitting in the closet with the server.

So if there were a fire at the business, and the tapes were there, everything would be lost. Even if the tapes were in an ordinary firesafe, there was a good chance they’d be damaged because ordinary firesafes are designed to protect paper, not media.

But the offsite tapes presented another problem- the accessibility of securely stored tapes. Nights or weekends were problematical. As experienced in Katrina on the Gulf Coast, a lot of companies lost not only their production servers but their backup tapes down the street at the bank or storage facility.

So when bandwidth became affordable and available and was sufficient to transmit changed data, the internet became the best solution for getting the backup offsite. And storage on hard drives is more reliable and less expensive than tape storage, and far easier to manage.

There are companies that risk keeping their backups on removable hard drives in their offices or at a local storage facility. A tornado, or hurricane, fire, or flood can easily ruin both original data and backup copies. Why take a chance? Enveloc is secure, offers several levels of offsite storage, and is accessible twenty-four hours a day. Try our no-risk solution today!

Photo Credit: SaltyIrishDog @ Deviantart - Vault, Security, AES Encryption, Enveloc

There are lots of claims about encryption security, citing all different types of encryption, with exotic names like “blowfish” or “military grade.” Reminds me of the advertisements for a certain vegetable slicer – it would perfectly slice tomatoes, as long as they were green.

• Here’s what counts in encryption:
• Is the algorithm safe?
• Is the key secure?
• Who has the key?
• Is the data encrypted during transmission?
• Does the data remain encrypted at rest?

First, let’s consider the algorithm. Most knowledgeable people would agree that the US Government document FIPS-140-2 is a pretty good authority on which algorithms are secure. FIPS stands for Federal Information Processing Standards and the document is published by the National Institute of Standards and Technology. Among the algorithms specified in Annex A is TDEA, or “3DES.” The algorithm has been thoroughly tested for over 25 years and has no known weakness so long as certain implementation standards are met (avoid known weak keys, and use Keying Option 1 as described in NIST Special Publication 800-67). Enveloc conforms to these requirements for 3DES, which is the algorithm we use to encrypt the already user-encrypted backup sets prior to transmission.

The other, more important algorithm we use, also specified in Annex A to FIPS-140-2, is the Advanced Encryption Standard, or AES. This algorithm is described in FIPS 197. AES can be used in 112 bit, 192 bit or 256 bit mode. Enveloc only uses the 256 bit implementation of AES as described in FIPS 197. This is the algorithm used to encrypt the computer data during the compression-encryption phase, as it is placed in the backup sets.

So note that the only encryption algorithms we use are those approved by FIPS-140-2: the Triple Data Encryption Algorithm or 3DES, and the Advanced Encryption Standard or AES. For 3DES use Keying Option 1 which requires three 56 bit keys. For AES we use only the 256 bit implementation.

What about the key? Some companies assign you a key and they have a copy. Or they let you make one up and they have a copy. This is like writing the combination on the safe. If anyone has the key and the data, no matter how secure the algorithm, someone can read your data, and can do so without your knowing it. At Enveloc, we require that you create the key, and we do not have a copy unless you explicitly request that we keep one. Your key is encrypted on disc (using either AES256 or 3DES plus another technique) so that only our software – not a prying co-worker – can open it to use it during backup time. Otherwise, you’d have to be standing by at backup time to enter the key.

By the way, if you choose to store the key with us, it does reduce your security, but we take many steps to safeguard it. It is only transmitted once, itself in an encrypted state with a system key so that our employees cannot discover it. Only the programming staff knows how to decrypt it and we keep them locked in the basement (just kidding about the basement). When the technical staff are called on by the customer to forward the key, the automated process records notices to management and the request is verified just to be sure everything is in order.

Enveloc - AES 256-bit Encryption + Triple DES

So here’s a general idea of how everything works: at backup time, the user’s key is checked to be sure it hasn’t been tampered with, then recovered from disk and applied to the file data of files as they are compressed into the backup sets using AES256 bit encryption. The backup sets are then tested for integrity by doing a test decompress-decrypt (without writing to disk). Then the backup sets are 3DES encrypted with an Enveloc key for transmission. When they are received by Enveloc servers, they are checked for integrity and authenticity, then the “outer wrapper” of 3DES is removed. The data in the compressed files always remains encrypted with 256bit AES. Remember – we don’t have the key.

So say someone broke into your office and stole just the printout of your encryption key. Could they log in to your account and download your data? No way – only the machine that backs up can access the account, and then only through the Enveloc software. By prohibiting direct access to folders on our servers, we provide yet another layer of security for your data.

What happens if your backup computer is toast and you need to restore to another machine? We have made provision for that. You just identify yourself to our servers in a fresh installation of Enveloc software and your credentials will be provided for accessing the old account. But you will still need your encryption key.

Because we don’t have a copy of the key, one thing is extremely important: Don’t lose that key! Without it, your backup sets are useless since they cannot be decrypted.

So to summarize: Enveloc uses secure, NIST approved algorithms; the key is secured with those same algorithms and never leaves the client machine; the data is encrypted during transmission and at rest.

Another day we’ll talk about the security of our network centers. Do you know that some backup companies keep their servers in a garage?

If you would like your company’s data to be extremely well protected against access, hacking, theft, data mining, or any other nefarious activities while it is backed up offsite, call Enveloc and take us up on our 30 day no-risk guarantee: if for any reason at all you are not totally satisfied with Enveloc software and service, there will be no charge. Thanks for using Enveloc!