New Agentless Hyper-V Backup Benefits Microsoft-Centric MSPs Deploying Infrascale Backup and Disaster Recovery

Native Solution Offers Faster Deployment, Easier Management, and Improved Backup Performance

 

Reston, Virginia – April 14, 2021 – Infrascale today announced the general availability of an upgrade to the agentless backup engine for Infrascale Backup and Disaster Recovery. In addition to existing agentless backup for VMware virtual machines (VMs), the backup engine now allows Microsoft-centric MSPs to benefit from native discovery, policy control, and backup of Hyper-V VMs. The new agentless version provides fast deployments via discovery and policy control, easier management with one-stop configuration, and improved performance over its agent-based predecessor. This announcement follows the recent launch of the company‘s next-generation backup and disaster recovery solution, Infrascale Backup and Disaster Recovery (IBDR).

IBDR is a Disaster Recovery as a Service (DRaaS) solution: one part software/hardware on-premises with customers’ data and servers, (including Hyper-V VMs), and one part service infrastructure in the cloud. These components combine to prevent data loss and minimize downtime.

“Microsoft serves as the backbone technology stack for most of our MSP partners. We built IBDR and our new backup engine for Hyper-V to integrate seamlessly, giving our partners and their end customers the best possible user experience and flawless DR performance,” said Russell P. Reeder, CEO of Infrascale.  “In addition to being faster to deploy and easier to manage over the previous version, backups are now three times faster!”

Whether supporting Hyper-V or VMware, the Infrascale agentless backup engine is a sub-system of IBDR that offers:

    • Native Discovery of VMs on the Hypervisor:
      • See a list of all VMs directly from the appliance dashboard
    • Setting of Policy Controls:
      • Protect some or all VMs managed by the hypervisor
      • Auto-protect new VMs as they are created by an administrator – without revisiting setup
      • Backup non-powered VMs
    • Backup and Recovery Fundamentals:
      • Capture full and incremental backups for use with Infrascale DDFS (deduplication file system) – storing backup data deduplicated, compressed, and securely encrypted
      • Convert incremental backups to a “synthetic full” – providing average two-minute boot-ready times
      • Restore/failback VMs directly to originating hypervisor from the failover appliance
      • Browse and restore individual files and folders from protected VMs

Agentless backup addresses two key pain points – the cost and complexity of deploying and managing per-server agents. With a single agentless configuration there is no need to touch each virtual machine, which enables faster deployment and easier management for MSPs and VARs.

A pre-release version of the Hyper-V agentless backup engine generated consistently positive customer reviews, calling out its ability to simplify management and lower costs.

“DivergeIT has been a Gold Microsoft Partner for 17 years.  Microsoft and Hyper-V are our core business, and our customers expect the best service and highest quality of data protection.  The Infrascale agentless support for Hyper-V is a godsend.  Following discovery on the host, all it takes is a couple clicks and the policy is set, and backup is on its way,” said Robert Praul, Technology Director, DivergeIT.  “The time saved by not having to deploy individual agents is priceless.  Now I can focus more of my time and energy on serving my customers directly and less on managing my DR solution.”

Infrascale is an award-winning provider, recommended by leading independent industry experts, MSPs/VARs, and their end customers.  With the introduction of the Infrascale native agentless backup engine for Hyper-V, Infrascale continues to innovate and to demonstrate its commitment to eliminate downtime and data loss.

About Infrascale

Founded in 2011, Infrascale provides comprehensive, cloud-based data protection by delivering industry-leading backup and disaster recovery solutions. Combining intelligent software with the power of the cloud, Infrascale removes the barriers and complexity of secure, offsite data storage and standby infrastructure for real-time disaster recovery. Trusted and recommended by leading independent industry experts, Infrascale equips its customers with the confidence to handle the unexpected by providing greater availability, better security, and less downtime when it comes to their data. Visit www.infrascale.com or follow us on Twitter at @Infrascale for more information.

Media Contact

Joe Casados
joe@bospar.com
925-989-9813

 

Unpacking the Details of Infrascale Backup & Disaster Recovery (IBDR): Interview with an Expert

Doug Braun, Director, Product Marketing at Infrascale sat down with Infrascale Vice President, Product Management, Alexey Turchanikov to discuss the new Infrascale Backup & Disaster Recovery solution. During the interview Alexey describes the changes and discusses how the new appliances provide partners the flexibility and performance they need.

