Post on 25-Jul-2020
1
TheDynaSisEducationalSeriesforC-LevelExecutives
CloudBackupandDisasterRecovery“TheToweringInferno”“Earthquake”“SanAndreas”“Volcano”Weallloveagooddisaster.Aslongasit’snotreal.Andespeciallyifitdoesn’thappentous.Thesemoviesshowsomeprettyspectacularimagerythatreallygetsyourbloodrushing.Butasyouprobablyguessedbynow,todaywearegoingtotalkaboutanentirelydifferenttypeofdisaster…thekindthathappenswhenyourcompany’sfilesdisappear,orarerendereduseless,orarestolen.Insomecases,thisbusinessdisastermaybetheresultofoneoftheabove“natural”disasters,butrecenthistoryshowsusthatthevastmajorityofdatadisasters,whetherintentionaloraccidental,areman-madeand/orman-preventable.Butregardlessofhowithappens,datadisastersarerealandmustbedealtwithquickly,completelyandaccurately.Howdotheyhappen?Hereisabreakdown(chartonnextpage.):
65%HumanError29%TechnologyIncident22%SecurityIncident5%Other
Let’sstartwithalookatsomeoftheworstdatalossdisastersinrecentmemory.Wesay“some”oftheworst,becausetherehavebeenfarmorethanwecouldpossiblymentionhere,andpeoplewilldisagreeabouthowbadisbad._____________________________________________________________________________________
2
TheDynaSisEducationalSeriesforC-LevelExecutives_____________________________________________________________________________________
TheGovernmentoftheUnitedKingdomLosesItsDataonEVERYCriminalintheCountry.Thekeywordhereis“loses”.Inthiscontext,itdoesn’tmeanthatthedatadisappearedfromtheBritishgovernment.No,itmeansthatalltheserecordsweretransferredbyanemployeeontoamemorystick(akaflashdrive),andthentheemployeeliterallylostit.Thishappenedin2009andincludedalltherecordsofmorethan40,000badguysconvictedforseriousfelonies,butalsoincludedthehomeaddressesandpersonalinformationofeveryoneintheprisonsystem.RememberMa.Gnolia?Hereiswhyit’snotaroundanymore.Ifyoudon’trememberMa.Gnolia,itwasaquicklygrowingbookmarkingsitethatgaveit’suserstheabilitytobookmarkfavoritesitesandsharetheirbookmarkswithotherusers.Itwastrulyapioneerwithuniquetechnologyandwasexpectedtobecomeamajorplayer.Untildisasterstruck.Inacompleteoutage,theirserverslost100%oftheirdata,includingtheiron-sitebackup,whichwascorrupted,aswell.Thesitewaseffectivelydeadandnottoolongafter,sowasthecompany.Afterwards,theirCEOadmittedthatoffsitebackupwithproperbackupsoftwarewouldhavesavedthecompany.USGovernmentLosesDataon26MillionVeterans.Here’soneforthoseofyouwhoworkfor(orown)companiesthatallowBYOD(bringyourowndevice).Withpeopleworkingfromtheoffice,fromhome,andontheroad,employeeswhousetheirownlaptops,smartphoneandtabletshavebecomemoreandmorecommon.It’seasierfortheemployeethanhavingtwoofeverything–twophones,twolaptops,etc.–andcheaperfortheemployer.Whilethisonehappenedafewyearsago(2006),thelessonringstruetoday.AdataanalystworkingfortheDepartmentofVeteransAffairshadhislaptopstolenfromhishouse.Unfortunateinitself,buthejusthappenedtohavetherecordsof26,500,000militaryveteransonthedevice.Thelaptopwasrecovered(afterpayinga$50,000reward)butfollow-uplawsuitscostthegovernmentmorethan$20,000,000.Acouplemorequickies:WhenthedatabaseoftheUSconsulatecrashedin2014,morethan200,000visasforpeoplefrom_____________________________________________________________________________________
CauseofDataDisasters
Causedby"Man" CausedbyTechnology
SecurityIncident Other
3
TheDynaSisEducationalSeriesforC-LevelExecutives
_____________________________________________________________________________________aroundtheworldwereputonhold.Thedatahadbeenbackedup,butthesystemthatcrashedwasnot.Issuanceofvisasgroundtoahalt.Thisdisasterwascausedbyasimplepatchthatdidn’tworkproperly.In2015,acomputersecurityresearcherfoundadatabasecontainingthepersonalinformationon191,000,000votersfromall50states.Includedweretheirpartyaffiliations,phonenumbers,emailaddresses,andbirthdates.Thisinformationwas“outthere”duetoadatabasethatwasincorrectlyconfigured.Andfinally,hereisonethatcouldhavebeenadisasterbutwassavedbecauseonepersondidn’tfollowtherules.TheentirealmostcompletefilmToyStory2wasalmostlostwhenoneofPixar’semployeesentered“removeall”andwentclick.Anaccident?Wedon’tknow.Wedoknowthattheonlyreasonthefilmwasnotlostwasbecausethefilm’stechnicaldirector,whowantedtoworkfromhome,hadtransferredacopyoftheentirefilmtoherhomecomputer,which,bytheway,shewasnotsupposedtodo.Dilemma:doesshegetfiredorissheahero?Ifyouthinktheseareisolatedincidents,thinkagain.Withinthepastyear,almosthalfofITprosatsmalltomid-sizedcompanieshavelostdataandusedbackupstorecoverit,whichisgreatwhenthebackupdataisintactandretrievable.Toensurethatitis,alittlemorethanhalfofthosesurveyedstatedthattheyareusingahybridapproachtobackingup–onpremiseandoff(wewillgettoexactlywhatthatmeansinalittlewhile.)Butwhatabouttheotherhalf?Ouropinion:theyareopeningthemselvesuptopotentialdisaster.(Pleasenote:justbecauseyouarebackingupoff-premisesdoesn’tautomaticallymeanyouaredoingitright.Itstillneedstobeperformedcorrectly.)LikemostthingsintheITworld,backupanddisasterrecoveryarechangingatarapidpace,andmostmoderncompaniesareatleasttakingahardlookatoff-sitecloudbackup.(Anothernote:filescanbebackedupoffsitewithoutthecloud.Someorganizationsroutinelybackuptheirfilestotapeordisks,thentransportthesetoanoffsitesecurestoragefacilityforsafekeeping.)Obviously,thisbecomesexpensiveandcumbersomewhenfilesneedtoberestored.Weshouldalsonotethatthismethodoffilebackupisshrinkinginpopularity,forobviousreasons,butananalysisofoff-sitestoragewouldn’tbecompletewithoutmentioningit.
Whyhas“off-site”moreandmorecometomeanthecloud?Thereareseveralreasons:
• First,thecostofmovingmassiveamountsofdatahasgonedownquitedramatically.• Thespeedofbroadbandhasincreasedtothepointwhereitismuchmorefeasibletomovelarge
amountsofdataonadailybasis.• Storagecostsforthisdatahasalsodecreased.• Storageisnowhighlyscalablesoastheamountofthedatayouwanttostoreinthecloud
increases,yourstoragecapacityincreases,althoughthereissomecostforthis.
Youshouldalsonotethatthesedays,hybridbackupisgainingmomentum,meaningyoustoreonebackupcopyonpremisesandonecopyinthecloud(youshouldalwayshaveatleasttwobackups,eachstoredadifferentlocation.)Thismakesperfectsense.Itismorecosteffectivetohaveonebackupcopy
_____________________________________________________________________________________
4
TheDynaSisEducationalSeriesforC-LevelExecutives_____________________________________________________________________________________
on-site,rightatyourfingertips,butkeepingthatsecondcopyatahighlysecurefacilityprovidesyour
companywithalevelofprotectionthatcouldn’tbeachieved(notcosteffectively,anyway)byasmalltomid-sizedcompanyonitsown.
CloudSecurity
Cloudsecurityisaconcernmanypeoplehave.Perhapsitisnaturaltofeelsaferknowingthatyourdataisstoredonyourownpremises,rightdownthehall.Andweagreethatcloudsecurityshouldnotbetakenforgranted.Moderndatafacilitiesarehighlysecure,withtemperatureandhumiditycontrol,accesscontrolsystems,powerbackups,multipleInternetproviders,etc.,etc.Theseareconsiderationsyoushouldbelookingforifyouaregoingtointerviewacloudserviceonyourown,aswellasthefunctionalitythatwillbeavailabletoyourin-houseITifrapidrecoveryiseverneeded.
Whichbringsupanotherpoint:thismaybeagreattimetolookintoretainingtheservicesofamanagedITsupportcompanythatwillbethere24x7x365tomakesurethatyourbackupsarerunningaccordingtoplanand,mostimportantly,tojumprightinintheeventofaneededrecovery.Manymid-sizedcompaniesthathavetheirowninternalITteamsalsoengageanoutsourcedITsupportcompanytoruntheirbackupsandthemonitoringofthem.Afirst-classITservicecompanywillmonitorandmaintainthesystemaroundtheclockandwillusuallyspotandfix“issues”beforetheybecome“problems”.Theyalsofreeupyourpeoplefrommundanedailytasks,allowingthemtofocusonlong-rangeplanningandhigherlevelprojects.
Ifyouhaveyourownin-houseITteam,theywillcertainlybeheavilyinvolvedintheprocessofselectingthemanagedITserviceproviderand/orthedatafacility,andyourserviceproviderwillusuallyreporttothem.
