How Large Is Your Digital Shadow (Part 2)

In part 1 of this post, I wrote about the “Digital Shadow” and provided some examples of all of the data that is being created about you or on your behalf, in addition to the data that you create.

Here, we’ll walk a few activities in a typical day, and identify some (but definitely not all!) of the digital shadow that’s being created.   On the left side of the table is a listing of activities, with a discussion on the right noting the digital data that’s being left behind.

Wake up, turn on my phone to check for new texts and emails, surf the web for news and read email in my personal email account. The cell phone carrier has a record of my phone contacting the local tower when it is turned on. knows that I logged into my account and has information about my location based upon my IP address (tracked for security and other purposes).   Since I’m logged into email, my email provider keeps track of my searches (I can turn this off).  My ISP (the cell is often on WiFi for data when I’m home) has information about the sites that I visit.  My browser locally records my history, and the sites I visit may be leaving or updating cookies and/or capturing my IP address along with some unique identifiers on their own servers.


Later, I start my work day, logging into the corporate VPN and checking and responding to email messages. The VPN system has information about my log-in, and some of my activities are preserved in email including replies and new messages that I create.  The recipients of my email messages also have a copy, and each copy may be replicated many times for email archives and data protection (backups, etc.).  I don’t think my company tracks my location, but it could.


One of my emails includes a file sharing link to a folder for content.  I add this link/file to my folder, and make changes to one of the presentations in that shared area. When I add the link, a copy of everything in the shared folder is made on my laptop, and the information about the link is logged by the system.   This process is replicated for all of the accounts where this app is installed (cell phone, tablets, etc.)   As I change and re-save the presentation, everyone sharing the folder receives the update (and this information is logged and distributed as “news” to other sharing the folder).


I grab a quick lunch at my favorite sandwich shop, and while waiting I check in on Facebook, make a few posts and re-tweet a message on Twitter The shop tracks my purchase (and thus my location at that time) with my loyalty card.  Facebook and Twitter both have new content from me that they time-stamp and (unless I’ve turned it off) also know and save my location.  My location is tracked by my phone.  As with every purchase I make today using a credit card, data about my purchase is tracked and available to me online; it is also stored and shared within my credit card company as permitted.


I finish my blog post and push “publish”. The post is published to one of our company blogs.  This automatically triggers a tweet about the posting from a few company accounts (and I send my own Tweet), which in turn generates additional data through re-tweets.  My tweet may include my location (this can be turned off).  The blog is captured and republished by several “automatic” online news sites looking for compliance stories – so now it exists on their servers, is backed up by them, and sometimes even re-distributed to hundreds or thousands of subscribers as part of a newsletter distributed in email form.


I’m flying later today, so I visit the airline’s site to view the status of my upgrade request and check-in.  I rent and download a movie to my tablet for the trip The airline’s systems capture my log-in and my check-in information.   iTunes records my purchase (as does my credit card company) and the movie is downloaded to my tablet for later viewing.


A client calls and we talk for a few minutes.  Then I attend a meeting remotely by phone and web conference.  I call my client back with some additional ideas and leave her a voice message. “Metadata” on both sides of the call is recorded by the carriers – start time and number, end time, etc.  I log into the web conference with my browser and use a password, so that system records my IP address, along with everyone else including the owner of the account. The duration of the conference and the time at which individual attendees “drop” the conference is probably saved.  The voice message system now has a log of my call (time, duration, phone number) along with a recording of the actual message, which might be transcribed and sent by email (e.g. Google Voice).


On the drive to the airport, I use a social GPS phone app to check traffic The GPS app uses my location so it knows where I am, and is combining that information with thousands of others to update traffic information.   My cellphone carrier is also creating records as it switches cell towers along the way.  The toll pass on my windshield notes the time and my account (i.e. me) as I electronically pay my fare on the highway.  My car has dozens or hundreds of sensors recording information that will be downloaded at a later date when it is serviced.


As I park my car at an offsite location, I send a quick text to a friend. My parking service uses a card reader that registers my entrance to the facility. My carrier creates a record of the text I send, as does my friend’s carrier.  The texts are also stored on each phone (and possibly some tablets and other devices if linked to the same account).


