Backup Options for Electronic Information

I. Online, Automated Backup Sites

The hottest thing for backing up electronic information right now is automatic, online backup. An almost countless number of companies offer it through their web sites, and more are springing up every day.

When these companies first came into the marketplace offering online backup, most lawyers wouldn’t give them the time of day. A lawyer’s ethical obligations to maintain the confidences and secrets of a client and to protect a client’s property seemed completely at odds with the idea of sending critical data out across the Internet to sit on someone else’s computer located in “who knows where.” Most lawyers took the position that they had no other ethical choice but to keep complete control of their electronic files and handle backups themselves – in house.

If they happened at all, these in house backups consisted, at first, of multiple floppy discs kept in a plastic disc box on the secretary’s desk. They usually covered only word processing documents. Later, the floppies were replaced by writable CDs, still usually kept in boxes on someone’s desk. Those lawyers who were really serious about backup (usually ones who had actually lost all of their data at some time in the past) sprang for tape backup systems that were capable of doing automated backups of multiple folders when the office was closed. If a lawyer knew someone whose office had been destroyed, usually by fire but sometimes by tornado, they might even carry one tape off site regularly, leaving it in their car, taking it home with them, or even dropping it in a safe deposit box once each week.

Then, Hurricane Katrina struck New Orleans, and lawyers all around the country saw how the lawyers there could have religiously backed up their computers and taken the backup media off-site, only to lose their offices, their homes and their cars. Suddenly, those online backup web sites on the Internet didn’t seem quite so scary. In fact, they might be just the ticket to keep a law office’s electronic information safe, and make it available for restoration, any time – anywhere, in the event of a disaster.

The following will give you information about some of the online backup services currently being offered, as gleaned from their respective web sites. The services were selected based on current media buzz about them or the length of time they’ve been in business. The list is by no means inclusive, and there are probably many other services available that will suit your specific needs. It is current as of mid-February, 2007 when it is being written. Please remember to do your due diligence when selecting a company to handle online backup of your confidential client and personal information.

A. Some of the Online Options

Backup

Backup.com bills itself as the first online computer backup service, having begun in 1997. It now offers plans for both individuals and businesses.

According to the website, Backup.com encrypts your information on your computer before the information is transferred to their multiple, secure storage sites. The data remains encrypted throughout its lifecycle and can only be unencrypted with the use of your password, which is not stored by Backup.com. The data centers, which are said to be located 3,000 miles apart, are each advertised to be equipped with 24 hour monitoring seven days a week, and to have redundant air filtration systems, water-free fire suppression systems, UPS power protection, and diesel generator backup.

Minimum system requirements to use Backup.com include Microsoft® Windows® 2000, XP, or Vista on the computer being backed up, a Pentium M 733 MHz processor, 256 MB of RAM and free hard disk space of at least 15 MB.

Prices for individuals run from $4.95 per month or $49.50 per year for 250 MB of storage to $64.95 per month or $624.95 per year for 10 GB of storage. There is a 30 day free trial of 250 MB.

Pricing is also available through their toll free sales line for businesses with 5 to 200 computers and businesses with over 200 computers by calling the company. Business services include the ability to add, edit, and delete employee accounts; monitor account usage and account history; set and maintain backup data protection caps; run reports on data backups, restores, and failures; send backup-related email to employees; maintain account passwords to grant or restrict access; and restore employee account data as necessary.

In addition to several online user guides explaining the various aspects of using the service, the site has a toll free number for free technical support. The site also lists a physical address for their offices. The company’s privacy policy regarding personally identifiable information is posted on the site, along with the end user license agreement (EULA).

BackupRight

According to its website, BackupRight also offers both personal and business backup plans.

It may be a good bet for lawyers, who tend to squeeze every ounce of life out of equipment and software, because it says it can handle all Windows operating systems from 95 through 2003, as well as Mac OS X, Linux, and systems supporting Java2 JRE v.1.3.1 (e.g. FreeBSD, Solaris, SCO, AIX, and HP-UX). The business plans also handle Microsoft Exchange Server 2000/2003 and IBM Lotus Domino / Notes 5.0 (Windows only) or above.

