By the DynaSis Team
[featured_image]
We recently saw an article on virtualization that also discussed “data protection.” That is not surprising, given that a Google search of the term “data protection” returns 269,000 results. What caught our attention was the use of those two words to describe protecting corporate data from loss or corruption. While that is the traditional technology definition of data protection, it is different than data security, which is protecting your data from unauthorized and/or inappropriate access, storage or use by insiders or outsiders.
This distinction has been muddied recently by issues surrounding data privacy. One example is the demise of “Safe Harbor”– a policy agreement that governed how U.S. entities would handle the data of European Union (EU) citizens. The agreement expired and is being replaced with a new approach, Privacy Shield, which you can read about here. Articles about it, and the negotiations between the U.S. and EU, often referred to “data protection” as a quick way of saying “ensuring data privacy through clearly defined safeguards.”
The Scoop on Data Protection
To set the record straight from a technology perspective, data protection is a collective term for a firm’s plan to evaluate, catalog and protect information assets from application/user/machine malfunctions and errors, malware or other detrimental software, and facility outages/disruptions. Data protection encompasses such efforts as backup, storage and recovery.
As mentioned above, data protection also includes preventing or limiting data loss due to malware attacks. However, for the purposes of this definition, it doesn’t include data privacy or intrusion detection/prevention. Those efforts are vital to organizational safety, but from the viewpoint of an IT support company, they fall under the category of data security.
When managed properly, either in-house or through a managed services provider, data protection should include data lifecycle management (DLM). With DLM, organizations proactively control data not only during its effective useful life but also afterward, when they no longer need ongoing access to it but may be required to maintain it for compliance or other requirements. DLM covers data archiving as well as data disposal in a manner that does not allow its retrieval.
Data protection can also include such efforts as continuous data protection (CDP), where automated technology updates enterprise backups as changes to the primary systems are made. Backup generally occurs on a schedule that corresponds to the business owner’s risk tolerance, which might mean truly continual backup or could involve taking a “snapshot” of the data every hour, day or even week.
Data protection is a big, complicated and important topic requiring an in-depth IT solution, so we will discuss it frequently, sharing news we come across. Next week, we’ll discuss desktop virtualization, a type of virtualization that be a boost to data protection, when configured properly.
Specializing in managed IT services and network security, Atlanta based DynaSis has been supporting small to midsized business for almost a quarter century. Among the services we provide are cloud computing through the DynaSis Business Cloud, 24 x 7 x 365 helpdesk support, and real-time monitoring enabling us to deal with “issues” before they become problems. For more information, please call DynaSis at 678.218.1769 or visit www.DynaSis.com.
By the DynaSis Team
In looking at disaster recovery options, we recently came across an interesting article on “future proofing a colocated data center.” It offers suggestions for how companies can make the right choice when hiring another company to “colocate” their data (replicate it to a second location). It focuses on companies that are moving away from maintaining their own data centers, and it’s an interesting read.
It made us think about the specific questions business leaders should ask an IT service provider regarding off-site data storage, not only for backup but also for disaster recovery. Increasingly, business decision makers are realizing that creating and storing physical backups, whether onsite or offsite, is a tedious task and often not the most practical choice. Especially in the case of a true disaster, like the tornados that swept through the south last week, being able to access business data quickly, if not immediately, rather than going through an arduous restore process with new equipment, can truly be a business lifesaver.
Today, let’s consider three top issues that business leaders should never take for granted when purchasing hosted disaster recovery services—and yet, they often do.
Availability: Does the provider own or lease data center space at a location that is geologically, politically and economically stable? Many business owners know that weather is a consideration, but what about data centers hosted outside the U.S., or even data centers in economically challenged areas within the U.S.? Before you purchase data storage and retrieval services, make sure you are comfortable with the location where your data will be stored.
Resource Continuity: Does the facility have multiple independent power sources, on-site power generation that is reliable and can run for a long time (preferably, a week or more), and redundant Internet connectivity options, such as both Internet service and telecommunications providers? If the data center relies on a local water source for cooling, is the water source stable, year-round? A data center is only as reliable as the resources that service it.