At the airport, I check my bag and head through security. My airline knows that I’m at the airport and has data about my luggage, too.  Since I’m in the TSA “Pre” line, TSA’s systems know and record my location on check-in.


Waiting for my flight, I buy a cup of coffee and take a photo of an item that may make a good gift. My credit card company registers the time, date, location and amount of my purchase.  The photo that I take is stored, and it tags itself with location info using GPS (unless I turn off this feature….), all of which is stored on my phone, which replicates to a cloud and then across other devices.


During the flight, I work on a spreadsheet and a presentation. Okay, this didn’t really happen because there’s no room in the cramped plane – but if it did, I now have new documents on my laptop, which will also be replicated and backed up soon.


Upon landing, I reclaim my luggage, pick up my car rental and use my GPS app to drive to my hotel. The airline tracks the location of my bag and the time that my flight arrived.  My rental company records the time and location of my rental, and of course the GPS app knows when and where I left the airport, along with the hotel where I stay.  The hotel keeps information about my check-in, and my credit card company knows that I’m there, too.


That night I log into the hotel wifi, check some emails and call it a night. The hotel’s wifi system maintains information on my log-in for billing (and possibly security) purposes.  I may have forgotten, but my trusty DVR at home remembers to record a few of my shows, which are stored on the DVR’s drive.



I intentionally created a very small amount of this data – the blog post, the photo, and some changes (one copy!) to files that I edited, along with some email and a few pieces of social media content.  Yet my activities generated dozens and dozens – if not hundreds – of discrete data chunks, some of which will be preserved for a long duration.


All of this data poses interesting questions, most of which have not been clearly answered:  Who owns and controls this data?  How much of it is / should be subject to privacy requirements?  Is this data available for: eDiscovery; compliance; other purposes?  Should I be made aware of the data that’s being created and stored?  Should I have the right to demand that the data is not retained for long, never retained, or never even created?  Would these answers be different if I lived in Europe?  What if I’m a US Citizen traveling there, or vice-versa?

It’s an interesting exercise, try it out yourself – you may be surprised by your results!




Jim Shook

Jim Shook

Director, eDiscovery and Compliance Field Practice, Data Protection and Availability Division
I am a long-time “lawyer/technlogist”, having learned assembly language on a TRS-80 at age 12 and later a degree in Computer Science. But the law always fascinated me, and after being a litigator and general counsel for over 10 years, the challenges that technology brought to the law and compliance let me combine my favorite pursuits. I spend my days helping EMC’s customers understand their legal and compliance obligations, and then how to apply technology and best practices to meet them.

Global IT Trust Survey Underscores Critical Tipping Point


The results of a massive Global IT Trust survey are in, and the data is startling, especially for the less mature IT organizations among us.

Of the 1,600 IT and 1,600 business leaders surveyed:

  • Nearly half of the respondents (45%) reported that senior executives weren’t confident that their organizations had adequate availability, security and backup and recovery.
  • 61% reported said they had experienced unplanned downtime, a security breach or data loss in the last 12 months.

Even more troubling is data associating these types of IT incidents with real-life business consequences—and what these numbers could look like in 12-24 months, if organizations keep marching to the same data protection tune.

Of the 61% who experienced downtime, a security breach or data loss within the last 12 months:

  • 45% reported loss of employee productivity
  • 39% reported a loss of revenue
  • 32% reported a loss of confidence/loyalty
  • 27% reported a loss in incremental business opportunity.

Folks, as we’ve been talking about on The Backup Window for the past many months, we’re at a tipping point.

The way your organization does IT and data protection is more important than at any other point, and that’s why Stephen and I have blogged about the importance of your infrastructure and the lasting dangers of accidental architectures, why Guy has been challenging our thinking in his “Know Yourself” posts and why Irina Simmons, EMC senior vice president and chief risk officer, is encouraging all of us “to pursue greater maturity in IT to protect intellectual property and reputations with customers, shareholders, and other public stakeholders.”

Accidental architectures are pervasive:  73% of Respondents lack centralized backup & recovery

Accidental architectures are pervasive: 73% of respondents lack centralized backup.

Traditional backup approaches aren’t meeting the challenges of enormous data growth and application performance, and they aren’t driving services-oriented business models. And this is a big deal.