Behind the Launch of IBDR

Doug Braun: Infrascale announced the new IBDR product – changes to the name, the appliances, and the cloud configurations on March 24, 2021. What was the main reason for this launch?

Alexey Turchanikov: The previous iteration of the solution, Infrascale Disaster Recovery (IDR), successfully solved for a turnkey/all-inclusive Disaster Recovery as a Service solution – bringing hybrid cloud DR to SMBs (via MSPs) that required something more than mere backup of their on-premises servers – without an enterprise price tag. As we gained customers, the truth about how the solution was being consumed emerged. The market is constantly changing. Technology is constantly changing. So, too, are customer needs. Even in a successful state, IDR needed to adapt and change with the times.

We took this opportunity to: a) refresh the appliance hardware; b) explore one of our differentiators in a deeper way (local boot); and c) formalize the flexibility of the solution. As we did each of those, we kept a keen eye to maintain the qualities that made the product successful in the first place.

New IBDR Appliances

Doug Braun: The press release mentions two items in the subheading: New appliances and New cloud configurations. Let’s discuss them one at a time. First, please tell me about the new Infrascale appliances.

Alexey Turchanikov: The success of IDR (now IBDR) is primarily driven by its simplicity, especially for companies that have never used a hybrid backup and disaster recovery (BDR) solution before – yet have business critical infrastructure that must survive natural or man-made disaster. These ultimate end-users are very small, non-technical businesses. As such, they don’t necessarily have a lot of experience with IT and server management. Thus, simplicity is imperative.

Usage data over the past couple of years showed some very definitive ways our product was being used to solve backup and DR problems. While we knew that the appliances needed a technology refresh, it was critical to understand the new configurations (and their associated costs) – as to keep serving those customers well. With data to lead the way – we introduced six new appliance models: a desktop and a 1U model for micro- environments, a desktop and a 1U model for average use, and two 1U models that pack some serious power.

These six models are supplemental to two very large storage models we already have. Each model – whether the smallest or most-robust – have the same powerful backup and DR features enabled through our software. So, the selection of the appliance model simply becomes a function of on-premises needs. These needs include, how much storage is required, how much concurrent boot capacity is required, and (when combined with cloud storage and DR) what are the appropriate trade-offs to meet the local/on-premises requirements.

Hybrid BDR

Doug Braun: You mentioned that IBDR is a hybrid cloud solution? What are the benefits of hybrid BDR?

Alexey Turchanikov: SMBs (and the MSPs that help them with IT) choose hybrid BDR products that are the right cost-benefit tradeoff – and that provide the best mix of on-premises and cloud capabilities for their situation. One of our specialties is the ability to do local spin-up in the case of micro disaster. We define a micro disaster as a disaster (hard-drive failure, ransomware infestation, accidental file deletion) of one-to-few servers versus a major disaster like flood, fire, hurricane that takes out the on-premises environment. In these micro disaster situations, a full failover to the cloud is overkill. To recover or boot an impacted server, on-premises, on the same network is the most expedient, least impactful to a business… and we excel in that situation – using our on-premises appliances.

SSD Storage

Doug Braun: You previously mentioned powerful appliance models, and I noticed that SSD (solid-state drive) options are available. This seems counter-intuitive for meeting SMB needs. Please explain.

Yes, the new 1580 and 1780 1U models that were just introduced are both the most powerful in the line (for RAM and CPU configuration) as well as the first to introduce SSD as the primary storage. They were intentionally crafted to handle a quantity of servers booting on them concurrently – for micro disaster recovery situations. Compared to their predecessor, the SSD models offer greater IOPS (input/output operations per second), improving the performance of the boot and continuous operations while booted Local spin-up is +5x more performant than the previous models.

These are new options to the line and yes, SSD is usually associated with a higher price tag (and maybe not an SMB-happy option). However, we think we’ve done a nice job of balancing the capability for the price point. Again, this isn’t the average base need – but we do use the models for some higher order storge needs – and the end company benefits from the better resources – whether they use to boot or not.

Fast Boot Ready Time

Doug Braun: Infrascale boasts about an average of 2 minutes to be boot ready. Can you clarify what boot ready means? And how are you able to achieve that so quickly?

