Hurricanes, floods, fires, tornadoes, earthquakes, even ransomware — these devastating events can strike almost without warning. Does your business have a plan to not only safeguard sensitive data but contingencies for recovery should a catastrophe occur?
Management should acknowledge their company’s potential exposure to disasters, natural and otherwise. These events can endanger the accessibility and support of an organization’s IT systems and networks.
It’s trite but true: an ounce of prevention is worth a pound of cure. So how does a business protect the integrity of its IT processes before cataclysm strikes? An effective option is to collaborate with a reputable data center, one with the resources to protect valuable data while keeping it secure and accessible.
Now that you recognize the utility of a data center, what should you look for? Below is a laundry list of essentials your DR service should provide.
An effective disaster recovery plan starts long before storm clouds gather. You want your IT partner to customize a comprehensive and ordered strategy that maintains and monitors network infrastructure and ongoing processes. Too, your employees should be trained and evaluated on how to reduce or avert system downtime.
Proactive planning also encompasses preventive maintenance. Your DR provider should regularly schedule tests of fire detection/extinguishing systems, power supplies/generators and HVAC systems.
How do fiber optic networks provide such outstanding redundancy and protection? In large part, due to bidirectional line-switched architecture. This means that in the event of network element failure, optical signals can be rerouted, either with “protection” spare fibers or by backhauling.
You want the same from your DR provider. Does it offer alternative facilities should its primary data center be offline? Are their data centers sited to prevent damage from floods, fires, winds or earthquakes?
Power failures and loss of environmental cooling can wreak havoc on vulnerable infrastructure elements. Look for facilities with redundant uninterruptible power supplies (UPS), supported by generators that switch seamlessly online if utility power fails. Seek the same redundancy within the data center’s HVAC configurations.
Redundancy also includes instantaneous access to multiple “core” or “Tier 1” long-haul networks should the primary carrier interrupt service.
Is the DR provider’s data center monitored at all times? Are employees required to wear visible ID whenever onsite? Nowadays, constant surveillance of network assets is a must to maintain network integrity and data security.
Your DR provider should have a cross-trained and experienced emergency ops team in place, ready at a moment’s notice to restore operational functionality to networks and systems in case of a disaster. They are the “cavalry” riding to the rescue, freeing local employees to see after their families and homes.
Now that you know, consider Aperio IT as your partner in disaster recovery planning. We provide cloud hosting and backup services to small and mid-sized businesses like yours. It’s never too early to prepare before catastrophe strikes.
Contact us to learn more about planning your Disaster Recovery Plan with Aperio IT.
Thanks to everyone for another successful Lunch and Learn event we hosted at Seasons 52. Cameron Tousley of ESET did an amazing job presenting his material and we are very glad he made it out so thank you. Season’s 52 staff of course did another amazing job catering our event. The food was amazing and of course we had a really good turn out so thank you to everyone that showed up. This was another successful event and we look forward to leading some more next year so stay tuned.
The statistics are worrying. According to a study done by the University of Texas, slightly over 40% of businesses that experience a catastrophic data loss never reopen and just over 50% of them shut down within as little as two years.
Perhaps surprisingly, most data losses are not caused by hurricanes, floods, and fires. A study from Pepperdine University breaks down causes of data loss from most to least common:
What can you do to protect your business from these risks?
Hardware failures
To avoid data loss from hardware failures, you must consistently back up your systems and data. You must also consider the hardware you’ll use for your backups. For example, tape backups are known to have a high rate of failure. You’ll want to avoid using them as your backup storage medium. Additionally, you’ll want to have your backup data storage be completely separate from your primary storage.
Human errors
You can’t completely avoid human errors. Even if your business has well thought out policies data policies along with clear instructions for shutting down and/or rebooting systems, your employees cannot be guaranteed to follow the policies perfectly at all times.
The best way to protect your business from these errors and from accidental deletion of files or records is to assume that the errors are going to happen, and back up your data accordingly. Key concepts for these backups are automation and retention. You need to have your backups occur automatically without human intervention. And you need to have retention of data. This means that even if errors are not identified for long periods of time, your data will be available for recovery when the errors are eventually discovered.
Software corruption
Software corruption occurs when software becomes unreadable by your computer. The causes for this can vary, and the results can be subtle and may go undetected for some time. As with human errors, the best way to protect your business from this cause of data loss is to have automated data backups and retention of data in case the errors are not found for a significant time period.