It’s fueling concern within organizations not just about the readiness of the IT team to reduce unplanned downtime and data loss but also among business teams about IT’s very ability to move forward aggressively. And this has the potential to stall strategic IT initiatives around Big Data, cloud computing, mobile, etc., and can cost your business big dollars in lost revenue, lost business opportunity and lost productivity.

The higher your organization is on the maturity curve, the more likely they are to implement more strategic and leading-edge technology projects such as Big Data Analytics.

The higher your organization is on the maturity curve, the more likely they are to implement more strategic and leading-edge technology projects such as Big Data Analytics.

These have been consistent themes across our blog throughout the year, and now the IT Trust survey confirms our thinking on a global scale. How you do data protection does matter to your business.

 A ‘Biggar’ Perspective…

For years, my girls were competitive gymnasts, and whether they were level 2’s or level 9’s, their practices started with somersaults—and not just any old ones. Their coaches were very particular: tuck, roll, grab; tuck, roll, grab; tuck, roll, grab…and so on. I can still hear the sound of their hands slapping their knees.

Early on I didn’t understand the significance of the somersault, but as my girls advanced to more complicated skills on the floor, beam, vault and bars—free of injury—it became very clear. The foundation is critical.

Data protection is your IT foundation. Done right, it can and will help advance your business. However, done wrong, it can be a gating factor of success. It’s that simple.

So, tuck, roll, grab!

Heidi Biggar

Heidi Biggar

Marketing and IT Consultant, Data Protection and Availability Division at EMC Corporation
I’m often asked how a political science major at Tufts wound up in the IT world, covering backup, storage, virtualization and cloud of all things. Truth is, it’s really a love for learning, a need to understand the “bigger picture” and a desire to share that view with others that’s steered my path over the past 20 years, from campaign manager to editor, analyst and marketer. After hours, you’ll find me hanging with family, running 10ks through Peachtree City’s 90 miles of cart paths, watching football or reading. I’m a New England transplant enjoying life in the South. In my previous life, I also blogged for ComputerWorld, Enterprise Strategy Group and Hitachi Data Systems, but The Backup Window is my baby. It's been great watching it evolve.

The Payback from Backup Transformation – Part 3

Lady Backup will conclude this series looking at a recent IDC analysis that quantifies the business benefits from backup transformation.

In Part 2 , we looked at the categories of savings from companies who modernized their backup infrastructure with EMC, totaling $3 million in savings per year.  In Part 1, we looked at the financial benefits, showing n average a 5-month payback on the investment into EMC backup solutions.

So what did these companies change to make this kind of impact?  They modernized their existing backup infrastructure in 3 key ways: ROI Graphic

  1. They replaced tape with purpose-built backup appliances.  Companies in the analysis reduced $1.8 million over three years by eliminating or significantly reducing the use of tape in their backup and DR processes.  IDC documented several headaches associated with tape, including failed backups and tape management.   With EMC, operational recovery speed on average improved by 64%.  DR readiness was also significantly improved with EMC.   Not only did speed for disaster recovery improve by 88%, companies are now able to test their DR plan.
  2. They added deduplication into the backup process. A common challenge for all of the companies in this study was data growth rate, which IDC estimates was 35% per year on average.  With that in mind, it is reasonable to assume that costs would continue to escalate for backup storage capacity if these companies had not included deduplication in their backup process.   IDC documented an 86% reduction in storage capacity from deduplication, which had a major impact on the storage cost savings.
  3. They consolidated backup silos across multiple environments, including their physical and virtual servers.   These companies got a handle on in their “accidental architecture” with an integrated, centrally managed data protection strategy.

In summary, IDC shows us a strong financial argument for backup transformation and why EMC.  But to close I want to come back to the impacts on the business.

On average, companies in the study had a 40% success rate of operational recoveries before they modernized their backup infrastructure.  I don’t know about you, but I don’t consider a 4 in 10 chance of a successful recovery to really be “success.”  After replacing existing backup infrastructure, the companies in this study now have a 100% success rate.

A 100% success completely changes the game.  Instead of hoping that the recovery will work, these companies have the confidence that when they need to recover something, it will quick and reliable.

All of the details about this study can be found on a dedicated Web page.  And we invite you to join the conversation using #IDCROI.