Personal plans run from 5 to 15 GB of space for from $9.99 month to $29.99 month. There is a 30 day free trial at 1 GB. Business plans run from 20 to 50 GB of space, with prices ranging from $59.99 to $99.99 per month.

Features include several different types of encryption algorithms (AES / 3DES / Two Fish), the ability to backup while files are in use, incremental backups to save time and bandwidth, bandwidth limiting to ensure that your network speed isn’t decreased during backing up, customizable backup schedules, and email alerts to let you know that your back was successful – or wasn’t.

The web site claims the company, BackupRight, LLC, has two redundant, physically separated data centers. It doesn’t list a physical address or a phone number for the company, and the only way given to contact it is through a contact form on the site. The privacy policy and terms of use are listed on the site.

Carbonite

Carbonite seems to be the new darling of the online backup world. It’s been touted recently on Marketplace, the National Public Radio show, and its web site boasts endorsements from everyone under the sun, including PC World, C-Net, the Associated Press, Small Business Computing.com, and a bunch more that look impressive. It also has the Better Business Bureau Online seal of approval.

Their claim to fame is that, unlike other sites which parcel out backup space based on how much you pay, backup on Carbonite is unlimited. It doesn’t matter how much information you backup, it’s $49.95 for one year or $89.95 for two. Monthly plans do not seem to be available. There is a 15 day free trial.

Features include the options to backup just your desktop and My Documents folder by default, or to select the files you want to backup, and it works in the background, continuously backing up your data as you work. There are online tutorials for the three major functions of selecting and changing files and folders, backing up, and restoring files. The site uses Blowfish encryption.

The site doesn’t go into detail about their data centers, although it implies that there is more than one center. It does say that the center uses RAID for additional protection of stored files. At the present time, Carbonite stores a copy of the customer’s encryption key on their server along with the data. This protects the user who loses the key as long as he or she still has the correct password, but also could leave the data vulnerable to decryption by an unscrupulous employee. They plan to allow users to opt out of this in a future upgrade according to their FAQ.

On the positive side, the site lists the company’s founders and current board of directors and a post office box for mail, although they prefer to receive email. The site makes no distinction between personal and business customers, and seems to be aimed more at the former. Privacy policy is provided on the site, but I could not find the End User License Agreement posted.

Enveloc Corporation

The Enveloc Corporation is based in Mobile, Alabama and was started by an Alabama lawyer in 1995, probably to do his own backups.

According to their web site, Enveloc®'s remote backup technology ensures companies of all sizes, as well as individuals, that their data is always backed up and always retrievable.

Enveloc® computer backup uses triple DES encryption to protect your data during transmission and 256 AES encryption during storage. They do not keep your password or encryption keys, so if you lose them you are out of luck. They do recommend a procedure for securing that information in writing, however, in the event of problems. They allow backup through something called Direct Connection as well as over the Internet.

The Enveloc® online backup system is completely automated and, according to the information on the web site, does an initial complete backup of your machine, after which incremental backups are done with a default of the last five copies of each file, which are kept for 1 year.

You may specify the time of the backup.

Plans are not designated by business or personal, but run from $19 per month for 2 GB of storage up to $199 per month for 50 GB of storage. Bulk plans in excess of 50 BG run $199 per month + $4 per each additional gigabyte. If you wish to back up more than one computer, the fee is the greater of the plan amount you choose or the number of computers to be backed at $10 each. There’s a risk free 30 day trial.

EVault

EVault is one of the older, larger players in the field, having also been in business since 1997. It’s now owned by Seagate, the well-known hard drive maker, and its web site boasts that it has served more than 8,500 customers in the financial, health care and legal industries over the last 10 years, with a 98% customer satisfaction rating.

