Catastrophe will strike, it’s just a matter of when. Here’s what to look for when weighing a DR Service Provider.

Hurricanes, floods, fires, tornadoes, earthquakes, even ransomware — these devastating events can strike almost without warning. Does your business have a plan to not only safeguard sensitive data but contingencies for recovery should a catastrophe occur?

Management should acknowledge their company’s potential exposure to disasters, natural and otherwise. These events can endanger the accessibility and support of an organization’s IT systems and networks.

It’s trite but true: an ounce of prevention is worth a pound of cure. So how does a business protect the integrity of its IT processes before cataclysm strikes? An effective option is to collaborate with a reputable data center, one with the resources to protect valuable data while keeping it secure and accessible.

Now that you recognize the utility of a data center, what should you look for? Below is a laundry list of essentials your DR service should provide.

Proactive Planning for Emergencies

An effective disaster recovery plan starts long before storm clouds gather. You want your IT partner to customize a comprehensive and ordered strategy that maintains and monitors network infrastructure and ongoing processes. Too, your employees should be trained and evaluated on how to reduce or avert system downtime.

Proactive planning also encompasses preventive maintenance. Your DR provider should regularly schedule tests of fire detection/extinguishing systems, power supplies/generators and HVAC systems.

Redundancy and Safety

How do fiber optic networks provide such outstanding redundancy and protection? In large part, due to bidirectional line-switched architecture. This means that in the event of network element failure, optical signals can be rerouted, either with “protection” spare fibers or by backhauling.

You want the same from your DR provider. Does it offer alternative facilities should its primary data center be offline? Are their data centers sited to prevent damage from floods, fires, winds or earthquakes?

Power failures and loss of environmental cooling can wreak havoc on vulnerable infrastructure elements. Look for facilities with redundant uninterruptible power supplies (UPS), supported by generators that switch seamlessly online if utility power fails. Seek the same redundancy within the data center’s HVAC configurations.

Redundancy also includes instantaneous access to multiple “core” or “Tier 1” long-haul networks should the primary carrier interrupt service.

Facility Security

Is the DR provider’s data center monitored at all times? Are employees required to wear visible ID whenever onsite? Nowadays, constant surveillance of network assets is a must to maintain network integrity and data security.

Emergency Ops Team

Your DR provider should have a cross-trained and experienced emergency ops team in place, ready at a moment’s notice to restore operational functionality to networks and systems in case of a disaster. They are the “cavalry” riding to the rescue, freeing local employees to see after their families and homes.

Now that you know, consider Aperio IT as your partner in disaster recovery planning. We provide cloud hosting and backup services to small and mid-sized businesses like yours. It’s never too early to prepare before catastrophe strikes.

Contact us to learn more about planning your Disaster Recovery Plan with Aperio IT.

More and more businesses and government agencies are considering the cloud as a possible solution to their data storage and backup needs. In general, when businesses talk about “the cloud,” they are referring to a type of computing that involves sharing computing resources, usually via the Internet. For a more in-depth definition of the cloud and a discussion of cloud security issues, you can read our blog post, “When Security in the Cloud Gets in the Way of Work.”

Cloud storage refers to the use of the cloud as a replacement for more traditional kinds of data storage, such as a Network Attached Storage centralized storage device (a server dedicated solely to file sharing). Similarly, cloud backup refers to the use of the cloud as a way to protect data.

Cloud storage and backup offer several advantages.

• Lower costs. Using the cloud means you can avoid paying for the infrastructure you would otherwise need. Administration costs are also drastically reduced.
• Offsite, redundant data storage. Cloud storage is inherently offsite, providing appropriate storage in case of natural disasters. You can also find larger cloud service providers who offer redundant storage of data in multiple servers. This means that if one server goes down, you can still access data from the other servers without adversely impacting your business.
• Reliable and secure backup. Most cloud backup offers data deduplication (a specialized data compression technique for eliminating duplicate copies of data) and compression (a process of reducing file sizes by encoding data information more efficiently), making it both efficient and more secure.
• Scalability. Cloud based data backup allows your business to easily increase storage as its data grows over time, while only charging for the storage you use. You avoid the upfront costs you would otherwise face to add to your data storage infrastructure.
• Easy access to data. Cloud data storage allows teams in widely separate locations to easily share data and files.
• Simple data backup and recovery. For some cases, the cloud makes it easy to automate data backup and to recover data.

