What Should You Look For In Your BDR Solution

What Should You Look For In Your BDR Solution

What should you look for in your BDR solution?

When we talk about disasters, what comes to mind most often are natural disasters like hurricanes, tornadoes, or floods. Very few think about things like malware or cyber-attacks. All of these can impact your ability to continue doing business. You need to protect your data, so a good backup/disaster recovery solution should be an important part of your business continuity plan.

There are many backup/disaster recovery solutions out there and it can be difficult to navigate the many options available.

Here are few things to consider when shopping for a BDR solution:

Is the backup image-based or is it a file-based backup?

A file-based backup only backs up files and folders that are specifically selected. File-based backups typically require less capacity and cost less than an image-based backup. An image-based backup is a comprehensive snapshot of all the data on the server including files, folders, applications, and system configurations.

If your server crashes, file level backups typically take much longer to recover since you need to “start from scratch”, installing the operating system, configuring all the settings, installing the software applications, and then recovering the data. Keep in mind, that any files not selected in the backup would be lost permanently.

Because the image-based backup includes the operating system, all the settings, all the applications, and all the data, recovery time is much quicker and data loss is drastically reduced.


What is your Recovery Point Objective or RPO?

Each backup is a recovery point and you need to determine how much data loss is acceptable. Many backup solutions provide daily backups or a recovery point every 24hrs while some provide backup intervals as low as every few minutes creating multiple recovery points throughout the day.

Consider this… your backups run nightly and your server crashes at the end of the work day before the backup runs. There is a risk to lose an entire day’s data entry if you need to recover to yesterday’s backup.

A good BDR solution should provide a full image-based backup in customizable time intervals that start as low as every few minutes. This drastically reduces the potential amount of data loss.  


What is your Recovery Time Objective or RTO?

In other words, how quickly do you need to recover from an outage? Many backup solutions provide backup to the “cloud”. This keeps your data safe but how quickly could you procure or build a new server, install the applications, set up your users and their profiles, and then recover the files and folders from the cloud? Even if you could get a replacement server overnight, it could take days to configure everything and recover the data. Is it ok to be down for days?

A solution that includes an onsite BDR appliance provides a substitute server for quick virtual recovery reducing downtime to minutes in the event of an outage.


Does the solution offer redundant backup and multiple recovery processes?

It’s important to have an offsite or cloud-based backup, but what happens if you suffer an internet outage when the backup is supposed to be running? You need to have both on and offsite components to your backup solution. It’s important to have this redundancy to maintain the backup process and keep your data safe.

What if the servers at the main office go down or, worse yet, a disaster strikes and you have remote workers or multiple sites that depend on access to data and applications on those servers? Not only do you need redundancy in the backup process, but you need to have multiple recovery options that include cloud recovery so your business can continue to operate even if the main site is off line.


Is the solution monitored and tested routinely?

Ok… so you have your backup/disaster recovery solution, it meets your RPO and RTO, it has redundancy built in, and it has multiple recovery processes. How do you know it is working? Make sure the solution includes monitoring and that you will get notifications of successful and failed backups. Make sure it is tested routinely to be sure the servers will boot in the virtual environment. Request periodic live testing of the disaster recovery environment so you know the environment will perform in a business continuity situation.

What Should You Look For In Your BDR Solution

What Is Data Loss?

What is Data Loss? What Causes Data Loss? What Can You Do?

Wikipedia defines data loss is an error condition in information systems in which information is destroyed by failures or neglect in storage, transmission, or processing.

Data loss is distinguished from data unavailability, which may arise from a network outage. Although the two have substantially similar consequences for users, data unavailability is temporary, while data loss may be permanent.

Data loss often spells the end for many small/medium businesses. Statistics show that following a major data loss, 43% of business never reopen, 51% close in 2yrs, and only 6% survive.

According to studies, human error and hardware failure are the two most common causes with 44% of incidents resulting in data loss. Other causes include software failure, cyber-attacks, viruses, and natural disasters.


Many of these are outside of your control… so what can you do?