EVault is designed for business, with sections of the web site for Large & Mid-Size Enterprises & Small Enterprises, and different offerings for each. EVault Small Business Edition offers disk to disk backup and recovery protection for companies with five or fewer servers and less than 15 GB of server data. Prices start at $85 per month for 5 GB of data, with additional gigs priced at $20 per month, and go up to 30 GBs per month for $450, with additional gigs at $15 per month. There’s also a one time installation fee of $139 per account, a 30 day free trial and a “money back” guarantee referenced on the site.

The site states that it meets regulatory requirements for data protection, including those of Gramm-Leach-Bliley, SOX, HIPPA, SEC and NASD.

Even if you don’t use the service, there is a wealth of information on business continuity and backup and recovery available on the web site, including white papers and customer case studies, although you have to register to use them.

IBackup

IBackup offers a range of service and pricing for both individuals and business. Features include automatic selection of data for backup, automatic power off after backup, and compressed backups to reduce bandwidth usage. Some of the plans offer “snapshots” a form of versioning which allows you to go back to a previous version of a particular file if needed. Of particular interest to lawyers might be the special backup plans for Quicken and QuickBooks data.

Economy plans (designed for large amounts of usable storage at the least price) run from $9.95 per month or $99.50 per year for 5 GB of storage to $299.95 per month or $2,999.50 per year for 300 GB, without snapshots. Sub-accounts are available on demand for an additional $5 per month per sub-account. Enhanced plans (for backup and restore processes of desktops, laptops and servers – but without FTP and sharing), which include snapshots, run from $14.95 per month or $f149.50 per year for 5 GB of storage to $599.96 per month or $5,999.50 per year for 300 GB of space. Enhanced plans for 100 GB and above include a minimum number of sub-accounts at no additional charge. There are also Workgroup Subscription Plans (including online storage, collaboration, file sharing and backup for small business networks) run from $20 per month or $216 per year for 1 GB of space to $400 per month or $4000 per year for 200 GB of space. These accounts include snapshots and sub-accounts.

System requirements are Windows 98 or higher, Internet Explorer 4.0 and higher, and 64 MB of RAM, 10 MB free disk space and 20 MB or more for local caching.

The site also offers a product called Remote PC, allowing secure access to home or office PCs from anywhere, with plans for consumers, small business, help desk use, as well as a plan which offers access to email and allows you to share pictures and data with others. These plans start at $4.95 per month for one host site.

IBackup is a service of Pro Softnet Corporation, an application service provider and Internet solutions provider based in Woodland Hills, California. Full contact details for all of their divisions, including a toll free number for support, are easy to find on the web site. According to the website, the company has been in business since 1995 and counts many Fortune 100 companies among its customers. Privacy statement and terms of use are set out in full on the site.

Iron Mountain Digital

Iron Mountain, with thirty years in business, is the granddaddy of paper records management and storage, having over 235,000 customers for their services worldwide. Iron Mountain Digital is their e-records management and protection unit.

Services offered through their Iron Mountain Digital web site include offsite tape vaulting, PC data protection, server data protection, email continuity, disaster recovery support services and data defense. There are backup plans, called Data Protector, for individual computers as well as a small business plan which allows you to protect more than one computer and manage all backup activity centrally.

Home/Home Office plans run from $79 per year (no monthly plan at this rate) for 250 MB of storage to $74.95 per month or $799.95 per year for 30 GB of storage. These plans include automatic and manual file selection, web file access, automated backup schedules, manual file retrieval and the ability to order CDs of your backed up data. Thirty day free trials are available, but require a credit card.

Small business plans require a minimum of 5 PCs. Plans for 5 to 10 PCs with 10 GB of storage start at $17.95 per month per PC, with a minimum monthly charge of $89.95. Plans for 11 to 20 PCs at 10 GB of storage are $16.95 per PC per month, with a minimum charge of $186.45. Free trials do not appear to be available for small business plans.

The site also offers a variety of records management consulting services.

Minimum system requirements for Data Protector plans are Windows 95B through XP Professional, P486/66 MHz processor, 32 MB of RAM on Windows 95 or 98 and 64 MB of RAM on all other Windows operating systems, and IE 4.0 or higher.

Iron Mountain is traded on the NYSE.