Stability: How about the stability of the company running the data center? Does the firm have a long history of stable operation, or has it recently changed hands? Does the firm that will manage your data stores (whether they own their data center or lease it) have in-house personnel working for you, or do they rely on independent contractors or offshore assistance?
Furthermore, are you comfortable with the escalation process if a disaster occurs, or if you have a question or problem? It does little good to have your data stored in a safe, available facility if you cannot get anyone to help you in the middle of the night. Remember that during a true disaster, the provider’s staff may be the only team that's available to keep your business in operation.
All of these details, and more, should be spelled out in your SLA—Service Level Agreement. Don’t take anyone’s word or assurance that a feature or function is guaranteed. Get it in writing.
Specializing in managed IT services and network security, Atlanta based DynaSis has been supporting small to midsized business for almost a quarter century. Among the services we provide are cloud computing through the DynaSis Business Cloud, 24 x 7 x 365 helpdesk support, and real-time monitoring enabling us to deal with “issues” before they become problems. For more information, please call DynaSis at 678.218.1769 or visit www.DynaSis.com.
By the DynaSis Team
[featured_image]
Cybersecurity, already a hot topic in the news, has moved to an even brighter spotlight now that the presidential candidates are discussing it. The merits of their positions are not for us to debate here. However, their actions underscore the idea that cybersecurity is an issue of concern to the citizens who might vote for them.
Statistics support this viewpoint, especially among the small and midsized business (SMB) community. In May, 2015, Endurance International Group (EIG) released the results of a survey that indicated 81 percent of SMB owners have cybersecurity concerns. Even more (94 percent) “often think” about online security. This is good news, given that SMBs are prime targets. A Verizon study found that organizations with 11-100 employees are 15 times more likely to have their security defenses breached than organizations with more than 100 employees.
Unfortunately, the EIG survey also contained some deeply worrisome statistics. Researchers discovered that 94 percent of SMB owners don’t have cybersecurity insurance. Eighty-three percent handle cybersecurity themselves, often because they don’t think they can afford to employ IT support staff or contract for managed IT services.
In reality, the risk of being breached has become so great that no business can afford not to engage professional help. Attack vectors are evolving so rapidly that it is impossible to avoid them completely. Multi-national, billion-dollar corporations work to manage risk with layers of protection that close security holes, remove or clean infections, detect and stop malicious activities, and provide other lines of defense for corporate systems.
As we head into 2016, we hope all SMB owners will embrace this approach and take action to fortify their companies’ defenses. There simply is no “silver bullet” for security. No single solution will protect a firm. Companies must use a multi-layered approach in order to mitigate threats. Beginning with our first January article, we will be covering various aspects of cybersecurity to help educate our readers regarding this daunting but critical task.
Cybersecurity is complex, and it deserves everyone’s full attention. To ignore it is to accept the consequences of a breach. For an SMB, such an event is almost always financially crippling. In 60% of cases, it will destroy the business within six months.
[featured_image]
By the DynaSis Team
Does your company have a business continuity plan? If so, do you test it? If you answered "Yes" to the first question and "No" to the second, you are in good company. A recent survey of mid-sized business owners and C-level executives, conducted by The Hartford financial services company, found that 59 percent of mid-sized businesses had formal, documented business continuity plans, but only 19 percent of them had tested those plans. Among the remainder, 33 percent had an informal, verbal plan and eight percent had no plan at all.
If you're one of those with an untested plan, don't think you're in much better shape than your less-prepared competitors. A separate study by the Disaster Recovery Preparedness (DRP) Council also found that the majority of businesses (of all sizes) fail to test their continuity plans. Of even greater concern, the DRP found, among those who do test their plans, most plans fail.
