Druva inSync vs. Code42 CrashPlan for Enterprise Comparison Guide
Who this paper is for:
This guide is written for IT professionals who play a part in data protection and governance at their enterprises.
Table of Contents
- Executive Summary
- 1. Why Switch from CrashPlan to inSync?
- 2. Data Deduplication Techniques
- 3. Persona backup
- 4. Data governance and eDiscovery
- 5. Security and Data Privacy
- 6. Availability and Data Durability
- 7. Integrated file sync & share
- Product Comparison Chart
At first glance, inSync and Code42 CrashPlan for Enterprise might seem similar, as both are designed for endpoints, provide flexible deployment options, license per user and have some common features. However, inSync has several architectural advantages and integrated features, such as data loss prevention (DLP), file sharing, and governance, which provide business with higher value at a lower total cost of ownership (TCO) than CrashPlan does.
Druva inSync is the only unified platform which offers endpoint backup, EFSS, eDiscovery enablement and DLP. Druva designed inSync as a unified endpoint data protection, sharing, and governance solution that delivers the visibility and management needed for large enterprises. This approach enables organizations to benefit from the performance increases delivered by our unique global deduplication system, as well as minimize the data replication inherent with siloed solutions. Security and governance remain centralized, providing comprehensive audit trails, and the ability for legal hold across all your endpoint data.
This report will compare the features of CrashPlan and inSync across several different categories, including: data deduplication, persona backup, data governance and eDiscovery, security and data privacy, availability and data durability, and integrated file sync and share.
1. Why Switch from CrashPlan to inSync?
- inSync saves 80% in bandwidth and storage with global, application-aware, client-side deduplication.
- CrashPlan does not have the ability to globally deduplicate data across all users in an enterprise.
- CrashPlan’s dual-destination backups require twice the bandwidth as inSync.
- CrashPlan cannot enable efficient OS migration or laptop refreshes, as it lacks system and application settings backup.
- CrashPlan does not integrate with MDM providers.
- CrashPlan does not backup mobile devices or containerize corporate data.
- CrashPlan’s data centers – which are located in Minneapolis and Atlanta – are not ITAR, FISMA, ISAE 3000, SOC-1 (SSAE 16/ISAE 3402) SOC-2 or SOC-3 certified.
- CrashPlan has no stated SLAs on data durability and availability.
- CrashPlan’s security options trade-off enteprise level data accessibility for security and privacy, opening a hole for data loss through lock-out.
- CrashPlan does not offer mobile smart device remote wipe capability for DLP to prevent data breaches.
- With CrashPlan’s SharePlan, file sharing is only available for on-prem deployments and is not integrated with backup data.
2. Data Deduplication Techniques
|Data Deduplication Techniques||Code42 CrashPlan for Enterprise||Druva inSync|
|Deduplication methodology||Variable-block level, only deduplicates within a single device||Object level, global, and client-side|
|Email and attachments||PSTs are evaluated as a single file||Deduplicates individual messages and attachments|
CrashPlan deduplicates only across data from a single device providing very limited bandwidth and storage savings.
- Variable-block based, byte level deduplication is not accurate at determining block boundaries (objects) to efficiently deduplicate objects within/across different file types
- The per device model results in a single 100MB file, stored on 20 user’s devices being backed up 20 times, whereas global deduplication which will only store it once
- Without email awareness, a PST file must be assessed and backed-up every pass, resulting in a lot of wasted storage
inSync’s deduplication is global, application-aware, and client-side which results in 70-80% bandwidth and storage savings.
- inSync deduplicates data across all users/devices in the enterprise
- Because of its application-aware nature, inSync provides optimal deduplication with Outlook, PDF, and Office files as it accurately determines block boundaries and can recognize objects within as well as across these file types
- inSync is far more efficient in backing up large PST files as it uses MAPI to deduplicate at the message/attachment level
- Resulting bandwidth and storage savings mean faster, compact backups, a better end user experience, and lower TCO
Storage and bandwidth usage over time:
inSync will use 17TB less storage and bandwidth (80% less) compared to traditional backup after 1 year of implementation.