Mozy and MozyPro

Mozy, a relative newcomer on the online backup scene, has gotten a lot of good press lately from the likes of David Pogue of The New York Times, Walter Mossberg of the Wall Street Journal, as well as favorable mentions by NBC, Yahoo.tech, PC World, C-Net and Computer shopper.

Mozy states that it’s for “any PC in any home” although the verbiage on the site seems to indicate that it’s appropriate for business use and they expect that businesses will use it. When you get to the point of signup, you’ll be directed to MozyPro if you are a business user.

Features for home use include open/locked file support, 128 bit SSL transfer and 448 bit Blowfish encryption for storage, continuous or scheduled backups, new and changed file detection, block level incremental backups, file versioning, and public or private key encryption. There’s also a feature that will limit the amount of bandwidth used for backup to prevent system slowing while you’re working. The site contains an interesting feature comparison chart which, of course, shows it coming out on top of its competitors in practically every area of comparison.

You can get 2 GB of free storage space or for $4.95/month you can have unlimited space.

MozyPro facilitates backup of SQL, Exchange and file servers, allows creation of sub-administrators and lets you view individual users account usage, history and stats, and can handle customized individual or workgroup configuration settings. MozyPro costs $3.95 per month for each license and $0.50 per month for each GB of storage used.

The site has a backup help page, an online users’ manual and an email address for support, but there doesn’t appear to be any telephone support, although MozyPro states that it offers 27/7/365 Technical Support.

Mozy is owned by Berkeley Data Systems, Inc. of American Fork, UT. There is full contact information for the company on the site, including a telephone number. The site states that the company was formed in 2005, and lists what appear to be its venture capital providers.

U.S. Data Trust

U.S. Data Trust’s website says that it specializes in data protection and disaster recovery solutions to meet the needs of small to mid-sized businesses as well as remote offices of larger enterprises that do not maintain large data centers or IT staff.

It provides these services through LiveVault Online Backup. You can choose from scheduled backup plans that include a 7 day, 14 day or 30 day archive, or a continuous backup plan that includes a minimum 30 day history with the option of expanding your retention to 1 year or 7 year history. According to the web site, the service provides full system restores, so that you don’t have to spend time rebuilding servers before restoring backed up data.

Plans range from $85 per month for 5 GB of storage up to $2,250 per month for a 250 GB plan. For an additional $2 per GB per month, you can add the TurboRestore feature which also keeps an on-your-site copy of your data for easy restoration in the event of equipment failure. The necessary hardware is provided without fee. Thirty day free trial available. There’s a 24 hour toll free technical support number as well as an online self service support portal. The site also lists phone numbers and the physical location of the corporate offices.

SQL and Exchange servers are covered. Services are provided through IBM’s Class A eHosting facilities. According to the web site, these facilities provide a “hardened structure that meets numerous physical criteria including seismic specifications and intrusion resistance. Exterior walls are made of double reinforced concrete, and are anonymous with no identifying signage. Concrete bollards are placed around the perimeter to prevent vehicles from penetrating an exterior wall. Conduits and walls are tightly sealed to prevent moisture intrusion.” The facilities also have dual power feeds from separate utility substations in underground duct banks with redundant UPS power supplies and backup generators. There is also advanced fire detection and suppression, redundant HVAC systems and both building and floor security.

Xdrive

Xdrive LLC, a wholly owned subsidiary of AOL, LLC, headquartered in Beverly Hills, California, claims to be the leading provider of digital asset management, online storage and file sharing services.

The web site states that you receive 5 GB of free storage, but I found the site a little bit deceptive. You have to obtain a screen name before you can do anything else, and in order to do that you have to agree to a EULA which says, among other things:

Certain products and services available through The Screen Name Service may be fee based. It is your responsibility to familiarize yourself with the fees associates with any or all of the products or services offered in connection with the Screen Name Service or Participating Sites and Services.

The service may be a great offering, but I didn’t like the fact that it didn’t clearly set out what, if any, fees were payable and what you could expect to get in exchange for them.

