Posts

Data Breaches are Still a Thing

As we speak with small and midsize business executives, we sometimes hear that cyber attacks and the risk of data breaches are no longer seen as a threat serious enough to warrant attention and spending.  We understand this hesitancy. Even with the level of media visibility, the prevalence of security solutions and a weariness of the constant focus on security can lead to the conclusion that we can let our guard down.

The reality, however, is that the rate of cyber attacks jumped about 600% in 2020.  More businesses are getting attacked and more attacks are successful.

A List of Breaches

For perspective, in the last 4 weeks, the cyber security experts at ID Agent have published data on these major breaches. Many are likely to be familiar to you or represent a major government entity.

  • Metropolitan Police Department of the District of Columbia
  • Pennsylvania Department of Health
  • The Resort Municipality of Whistler
  • CNA Financial
  • OfficeDepot
  • Personal Touch Holding Corp
  • Facebook
  • Hobby Lobby
  • Illinois Office of the Attorney General
  • Wyoming Department of Health
  • Eversource Energy
  • California State Controller
  • LinkedIn
  • The New York Foundling
  • University of Maryland Baltimore
  • CareFirst BlueCross BlueShield Community Health Plan District of Columbia (CHPDC)

The Case for Concern

The list, above, is only a sample and only represents larger breaches.  Cyber attacks hit small and midsize businesses on a daily basis. Even so, we often view protection and recovery services as insurance.  We do not want to pay for coverage; we hope we never need to use it; and we do not see the value until we are a victim.

A Model for Success

Cyber security differs from insurance. We can reduce the risk of successful attacks with foresight, planning, and protections. Our CPR Cyber Security Model balances awareness, prevention, and response.

Communicate and Educate

Involve everybody in the solution. Communicate the risks and your commitment to protecting the business and your employees. Educate your team on the risks, how to spot and report attacks, and how their behavior can prevent or help an attack.

Protect and Prevent

Implement multi-layer, multi-vector protections that focuses on your people (identities), data, applications, and systems. Use “next gen” solutions that analyze behaviors and that can learn as risks evolve.

Respond and Recovery

No defense is perfect. Have services in solutions in place that let you recover and return to operations within a time frame that protects the health of your business. More than getting data and systems back on line, we recommend that you put in place the forensics, legal, public relations, and customer service resources you will need in a cyber attack emergency.

Want to learn more?  Want to assess your cyber security protections and risks? We can help.  Email us or complete our contact form to schedule a complimentary meeting with one of our Cloud Advisors.

 

Calm Before the Storm: 3 Models for Protecting Your Business

Hurricane
What began as a mild tropical storm season has suddenly become quite active, with multiple significant storms expected to impact the southeast and Atlantic coast and the Hawaiian islands. And while every storm may not be a major hurricane, your business is at risk because our infrastructure is at risk.

Power outages, local or regional flooding, and disruption of communication services continue to increase in frequency as our infrastructure ages faster than our upgrades and as our economy rewards utilities for trimming staff and services rather than trimming trees and keeping current with maintenance.

Are you protecting your business from the damage and risk of disruption?

You have seemingly infinite choices on the types and cost of protection, each with benefits and limitations. Your challenge: pick the solution that is most cost-effective, meaning the time it takes to Return to Operations (RTO) is acceptable given the cost.

To simplify your search for a solution, we propose you consider one of three models:

  • Restoration
  • Recovery
  • Continuity

Restoration

Restoration is the least expensive option.  You backup all of your data and critical systems, including full system images, off-site.  In the event of a disaster, you restore your systems once you have fixed or replaced any damaged or lost equipment.

  • Cost Structure:
    • Scales with the size of your system images and the amount of data you keep in offsite backup
  • RTO:
    • 1 to 3 days once replacement equipment arrives
  • Admin:
    • Must ensure backups include all images and data needed to recovery, including Bare Metal Restore (BMR) for key servers and systems.
    • Must periodically test restore for data integrity and to ensure the recovery process is documented and understood.

Recovery

In addition to keeping an off-site or cloud backup covering all of your data and critical systems, you have the ability to access replicas of your network and servers in a remote data center.  In the event of a disaster, you “spin up” your latest system snapshots and restore any incremental data. You access your mirror network via remote desktop, VPN client, or LAN-to-LAN VPN.