Alexey Turchanikov: Let’s frame the question in the context of the industry term RTO – Recovery Time Objective.
Simply put, an RTO is the desired maximum amount of time between starting a recovery action and being completely up-and-running. It’s imperative for IT leaders to understand not only the term – but what the requirement is for their particular business and how the backup and disaster recovery products they use can achieve the objective.

Unpacking RTO – there are a number of timing elements: duration of preparing servers, booting the servers (singularly or in a specific sequence), configuring the network, and then confirming operations are available. In that first piece, there are BDR products on the market that require significant amount of time to re-create servers by finding backups, copying them from multiple tiers of low-cost storage, and reconstructing a bootable image from long chains of incremental backups. That’s not our approach! Infrascale has patented technology that ensures that every backup, whether incremental or full, is stored in a ready-to-boot, hydrated state. Therefore, in a DR situation, it takes very little time (average of 120 seconds or less) to take any snapshot from archive and initiate boot of the virtual machine. This is what we mean by an average of 2-minue boot-ready time.

We absolutely have other capabilities (drag-and-drop orchestration, the SSD IOPS performance, and others) that help speed the time of recovery. But our goal is to be boot-ready as quickly as possible. It’s the element we have the most control over.

New IBDR Cloud Configurations

Doug Braun: The second big item from the press release is about the new IBDR cloud configurations. A specific point is made that these new configurations are more like the public cloud. Can you elaborate?

Alexey Turchanikov: Let’s start with public cloud. In each of the major cloud service providers, they separate the notion of compute (CPU/RAM + minimal storage to operate) from storage. They do this to create maximum opportunity for scalability (grow one, the other, or both). We spent time above talking about the on-premises appliance and both compute/RAM and new SSD storage to improved boot capacity in a local situation. The cloud story is no different.

Infrascale has chosen to separate compute from storage so that we can help customers mix-and-match their local and cloud DR solution scenarios. Maybe they only want to boot 1 or 2 VMs locally – but more in the cloud (in a DR situation). Maybe they only have 1-2 VMs total, but a huge database or some really specific retention needs that require terabytes of storage. The new cloud capabilities offer scaling options through their flexibility of configuration – all in the service of meeting customer needs.

Fitting the Pieces Together

Doug Braun: What should an IBDR customer expect, technically, for how all these pieces (the appliance, cloud) work together?

Alexey Turchanikov: While the product has many pieces and configuration options (appliance on-premises, software, cloud compute, cloud storage) it is still ONE turnkey offering for a consistent monthly price. And it still works as one technical solution to backup locally, backup to the cloud, and do either image based restore, file/folder restore, or spin-up/boot. You start with the configuration of backup jobs and retention for any type of supported backups: bare metal physical, agent-less VMware and Hyper-V, all backed-up to the appliance. Agentless support for VMware and Hyper-V to make this setup/backup policy configuration easy – point and click.

After a backup job is created and running – data is transported from the source server to the appliance, it is deduplicated, compressed, and encrypted. Latest copies are stored locally (per a retention policy) – and securely transported (in the deduplicated, compressed, encrypted format) to the cloud. That activity is WAN-optimized – only transferring the minimal changes. The storage is also minimized – captured as incrementals (and in that format where we are constructing the synthetic “full” image to be boot ready). When the company needs to recover, the image is ready to boot quickly.

We also have configuration for file/folder backups, opportunity to change retention policies, and for boot orchestration (in the cloud only) to minimize the RTO. What I’ve just described are the basics of how our solution works, but if you want details, I recommend requesting a demo here.

Right-sized Out-of-the-Box

Doug Braun: Why is this new IBDR solution newsworthy for customers?

Alexey Turchanikov: For new, small customers, with low boot needs – our new appliance models for micro- environments and flexible cloud configurations can be constructed for a minimal footprint of resources on-premises and in the cloud – for a very reasonable price. For new customers, with high boot needs – the new SSD models and mix-and-match capabilities for boot and retention in the cloud also offer a great capability for a reasonable price.

All customers – either case – get the core backup and disaster recovery software and enjoy all the bells-and-whistles of the solution. For our existing partners – selling these new solutions to their customers – we have the right-sized offer to start – and exciting extensibility components (in the cloud) for when those customers grow (but not before then). Right-size now and right-size later.

