To help generate such ‘risk scenarios’, we also ask customers to consider recent events and explore how their organisation would have coped had this happened to them. For example, the Wannacry ransomware outbreak in 2017 is a classic example of how such reflection can really help. Businesses were gripped with fear of arriving at their office each morning to infected systems. However, as customer confidence grew that the immediate outbreak was protected against, our conversations with SME business owners shifted toward planning and getting the latest expert advice on how to build a solid last line of defence around backup & recovery.
Planning to Succeed
If all this reflection sounds pretty negative, take comfort that good planning and committing your ideas to paper is far easier, more likely to be more effective and cost less than just installing the first solution you come across. Such a planning exercise invariably opens the eyes to the types and levels of threats facing your business for both owners and their management teams. In the same way board members would not dream of leaving your premises unsecured, a well-constructed vulnerability plan will quickly highlight gaps in your data & application protection and focus your whole team on what is important.
We recommend keeping your plans simple and suggest developing a ‘roadmap’ to capture these ideas. Focus your attention on the most important and the immediate activity. The detailed planning is about the next 3, 6 or 12-months, beyond this keep it short, simple and allow yourself the scope to change, adapt or develop your planning as you progress.
Larger companies, operating multiple sites can justify geographical resilience, inter-site backup & replication and an off-site recovery site. This won’t be possible for most SMEs, but with good planning and design, similar results can be achieved with hybrid solutions, mixing public & private cloud, on-site and off-site solutions that give the highest levels of resilience where the business most needs it.
Disaster Recovery Solutions and Deployment
Extending the idea of ‘keeping things simple’ should also be applied to any backup & recovery solution you select. For example, look to deploy a seamless set and forget backup software layer that can automatically notify you in the event of problems and present a simple ‘top-level’ view of your data & application protection.
But backup is pointless if recovery is difficult and slow. Speed of access doesn’t have to cost the earth and make sure that you don’t over-egg what you need as you can become quickly blinded by the latest technology ‘must have’ features and the whole ‘up-sale’ process.
Solution considerations
Here are some tried and tested things to consider when looking for a backup & recovery solution
1. How easy is the backup solution to use? Is it really set and forget? Does it require distinct amounts of customisation for rollout? Does it suit the amount of data you have and do you need enterprise features like Disaster Recovery
2. Compare costs: Gone are the days of having just one or two vendors supplying niche backup solutions, now you can really shop around and buy a reliable backup solution that does what you need without over-doing features and complexity.
3. Remember your needs: Keep checking what problem you are aiming to solve. Are you trying to alleviate the chore of backup with automated, reliable, failsafe recovery?
4. What do others say: How many companies are already using the solution? Perhaps the most candid advice can come from your peers and what they truly think about everyday usage. Most of which are shared warts and all on sites such as SpiceWorks, Gartner Peer to Peer, IT Central Station to name but a few.
5. Understand your solutions: Don’t overly trust Cloud based apps to be automatically ring-fenced – for instance, who knew that Microsoft are not responsible for backing up Office 365 mailboxes? Who then is? Yes, that also falls to you!
6. Give it a try: – Download trial software and actually stretch test it – any software company of repute will want you to test the software in your own non-production environment.
Business Continuity & Disaster Recovery Glossary
Altaro:
Altaro is a complete backup and recovery solution for your IT systems. It provides a wide range of features that help protect your data and recover it quickly. At its heart is a web-based centralised management function making it easy to configure & manage from any location. Data is fully encrypted, with options for both on-site and off-site backup. Mostly importantly, Altaro recovery time is super quick, ensuring system outrages or data loss is kept to a minimum.
Azure:
Microsoft Azure extends the functionality of the Altaro backup & recovery system, providing the ability to simply add and automate off-site backup, with unlimited capacity, encryption, choice of geographical location. The Azure ‘plug in’ for Altaro means we can recover clients data or systems from this off-site storage location. This is crucial in the event of a total on-site disaster, such as a fire or major cyber-security incident. Off-site Azure backup provides the ultimate recovery if your local data is encrypted via a ransomware attack.
Backup:
Backup describes the processes and regime for the on-going backup of your company data and systems.
Business Continuity:
Business Continuity (BC) is concerned with identifying, managing and reducing business risk. This is done via a defined process / methodology that identifies and prioritises improvements to overcome these risks. An effective BC plan will support the strategic aims of the business and build the capabilities to keep the business running in the event of a disaster through a process of continual development. Key elements will include Business Impact Assessment, design of mitigation strategies, planning and implantation, testing, maintaining and developing.
Cloud Storage:
Storage provided in the cloud and accessible via the public internet. Examples include Microsoft Azure and Amazon Web Services.
Cloud Backup:
This general term refers to systems whose management and operation is based in the cloud, through to the storage of off-site backup data in public cloud services, such as Microsoft Azure.
