Active escrow data protection

Data escrow refers to the practice of storing data with a neutral third party, making it possible for the customer to access its data without needing assistance, permission or the mere existence of the service provider.

LIBNOVA has been the first digital preservation commercial provider to bring this innovation to the market as the default option, and it makes possible for our users to:

  • Access their content in any circumstance, even in the worst possible scenarios, including if LIBNOVA stops providing service or disappears as a company from one day to the next.

  • Take ownership of the content in minutes, at any time and without requiring LIBNOVA approval.

  • Retrieve 100% of the content preserved in the platform (including logs, all metadata, configuration, etc), having them structured using TWO different industry standards.

  • Perform a full migration from LIBSAFE Go to another platform with minimal effort, complexity and in really short time.

  • Be safe from attackers, who would be unable to destroy the escrow copy.

How it works?

LIBSAFE Go stores all preserved content in one or more Amazon AWS S3 buckets by default. These S3 buckets are called "primary" storage.

Every night, the platform copies all content in the primary S3 buckets to the escrow bucket, and makes a full data export in SQL format and in XML format for the whole platform configuration and databases.

Full UTF-8 XML data export:

Filenames are kept with the same names as the user-ingested ones. All descriptive, technical, events, etc metadata is also exported.

This synchronization process is initiated from the escrow area, so the "primary" platform does not know the escrow bucket credentials, making a hypothetical attacker unable to delete the content, even if in control of the platform.

Your content is versioned, and deleted files in the primary storage are not immediately deleted from the escrow storage.

By default, the platform keeps your objects, even the deleted or overwritten ones for 180 days, making it possible to retrieve them. If needed, this period can be adjusted.

On top of it, by default, a legal retention policy for 180 days is applied to the content in the escrow bucket, so not even LIBNOVA authorized staff could delete it.

Content is encrypted using AES, and read-only credentials to this are provided to the organization using LIBSAFE Go.

By default, your escrow bucket is in the same geographical zone of your primary storage, but you can request for us to move it to another AWS region at any time.

How to export my data?

One of the most relevant benefits of this technology is that there is not a lengthy "export" process, complex API export or need to ask for permission, like in almost every other preservation platform.

Users just need to use their emergency credentials to download a copy of their data using any S3-compatible tool, download and restore the database on any SQL database engine or alternatively use the standard XML files to extract their information. The database export includes all needed schema documentation to perform this task. There is nothing simpler, faster or more powerful.

How much does it cost?

Nothing on the LIBNOVA side. You will need to pay for the additional cost of the storage for this extra copy (that is really low as it is using AWS Glacier Deep Archive) and, if you need to retrieve your content, pay for the retrieval/egress costs, that are defined and charged by Amazon. LIBNOVA does not add markup to the Amazon AWS storage prices.

PreviousOrganize your contentNextPlatform architecture

Last updated