Find Out More

Doug Braun: Alexey, this interview has been great, and I really appreciate your time. How does one find out more about Infrascale Backup & Disaster Recovery?

Alexey Turchanikov: The best place to get more information about Infrascale Backup & Disaster Recovery is from the Infrascale Backup & Disaster Recovery product page.  In addition, the Infrascale documentation portal provides a wealth of information on our backup and disaster recovery solution – or as mentioned you can contact an Infrascale sales representative for more information and to schedule a demo.

 

Infrascale Backup and Disaster Recovery Launches as Next-Generation Disaster Recovery Offering

Solution Delivers New Appliances and Bespoke Cloud Configurations for Improved Performance and Scale

 

Reston, Virginia – March 24, 2021 — Infrascale today announced the launch of Infrascale Backup and Disaster Recovery (IBDR), the next generation of the Infrascale Disaster Recovery (IDR) product sold to MSPs and VARs servicing SMB and mid-market. IBDR is a Disaster Recovery as a Service (DRaaS) hybrid cloud solution: one part software/hardware on-premises with customers’ data and servers and one part service infrastructure in the cloud. Together, these components are an insurance policy to prevent data loss and minimize downtime by providing quick recovery from crashes, ransomware/malware, natural disaster, human error, and all other forms of business disruption. This announcement highlights new appliances and flexible cloud configurations that improve the solution’s overall performance and ability to scale. These product innovations demonstrate further advancements of the Infrascale corporate vision – to be the most trusted data protection provider.

Refreshed Appliance Line, Two New SSD-based Models, and Separation of Cloud Compute and Storage

Infrascale research indicates that 79% of SMBs believe that it is important to have a data protection and/or disaster recovery solution in place. SMBs and mid-market companies without the requisite IT experience – and possessing SMB budgets – frequently turn to MSPs/VARs to fill the gap. MSPs/VARs then choose Infrascale solutions to bring these business continuity and disaster recovery needs to fruition.

“Today, all businesses are aware that it’s a matter of when they will lose their data and not if. Unfortunately, many MSPs and SMBs have been let down by their backup and disaster recovery partners, leaving them unprotected from the increasing threats. Infrascale understands that our MSP partners and their customers are looking for the right partner that they can trust, especially when disaster strikes and they need immediate access to their systems and data,” says Russell P. Reeder, CEO of Infrascale.

Based on analysis of current customer usage, IBDR now offers a refreshed line of appliance models for the on-premises component of the solution, as well as new cloud configurations, that together are optimized for today’s SMB. In total, six new appliance models are being introduced – two of which are SSD-based. These SSD models will provide new levels of recovery performance when spinning up virtual or bare metal servers. Further, the new cloud models offer simplicity and transparency by separating compute and storage – similar to public cloud consumption.

Performance Gains: With IBDR, customers will continue to enjoy the control and choice they have today when recovering from a disaster – spinning up virtual machines on-premises for simple (micro) disasters (e.g., failed drives or localized data deletion) or recovering their servers in the cloud for offsite disaster recovery. Recovery time is always an imperative, to minimize downtime and data loss that impact business operations. While Infrascale already delivers an average 2-minute boot-ready time, the new IBDR SSD hardware boosts storage IOPS (input/output operations per second) to yield better performance for booted virtual machines. Internal testing shows ~5x improvement compared to previous models.

Jeff Parton, Manager of Network Operations at Kerusso Activewear, agrees. “Prior to using Infrascale for DR, I’d grown accustomed to being down for three or four days with people idly waiting. With Infrascale, I was amazed at the speed of recovery! I can spin up an environment and get back up and running in a matter of 15 minutes. It is astounding how much money that saves us.”

Scaling Modeled on Public Cloud: IBDR moves away from fixed cloud configuration and embraces the separation of cloud compute (for backup and boot) from cloud storage, thus offering new growth opportunities for both types of resources independently. With this modular approach, expansion in the cloud is always possible. As new retention requirements emerge or as a business grows, so too can its disaster recovery solution – without an appliance amendment or disruption to operations.

New Flexibility: Customers may now mix and match to tailor an IBDR solution according to their specific needs – achieving the right performance/scale/cost trade-off. The smallest SMBs through the largest mid-market customers can find the perfect combination.

