The present invention relates to systems and methods for data storage and protection and more specifically to systems and methods for creating, maintaining and updating geographically dispersed secure redundant data storage architectures and facilities.
Data has increasingly become a critical asset for businesses of all kinds. Data such as financial transactions such as stock trades or check clearing, customer records and account status, inventory and supply chain information, medical records, and so forth are the lifeblood of many businesses, and corruption or loss of such data can cause significant financial loss, penalties, fines, reduction in customer satisfaction or market share. In the extreme, even bankruptcy or total business failure can result from such data loss.
Over the past years, a number of technologies, architectures, and strategies have evolved to protect data. For example, one such strategy is local RAID (Redundant Array of Independent Disks) mirroring or parity protection, which protects against hardware failure, for example a disk head crash, on a single hard disk drive unit. However, such local protection strategies cannot protect against loss of a building or data center, such as might occur during a hurricane, flood, fire, tornado, earthquake, or the like.
To protect against such catastrophic disasters, the concept of remote mirroring was developed and implemented. Briefly, remote mirroring uses a first site and a second site located sufficiently far away, typically 20-25 miles or more, which are connected by a network. An original copy of the data at the first site may be “snapshotted” and then copied to the second site over the network. Also, once two copies, or instances, of the data exist, updates to the first copy are also applied to the second copy, through a variety of techniques providing lesser or higher degrees and guarantees that both copies are totally identical, including recently applied updates, typically referred to as synchronous, semi-synchronous, and asynchronous mirroring. By maintaining two copies of the data, it greatly reduces the probability that a single event such as a tornado would destroy both copies, offering a higher degree of protection against loss of data.
In more recent history, terrorist attacks and threats have highlighted another type of scenario not previously anticipated. Rather than the random threat posed by a hurricane or other natural disaster, this new threat type is that of a directed, intelligent and premeditated type able to plan so as to maximize the negative impact of actions against institutions such as banks, brokerages, and clearinghouses. Similarly, threats to data integrity may come from an internal source such as a disgruntled employee who may have access to internal procedures, systems and devices.
When protecting data, two locations are clearly insufficient, because it is easy to target both locations. Although it is common to try to shield general information regarding such locations, e.g., by using small signs or no signs, windowless buildings, and the like, a determined attacker can easily gain such information by surveying locations, talking to industry insiders, bribing former IT employees, or the like.
However, simply multiplying the number of locations, e.g., from two to four, while clearly dramatically increasing the cost of protection, may not greatly enhance the protection against loss from a determined attacker with inside information.
What is needed then is an economical and effective system and method for protecting data against loss from a variety of external factors and forces as discussed above.