DisasterRecoveryasaService(DRaaS)
DisasterRecoveryasaServiceisarelativelynewservicethat’sappropriatetothisdiscussion.
Forsomeorganizations,havingoff-sitebackupoffilesisonlyonepartofanoverallsolution.Anotherimportantpartisanoff-site“disasterrecoverysite.”Simplyput,thismeansasecondphysicallocationwhereback-upserversarefullyup-to-dateandwhich,ifandwhenasitedisasteroccurs,canbeusedtofullyrunthecompany’sITinfrastructure.Wearespeakingaboutadisasterthatnotonlymakesfilesunusable,butalsocripplesyourserver(s).Asecondphysicalsite,withallthecostsassociatedwithsuchasite,canbeexpensivetomaintain,buttheabilitytoquicklycomebackonlinecanbecriticaltoacompany’ssurvival.Thequestionyouhavetoaskyourselfis,whatwouldbethecost,indollarsandcents,inreputation,inlostcustomerbase,inemployeemoraleandloyalty,ifyourcompany’sITnetworkwasshutdownevenforarelativelyshortperiodoftime.Withoutgoingintoalotofstatistics,
sufficeittosaythatthecostformanycompaniescanbeinthehundredsofthousandsofdollarsaday_____________________________________________________________________________________
5
TheDynaSisEducationalSeriesforC-LevelExecutives_____________________________________________________________________________________
andmanyneverfullyrecover.
ButanotheroptionisDisasterRecoveryasaService,afunctionalityunderwhichyourdatawouldnotberecoveredtoanotherserver(s)atyourdisasterrecoverysite,butrathertoaserver(s)inthecloud,whereallofthecompany’sworkloadscouldstillfunctionuntilnormaloperationswerere-established.Thisisagreatmethodologyforacompany,particularlysmallerones,thatneedtobeabletogetupandrunningquicklyintheeventofadatadisaster,butwanttoavoidthecostofmaintainingasecondofficesite.WithDRaaS,thedisasterrecoveryinfrastructureandcompanyworkloadswillexistinthecloudonlyforaslongastheyareneeded.Assoonasthepermanentinfrastructureandfilesareavailable,thetemporarystructuresareremovedandchargesstopbeingincurred.Again,thisisafunctionalitythatmaybebestservedthroughanoutsourcedmanagedITsupportproviderthathasexperienceinthistypeofservice.
Finally…
Backupandrecoveryinthecloudoffersmanyadvantagesovertraditionalmethods,suchaskeepingasecondserverinyourofficeorphysicallymovingbackedupfilesontotapeordisk.Asthisstatementimplies,webelievethatatleastoneoff-siteback-upcopyofyourdata,alongwithanon-sitebackup,isanimperative.(That’s2backupsplus1original=3completecopies).Onanevenhigherlevel,andimportantforcertaincompaniesthatcannotwithstandlongdowntimes,isDisasterRecoverasaService,especiallyasthesoftwareinvolvedcontinuestoimprovemakingthefunctionalityeasiertoimplement.
Wealsobelievethatintoday’sworld,withcyber-attacksontherise,especiallyintermsofransomware(seeourwhitepaper:CyberSecurity2017),theabilitytorapidlylockoutencryptedfilessoastokeepinfectionsfromspreading,andtheabilitytoquicklyrecoverlost,stolenordamagedfilesisparamount.(SeeourCaseStudy:ATaleofTwoCyber-Attacks.)Thekeytosuccessfullyimplementingsuchaprogramformostsmalltomid-sizedbusinessesisfindingtherightITpartner,amanagedservicescompanythatcanprovideanun-biasedriskassessment,andthenworkwithinyoursecurityrequirements,budgetandlevelofcomfort.
Onefinalanecdote:thismaybeshockingtomillennials,butatonetime,datawasactuallystoredinthesepaperthingscalled“books”,andbeforethatonscrolls.InAlexandria,Egypt,therewereabout500,000irreplaceablescrollscontainingadvancedworksofmathematics,physics,astronomy,poetryandmore,allstoredinthelibraryofAlexandria.In300BC,thelibraryburneddown,takingall500,000scrollswithit.Thiswashistory’sfirstrecordeddataloss,andwithnobackups,allthisknowledgewaslost.Hadtherebeenasecondsetofscrollsstoredelsewhere,wemightnotevenremembertheevent.
Since1992,DynaSishasbeenattheforefrontofmanagedITservice,takingtheleadindevelopingITsecuritymeasuresnowusedacrossthenation.WeprovidecomplimentaryITAssessmentsthatincludeRiskAssessment.Ifyoubelievethatyourcompanymightbenefitfromsuchananalysis,pleasegiveusacall,orfillouttheform.We’dlovetochat!