Of course, there are also some disadvantages to consider.

• A full initial data backup can be prohibitively time consuming. Further backups are much faster as they should only include new or modified data. If your company’s backups frequently involve large files, it can be more effective to backup your data first to an on-site server and then to the cloud.
• Bandwidth availability may be limited. If so, your backup strategy will need to take into account how much data can actually be backed up daily.
• Dependency on your cloud service provider. If your provider has unexpected issues, you will have no control over fixing those issues, instead having to rely on them.
• Entrusting data to a third party. Naturally, using the cloud means you are entrusting your data to your cloud service provider. This may be more of an issue for some industries than others. You can make certain that your cloud service provider uses modern encryption tools, or encrypt it yourself before you back up to the cloud.

Whether or not cloud storage and backup will be a good solution for your business is going to depend on your specific needs. It is well worth the time to consider if lower costs and scalability, along with other advantages, might make a cloud solution work for you.

For your data backup and recovery strategy to be worthwhile, you’ll need to go beyond merely copying your data. Some of the factors you’ll need to delve into include just how well you can recover your data, the operational expenses associated with your strategy, and how well your vendor really supports virtualization.

You copied it, but can you recover it?

Data backups are meaningless if they don’t successfully facilitate data recovery. Tape backups and online backups are two major culprits when it comes to recovery failures.

Tape backups were introduced in the 1950’s and remain in use to this day, partly due to their low cost. But they often offer only an illusion of security. Studies show that anywhere between 50% to 77% per cent of users trying to restore data from tape backups have experienced failures.

Online backups can seem to be a better, more modern solution. The good news is that online backups definitely have a better recovery rate than tape backups. Unfortunately, recovering even small amounts of data from online backups can take a significant amount of time, perhaps even months.

You know what you’d like, but should you spend the money?

In a world where money is no object, businesses would probably demand data backup and recovery plans that allowed for zero data loss and zero time spent to recover data. But in the real world it’s necessary to establish reasonable objectives for acceptable data loss and for the amount of time spent on recovery.

Your Recovery Time Objective (RTO) is the amount of time required to get the crucial aspects of your business back up and running after a disaster. For example, if your RTO for a particular service is zero, that means that the service must be restored immediately. A less crucial service might have an RTO measured in hours or days, depending on how long your business can reasonably function without it. Unsurprisingly, an RTO of zero is going to cost more to support.

Your Recovery Point Objective (RPO) is the point in time to which your data is going to be restored. If your RPO for your data is zero, this means that when service resumes there must be no loss of data at all. This might be necessary for banking or similar applications. In contrast, an RPO of 24 hours or more might be acceptable for some internal reporting applications where the loss of one day of reporting is not significant enough to justify the cost of complete data recovery.

Your vendor says they support virtualization, but what do they really mean?

Webopedia provides this definition: “In computing, virtualization means to create a virtual version of a device or resource, such as a server, storage device, network, or operating system.” This means that, in theory, backing up a virtual machine should involve simply copying its files and configuration data. This copied information should then be easily available to move a virtual machine to different hardware as needed.

However, virtualization can represent a significant load for a host server and for the virtual machines running on that host. For some businesses, having virtual system that operate at a much slower pace will be acceptable. But for situations where speed is necessary, the slower pace may come as an unexpected shock.
Understanding the details of your data backup and recovery plan is crucial to making sure it meets your business needs. You will need to know exactly how recoverable your data really is, how your strategy impacts your costs, and the real facts about how well your vendor supports virtualization.

If you’re an IT person, you’ve probably experienced the daunting challenge of explaining technical matters to colleagues with non-technical backgrounds. Particularly in the case of explaining technology to executives, you need to be able present your case from a perspective that makes sense to them.

You’ll need to make sure that you and your audience have a shared understanding of basic concepts. For example, does your CFO understand that data backup must also include effective retrieval of backed up data? Do they understand the concepts of automation and retention? Are they aware of any financial penalties the company face if it fails to meet regulatory requirements?

