by Bella Shen Garnett, DMD, MS

Criteria for choosing a data backup service

Thinking about the reliability of your current, in-house data backup system? You should be. Questionable tape, CDs, or disks can corrupt data; media and hard disk drives fail more often than you know; and human error can cause accidental file deletions, file overwrites, viruses, and lost backups. Imagine if you lost all your paperless records, digital photos, 3D and other images, all your e-mail, and your patient and management information. Using an automatic, online, off-site backup service eliminates these risks, ensuring complete and accurate backups whenever you need them, whether to replace one deleted file or to restore all your practice’s data.

But how do you pick the right online, off-site backup service for your needs? What are the common pitfalls and problems in online, off-site backup and storage, and how do you avoid them? These are the questions businesspeople are asking, and they’re good ones.

Bella Shen Garnett, DMD, MS

Obviously, if you have an office “event” (anything from a disk or computer mishap to a full-fledged disaster), any equipment and media you have on-site may be nonfunctional, inaccessible for some time, or completely destroyed. External media (disks, tapes, thumb drives, CDs, etc) are only as good as the integrity of the media itself, your diligence in constantly maintaining and verifying them, your consistency in rotating them out of your office to an off-site location, and the staff you charge with the responsibility for maintaining them.

Using an online, off-site backup service should eliminate the need to handle media and any related equipment. For even more redundancy, it’s a secondary, more automated backup mechanism. This minimizes all the risks associated with human error, defective media, and uncontrollable accidents.

This article explains the reliable information you must have before you select a backup service. Even if you have a technician helping you with your backup strategy, it’s still your practice, and it’s ultimately your responsibility.

Criteria for Choosing a Backup Service

  1. The provider must have redundant sources of key supplies for maximum reliability.

For an online service to be reliable, it has to have two very important attributes: first, competent and redundant sources of supplies. This means it has to use good equipment, media, and supply services, and it must have various levels of redundancy. Second, it must have substantial environmental and operational controls in its facilities.

Oak Tree Storage provides an excellent example of good equipment and media; it uses brand-name products like Cisco, Hewlett-Packard, SonicWall, IBM, and others. Some second-tier products are acceptable but only if they’re from large, reputable resellers or vendors with an established reputation.

Examples of redundancy include alternative power sources in addition to the primary utility company. Sometimes this can be a second power feed from a different site of the same power company. Sometimes it can be from a different power company altogether. This depends on location and proximity to different power suppliers.

In addition to power redundancy, backup power is essential in the event that the data center facility loses power. Battery backup power is common, but unless it can provide at least a week’s worth of power requirements, it isn’t worth too much. Kerosene-, solar-, or diesel-powered generators provide alternative backup power, but again, it has to have the capacity—and current storage—of a few weeks’ worth of fuel in order for it to be of real value in protecting your data and making sure it’s always available to you.

Furthermore, unless these backup power sources are checked, tested, and recharged as part of a regular maintenance program, their reliability is in question. Oak Tree’s power is supplied by the most reliable utility company available, with multiple feeds. Its highly secure and redundant facility has about a month’s power available in its battery room, plus more than a month’s supply of fuel for its rooftop generators.

Bandwidth is also a highly critical item. Unless your prospective provider has adequate “committed” bandwidth, or at least “burstable” bandwidth (immediate, short-term added bandwidth in response to your processing requirements at any given moment) from its carriers, you may find your backups—or worse, your occasional restores—to be unacceptably slow.

Again, redundancy is important. Many professional data centers have Internet connectivity with more than one carrier. This provides not only redundant bandwidth, but redundant suppliers. If one carrier has some technical difficulties, automatic switching to another carrier’s bandwidth will keep your supplier—and therefore, your backup service—up and running.

Oak Tree Storage’s data center’s location allows it to maintain Internet connectivity with numerous different national and international Internet vendors, so that the data center can “load-balance” constantly to provide full bandwidth equally distributed among the suppliers in the event that one loses its service for any reason.