One plus side for the site – it offers file sharing services in addition to simple backup and restore.

Xdrive will handle Windows 95 through XP. You can access it through either IE 6.0 and above, Netscape Navigator 7.0 and above, AOL v. 8 and above, and Firefox 1.0. It will also work for Macs with Safari and Linux, Unix and other operating systems (although the site doesn’t specify which other ones).

Support service is provided through an online user guide, FAQs, community forums and online help, but there doesn’t appear to be telephone support – free or otherwise.

B. Asking the Right Questions

As you can see from reviewing the multiple offerings that are available, comparing online backup services is a little like comparing apples to oranges – everyone offers something a little different, and at a little different price. Length of time in business and number of features offered allow a company to charge substantially higher prices.

The following are some questions to explore in order to help make better comparisons – and, hopefully, avoid the unexpected.

General

1. How long have you been in business?
2. How many data backup and restoration customers do you currently have?
3. Are you a privately owned or a publicly traded company?
4. How many employees do you currently have?
5. What will happen to my data if your company goes out of business? Will your creditors become the owners of your file servers or the information stored on them?
6. If I am late with a bill, either because I didn’t pay it or you didn’t receive payment, will you cut off my access to my data?
7. Does the contract allow you to change the terms unilaterally by simply notifying me of the changes? If so, how long do I have to make other arrangements?

Security

1. Are the files encrypted before Internet transmission and, if so, what is the encryption type?
2. Are the files encrypted during storage at your facility and, if so, what is the encryption type?
3. Will your company know my encryption key and, if so, where will it be stored and who will have access to it?
4. Are your employees bonded?
5. What sort of screening process and background check do your employees undergo?
6. How many data storage facilities do you have and where are they located?
7. Are any of them located outside the United States and, if so, where are they?
8. Will my data be stored in more than one of your facilities at any given time?
9. What are the physical security features of your data storage facilities?
10. What Internet security features do you have in place to protect my data?
11. What redundancy features are built in to your system to prevent loss of my data? 12. Will my data be stored on the same server as anyone else’s and, if so, what procedures will you follow to protect my data if you receive a subpoena to produce the hard drive or server in connection with the other customer’s data?
12. Will you sign my confidentiality agreement as a part of this transaction, so that I can demonstrate to my regulatory authorities that I have engaged in appropriate due diligence activities if any of my confidential information is lost or stolen from your facility?

Features

1. Is my current operating system suitable for use with your backup system, or will I need to upgrade my operating system?
2. Will I need any new hardware or software? If so, what?
3. Can your system backup open files and open databases?
4. Can your system backup Exchange Server?
5. Is there a maximum file size that your system can handle?
6. How long will my initial backup take?
7. Can I do both regularly scheduled backups and special manual backups as needed?
8. Is backup continuous? If so, how do you make sure it won’t slow my system down?
9. Does your system give me the option to restore an older version of a file? If so, how many versions are maintained and for how long?
10. Can you explain how a full restore will work if one of my machines or my entire network fails or is destroyed?
11. Do I have the option of doing a restore on site from a physical data storage
12. device, or do all restores have to be done over the Internet?
13. How long will this take?
14. Can I manage the backup and restore functions from any location?
15. Is the capacity to do a full restore available 24 hours a day, seven days a week? 15. Will you notify me if my backup fails? How?
16. What other regular reports will I receive?
17. Does your service offer other features, such as file sharing and file collaboration, that my employees or clients might find useful?

Pricing

1. How much does 1 GB of storage, including all of the additional services I will receive, on your service cost?
2. What type of data compression do you use, and will you help me determine how much space I really need?
3. If I select the wrong amount of space, can I easily upsize or downsize to meet my needs?
4. If I exceed my selected storage amount, how much will additional increments of space cost?
5. Is there a discount for yearly payment?

II. External Data Storage Devices

For those of you who aren’t yet completely comfortable with the idea of transferring your confidential information over the internet for backup, there are lots of other devices you can use to backup your data. These options are aimed at hardware failure, rather than destruction of your office.