“By embracing the public cloud model, Infrascale eases the burdens that MSPs face when sizing a DR solution for a growing business with dynamic needs. IBDR provides the right components to start, and the expansion components to scale, when new requirements arise,” says Brian Kuhn, COO of Infrascale. “The product team is proud and excited to deliver this value to our partners.”

New Name to Reflect New Capabilities and the True Nature of the Solution

The improvements in performance, scalability, and flexibility alone would warrant a new name. However, the main purpose of the moniker change is to convey clarity for the value provided by the product. IBDR, as the name defines, provides both backup and disaster recovery. Of course, DR cannot exist without image-based backups. Calling out backup in the name illuminates the additional capabilities of IBDR to provide file and folder backup.

Builds on the Strong Infrascale Heritage of Eliminating Downtime and Data Loss

As with its predecessor, Infrascale Backup and Disaster Recovery offers:

  • Breadth: Infrascale protects Windows and Linux physical or virtual servers – whether virtualized with VMware or Hyper-V – allowing the control of what, when, and how frequently.
  • Minimized Downtime: Speed to recover means less downtime. Infrascale, through the patented Deduplication File System (DDFS), makes every backup look like a full image – boot-ready in minutes.
  • Minimized Data Loss: Faster backup allows for more frequent backups and less data loss. DDFS thrives in environments with low throughput networks (less data to transfer, faster backups).
  • Confidence: IBDR Boot Verifications test the integrity of backup image files, providing proof of successful image recovery. Customers always know when backups are successful.
  • Predictability: In addition to providing comprehensive, mix-and-match service components, IBDR provides unlimited disaster recovery testing and failover, with no declaration required and no additional fees.
  • Consistency: Regardless of configuration, partners will experience predictable monthly pricing.

Infrascale is an award-winning provider, recommended by leading independent industry experts, MSPs/VARs, and their end customers. With the introduction of IBDR, Infrascale continues to innovate and demonstrates its commitment to eliminate downtime and data loss.

About Infrascale

Founded in 2011, Infrascale provides comprehensive, cloud-based data protection by delivering industry-leading backup and disaster recovery solutions. Combining intelligent software with the power of the cloud, Infrascale removes the barriers and complexity of secure, offsite data storage and standby infrastructure for real-time disaster recovery. Trusted and recommended by leading independent industry experts, Infrascale equips its customers with the confidence to handle the unexpected by providing greater availability, better security, and less downtime when it comes to their data. Visit www.infrascale.com or follow  us on Twitter at @Infrascale for more information.

Media Contact

Joe Casados
joe@bospar.com
925-989-9813

Backup and Disaster Recovery are Your Strongest Allies in the Data Wars

Another zero-day attack. Another 60,000+ businesses and government agencies hit. Another massive, successful assault on “protected” data. More ammunition gathered for unknown offensives that, rest assured, will come. Web shells lie in wait, undetected. The January 2021 Hafnium attack against on-premises Microsoft Exchange servers has turned into a global free-for-all hack against businesses of every kind. Microsoft identified Hafnium as the instigator, but now multiple groups that pose advanced persistent threats (APTs) are wreaking as much widespread havoc as they can. It’s happening right now.

Although Microsoft rolled out patches on March 2, a fast response for this level of attack, many IT departments are still in the process of implementing the patches and taking other steps toward mitigation. Systems that remain unpatched may be facing an existential crisis. Systems that are patched but remain compromised face dire threats as well, including remote code execution (RCE), server hijacking, backdoors, and data theft and deletion.

Global and Local Disasters Pose Escalating Threats to Data

Hafnium is the latest in a long line of cyberattacks. It’s difficult to scan the news headlines and not see a story about a recent assault to mission-critical data and Personally Identifiable Information (PII) on a global, national, or local level. Many who had never before heard of SolarWinds have, by now, said its name at the dinner table, lamenting about how the company’s customers fell victim to the same vulnerability that led to data breaches at several federal agencies.

Of course, massive cyberattacks are among the many hazards organizations face with regards to data protection. Natural disasters, regional threats, and even good old-fashioned human error create points of exposure for companies of all sizes. Albeit local in origin, the distributed nature of business means that the impacts of these catastrophes reach far and wide. We recently blogged about the fallout that the state of Texas endured from winter storm Uri, and how this created disruption and hardship on mid-sized enterprises—all which could have been prevented.

