By Brian Oppermann, Senior Systems Engineer

Part 2 of a 2-part series

Have you ever been in the middle of a busy workday and hit a technological bump in the road? Maybe you were on a conference call and lost the connection.  Perhaps you were sending an important email and the power unexpectedly shut off. How disruptive were minor glitches like these to your day, and how frustrated did you feel when you knew minutes were ticking by … precious time when you were not able to be productive?

There’s a cost to lost productivity. If the power shuts off for 10 minutes, it’s an annoyance. But if your organization is infiltrated by a CryptoLocker virus, the most common type plaguing small-to-medium-sized businesses (SMBs), and your data is held hostage and you can’t access it – ever – unless you happen to have a vault full of bitcoin somewhere, that’s a whole other story. That’s when you think back to the conversation you had about data protection and recovery with your IT guy when you went out to lunch three months ago.

And if you’ve delayed getting serious about data protection and recovery, maybe put it on the back burner because you don’t think something like that will happen to your organization, you’re far from alone. In a recent Channel Partners survey1, more than half of the client-side IT professionals surveyed admitted their organizations lacked an effective data protection and recovery strategy. When asked why they hadn’t implemented one, the No. 1 reason was because the business did not consider it an urgent need.  In an SMB business, it’s easy to let the thousands of other things that require immediate attention take precedence over something that hasn’t happened yet – until it does.

Just because you’re not (yet) a Fortune 500 company, don’t think your organization isn’t vulnerable to cybercrime. In a survey2 conducted by Datto, a leading authority on data protection, 1,700 managed service providers (MSPs) serving 100,000 SMBs were asked to discuss their experiences and concerns about ransomware and the threat it poses in the SMB space. The survey revealed that 86 percent of the MSPs queried have had clients recently victimized by ransomware, while nearly all the MSPs (99 percent) believe the number of attacks on SMBs will increase in the next two years. While 90 percent of the surveyed MSPs said they were highly concerned about the threat ransomware poses to their clients, only 38 percent of the SMBs polled felt the same. Three-fourths of the MSPs, however, report they have had clients who have actually experienced business-threatening downtime as a result of a ransomware attack.  On a positive note, however, nearly every solution provider asked (96 percent) agreed that a reliable backup and recovery solution can help clients completely recover if it happens to them.

No matter what happens to your data – human error, natural disaster, or cyberattack – it’s critical to plan ahead, devoting attention and resources to developing a solid BC/DR strategy before your data becomes inaccessible. To help you jumpstart a discussion in your own organization, SRC Technologies has put together a list of the most important things we advise our clients to think about before implementing a data protection and recovery strategy.

Eight Questions to Ask – and Answer – Before Choosing a BC/DR Path

As I discussed in Part 1 of this two-part blog series, SRC’s position is that data protection and recovery should always be a two-pronged strategy.  We advise our clients to implement a local backup for quick recovery for non-catastrophic failures, but to also have their data fully backed up off-site in the unlikely, but possible, event that they do need to recover from a disaster – natural or man-made.  Having one or the other isn’t good enough; to be able to breathe easy and know that your data is safe, you need both solutions firmly in place. And choosing the solution that’s the best fit for your specific organization requires knowing exactly what you’re trying to accomplish. These eight questions are a good place to start.