Failure during testing is unfortunate, but it's far better than the alternative. Many things can—and do—go wrong when continuity plans are finally put into action. Some breakdowns are unpredictable, but many are fully within the control of the business owner and his or her chief executives. Reasons for plan breakdowns include:
We understand that small and mid-sized businesses often operate in near "fire drill" mode, with something more important than continuity planning always on the horizon. Humans can do this because we innately have a high degree of risk tolerance, especially for threats we haven't experienced yet. That's what allowed us to seek out and settle new lands and create new civilizations. It's also what allows us to get into airplanes that rocket along at 600 miles an hour, miles off the ground.
However, the odds of crashing in an airplane are infinitesimal compared to those of experiencing a business disruption. Running a business without a well-documented, tested continuity plan is a risk no business owner should take.
About DynaSis
DynaSis is an Atlanta IT services and cloud computing provider for small and mid-sized businesses. All of our solutions focus on helping companies achieve the three fundamental IT necessities of the modern business—availability, security and mobility. We specialize in on-demand and on-premise managed IT services, managed cloud infrastructure, desktops and backups, and professional hardware and equipment installation. For more information about DynaSis’ IT support and services, visit www.dynasis.com.
[featured_image]
By the DynaSis Team
We recently came across an interesting case study of the City of Asheville, which transitioned its disaster recovery solution from being on-site to being hosted in the Cloud. In doing so, the city not only gained redundant failover capabilities, it also reduced its recovery time objective (how long it takes for all data and other technology assets be running and available after an outage) from 12 hours to two. Reading it made us wonder how businesses are faring, in terms of cloud adoption. To our dismay, we realized they are not moving as rapidly is they could.
A 2015 survey by Continuity Central, an international business continuity information portal, found that only 6.2% of respondents are planning to implement disaster recovery, availability or other cloud technologies this year, with the large majority (nearly 85%) making other business continuity changes, instead. When asked what challenges are impacting their ability to make disaster recovery improvements, the number one hindrance (cited by 35.6%) was lack of budget, funds and resources.
This is unfortunate, because adopting the Cloud for disaster recovery isn’t expensive or complicated, and it requires little to no internal IT resources to setup and manage. Many providers, including DynaSis, offer prepackaged, cloud-based disaster recovery solutions that can be set up quickly and easily, with no disruption and very little expense.
Given the value of cloud computing for business resiliency, we find it inexplicable that all businesses are not leveraging it for basic data backup, at the minimum. After all, the Cloud enables companies to store data in a location that is geographically remote from the business. Depending on the solution, it may also allow an organization’s personnel to access that data from any Internet connection—even from a mobile device with a cellular data plan if traditional computing resources are not available.
Admittedly, the cost of cloud disaster recovery goes up if a company wants its data replicated very frequently (hourly or less), or it needs near-instant availability of its server images. Fortunately, the average company doesn’t need that level of service.
All companies should perform evaluations and determine their “data risk” tolerance—how much data they can afford to lose—and choose a solution based upon that decision. In many cases, companies discover that only one or two departments need backups more than once a day, with the remainder of the firm requiring them less frequently. Cloud storage is so flexible that most providers can set up backup services with varying schedules that accommodate such needs.
At the very minimum, organizations should store their business continuity plans in the Cloud so that key personnel can access them if the physical location of a business is destroyed or inaccessible. After all, a business continuity plan can’t help a company or its personnel if it’s sitting on a shelf the day a disaster hits the business.
Larger enterprises understand this, and their rates of cloud adoption are among the highest within the corporate world. SMBs are taking longer to grasp the value of the Cloud in disaster recovery. That’s ironic, given that the Cloud is the one place where all businesses are equal.
About DynaSis
DynaSis is an Atlanta IT services and cloud computing provider for small and midsized businesses. All of our solutions focus on helping companies achieve the three fundamental IT necessities of the modern business—availability, security and mobility. We specialize in on-demand and on-premise managed IT services, managed cloud infrastructure, desktops and backups, and professional hardware and equipment installation. For more information about DynaSis’ IT support and services, visit www.dynasis.com.