  1. Identify assets critical to your business, vulnerabilities, and threats. A regular security risk analysis, vulnerability scan, and penetration testing can help you identify areas of risk.
  2. Implement appropriate safeguards. These safeguards might include a firewall, multi-factor authentication, email security, and endpoint detection/response (EDR) to protect your critical business data and detect potential threats.
  3. Subscribe to proactive monitoring and routine maintenance of your systems. Having “eyes” on your systems 24/7 and routine maintenance can often prevent a business impacting event.
  4. Implement a Backup/Disaster Recovery Solution (BDR). BDR marries data backup and disaster recovery to ensure maximum uptime and business continuity. BDR solutions provide a continuous backup of your systems and provide rapid data restoration in the event of a disaster. Don’t forget to test your BDR solution regularly. Many businesses invest in BDR solutions but never test them.
  5. Continually educate your end-users and implement policies and procedures to hold them accountable. Remember… one of the most common causes of data loss is human error. Clicking the wrong link, accidentally deleting files, or opening the wrong email can cause major issues resulting in downtime or permanent data loss.
What Should You Look For In Your BDR Solution

Signs It May Be Time To Look For A New MSP

Signs it may be time to look for a new MSP

I reach out to many people, in many different industries, to talk about our managed services solutions. All too often, they respond with “we have a guy” or “we’re good”. That’s when I typically ask, “How do you define good?” Don’t get me wrong… there are a lot of good MSPs out there, but there are a lot of “not so good” ones too.

Here are a few signs that may indicate it’s time explore other options.


The same issues over and over again

Are you experiencing the same issues over and over again? Your vendor may not monitoring your network accurately, they may not be documenting issues, or they may just keep putting a Band-Aid on the problem hoping it goes away. This indicates a lack of experience or lack of care in managing your systems.

A good MSP uses monitoring tools and a proactive support methodology to head off most issues before they impact your business. They also have a system in place to comprehensively document issues and resolutions. If an issue does occur, a good MSP should have the systems and processes in place to prevent it from happening again, or at least, an efficient process for resolving it. If they do detect a recurring issue, they should proactively reach out to you with advice on an alternative solution.


Lack of communication

Is your MSP taking longer to respond to your calls? Do you find yourself reporting critical issues that your MSP should have detected, i.e. system crash or internet outage? Do you find that you have to reach out for status updates on issues because you haven’t heard from your MSP? Is your MSP checking in with you regularly?

It is important that you have a well-defined service level agreement (SLA) that outlines levels of severity and response times. More importantly, your MSP should be communicating with you, proactively and regularly.

Leveraging their experience and the insight provided by their management tools, your MSP should be providing you advice on improvements beyond hardware and software. They should be working with you to streamline workflows, enhance business processes, develop policies and protocols, implement new technologies, and train your users.

When you do have an issue, whether it’s reported by you or detected by their monitoring tools, there should be an open line of communication from start to resolution. They may not always have good news, but they need to be communicating detection of an issue, confirmation of your request, estimated time to resolution, progress, changes in status, alternative solutions, resolutions, etc.


Constant Up-Selling

Is your vendor is always bringing new services or products to the table to add “value”? Is your vendor quick to recommend a new product or upgrade to resolve an issue?

First, a good MSP takes the time to learn about you and your business. They work with you to develop a solution tailored to your unique needs. Keep in mind… your MSP should be recommending new technology, upgrades, processes, etc. as your needs change, but they should be able to justify the costs with data from their reporting tools, increased efficiency, enhanced security, or long term savings.

Be wary of vendors that quickly recommend upgrades, new products, or services as solutions to an issue. A good MSP will take the time to troubleshoot issues and provide hard data to justify any recommendation to upgrade or purchase products and services.


Unexpected charges on your invoice

Are you getting invoices with unexpected charges? Do your invoices keep getting higher and higher? Many businesses partner with an MSP for consistent, predictable IT spending. In many cases, they find themselves getting higher than expected invoices or surprise charges.

Your MSP should be using data provided by their management tools and their experience to help you plan and budget for IT expenses. Sometimes the unexpected happens… when it does, your MSP should provide you prior notice of any additional expenses, provide detailed information on the invoice, and be able to justify the expense.

In some cases, you get unexpected charges because your expectation for what is covered in the agreement differs from what is actually covered. It is your MSP’s responsibility to make sure you understand the scope of the support agreement.