Disaster Recovery (DR):
Disaster recovery planning looks to identify IT system risks, develop potential mitigating actions and create a testable and repeatable plan for your system recovery. This is done by creating disaster recovery scenarios to identify risk and the processes required for recovery. At its core, plans are created that regularly test the full recovery of systems, such that recovery processes become known and can be refined and improved over time. All businesses should undertake this planning process, even small businesses, resulting in actions ranging from backup testing & review, test restores, through to full disaster recovery of key applications and systems.
Data Encryption:
The process by which your company data is ‘scrambled’ and can only be ‘unscrambled’ using an encryption key. The encryption key is the password to unlock the data and is also known as the ciphertext. Making the data unreadable, means that unauthorised persons cannot access the data. It is imperative that data backup on-site and off-site is encrypted both ‘in-transit’ and ‘at rest’. ‘In-transit’ refers to the data as it is moved and ‘at rest’ refers to its final place of storage.
Incident Response Plan:
An action plan that covers the immediate response and actions required for your organisation to respond to a major incident. This can cover issues such as a cyber-attack, closure of an office or other serious incident impacting your business, but can also include major operational issues such as server outages or a production line failure. For small & medium sized companies we recommend including this incident response plan within your overall business continuity or disaster recovery plan. Typically plans cover the initial responses, who needs to be involved, which stakeholders to be notified and the key actions required to respond to the issue at hand.
Inventory:
An IT asset inventory allows an organisation to understand what devices it owns, what software it runs, where company data is being stored and a range of other factors from finance, through to risk management. Maintaining an accurate IT inventory is essential in many aspects of disaster recovery and business continuity They enable plans to be developed and maintained. Key to this is regular auditing or the use of on-going Remote Monitoring and Management (RMM) tools that provide a virtual ‘real-time’ inventory to be maintained.
IT Life Cycle:
IT Life Cycle covers introduction, adoption, growth, maturity and decline / obsolescence of your IT products, systems or services. All systems go through this process and your business needs to understand where your current systems sit within this cycle. This enables effective use and planning to be done and Charlton Networks recommend our IT Roadmap process. This means that IT Risk planning is more effective and businesses can understand these risks and mitigate their potential impact.
IT Risk Management:
IT risk management assesses the business risk associated with using, owning, operating or adoption of IT systems, services or processes. Risk management covers many aspects and processes, from initial Incident Response, through to scenario planning, disaster recovering and business continuity planning.
Managed Backup:
Managed Backup refers to the management and monitoring of your company backups or ‘outsourcing’ of this process. Service Providers will ensure backups and restores are monitored, regularly tested. It also ensure your DR plans can be implemented if called upon.
Off-site Backup:
Refers to establishing a copy of your backups away from the main site where the data exists. This can be a secondary company location or a cloud based backup solution.
On-site Backup:
Refers to establishing a copy of your data on the main site where the data exists. This tends to be the minimum and default position, with the potential to have secondary copies of backup stored in an off-site backup location.
Recovery point objective / RPO:
A recovery point objective (RPO) is the age of the file(s) to be recovered from a backup process / operation. This is required when a computer system or network goes down and live data is lost. RPO is important when planning backup and disaster recovery strategies and should be influenced by the business need and the impact to customers. Understand the impact of data recovery also includes understanding the commercial value in terms of lost manhours, productivity of revenue.
Recovery time objective / RTO:
The recovery time objective (RTO) is the estimated time needed to restore an IT system or IT services following a disaster or disruption incident. The RTO defines the estimated time to recover an entire system. As opposed to the RPO which defines the age of the files to be recovered. Understanding RTO determines the backup and recovery systems used and ensures that the business needs are matched to the underlying IT systems. Disaster Recover (DR) testing helps confirm the RTO and actual recovery time, giving the opportunity for continual improvement and minimising business disruption.
Restore:
Refers to either a single file or a complete system being restored from a backup set.
Retention:
Refers to how long copies of backup data are held for. i.e. The longer backups are retained, the further back in time data can be recovered.
Risk Analysis:
A risk analysis systematically identifies critical system resources and threats. It quantifies potential impacts / losses of productivity and recommends how to mitigate such risks. To eliminate or minimize exposure a number of countermeasures will be used.
Uninterrupted power supply (UPS):
A UPS is a device that allows your computer system to keep running. It may only be for a short amount of time when the primary power source is lost. It provides protection from power surges and contains a charger/battery system that kicks in when the device senses a loss of power from the primary source.
Altaro Experts
Our team at Charlton Networks includes several experts in both Altaro and other backup and recovery systems. Eric Gore is one of these leading experts. He’s a veteran of recommending automated backup solutions that do what they say on the tin. Eric is a Certified Altaro Engineer, who along with others helps Charlton Networks maintain the Altaro Gold Partner status.
After reading this article, perhaps you have more questions you’d like to ask? Or perhaps you’d like a free assessment of your current Business Continuity, Disaster Recovery capabilities or your existing backup & recovery. Why not drop Eric a line (eric.gore@charltonnetworks.co.uk) with your question? Alternatively why not download our Backup 30 Day Trail Free Download of choice – Altaro VM Backup