  • Cost Structure:
    • Scales with the size of your system images and the amount of data you keep in offsite backup
  • RTO:
    • 1 to 18 hours, depending on your configuration and needs.
  • Admin:
    • Must ensure backups include all images and data needed to recovery, including Bare Metal Restore (BMR) for key servers and systems.
    • Must periodically test recovery for data integrity and to ensure the recovery process is documented and understood.
    • Once primary systems are repaired or replaced, snapshot backups and recovery move your data back for normal operations.

Continuity

Continuity means your IT infrastructure keeps running, even in the face of disaster or significant local events.  You have multiple options for continuity, including: mirrored networks and systems in remote data centers, remote desktops, virtual desktop infrastructure (VDI), and Desktop-as-a-Service (DaaS) models. In each scenario, your servers, applications, and data live in a redundant, remote cloud data center. You access your environment via remote connection, using a web browser or a small local app known as a receiver.  In the event of an emergency, you only need to provide a browser and Internet connection to be up and running.

  • Cost Structure:
    • Scales with the size of your systems and networks
    • Offsets day to day costs of owning and managing on-premise hardware and software
  • RTO:
    • Immediate, based on Internet availability
  • Admin:
    • Providers typically include standard server admin and management, reducing local need for IT resources
    • Application and data management are similar to on-premise systems
    • Backup/restore capabilities are still recommended to protect against application and/or human error.

Using these models as a guide, you can select a solution that balances cost, convenience, and complexity against the operational needs of your business.


Want to setup or improve your disaster recovery/business continuity capabilities? Contact us for a free, no-obligation consultation.


 

Beyond Restore: Use Cases for Google Apps Backup

Backup Man

As we have noted several times in prior posts and webcasts, Google’s internal backup systems are designed to protect you should Google have hardware or software issues. You, however, are responsible for protecting your data in Google Apps from user deletions, user overwrites, malware, hackers, and other risks.

We have identified several use cases for backup/recovery in Google Apps that you cannot do from the Admin console.

A good Google Apps backup solution does more than restore

Preserve Data From Past Employees

  • If you want to preserve data from past employees, and need more than emails, your only option is to continue paying for the suspended Google Apps accounts.
  • With the ability to restore data to others, you can keep the backup as an archive and delete the Google Apps accounts.
  • An added benefit: the cost is less than 1/2 of a Google Apps for Work license and less than 1/4 of a Google Apps Unlimited license.

Transfer Data to New Owners

  • While you can transfer document ownership though the Admin Console and ownership of Sites data through APIs, these transfers are “all or nothing” and are destructive (they remove the data from the original account).
  • With the ability to restore data selectively and to others, you can transfer specific files, folders, sites data, emails, etc. to different people as needed.
  • An added benefit: You can transfer data between employees as they change positions and responsibilities.

Archive Documents (and other data)

  • While Google Apps Vault has eDiscovery searches for Gmail and Drive, Vault only archives Gmail.
  • A third party backup solution can preserve and archive documents, as well as email, calendars, contacts, and sites data in support of your document retention policies or regulations.
  • While a user can still delete a document and empty it from Trash before the backup, most users are unaware of the steps to take. With multiple backups per day, you are protected from losses other than those of a determined malicious actor.

Escape Hatch

  • As a “best-practice”, backups should not be stored in the systems being backed up without altering the format or content.
  • The right backup solution keeps your data in a separate location/service and restores data in its original format.
  • An added benefit: With an export feature, your backups become an easier way to extract data from Google Apps.

 

We offer multiple backup solutions for Google Apps, click here to learn more about our preferred solution.


 

Picking a Backup Solution is Missing the Point!

Data Protection
A 2013 study by The 2112 Group titled “”2013 State of Cloud Backup” found that small and mid-size interest in robust backup solutions more than triples after a significant data loss event, only 54% of SMBs felt that improved data recovery, business continuity, and IT reliability were sufficient motivators to deploy a new or improved solution.

Our perspective, is that focusing on backup misses the point entirely!

As we have blogged in the past: backup is easy; recovery is hard.  More accurately, the ability to recover and restore defines the value proposition.  Everything else about “backup” solutions — including the technology and methods — is irrelevant until you define the value of recovery and restore.

Stop thinking about Backup!  Instead, think about:

Continuity:  The ability for you company to continue to operate at an appropriately effective level during events that disrupt normal operations.   For some businesses, this means zero downtime.  For others, answering the phones and access to email may be sufficient for hours or days, or as an interim state until line of business systems come back online.  Still other businesses may need all systems up and running with 1 or 2 business days.

Recovery:  The ability to gain access to data and systems that became unavailable due to damage or failures.  Whether your disk array fails, a pipe bursts above your servers, or a virus eats through your files, recovery requires repair or replacement before systems and data can be restored.