  1. Do you understand your data? Before you can select and implement the right data protection and recovery strategy, you have to know what you need to back up. If I asked how much of what’s stored on your server right now is actually important, most people would say “all of it.” But when they have to pay to back it all up, store it, test it, and have it available for instant restore, they usually change their mind.  Everyone has things they save on their computers that are not business-critical. Before embarking on a data protection and recovery journey, you need to have a good understanding of the structure of your organization’s data – what is actually important vs. what could potentially be archived and what can be moved to a more cost-effective means of storage.
  2. How much downtime can your business survive? This is where discussions of RPO (Recovery Point Objective) and RTO (Recovery Time Objective) come into play. Even if you’re completely non-technical, you know how it feels when your company’s IT systems are down. If something were to go wrong in your IT environment, what would that mean to your business? Imagine you came to work and found your email was down. Many people say their email isn’t business-critical – but when it’s down, their expectations for getting it back up and running tell another story. So ask yourself, honestly, if your data was completely inaccessible, how long could your business survive without it. That will tell you how much importance to attach to developing and maintaining a strong data protection and recovery plan.
  3. Will you need to be able to do a granular restore? Since we’re talking about email, imagine you accidentally deleted a customer order that was placed via email. You absolutely have to retrieve it, so you ask IT to help. In some cases, when an email restoration is requested, IT has to restore an entire Exchange database to find just one piece of lost or damaged mail. But what if you want to simply restore that single email and nothing more? Conducting a granular restore requires not only backing up your data but making sure you can retrieve it down to the most granular level – a single email if need be – quickly and efficiently.
  4. Is de-duplication important for your organization? The answer is, maybe. In a lot of older systems, data is compressed to save storage space, but you’re still storing the whole data set. With de-duplication, the system automatically recognizes like data sets and uses “pointers” to them, eliminating the need to back up every data set each time you back up. This not only saves a tremendous amount of storage space, thereby reducing your backup footprint, but it also allows you to keep data longer locally.  And when you do move it to the cloud, it moves faster, which requires less bandwidth, something which was previously a stumbling block in SMB adoption of an on-site plus off-site data protection and recovery strategy.
  5. How long will your backups take? That depends entirely on the solution you choose. At SRC, we’ve partnered with Datto for our data protection and recovery solutions. With Datto, we perform one initial all-inclusive backup, which takes as long as most solutions do on a regular basis. After that, however, the Datto software will monitor what’s backed up and only record the changes at a block level. Imagine you’ve created a massive Excel file; sometime after the initial backup was performed, you access the file and change just two cells. Datto’s software recognizes that those two cells were the only things changed, and that’s all that is backed up in subsequent backups, clearly an advantage when it comes to faster backup times.
  6. How secure is your backup? When companies think about securing their data, it’s their “live” data that they’re talking about. Few people think about the data they’ve backed up, though really, if you’re doing regular backups, they’re one and the same. The question is, how easy is it for someone to get into your backup, and if they do break in, what can they do with the data they find there? SRC recommends looking at solutions that encrypt your data at rest so that it has to be actively unencrypted to access it – something that, with the Datto solutions we sell, can only be done with an encryption key. In our viewpoint, encryption isn’t a nice-to-have; it’s a must-have part of a data protection and recovery solution. The size of your organization doesn’t matter – SMB to enterprise – if your billing data, customer or patient records, and your organization’s policies and procedures were accessed by an unauthorized outsider, how vulnerable would your organization be? When you’re planning your data protection and recovery strategy, find out if the solution includes encryption and whether that requires any additional licenses.  With SRC’s Datto solution, it’s all part of the initial package – no extra costs or fees to pop up and surprise you.
  7. How will you validate your backups? A backup is only as good as its ability to restore your data when you need it most. But what happens if the backup is corrupted or infected with a virus? Unless you’re checking for this regularly, you won’t know until the day you need it, and then it’s too late. To validate your backups, you need a two-step process. First, find out if the backup solution you’re considering has software that can test a backup’s image each time one is performed and notify you if the image is not valid. Second, test, test and test again. If you don’t have the resources to do all this testing, then outsource it to a managed backup provider. Without successful tests, you will never be able to rest securely, knowing that you have a copy of your data that you can reliably access anytime you need it.
  8. How many licenses will I need? For some software products on the market today, you have to buy an “agent” that will allow you to restore that particular piece of software in addition to your data. The problem is, most customers dislike having to pay for additional licenses beyond what they pay for the initial purchase of a local backup appliance or an as-a-service backup in the cloud. The reason: It can get very costly. Imagine you have a data center with 10 virtual hosts running 800 machines. Do you need a license for each one? It’s important to find that out in advance.

Want to learn more? Read Part 1 of this two-part blog: Answer Truthfully: Are You Confident in Your Backup Solution? Then explore the intricacies of SRC Technologies’ backup and disaster recovery monitoring and management solutions and download a datasheet about our services. You can also learn more about Datto, then read Datto’s Ultimate Disaster Recovery Checklist here. Want a FREE consultation to get you started? Sign up for one here or give us a call at 920-965-8060 to see if a Datto solution from SRC might be right for your organization.

1 Channel Partners 2017 BC/DR Survey: 5 Disaster Disconnects: Survey Shows Partners Must Educate Customers on BC/DR

2Datto’s State of the Channel Ransomware Report