[featured_image]
In the daily rush of “important” business functions like sales, accounting and other hard-dollar activities, it’s easy for business owners to cross their fingers and dismiss disaster recovery and business continuity concerns, figuring that the odds are in their favor. After all, the Small Business Administration reports that only 25% of businesses that experience a disaster fail to reopen. Surely you will not be one of them, right?
The problem with such reasoning is that in today’s data-dependent business environment, “business continuity” doesn't mean keeping your business open after a disaster. True business continuity from a technology perspective means keeping your business and its digital assets functioning and available even during a minor IT disruption, and these are more frequent than you might think.
A 2013 Ponemon Institute survey of nearly 2,400 business continuity and IT professionals found that almost 70% of them anticipate a minor IT disruption (fewer than 20 minutes) over the next 24 months. (Approximately 23% of them expect to experience a major disruption―seven hours or more.)
Do you consider an outage of less than 20 minutes to be acceptable? Before you say yes, consider these scenarios. What if that outage happens when your sales manager is developing the most important proposal in your company’s history, and the file he or she has been working on for days is irretrievably lost?
What if your dependable, weekly backup solution did not happen to capture any of that work? Moreover, what if the IT outage is not minor, but rather, it involves a server crash or some other event that takes more than 20 minutes to resolve?
Do you have a plan to be up and running within minutes of the event, no matter what, perhaps with the help of cloud computing? Could you or your Managed IT Services provider restore that lost file―the one your newest, biggest customer is expecting by day’s end?
This may sound like an unlikely scenario, but it happens every day. In fact, unless you have redundant, cloud-based systems in place, your team is likely experiencing outages and data losses of which you are not even aware.
For example, are you aware of every occurrence where an employee experiences a file corruption―or accidentally deletes a file? Often, workers do not report these losses if they can hide them from their superiors, fearing retribution for careless behavior. Instead, time is wasted recreating the file, which drains productivity and erodes the bottom line.
In reality, the biggest “cost” of IT outages is not the time to diagnose problems, get systems back online, or purchase new hardware. The results gleaned from those surveyed IT professionals (whose jobs rely on having a good handle on this issue) found 75% of the costs from an IT outage, cyber attack or other IT-related problem are business-related―from productivity drains to loss of customer confidence, to cancelled or abandoned sales.
Understanding the true financial consequences of an IT disruption is vital to making meaningful risk calculations. We hope this information will help you do just that.
[featured_image]
By the DynaSis Team
With more than half of small and medium sized businesses (SMBs) backing up their data at least weekly, and 15% backing up every day, per a 2014 study, SMBs have made big strides in the use of backup technologies over the past few decades. Despite this fact, many firms are still not taking adequate steps to ensure the data in those backups can meet the operating needs of the business.
Physically backing up is only a small piece of the puzzle. Where and how the data is stored and the level of data availability (whether employees can access and restore it quickly and easily, when needed) are just as important.
There are many additional considerations for a robust backup management solution, and we will delve into the individual aspects of backup―from data security and mobility to retention and deduplication―in later blogs. Today, we’d like to offer a three foundational principles that can help companies better protect their data and achieve more useful backups.
Eliminate Tapes, Forever: Tape backups served millions of companies well for decades, but today there is a much better solution. On-site tape storage is especially risky―and potentially worthless in the event of a physical disaster at your location. Furthermore, tapes deteriorate over time. Cloud-based backups, which almost always offer redundancy, are a far safer means of protecting your data.
Establish Data Access Thresholds: In the backup industry, there are three key metrics for companies to address: Recovery Time Objective (RTO; the minimum time within which you would like to restore your data, applications and critical IT-related processes after an outage), Recovery Point Objective (RPO; the point to which you want your data restored) and Maximum Tolerable Outage (MTO; the longest amount of time your business could be disrupted by loss of access to your data, email and applications before it jeopardized your business continuity and/or client relationships).
Although these metrics are often discussed in relation to extreme situations, they help companies determine their risk tolerance during data outages or losses of any type. DynaSis wrote a white paper that talks about these metrics and other disaster recovery issues. You can read it here.