Read  more on ThoughtFeast. LB
Lady Backup
Lady Backup’s career in IT dates back before the time of the Spice Girls. Initially I started in high tech journalism in the US and eventually transitioned to become an industry analyst. My analyst years also coincided with my education – during this period of my life I was working on my MBA. After 7 years of going to school at night, I graduated with distinction with an Information Age MBA degree from Bentley University (at the time it was still Bentley College) located just outside of Boston. With degree in hand, what’s a restless girl to do next? This is where networking with fellow classmates led to a job at EMC. Starting our Hopkinton headquarters, I moved outside of the US with EMC International when I felt it was time for my next change. Today, Lady Backup is an American on the loose in the world. Living outside the United States has been a fascinating experience. For the moment I call England home. But I’m feeling my next wave of restlessness coming. Here are two hints: I love sunshine and I’m improving my Spanish.

More than Microsoft Support – EMC NetWorker 8.1 SP1

Time flies.  How many times have you heard that??  Colloquialism aside, it’s true.  We announced NetWorker 8.1 in July.  For the 5th blog post in the ‘Meet NetWorker 8.1’ series, I would like to introduce you to the latest update, Service Pack 1, which is now available.

If you have been following The Backup Window, EMC Pulse blogs, or @EMCBackup on Twitter you saw that we publicly announced NetWorker 8.1 SP1 on November 4 along with Avamar 7 SP1, as enhancements to the Data Protection Suite for Backup.  While our emphasis was around support for the latest Enterprise releases from Microsoft, I’m here to inform you that this Service Pack for NetWorker offers much more!

What, you ask?  Well, I will try to make this a quick read for you by giving you some of the highlights and point you to further reading, if you are so inclined.

Enhanced EMC Data Domain Integration

Deeper integration with EMC Protection Storage

Let’s start with the expansion we continue to make in integrating NetWorker with Data Domain systems.  We are seeing incredible adoption rates of our NetWorker Client Direct to Data Domain capabilities. To expand this adoption, we now offer client direct support for databases on UNIX/Linux platforms.

At the same time, we have continued to enhance NetWorker’s integration with Data Domain Systems.The new DD Boost over Fibre Channel support in NetWorker 8.1 allows customers with established FC networks to eliminate VTL systems as a “backup-to-disk band-aid” and use Data Domain systems in a next generation backup to disk workflow. While this support was previously available for file systems and Microsoft applications, we have now added the cross platform applications supported with the NetWorker Module for Databases and Applications.

Snapshot Management Enhancements

Can you say ‘snapshots’?  I hope you have taken the opportunity to test out the new snapshot management capabilities directly integrated into Snapshot Management EnhancementsNetWorker 8.1.  If you are protecting a mission critical application like SAP or Oracle, you know that using snapshot technology can keep you ahead of the game when trying to meet RPO’s.  To make life easier for you, we have added SAP and Oracle workflows to the NetWorker Snapshot Management configuration wizard, eliminating all the scripting that would need to be done manually.  This makes things more reliable as there is less room for configuration error by using a wizard based workflow, and it validates the settings you selected before they are applied.

Backing up a file-system block-by-block…

Have you tried the new Block Based Backup for Windows feature in NetWorker 8.1?  If so, and you felt that the VHD format was too limiting at 2TB, we now support VHDx and, therefore, lightning fast backup of 64 TB volumes using VSS and change block tracking technology. For those that aren’t too familiar with this capability, NetWorker Block-Based Backup enables backup of high-density, Windows-based file systems at five times faster than traditional file-based backup technology, two to four times faster restore, and up to 25 times faster than the nearest competitor.

Support for VMware vSphere 5.5

The EMC Data Protection Suite and it’s integration with VMware vSphere is stronger than ever! We work to release support in our products for the latest versions of VMware releases and this release is no different. EMC NetWorker  for Backup includes virtualization support to include private-cloud environments based on VMware vSphere 5.5!

The features mentioned here outline a taste of the ‘biggest bang for the buck’ when you upgrade to the latest Service Pack. For more information regarding highlights of the new Microsoft support within the Data Protection Suite, please read last week’s blog by Phil George (@vPhilGeorge).