Theft
Theft involves copying data for use by competitors or actually destroying it. Copying data this way can be considered a form of corporate espionage. Our blog post, “Cyber Corporate Espionage,” discusses some of the ways you can protect your business from such attacks.
Actual destruction of data, however, is a different matter. This sort of vandalism is usually committed by a disgruntled or former employee. You can gain some protection against it by having careful policies regarding employee terminations. These should be the same for voluntary or involuntary terminations, and should include promptly disallowing former employees access to your systems. If destruction of data occurs despite your best efforts, automation of data backups and retention of data are once again your most effective ways to recover your data.
Computer viruses
A computer virus is code or a program that is loaded onto a computer without the user’s knowledge and runs against the user’s wishes. Viruses can take over computer memory, destroy data, and can often transmit themselves across systems.
To protect your business against viruses, you must have a firewall and you must install anti-virus software.
Although the risks from data loss are significant, you can take steps to minimize them. Planning for hardware failure, implementing policies to reduce the effect of human error, software corruption, and theft, and protecting your systems from computer viruses are all ways you can protect your business.
More and more businesses and government agencies are considering the cloud as a possible solution to their data storage and backup needs. In general, when businesses talk about “the cloud,” they are referring to a type of computing that involves sharing computing resources, usually via the Internet. For a more in-depth definition of the cloud and a discussion of cloud security issues, you can read our blog post, “When Security in the Cloud Gets in the Way of Work.”
Cloud storage refers to the use of the cloud as a replacement for more traditional kinds of data storage, such as a Network Attached Storage centralized storage device (a server dedicated solely to file sharing). Similarly, cloud backup refers to the use of the cloud as a way to protect data.
Cloud storage and backup offer several advantages.
Of course, there are also some disadvantages to consider.
Whether or not cloud storage and backup will be a good solution for your business is going to depend on your specific needs. It is well worth the time to consider if lower costs and scalability, along with other advantages, might make a cloud solution work for you.
For your data backup and recovery strategy to be worthwhile, you’ll need to go beyond merely copying your data. Some of the factors you’ll need to delve into include just how well you can recover your data, the operational expenses associated with your strategy, and how well your vendor really supports virtualization.
You copied it, but can you recover it?
Data backups are meaningless if they don’t successfully facilitate data recovery. Tape backups and online backups are two major culprits when it comes to recovery failures.
Tape backups were introduced in the 1950’s and remain in use to this day, partly due to their low cost. But they often offer only an illusion of security. Studies show that anywhere between 50% to 77% per cent of users trying to restore data from tape backups have experienced failures.
Online backups can seem to be a better, more modern solution. The good news is that online backups definitely have a better recovery rate than tape backups. Unfortunately, recovering even small amounts of data from online backups can take a significant amount of time, perhaps even months.
You know what you’d like, but should you spend the money?
In a world where money is no object, businesses would probably demand data backup and recovery plans that allowed for zero data loss and zero time spent to recover data. But in the real world it’s necessary to establish reasonable objectives for acceptable data loss and for the amount of time spent on recovery.
Your Recovery Time Objective (RTO) is the amount of time required to get the crucial aspects of your business back up and running after a disaster. For example, if your RTO for a particular service is zero, that means that the service must be restored immediately. A less crucial service might have an RTO measured in hours or days, depending on how long your business can reasonably function without it. Unsurprisingly, an RTO of zero is going to cost more to support.
Your Recovery Point Objective (RPO) is the point in time to which your data is going to be restored. If your RPO for your data is zero, this means that when service resumes there must be no loss of data at all. This might be necessary for banking or similar applications. In contrast, an RPO of 24 hours or more might be acceptable for some internal reporting applications where the loss of one day of reporting is not significant enough to justify the cost of complete data recovery.
Your vendor says they support virtualization, but what do they really mean?
Webopedia provides this definition: “In computing, virtualization means to create a virtual version of a device or resource, such as a server, storage device, network, or operating system.” This means that, in theory, backing up a virtual machine should involve simply copying its files and configuration data. This copied information should then be easily available to move a virtual machine to different hardware as needed.
However, virtualization can represent a significant load for a host server and for the virtual machines running on that host. For some businesses, having virtual system that operate at a much slower pace will be acceptable. But for situations where speed is necessary, the slower pace may come as an unexpected shock. Understanding the details of your data backup and recovery plan is crucial to making sure it meets your business needs. You will need to know exactly how recoverable your data really is, how your strategy impacts your costs, and the real facts about how well your vendor supports virtualization.
Sign up today for free & stay current with local IT news.