Protect Your Bottom Line Along with Your Data: A core feature of any backup plan must be adequate protection for the data. However, it’s just as important for these solutions to protect the business and its employees. Numerous studies have determined that excess complexity or unavoidable data loss hurts everyone. One survey of SMB IT pros found that 33 percent said even a small data loss hurts corporate bottom lines, and 32% said it results in missed business opportunities.
Furthermore, data loss impacts office morale (24 percent of respondents), employee work-life balance (25 percent of respondents) and employee loyalty (11 percent had employees quit as a result of a data loss). The surest way to minimize these impacts is to have backups that allow selective retrieval rather than restoration of entire data stores. When employees can cherry-pick a single lost file rather than go through a tortuous process to retrieve a backup, they are happier, more productive and more successful at keeping your business operating at its peak.
Here at DynaSis, we have been providing best-practices data backup services―with optional selective restore capabilities―for many years. Our newest platform, the DynaSis Data Vault, is truly groundbreaking. To learn more or get started, please give us a call.
[featured_image]
By the DynaSis Team
As the U.S. lumbers through yet another year of debilitating winter storms, it is becoming painfully clear to more businesses, every day, that disaster recovery isn’t an issue only for the “summer storm” months. Here in our corporate home of Atlanta, we have been spared the hardships of last winter, so far. However, February is one of the months when we are most likely to experience a winter storm.
Disaster recovery (as opposed to its longer-term cousin, business continuity) is about rapid resilience. Think of it as your “bounce back” metric. In the event an ice storm paralyzes your company and keeps employees at home, will your “doors” still open the next day? What if the key employee charged with ensuring continuity is stuck on the side of a road in his or her car?
These are questions many firms fail to consider when they think of disaster recovery. In our discussions with new customers and prospects, we are amazed at how many have narrowly defined plans that require every piece of the puzzle to fall into place, perfectly. As anyone who has experienced a disaster knows, crisis events never unfold perfectly.
Some companies accept the idea of closing their doors for a day or a week in the event of extreme weather or other closure event. Others cannot lose even an hour of operation. An alarming largely number haven’t tested their plans adequately or don’t have a step-by-step plan for recovery if the impetus for disaster is technology (e.g. a blown server) rather than weather.
In our virtual travels around the Internet, we found a 10-minute survey, prepared by the IT Disaster Recovery Preparedness (DRP) Council (a non-partisan advocacy group composed of IT business, government and academic leaders). It is designed for firms operating virtualized environments. However, the majority of its questions are germane to all businesses, virtualized or not. If you have a few minutes, take the quiz and see where your business places.
More importantly, make 2015 the year when you commit to ensuring your firm adheres to basic disaster recovery recommendations. On the IT side, double check your backup plan and find out how long it will take to restore your data, should you need it. Ensure your employees can access company data from either your server or your backup, securely and remotely. (Preferably, they should be able to access it from their phones―and know how to dock their phones to a laptop for Internet connection. Cellular providers are federally mandated to have a very high level of continuity and backup power.) If your business relies on ordering or other systems hosted in the cloud, explore the disaster recovery plans for your providers, too.
On the people side, assign someone in your company to work on evaluating and updating any materials you have. In the wake of even a small disaster, confusion over mission critical activities and chain of command brings many firms to their knees. Make a schedule to test your plan.
Finally, remember that you don’t have to handle these tasks alone. DynaSis offers four different disaster recovery solutions based on your level of outage tolerance. We can have you up and running, even in the event of a site disaster, in two hours or less. To explore the subject more thoroughly, we invite you to download our white paper on disaster recovery planning.
Many business owners are surprised to learn that significantly improving their business resilience can be achieved with minimal additional investment that can reduce both cost and risk. To learn more, give us a call.