Look here if you’d like to read more about what’s new in NetWorker 8.1 SP1 and join the conversation, too!

Sherry Davenport
I started in the IT industry over 30 years ago — it sure doesn’t feel like that long! I worked my way through the ranks starting at the old Digital Equipment Corporation in software sales support, sales training, channel training, product management and, ultimately, marketing. My background includes digital imaging, team productivity software, Alta Vista (remember that?), storage management, storage networking and most recently backup and recovery software. While I love my job, I love cooking and wine appreciation even more.

What’s Next for Cloud Protection?

187957288Male Answer Syndrome is a worldwide affliction that prevents people from saying “I don’t know.” Do you answer questions that a couple is whispering … 10 feet behind you? If somebody asks a question filled with acronyms that you don’t understand, do you make up new acronyms… daring somebody to call your bluff? Do you shout out your responses to Jeopardy… inside Target? If so, welcome to my world. You suffer from Male Answer Syndrome.

Sometimes, however, I see something so important that I admit, “I don’t know what that means. I need to learn about it.” Ever since Mozy became part of EMC Backup Recovery Systems Division earlier this year, people have asked, “What is the future of Mozy? What’s the future of cloud? What does it mean for our broader portfolio?”

While I’m tempted to pontificate with great specificity about the next decade of data protection, I don’t know how everything will turn out. There, I admitted it. However, what I do know is that Mozy is at the nexus of a number of trends:

  • Consumerization of IT. An increasing number of end users tell us their consumer IT experience far exceeds their enterprise experience. With its roots in the consumer backup space, Mozy brings a fresh perspective on simplicity to EMC Backup.
  • IT as a Service. It is a cliché, but users want to solve business problems, and somehow they end up hearing about IT’s technology challenges. Mozy sells protection services, not software and hardware, so they think about “product” differently.
  • IT convergence. While most people think in terms of physical systems, IT convergence is more about consolidating different workflows to streamline operations. The Mozy team views backup as just one of many services to offer customers.

As for questions like, what exactly will Mozy look like in five years and how long will the industry take to transform? I don’t know. But I do have a good idea on how cloud protection will evolve:

  • Cloud in a traditional protection architecture. Customers are writing and replicating traditional backups to the cloud. Like VTL for disk, it’s not the ideal solution, but it’s the simplest to deploy.
  • Cloud-centric data protection. Customers will use cloud protection solutions to address existing pain points. We saw the same approach with disk-centric protection: compliant archive (Centera), remote office (Avamar), and application-direct backups (Data Domain). Cloud will likely address: endpoint protection (mobile devices), compliant archive (constantly-evolving regulations), and disaster recovery (companies without a second site).
  • Cloud-centric data management. This will be the change that disrupts the industry. Currently, we see disk driving the evolution from backup to data protection (convergence of disaster recovery, backup, and archive), which disrupts traditional backup architectures. The next disruption will occur when organizations realize the only difference among their protection, test & dev, analytics, and collaboration copies is how these copies are managed and accessed. The cloud model will break down the boundaries between the copies, and the convergence will transform protection from an insurance policy into a daily business asset.

These shifts can be daunting, especially if you’re still running traditional tape backups. Fortunately, there is a well-established path to walk from tape backup to disk backup to infrastructure-centric data protection. Meanwhile, a solid architecture can help you manage the transition to cloud—however it actually plays out. That is why we advocate a Protection Storage Architecture; it will help you bridge the gap between backup, data protection, and data management—at your own pace.

Over the next decade, cloud will transform data protection and management. Over the next few years, there will be chaos in this space, as multiple companies search for the right balance of technology, process, and business model. I’m thrilled that we have the Mozy team who focus on this transformation and who approach the challenge differently than I. Even as a longstanding victim of Male Answer Syndrome, I know when to say, “I don’t know. Help me learn.”

Stephen Manley

Stephen Manley

CTO, Data Protection and Availability Division
Over the past 15 years at both EMC and NetApp, I have traveled the world, helping solve backup and recovery challenges - one customer at a time (clearly, I need to optimize my travel arrangements!). My professional mission is to transform data protection so that it accelerates customers’ businesses. I have a passion for helping engineers pursue technical career path(without becoming managers), telling stories about life on the road and NDMP (yes, that’s NDMP).