A. Mirra Personal Server

Available since late 2003, the Seagate® Mirra™ Sync and Share Personal Server is a Linux based small computer server designed for home and small office use. It connects to your network through a router, and is pre-programmed to automatically synchronize files on the network, backup those you select, and allow you to access your files from anywhere you have an Internet connection.

As this is being written, the personal server comes in 320 and 500 GB capacities. To use it you need a router with an available Ethernet port and, if you wish to access your files from elsewhere, a high-speed Internet connection. It will work with either PCs or Macs. Windows requirements include a Pentium III processor or higher, Windows XP, 2000 Pro, or 2000 or 2003 Server, 256 MB of RAM and 50 MB of free hard disc space. For Mac you’ll need a Power PC, G3, G4 or G5 processor, OS X 10.3.9 or higher; Intel Core Duo or Core Solo processor, OS X 10.4.6 or higher, 256 MB of RAM and 50 MB of hard disc space.

The Mirra is designed to make your files accessible over the Internet and to provide a copy of your data on the server in the event of failure of your primary computer equipment. However, any one who uses it needs to understand that, although the data is available over the internet, it continues to reside only on computer on which it is stored and on the server. None of the information is stored on the Seagate Mirra computers through which you access your data.

Those computers act only as a firewall to authenticate approved users.

Relatively rare in the computer world these days, Mirra provides a data guarantee which reads as follows:

If one of your computer hard drives fails, all data backed up on your Mirra Sync and Share Personal Server will be restored. We guarantee it. Seagate will assist you in the restoration and, if necessary, Seagate Data Recovery Services will commit up to $1000 to recover and restore your data.

The Mirra Sync and Share Personal Server is sold to consumers through a variety of online retail outlets such as Amazon.com and Dell. A recent check of Amazon found the 500 GB server available for $512.99. The 320 GB version was available for $437.73. Older, smaller-capacity models were also available.

B. Network-Attached Storage

These are servers, sometime with multiple, mirrored hard drives to prevent data loss, that plug into your network and allow you to backup all the computers on that network. They are also sometimes referred to by IT professionals as storage area networks, or SANs.

They often have capacities of 1000 GB of data and can run more than $1000, although the price per gigabyte of storage can be quite reasonable at less than $1 for some of them. Many of them have pre-installed software that allow simple, sometimes one button, backups. Some of them can also be used as print or media servers.

PC World Magazine publishes comparison reviews of what it considers to be the top 5 offerings in this category, comparing price, storage capacity, bundled software, data transfer speed, warranties and availability of support.

C. External Hard Drives

External hard drives are much like the ones found installed inside a PC, but packaged in a way that they can be moved easily from place to pace and connected to a PC by USB cord or FireWire connector.

They are much less expensive than Network-Attached Storage, costing in the $100 to $300 range, and now come in capacities of up about 100 to 160 GB. This makes the cost per gigabyte of space work out somewhere between $1.25 and $2.00. Some are designed for especially rough usage, and cost a little more.

External hard drives come with pre-installed software for backups, and because of how easy they are to remove and spirit away, some also come with pre-installed encryption software to protect the data they carry in case they are lost or stolen.

These devices are extremely useful for backing up individual computers or laptops, or for moving information from an old computer to a new one, and because they are so light and portable they can easily be taken off-site for storage, but they carry the downside that they aren’t suitable for network-wide backup and can’t usually be set for automated backups. You’ll need to remember to push that button.

D. Secure Flash Drives

Almost everyone is familiar now with flash drives – also know as thumb drives, key chain drives or memory sticks. You may not be aware, though, that you can purchase these drives already loaded with software which password-protects a section of the drive. In some instances the software will also encrypt the data you store on the drives, and some of the newer drives even have the ability to “shred” files, rendering them unrecoverable. Sony even makes one with a biometric interface, requiring your finger print for authentication before the information on the drive can be accessed.

It’s important to think about the size and shape when you purchase a secure flash drive, especially if you will be using it with a laptop. Even if you have numerous USB ports, an unwieldy flash drive may require you to remove other USB peripherals when you use the secure drive.