3. Persona backup
CrashPlan does not offer system and application settings backup.
With inSync’s Persona backup, users can backup system and application settings in addition to their files and folders.
- Eliminates the need for painful BMR on endpoints
- Saves end-user time spent in manually reconfiguring system and application settings to get back their familiar working environment
- Can be used for OS migration or laptop refreshes, eliminating the need to purchase software specific to OS migration that has no use after the migration process is completed
- Makes replacement/refresh and OS upgrade/migration processes efficient with user self-restore of both data and settings
4. Data governance and eDiscovery
|Data Governance & eDiscovery||Code42 CrashPlan for Enterprise||Druva inSync|
|Federated search and legal hold||No||Yes|
|User activity streams||No||Yes|
|Admin tamper-proof audit trails||No||Yes|
|Direct access for eDiscovery platforms||No||Yes (e.g. AccessData, Recommind)|
CrashPlan does not allow admins to perform federated searches of files or folders across all users/ devices. Furthermore, CrashPlan does not provide integrated audit trails or DLP features.
inSync enables IT governance of endpoint data with a 360 degree view of all activities.
- Unified data governance and eDiscovery enablement
- Undeletable audit trail of all admin activities
- Reporting & activity streams
- Federated access enables IT and legal teams to locate, view and manage endpoint data without impacting custodians
- Built-in legal hold workflow facilitates the collection and preservation of relevant custodian data or legal teams
- Enables ingestion into an eDiscovery platform (Recommind, AccessData) directly from inSync’s repository for further review from legal teams
- Unified data protection across laptops and smart-devices
- Encryption of data in the device
- Remote & auto wipe of data
- Mobile device data containerization
- Access restrictions
5. Security and Data Privacy
|Security and Data Privacy||Code42 CrashPlan for Enterprise||Druva inSync|
|Encryption in-transit||128-bit AES||256-bit TLS|
|Encryption at-rest||448-bit Blowfish||256-bit AES|
|Data encryption on endpoints||No||Yes|
|Certified cloud infrastructure management||Yes||Yes|
CrashPlan provides incomplete data security, and its data privacy measures leave corporate data at risk of exposure.
- CrashPlan stores encryption keys in on end user devices in plain text
- The Blowfish algorithm was not found to be as secure as 256-bit AES by the US Govt
- CrashPlan’s most basic security leaves it open to cloud data privacy issues, whereas their stronger encryption choices prevent compliance and legal teams from accessing employee stored files for auditing and litigation
With inSync, customers have complete data privacy.
- Unique zero-knowledge encryption management ensures that encryption keys are never stored in the cloud or on endpoints, preventing anyone except the customer from accessing data
- inSync Cloud customers can easily comply with data residency laws given access to multiple regions
6. Availability and Data Durability
CrashPlan’s cloud does not replicate data and has no stated SLAs.
- No data redundancy across data centers
- Requires dual destination backups that increase storage/bandwidth & costs
inSync’s cloud data center replication and multi-zone redundancy provide the highest availability and data durability. As well, the data centers utilized by Druva carry extensive certifications for protecting stored data.
Industry’s best cloud infrastructure
Certified cloud operations
7. Integrated file sync & share
|Integrated File Sync & Share||Code42 CrashPlan for Enterprise||Druva inSync|
|File sharing with IT visibility||Requires on-prem master server||Yes, integrated|
CrashPlan’s file sync and share product, SharePlan, is in its first version.
- Requires the use of a on-premise master server
- Separate client applications for CrashPlan and SharePlan create end-user overhead
- Does not provide admin visibility into sharing activity
- CrashPlan and SharePlan store their data in different repositories, requiring significant extra storage and no deduplication benefits.
inSync was the first provider to integrate secure file synchronizing and sharing with endpoint backup, and deliver capabilities to increase user productivity while giving IT admins granular control over sharing.