You’ll also need to present the business need for backup and recovery in a way that makes sense to them. While you might expect a CFO to automatically understand the need to mitigate risk, this is not always the case. Their primary focus is often on reducing costs; it will be up to you to make a compelling argument that failure to mitigate the risks potentially associated with data loss is likely to be more costly in the long run.

IT managers often compare backup and recovery processes to insurance to make this point. Discussing backup and recovery as a type of insurance that offers financial risk management in case of disaster is likely to appeal to a CFO or other executive whose primary concern is budget.

In this vein, providing your CFO with actual costs for ineffective backup and recovery can help to illustrate your point. Break down, as accurately as possible, the costs associated with lost employee productivity, lost revenue, and the costs associated with recovering data. Will you need to bring in outside help to assist with recovering data from unreliable tape backups? Is it possible you’ll you need to hire computer forensics experts to recover data from hard drives that are not currently being backed up properly?

It’s also worthwhile to touch on less quantifiable losses. Will your clients lose confidence in your ability to deliver your services or products reliably? Will your company be liable for failures associated with any data loss?

You should also explain to your CFO the ways in which your proposed data backup and recovery plan will make sure your company is getting the most value for its money. Be prepared to discuss the scalability of your proposed solution to your data needs, so you can assure your CFO that your company will be able to spend only what it needs to at any given time.

Keeping operational costs down will also be appealing. For example, be prepared to describe how your solution takes less time to recover data, or requires very little human intervention to perform and monitor backups.
It’s up to you to go beyond mere technical explanations when you discuss data backup and recovery with the decision makers in your company. And you can’t assume that they have a clear grasp of the risks the company faces or the advantages of any solutions you propose. Framing your discussion from their perspective will help you to help them to make the right choices for everyone’s success.

What is Cyber Espionage? According to this comprehensive definition from Wikipedia, “cyber spying” or “cyber espionage” is:

“The act or practice of obtaining secrets without the permission of the holder of the information (personal, sensitive, proprietary, or of classified nature) from individuals, competitors, rivals, groups, governments, and enemies for personal, economic, military, or political advantage using methods on the Internet, networks, or individual computers through the use of cracking techniques and malicious software including Trojan horses and spyware.”

With the likelihood of U.S. economic sanctions against China in response to repeated acts of civil cyber espionage, many U.S. companies are asking if they might also be targeted. The possibility of such attacks is definitely increasing, as cyber espionage is not strictly limited to the political sphere; financially motivated hacker groups appear to be on the rise. These groups’ efforts are focused on acquiring business secrets that can be sold to third parties, or used for insider trading. Closer to home, similar attacks from former employees or business competitors are a real concern.

What kinds of information might be targeted in a cyber attack?

Generally, the answer is anything that could give your competitors an advantage. For business owners, this could mean having your competitors gain access to information about your product features, pricing, customer or vendor contracts, M&A plans, employee information, and more. Customer contact information is also of interest to attackers, who might use it to engage in phishing attacks.

What steps can you take to protect your company?

There are several steps you can take to mitigate the risk of cyber espionage:

●    Use up-to-date malware and virus removal software. If you aren’t already doing this, now is the time to start. Your network is most likely to be infected when employees visit websites that contain viruses and other malware. While you can employ web usage controls to limit the sites your employees access and to monitor the ones they do, you can still be infected when employees use their own devices, such as laptops, flash drives, and so on. Keeping your virus removal software up-to-date can greatly decrease this problem.
●    Have a process in place for properly suspending or terminating the accounts of problem employees or employees who are no longer with your company. It’s easy to overlook the importance of promptly removing access, but the most sure way to protect against misuse of access is to remove it.
●    Enforce the use of “strong” passwords. This means both educating your employees concerning the risks of using common passwords, and requiring them to use complex, unique passwords instead.
●    If you have data on a public cloud, consider whether it is sensitive or not. If it is, it may be in your best interests to move it to a private cloud where you have more control over security.
●    Train your employees on all aspects of cyber security. We discussed the need for strong passwords above; additionally, educate your employees on other security issues. For example, offer guidelines for how to identify suspicious emails, and how to report them when received.