[featured_image]
By the DynaSis Team
For more than a decade, virtualization has been a well-promoted solution for achieving flexibility and security with on-premise (in-office) servers. With virtualization, a company and/or its IT vendor “carves” a server or dedicated storage device into multiple virtual servers/drives (these deployments are called virtual machines, e.g. VMs). One of the ways that DynaSis helps its customers maximize IT ROI (and security) is by designing and installing a virtual server layout from a single physical one.
Multiple VMs can reside on a single physical server, yet each will be totally segregated from the others and can have a discrete purpose, separate authentication and security protocols, availability rules and other characteristics of a physical server. Another advantage of virtual servers is that storage allocation for each VM can be altered quickly―and often, dynamically based on load.
For all these reasons, many cloud servers are virtual, with data centers dividing their large servers and storage arrays into numerous VMs for their clients. With virtualization having become an indelible fixture of data center operation, and the technology also being so beneficial for on-premise server installations, we scanned the Internet for expert advice on what we and our customers can expect from virtualization in 2015. Two items, in particular, sparked our interest.
Virtualization Security: With so many security breaches in 2014, it is inevitable that vendors will be placing a renewed focus on security. One of the hot new approaches at the data center level is “micro-segmentation,” where every discrete virtual machine becomes its own impregnable fortress with dedicated security.
Data-center-level solutions are generally too expensive for SMBs to implement for their on-premise implementations of virtualization, but that doesn’t mean companies that implement virtualization are at risk. Companies that work with a vendor that provides robust, end-to-end security and proactive problem resolution, including patch application, have the confidence that their virtual machines can be fully protected, as well. At DynaSis, we have always considered security paramount, and we recently introduced another layer of security for our Managed IT customers.
Converged Infrastructure: This term may sound a bit arcane to those outside the IT world, but it’s really a fancy way of saying bundling. Experts expect acceleration of this trend―where a company works with a vendor that provides a complete solution comprised of multiple infrastructure (hardware) components packaged to work well together.
Packaging interoperable infrastructure for maximum security and connectivity is always a good idea, but it requires preplanning, so it is easy to overlook. It’s the approach we take with our Ascend offering, where we build out a firm’s infrastructure and they lease it from us for a low monthly fee, including management and security. We definitely hope this trend will gather momentum in 2015, as it can be very beneficial.
In addition to these two trends, we saw mention of a number of protocols, solutions and platforms, all of which are too complicated to discuss in this short article. However, be assured that the DynaSis technicians are staying abreast of these developments to give you the most secure, productive virtualization experience possible. To learn more about the substantial benefits of virtualization, or to meet with a DynaSis Virtual CIO to explore the possibilities for your firm, please give us a call.
[featured_image]
By the DynaSis Team
Despite decades of advocacy by IT and disaster recovery experts regarding the importance of off-site backups, crisis communication plans and other elements of business survival, many companies still don't have a functional plan for business continuity in the wake of a disaster or major disruption.
In fact, the majority of firms don't even have an adequate program for ongoing IT continuity to reduce business interruption. Per the 2013 Ponemon Institute, 86% of firms experience one or more measurable instances of system downtime in each year, with 60% of those instances being attributed to user error.
On the resiliency side, a Sungard Availability Services survey found that 75% of continuity plans are not used in their existing state during either testing or a disaster. Inadequacy of communication protocols is equally disconcerting, with 85% of companies believing their crisis communication plans aren't very effective. At the same time, severe weather events, cyberattacks and power grid overloads are causing an increasing number of business disruptions.
Cumulatively, this state of affairs makes a pretty strong case for well-planned, functional business continuity and resiliency plans, but they don't tell business owners how to go about accomplishing that task. For resource-strapped small and medium-sized business (SMB) owners, the challenge can be overwhelming.
We don't have room in this blog to provide you with sufficient practical advice, but we can offer a few pointers.
There are many other aspects of disaster and disruption planning that go hand in hand with these suggestions. On the IT side, they include best practices for backup hardware, network management to reduce short-term outages and more. To explore the options and begin taking proactive steps to bolster your business continuity mechanisms (both short-term and long-term) we invite you to download our white paper on disaster recovery planning and give us a call.