- File sharing data is globally deduplicated with backup data which amplifies bandwidth & storage savings
- Deep IT control & visibility
- enable sharing, share with who, mobile sharing, external/link sharing
- user activity streams
- Integrated document viewer (view only links, expire link by # of views)
- Selective sync (save bandwidth, disc space on endpoint)
Code42 CrashPlan for Enterprise is an inadequate backup solution for the needs of today’s mobile enterprise. On the other hand, inSync offers the industry’s best data protection solution for all enterprise endpoints: laptops, smartphones and tablets. Validated by leading analysts and a growing customer base, inSync dramatically improves IT efficiencies and end-user productivity. A recent study conducted by the Ponemon Institute, Quantifying the Value of Unified Endpoint Data Management, indicates that enterprises can save more than $8,100 per user by employing a solution like inSync, which integrates endpoint backup with secure file sharing, DLP and analytics.
Product Comparison Chart
|Feature||Code42 CrashPlan for Enterprise||Druva inSync|
|Data Redundancy Across Multiple Data Centers||Not available||Yes, can sustain concurrent loss of data in two facilities (Cloud)|
|Certifications||SAS 70 only||SOC1 (SSAE 16), ISAE 3402 (formerly SAS 70), SOC 2, SOC 3, ISO 27001, PCI DSS Level 1 (Cloud)|
|Availability and Data Durability||Not advertised||99.5% Availability,|
99.99999% Data Durability (Cloud)
|Cloud Architecture||No, private cloud in a public cloud data center||Yes, native cloud architecture with elastic provisioning|
|Global Data Deduplication||Dedupes only data from same device, resulting in backups of much larger data sets that take longer, consume more bandwidth and storage, and are intrusive to the end user||Global/enterprise-wide, reduces data redundancy across all users/devices to provide the best performance in storage and bandwidth savings|
|Dedupe Granularity||Block-based, incapable of recognizing file formats, objects within files, and across different file types, resulting in poor bandwidth/storage savings||App-aware, object-level, able to understand different file formats and intelligently deduplicate objects within and across different file formats, providing dramatic bandwidth and storage savings|
|WAN Optimization||Not available||Yes, optimizes packet size and number of threads depending on network noise and latency, making best use of available bandwidth|
|Bandwidth Throttling||Sub-optimal maximum bandwidth cap||Based on percentage of available bandwidth (optimal for modern workforce connecting over multiple networks)|
|Data Capture Frequency||CDP (minutes)||CDP (minutes)|
|Network Encryption (data encryption in transit)||128-bit AES||256-bit TLS|
|Storage Encryption (data encryption at rest)||448-bit Blowfish||256-bit AES, NIST standard, used by government and financial institutions|
|SSO||Not available on mobile devices||Available on all devices|
|Encryption Key Management||Overhead of maintaining Master Server on-premise||Two-factor encryption key management provides complete security and data privacy with no hardware required on-premise|
|Encryption Key Stored on Client Device||Yes, in plain text||No|
|On-device Data Encryption||Not available||Yes|
|Remote Wipe Capability||Not available||Yes|
|Central Management Console||Yes||Yes|
|Mass Deployment||Needs custom scripting||In product tools, no custom scripting required|
|eDiscovery Enablement||Not available||Federated search and legal hold|
|User Activity Streams||Not available||Detailed information including who, what, when of all user activities|
|Admin Audit Trails||Not available||Tamper-proof audit trail of all admin actions|
|Direct Access for eDiscovery Platforms||No||Yes (e.g. AccessData, Recommind)|
|Supported PC/Laptop Platforms||Windows/Linux/Mac||Windows/Linux/Mac|
|Smartphone/Tablet Backup||Not available||iOS and Android|
|Mobile Access||iOS, Android, Win Mobile 8||iOS, Android, Win Mobile 8|
|Email Archives||Not efficient with PST files||Yes. App-aware technology uses MAPI for optimal PST backup|
|System and Application Settings||Not available||Yes, backup of user system and application settings simplifies OS migration and laptop replacement|
|Data Loss Prevention||Not available||Yes, includes data encryption on endpoints, remote wipe and geo-tracking|
|Integrated File Sharing with IT Visibility||SharePlan not available for pure cloud deployments, requires separate client application, no IT visibility into sharing||Yes|
|Advanced Data Insights||Not available||Yes|
Visit Druva.com/resources/ for additional resources for learning more about endpoint backup.