The trade-off with secured flash drives is that with encryption and password protection, it takes longer to read from or write to the drive than it would without them. They are great for securely storing a small amount of information that you may want to have with you at all times. They are not an adequate substitute for an automated backup system.

Backing Up on the Information Highway

It seems almost a daily event that some new critical computer security threat is announced in the press. This increased level of threat makes disaster recovery (DR) and business continuation a very urgent topic, since the ultimate security is being able to recover from problems when they happen.

Most organizations have in place the tried and true approach of making tape backups of their data and perhaps their entire server set ups. This approach consists of having a series of magnetic tapes, to which data is copied to on a regular basis. You likely have a least one of these tapes stored offsite at all times, in case a disaster makes access to your building problematic.

The fact that magnetic tapes have been the only cost effective method until recently, have made them the backup tool of choice. However, tapes have presented some difficulties on maintaining sound disaster recovery processes.

To define best practices of disaster recovery we’ll take a step back (or forward depending on your perspective). Disaster recovery is really a subset of information management practices. And information (or records) management is evolving dramatically, since electronic records are not defined the same as paper records. This evolution has lead to more emphasis on information management and more clearly defined best practices. For lawyers this is especially important, since most of the information they maintain belongs to someone else; their clients.

Best Practices

Due to space concerns, these definitions are a bit limited, but should give you an idea of what the issues are for your own information. First, a firm should have some level of information retention policy. How long do you keep different types of information? This might separate e-mail, from hard copies. And it may differentiate between types of data, such as wills and trusts versus correspondence. A best practice would be to categorize information for retention as it comes into your office. Without this approach, you end up destroying information as you run out of space instead of when you should be. This can mean problems for you and your clients.

Which brings up the next subject; Policies and Procedures. You should have in place thoughtful policies and procedures for all of your information management issues. As noted above, the space in your office shouldn’t determine your practices; your policies should. The same applies for technology. Have in place the right policies for managing the technology, instead of having your IT staff decide it’s time to clear hard drive space.

A very specific policy to consider is how and when you test your backup systems. You may want to have your IT staff attempt a file recovery once a month to prove the effectiveness of your backups. There have been a number of cases where large companies, when requested through litigation, were unable to produce backup data, since the tapes they had, had never been tested and were actually blank.

Another overlooked aspect is having good access to your information. Do you keep an overall index of your information? Does this index cover both paper and electronic information? It does not serve your clients well to have their information but not be able to access it.

With your retention schedules defined and your information well indexed, will you know that to do with the information when its life is complete? You should have in place methods and procedures for how information is destroyed when the time comes. Generally speaking, you would receive a reminder that a record is due for destruction. You (a.k.a. the lawyer) would affirm this and then records would be properly destroyed. For paper this may mean shredding, for electronic information you will want a similar method, to assure its complete destruction.

Now that you have these great processes in place, you will want to prove their existence and their effectiveness. This means they need to be auditable by a third party. Just like your finances, you will want to be able to pass an objective review of your policies and practices.

Finally, this brings us back to disaster recovery proper. As was previously noted, disaster recovery is the method for retrieving information in the event of some disaster, which may be accidental (a fire) or intentional (hackers). Good disaster recover is: 1 – done regularly, 2 – stored offsite, and 3 – is accessible.

Being Regular

Most disaster recovery programs back up data in some fashion on a daily basis. Traditionally, weekly a full backup of systems is performed and incremental changes to data are captured nightly. Although some vendors are now recommending full backups daily. Either way this means the most data you should ever loose is a day’s worth. For some practice areas, you may want this time period even smaller, such as every hour or even real time. Of course this can get expensive and should be weighed against the level of potential loss.

Off-site

Making sure you have a copy of your data off-site is very important. Even if your building is accessible, power outages can leave your site useless. As well, you should have an off-site option for restoring the data. Tape drives can not be found just anywhere, so some arrangement for an offsite tape drive should be made beforehand.