The constant, irreplaceable ally for any organization — amid ongoing cyberwar hacks, human-caused or natural disasters, blazing infernos, or monstrous snowstorms — is to have a backup and disaster recovery plan, and to revisit and revise that plan frequently. Cybersecurity protections and enhancements are a business’s armor, but with so many attack vectors part of operational reality, every business should count on being hit. The right backup and DR approach will be what saves the day and rescues the bounty of critical data.

Unlimited, Cloud-based Backup is Every Business’s Cavalry

The best approach for an organization to cope with the aforementioned threats, especially the Hafnium Microsoft Exchange Server attack, is to assume that its environment is compromised and that hackers have already executed remote code, expanding vulnerabilities. “The reality is that Microsoft is as safe as it gets. But every service provider, every cloud, every data center, every SaaS, and every company are susceptible because code can be infiltrated and humans can be tricked,” said Infrascale CEO Russell Reeder.

In the face of active, ongoing threats, backup and disaster recovery solutions are the final line of defense for businesses, the ultimate allies in a fight where few will walk away unscathed. Many companies are considering moving off self-hosted Exchange and into the cloud (Microsoft 365). They may even be accelerating their plans in light of the recent hack.  For those customers – don’t forget backup!  Infrascale Cloud Application Backup (ICAB) for Microsoft 365 provides unlimited SaaS data backup history for Microsoft 365 mailboxes, OneDrive, SharePoint. ICAB mitigates the risk of data loss from human error, data corruption, gaps in retention policy — and from malware or ransomware like that tucked into systems through the Hafnium attack.

Choosing to implement SaaS solutions (in the cloud) can help ensure that up-to-date patches are in place as soon as they are issued. While the Hafnium attack has not impacted Microsoft Exchange Online subscribers, cloud-based systems are not invincible. “No one knows when the next zero-day attack will affect a cloud-based email system and no one knows when their mission-critical data will be ransomed or deleted,” cautioned Reeder.

To ensure the best possible outcome in the face of global cyberattacks and local disasters alike, whether an organization’s systems are on premises, in the cloud, or in a hybrid arrangement, the best offense is a strong defense. Companies must create backup and disaster recovery plans that are right for them and modify these plans as needed.

For help in customizing a plan to suit your data protection needs, connect with an Infrascale expert here.

 

Disaster Recovery and Texas-Sized Challenges for Mid-Market Businesses

Imagine a disaster recovery protocol that accepts multiday downtime of critical systems, damaged equipment, devastating losses, and collective misery as part of the standard operating plan — where those outcomes or their severity are largely preventable. In a truly sad turn of events, this is the scenario the State of Texas is facing in the wake of winter storm Uri.

In addition to the death and harm to people caused by the disaster, reported across media, the disruptions to businesses of all sizes have created another layer of hardship. The pressures on mid-market companies and the experiences they have endured during the disaster are especially instructive. The impact of the power and water outages, as well as collapsed construction and expected litigation over insurance claims, means some mid-market companies may not survive.

Understanding Mid-Market Pressures

Investors and customers often expect businesses that fall in the mid-market range to be as agile as startups in product development, reaction to marketplace changes, and competitive pivoting, despite the fact that they face enterprise-level complexities and risk. When it comes to leveraging their limited resources, pressures around revenue generation compete with risk preparation. The latter includes strengthening disaster recovery plans and protection of digital assets and data.

Accounting firm UHY conducted a 2020 Middle Market Survey showing that mid-market leaders know they need to address all challenges, but feel forced to prioritize revenue generation — namely, via sales growth and talent recruitment. UHY concluded:  

“The results of the survey highlighted several key findings, most notably involving the anticipated challenges facing businesses in 2021. A major theme in our analysis is the discrepancy between what business leaders recognize as critical concerns and what they have the bandwidth and financial security to prioritize. The uncertainty that has marked much of 2020 has bled into these survey results, making it clear that the middle market still stands on shaky legs even as we have entered the next fiscal year.”