High Turnover

Are employees coming and going with your vendor? Every business has its share of employee turnover, but service delivery starts to suffer when there is high turnover. It can be difficult to find someone that has knowledge of and experience with your systems and you may find yourself in a frustrating situation telling the same story over and over. It may indicate that working conditions, policies, practices, and protocols are lacking with your vendor.

A good MSP has very little turnover. They adhere to good employment practices, treat their employees well, tend to have more experienced engineers, and are typically able provide a higher level of service. Don’t get me wrong… everyone has to start somewhere… it’s important provide less experienced techs the opportunity to get to know you and learn your systems, but you need to know there are seasoned engineers with an intimate knowledge of your systems watching out for your best interest.


Finger-Pointing and blaming your other services

Partnering with a managed services provider should give you a single point of contact to monitor and manage all or at least a big piece of your technology. You will still need an internet service provider, communications systems vendors, software vendors, etc. All of these pieces are intertwined and, inevitably, issues will come up. In most cases, the first person you call is your MSP, but many are quick to point their finger at one of your other services. A good MSP should have experience with and knowledge of your other services. Even if it’s not their fault, they should take ownership of these issues and reach out to the other providers to assist with the resolution.


Lack of Flexibility

Small / Medium sized businesses need to be agile and quickly adapt to changing market conditions. They experience unplanned growth and may even downsize unexpectedly. As a small/medium sized business, you need an MSP that is flexible enough to adapt to your changing needs. Many MSPs are rigid with their pricing and contract terms. Your MSP should be willing to work with you on pricing, changes in service needs, and contract terms as your needs change.

What Should You Look For In Your BDR Solution

MSP’s and Compliance

MSP’s and Compliance

Businesses of all sizes and verticals face the ongoing challenge of staying up to date with compliance regulations. Not to mention… mishandling protected data has generated millions in fines and liability costs have become a growing concern.

IT departments must:

  1. Ensure the confidentiality, integrity, and availability of protected data
  2. Protect sensitive data from hazards and threats
  3. Protect sensitive data from unauthorized use and disclosure
  4. Ensure workforce compliance with the guidelines

Additionally, if your company manages electronic protected information files or content, you are required to have security protocols in place from the time the files are created until they are properly destroyed. This means that organizations that process protected information must have the following:

  1. Processes for identifying assets and vulnerabilities
  2. Appropriate safeguards to protect and control access to data
  3. Mechanisms in place to detect suspicious activity
  4. Processes and protocols in place for response to events
  5. Secure, reliable backup and disaster recovery plan
  6. The ability to completely destroy data when necessary
  7. Policies and procedures governing the access to and handling of data

Navigating compliance can be challenging to say the least. Your MSP should provide a structured framework for the security of protected data and assist you in implementing a comprehensive compliance strategy.

What Should You Look For In Your BDR Solution

Business Email Compromise

Business Email Compromise and Ransonware

According to the 2017 Global Threat Intelligence Report by NTT Security, Business Email Compromise (BEC) cost businesses far more per incident than ransomware. In 2016, The FBI’s Internet Crime Complaint Center reported losses to BEC scams at nearly 3.1 billion dollars. Losses are now projected to exceed 9 billion dollars. With world-wide cybersecurity spending projected in excess of 95 billion dollars, it’s a wonder how this unsophisticated threat is causing so much pain in the pocket-book. It’s important to note that most users don’t understand how common these attacks are and the financial impact they have. Unlike malware attacks, BEC scams rely mainly on social engineering, deception, and psychological manipulation to trick end-users. Cybercriminals study their targets, are able to identify the individuals responsible for financial transactions, and are able to mimic policies and protocols necessary to perform financial transactions. Most attacks are carried out using spoofed or hacked emails from known users with content mimicking a legitimate request. Since most network security solutions are designed to detect malware and malicious links in email, these threats are making it directly into end-user mailboxes and leaving what happens next in the hands of, sometimes naive, email recipients. Because these attacks rely primarily on exploiting human emotions, end-users need to play a vital role in defending against them. End-user awareness and education are keys to creating a culture of caution and preventing these attacks.