Accessible

Even with data off-site, you still need to be able to get to it. Many DR programs rotate magnetic tapes into bank safe deposit boxes. Disasters that occur on Friday evening present a problem, since you cannot get to your tapes until Monday morning. Another ‘access’ issue is whether the data is well indexed. Retrieving files from magnetic tapes is very time consuming as you have to run through the tape until you get to the correct file.

Another Option – The SAN

One newer approach is to have a SAN (storage area network) as part of your current network. SANs are typically just large hard drives. These provide fast, convenient access of backed upped data. This approach can be used in combination with tapes, since taking a SAN off-site is problematic.

POLICY

Now to make this all truly work, you need a set of sound DR policies (note policy section above). And this is actually the most crucial part of DR. Buying all the best technology and systems will be for naught, if you are not utilizing these tools well. Which is another way of saying have policies, and then enforce them. Too many times good policies are in place but not followed. Policy implementation is likely the most time-consuming aspect of DR, since you need to assure that employees are properly following your DR policies.

The Future (a.k.a. Now)

The most recent developments in DR significantly reduce the effort required to enforce your valuable, well-thought out DR policies. Secure online backup options have emerged that essentially automate the DR processes. One example is Iron Mountain’s Electronic Vaulting product.

This type of service is easy to implement, operate and test. Initially you download a small client piece of software to a desktop machine or server. As you load the software, you indicated which files and/or data are to be backed up and on which schedules. Then you initiate the first backup. This creates the relationship between your data and the secure backup data center. The first backup will probably take a significant amount of time, depending on the amount of data specified. From then on, the backup sequence takes just a few minutes each day and can be automated to occur without human intervention.

This online approach has a number of benefits versus tape backups. Online backups are automated, secure, offsite and easily accessible. Tapes require a significant amount of time and infrastructure to maintain. Options even exist for doing real-time backups online, especially for servers. Then data can be backed up as it is saved.

These online services allow for a range of data recovery options, from simple file retrieval to complete system restoration. Much of this can be done via a secure browser login to the online backup site. This also means testing backups is very simple. Just login, search for a test file, then download it and test to see if it is complete.

The downside to online backups has been cost. Fees are measured on a subscription basis, based on the amount of data you back up. You pay a monthly fee going forward for such services. Even though costs for these services may appear high, when you weigh them against all of the costs in material and time for tape backups, they are more reasonable.

The other issue with online backups is Trust. If you are placing your valuable data offsite, you want to make sure the partner is trustworthy and viable. Generally you will find a correlation between cost and trust. - the higher the cost, the greater the trust usually.

Expect more online backup services to come into the market and also expect some shakeout as this industry matures.

The Road Never Ends

Bruce Schneier, an international security expert, explains that good security is security that fails well. Similarly, good disaster recovery is DR that comes in layers and can handle different types and levels of disaster. This article has shown different methods of backing up information and providing for disaster recovery. Consider using more than one method to insure that yours and your clients’ data is properly backed up and accessible when the disaster strikes, whether it’s a failed server, a fire or a larger communitywide disaster.

---

About the Authors

Laura A. Calloway has served as the Director of the Alabama State Bar’s Practice Management Assistance Program since 1997. Before joining the Alabama State Bar to establish the program, she practiced law in Montgomery, Alabama, for 16 years as a solo practitioner and member of two small firms, concentrating her practice in residential real estate, collections, consumer bankruptcy and family law. She is a member of the ABA TECHSHOW 2008 Planning Board, and is a regular contributor to Law Practice Magazine.

Toby Brown is a Client Relations Manager with Fulbright and Jaworski, LLP. Based in the firm's Houston office, he provides business development services to lawyers throughout Fulbright's 16 international offices. Additionally, Toby drives Fulbright’s various knowledge management initiatives. Prior to his employment with Fulbright, Toby was Director of Communications for the Utah State Bar where, in addition to communications, he managed the Technology, CLE and Access to Justice programs. Toby has served on numerous legal related boards, committees and task forces and presents nationally on a broad range of legal management and technology topics. His education includes both a BS and MS in Economics from the University of Utah.