Environmental controls include fire suppression, air conditioning and ventilation, air filtration, and other data center components that provide a proper environment in which high-powered, heat-generating equipment can function properly and safely. Oak Tree’s data center is a facility shared with many businesses, including some of America’s largest corporations, and it maintains the highest standards of environmental controls, including a Fire Suppression System Pre-Action and a Fike Fire Alarm System. It uses a scalable environmental control system that provides stable temperature as well as a dust-free and static-free environment. It’s equipped with precise sensors to ensure a maximum variation of 4ºC in the internal temperature of production areas. This system is under continuous operational status monitoring.

Be careful of “Web site attraction.” The most professional-looking Web site can be backed by the smallest, one-person “living-room” operation. You need to differentiate between an online, off-site service provider operating out of a home environment with cable or DSL bandwidth (and therefore extremely limited capacity) and a professional service provider with professional data-center facilities, bandwidth capacity (or at least immediately accessible capacity) well in excess of your individual needs, and appropriate redundancy in all key areas.

  1. The service must provide data retention options.

Backing up corrupt or “infected” data, or deleting a backup file because the original file was accidentally deleted, is almost the same as not backing up at all, since your data is unusable. One of the most common ways offices lose image data is when a user or your imaging software accidentally overwrites one patient’s images with another. In most cases, you don’t find out about this mistake for months or even years after this happens. By then, it’s too late to recover the original images. Traditional backup software is not able to recover from this type of data loss. Oak Tree’s unique Data Retention feature allows you to recover this data loss many years after such an event.

By keeping copies of different files/databases for different lengths of time, you’re ensured of always having a good backup of your data. Oak Tree’s powerful retention options permits you to use a 20-year retention cycle for your 3D, cone-beam, and other digital images. Oak Tree also provides a table of recommended retention cycles for all different types of data to ensure you always have good backups.

  1. The provider must use encrypted key and security protocols for optimum security.

Your online, off-site service vendor must offer high levels of security in several areas: physical facility access, Web site access, Internet connectivity access, client and server software access, and secure communications across the Internet. In addition, you want to be sure there is appropriate protection against malicious outside influences including viruses, spyware, spam, and most of all, hackers.

Most professional data centers typically utilize some kind of access security, varying from a guard at the front desk of the building, pass-code door locks, keycard access (like many hotel rooms), to biometric (fingerprint recognition) access control. The more secure the building, the floor, the data center rooms, and the equipment racks, and the equipment they contain, the more secure your data. A guard dog in the front yard and the front door lock of a “living-room-provider” does not qualify as secured access.

Oak Tree’s data center is shared with major American corporations and other highly security-conscious companies, and contains added security of the building environment in which it resides. It is fully HIPAA-compliant.

When your data is backed up, it should be encrypted (jumbled with a special code) and, preferably, compressed (to reduce the disk space is uses), before it is transmitted over the Internet. That special code is called an “encryption key.” Oak Tree’s software includes several major encryption options, including those used by the US Government for secret-level security. Thus, your data is truly unreadable to anyone except those who know the correct key, regardless of where your data resides. The process works like this: The data is encrypted (and compressed) at your computer prior to off-site transmission, and is subsequently encrypted (by industry-standard Secure Sockets Layer) during transmission.

Web site, client, and server software should all be user-ID- and password-protected. While more than one person in your office may have the information to access the Web site or your client software, no one outside your office (or unauthorized by you) should be able to log into your account or access your data. You control that information. Your provider may or may not be able to help you recover a lost password. All access to Oak Tree is ID- and password-protected.

Professional data center facilities typically provide firewall support to its customers. Some service providers add their own firewall, which includes Quality of Service interruption protection (“jamming”). Servers (and private firewalls) should be running automatically updated anti-virus and anti-spyware software. Oak Tree does.

Your prospective backup provider should tell you the features it has in place to provide you with these different but important levels of physical and logical security—before you choose to entrust your vital business data to them. Oak Tree Storage provides numerous levels of this security.

More Criteria, More Information

There are numerous additional criteria that are important in evaluating online/off-site backup services. Oak Tree makes these available to you for free, and they can all be found in a Special Report available on Oak Tree’s Web site at Downloading the report will help you prepare properly to select the right backup service for your specific requirements. Oak Tree only wants to be your online/off-site service provider if it makes good business sense for you.

Bella Shen Garnett, DMD, MS, maintains a private practice in the Presidio Heights/Laurel Village area of San Francisco. She is an associate professor at the University of the Pacific. She has no financial interest in the products mentioned here. She can be reached at