Restore:  The ability to retrieve a prior version of data or a system.  Most restores are a result of user action or minor system issues.  How far back you need to go and the availability of past versions defines how long it will take to both retrieve the information and for the user to replace lost work, if any.  For some, a daily version meets the need.  For others, going back a day means resource-consuming rework so multiple versions each day are appropriate.

Focus on a building a Data Protection Solution and your required “Return to Operation” (RTO) time.  Remember that different parts of your business, different systems, may have different RTO requirements.

  • Assess your continuity, recovery, and restore needs and priorities
  • Understand the likely and not-so-likely risks to your systems and your business and create a “use case”.
  • Looking at each use case:
    • Identify changes to your IT infrastructure that could mitigate risk
    • Identify the type of solution that can provide the needed continuity, recovery, and restore services
  • Collate the use cases and solution types as your requirements

With requirements in hand, evaluating data protection solutions, technologies, and services becomes a manageable process.  Keep in mind, the data protection solution may include a mix of backup/restore, backup/recovery, archiving, disaster recovery, and other components.

 

Tuesday Take-Away: Is VDR a Cure?

In the first two posts in our Backup series, we covered the difference between “restore” and “recovery” and some key terms to know when considering your requirements and solutions.  In this week’s Take-Away, we look at VDR, or Virtual Disaster Recovery, as a possible cure for your recovery ailments.

Virtual DR is a service that leverages virtualization technology and online backup services to provide your organization with an affordable path for a speedy Return to Operations (RTO) in the event of a disaster.

How Virtual DR Works:

With Virtual DR, the backup process creates complete images of your servers — operating system, drivers, software, and data — and maintains the image on a server in a secure data center.  The process updates the image regularly and when changes are made to each server, including regular patches and updates.

In parallel, you continue to use online backup services to ensure current data is available for restores and to ensure the most current data is available for recovery.

In an emergency, your server images are activated to run on servers in the secure data center.  You connect your business to the servers, from your current location or an alternate location, via a secure Virtual Private Network (VPN).  Once running, the most recent data set is restored from the data backups.

In most cases, businesses using Virtual DR have a RTO of under 4 hours.

What Does Virtual DR Cost?

What makes Virtual DR affordable is that server image backup and storage is very inexpensive.  You only pay for operational services when you declare an emergency.  As such, Virtual DR is an incremental cost over online backup services.

When looking at Virtual DR solutions expect the following components and fees:

  • One-Time Fees
    • Setup and Configuration
    • Software agents for Exchange, SQL Server, and other specialized systems and applications
    • Initial Validation Testing
  • Recurring Fees
    • Backup and storage of service images
  • As-Needed Fees
    • Emergency declaration and server run-time
    • Additional bandwidth

Considerations

Better  VDR services provide a fixed fee for an emergency declaration and base level of run time.  For example, the VENYU Virtual DR services we offer include the emergency declaration and 30 days of run time for a single, small fee.

Additionally, the VDR service should include periodic validation tests as part of the recurring monthly cost of the service.  Annual tests are good, semi-annual tests are better.  And, you should have the option of adding and paying for additional tests when warranted, such as after major changes to your IT environment.

Finally, check with your insurance provider.  Most policies that include business recovery coverage will pay for the emergency declaration, run time, and bandwidth in the event of a disaster.  Having Virtual DR in place may also lower your premiums.

Tuesday Take-Away: Think in These Terms About Backup

In last week’s Tuesday Take-Away, I wrote about understanding requirements before thinking technology when it comes to backup, restore, and recovery.  The number of emails and questions I received was rewarding.  So, I thought I would take this time this week to define some terms and answer questions that I received in response to last week’s post.

Retention Period versus Retention Point

The Retention Period is the time period during which data is available to restore or recover.  A Retention Point is a point in time from which you can select to recover or restore your data.  Some backup solutions limit the retention period; others limit the number of retention points.  Be sure you understand how long data will stay in your backups if it deleted by a user.

Better solutions give you the ability to set both the retention period and the number of retention points for each backup set you create.  Great solutions offer Continuous Data Protection, where the system backs up files every time they change.

Off-Site versus Online Backups

Off-Site Backups are those in which the data is kept off-site.  While in some cases, off-site backups run between a company’s locations and data centers, off-site backups include backups to hosting companies and cloud-based providers.   In many cases, off-site backups provide for a local backup to disk that is then copied to an off-site location.  For some off-site services, the on-site backup history is complete, the off-site backup history is limited and intended for recovery more than restore.

Online Backups are those in which the data is backed up to an online service.  Better online backup services offer local backup copy options.   Online backup services will keep your full backup history in a vault; the local backup copy can be a limited set or a full set.

Online versus Disk-Based versus Vault Recovery

While every off-site and online backup solution gives you the ability to restore over the Internet, methods for recovery differ.

As the name implies, Online Recovery is over the Internet.  You restore your system to the point that you can start recovering files from you backup.  This is easy and reliable, but will be painfully slow.  Online recovery times are limited by your Internet bandwidth.

Disk-Based Recovery is when you recovery your files from a local or temporary disk drive.  Many off-site and online backup solutions will place your files on a DVD or a USB drive and ship it to you.  For some services, however, you need to send them the media first, adding to your RTO time.  Other services perform the restore, so your data is no longer encrypted when they send it to you.

A Vault-Based Recovery occurs when your online or off-site backup service ships you a complete vault — a computer with your encrypted data and the vault control software.  The backup software recognizes that the vault is now local and recovers your data securely at local network speeds.  Once on-site, recovering data from a vault is the fastest options, as data transfer rates are much greater than via the Internet or slower media such as DVDs and USB drives.

If you have more questions or comments about the in’s and out’s of backup solutions, please comment below or send me a message.

Next week, I’ll answer the question: “Is VDR a Cure?”


Tuesday Take-Away: Your Backup System is (sort of) Irrelevant

As you may know, I participate in several on-line IT discussion forums.  Every few weeks, a new member will post a question like “I have an xyz server, what should I use for backups?”.  Seemingly helpful forum members quickly jump in and start throwing out vendor names, do-it-yourself solutions, discussions about NAS versus SAN and disk-to-disk versus disk-to-tape, and so on.

It makes me want to SCREAM?  Why?  Because …

What you use for backup is irrelevant unless you know what you are backing up, why, and how quickly you need to restore!

Said another way, before you pick ANY backup solution, you should know:

  • What you need to restore
  • Why you expect you will need to restore or recover it
  • How quickly you will need to restore or recover it

Note that the answers you provide may vary for the different types of data.  For example, you may be able to live without your accounting system for two days, so long as you can ship orders within 4 hours.   You may need current project files immediately, but could wait a week for projects completed more than a year ago.

Understanding your “Why”

When considering why you might need to restore or recovery information or systems, think of the full spectrum of activities that can go wrong.  As an informal set of definitions:

  • Restore operations are usually performed on individual files or small sets of data, often resulting from accidental overwrites, deletions, or component (disk) failures.
  • Recovery operations are usually geared for large data loss, such as a drive array failure or server loss due to a disaster.

The key difference, restore operations bring back select data from a specific point in time while recovery operations bring back entire systems or data environments.

For example, you might restore email messages accidentally deleted from a user’s account on an MS Exchange server.  If the disk array dies, however, you would need to recover the entire mailbox store for the server.

Backup/Recovery protects you from disaster; Backup/Restore protects you from component failures and user errors (or intentional misconduct).

How you backup for recovery will often differ than how you backup for  restore.

Backup solutions that efficiently restore data, are not optimized for recovery.  Most backup solutions designed for fast recovery, such as image snapshots, lack the ability to restore individual elements.  For the Exchange server, above, we would recommend running two backups — one designed for recovery and one for individual mailbox and message restores.

Additionally, backups for restore generally give you more retention points than backups for recovery.  Being able to select a specific time or version of data is a key feature for backup/restore solutions.

Understanding you “How Quickly”

How quickly you need your data depends on the data and your business.  Keep in mind that you do not need all of your data all at once.  Generally speaking, however, when you need to restore an active file or two, you want to be able to do this quickly.  While you want quick recovery as well, you are more likely to be bound by factors beyond your backup/recovery solution, such as purchasing new hardware or moving to temporary office space.

Focus first on how quickly you need to Return To Operations.  Your RTO will drive your selection and investment in backup/recovery solutions.  Once you have your RTO, identity the critical data and systems you need to get your business up and running.  Your RTO will be shorter than your window for full recovery, and includes only the critical subset you need to get up and running.

The shorter your RTO, the more expensive the solution.  A realistic RTO will prevent you from over-buying.

First Steps First

By first understanding your requirements — the what, why, and how fast — of your restore and recovery needs, you can select backup solutions that accurately match your needs and effectively protect your data and your business.  By defining your needs, your solution will be relevant and your investment well-made.