Insurance giant QBE, in conjunction with the Association for Corporate Growth (ACG), also revealed mid-market challenges in their North America 2020 Mid-Sized Company Risk Report. It’s important to note that mid-market refers to a company in any “given industry with annual revenues that fall in the middle of the market for that industry.” As such, a wide swath of businesses leverage the term and there’s significant overlap with the small and midsize business (SMB) and midsize enterprise (MSE) designations the QBE/ACG report references. Regardless of labels, mid-market businesses exist at the heart of the U.S. economy and are generally the fastest-growing group by revenue within any industry. Among mid-sized company leaders, the report found that: 29% rank natural disasters or severe weather as a top five concern; 51% rank business interruption as a top five concern, naming infrastructure breakdown and facility shutdowns as most concerning in that category; and 55% rank digital risk as a top five concern, naming cyberattacks/breaches, digital integrity, and loss of intellectual property as key.

But, disconcertingly, the report also indicated that “over half (58%) of mid-sized businesses have unmet needs related to reducing risk exposure, with coverage for digital assets and pandemics most often cited.” Further, “the survey found that many mid-market companies fail to adequately prepare for risks that are caused by external or unpredictable forces.”         

All Mid-Market Must Learn From Texas Mid-Market Experiences

Texas is a promised land for commerce, attracting thousands of new and relocating mid-market businesses and their workers with multi-layered tax advantages, reasonable property costs, and vibrant cities. The Dallas and Houston Business Journals have recently celebrated the 50 fastest growing mid-market companies in North Texas and the Houston area respectively.  

But how does the mid-market respond to an environment where unmitigated disasters may be a continuing reality? Where core infrastructure fails, cheap construction collapses, and people freeze to death? Numerous hospitals across Texas did not have water during the Uri disaster — some still do not have abundant clean water — and the result of that has been nightmarish in many cases. The electricity grid in Texas is the only power system in North America where a reserve margin of power (i.e., power available above expected demand) is unenforced.

The full extent of business damage has not yet been tabulated. But indications of what’s coming are severe. With physical infrastructure, water damage caused by frozen and broken pipes is likely widespread. It’s estimated that $18 billion in damages, more than half from Texas and the majority of which are commercial losses, will be assessed. What about computing systems and data during the multi-day outages? We don’t yet know. But the nature of downtime mid-market businesses experienced will figure into losses and survival.

One executive at a mid-sized retail manufacturing company explained the danger of downtime acutely: “We are a manufacturing environment, and our ERP and network infrastructure drives probably 80% of our production. We are so dependent on our production systems that if it’s down, there’s no way to track our job runs. It would basically shut us down and no employees could do their jobs. We have some very large partners, and if we fail them, it could be a make-or-break type situation for our business.”

Answers in the Cloud?

According to a University of Texas study, “94% of companies suffering from a catastrophic data loss do not survive – 43% never reopen and 51% close within two years.” With the unrelenting pressure on mid-market businesses to show revenue gains and reduce costs, disaster recovery plans that protect digital assets with hybrid and cloud disaster recovery solutions may offer the best hope of balancing the priorities of profit and protection more evenly.

In Texas, it’s likely that mid-market businesses leveraging hybrid and cloud-based disaster recovery options fared better than many. The WSJ reported that multiple data center operators managing cloud stacks (including Rackspace, Digital Realty Trust, and Equinix) resorted to generator-based power, but managed to provide uninterrupted uptime for critical services. Some of their workers faced basic logistical challenges.

Cloud offers the utility, pay-for-use advantage that, when understood and leveraged well, lowers the investment in infrastructure and its upgrades. Competitive and high quality managed service providers (MSPs) and value-added resellers (VARs) can help the whole range of mid-market businesses with expertise in using the hybrid and cloud disaster recovery solutions and disaster-recovery-as-a-service DRaaS platforms that are the best fit for them. Fortunately, contracts with reputable cloud solution vendors mean mid-market businesses won’t be gouged during disasters or peak usage times.

Studying the exact nature of cloud use for disaster recovery among mid-market companies in Texas — and how those companies ultimately fare emerging from this disaster — is key for mid-market businesses everywhere to improve disaster recovery strategies. More news about cloud provider capacity and response is likely to surface in the coming weeks and months. That will yield telling evidence of how far cloud really takes business in the face of widespread catastrophe.

 

What’s the difference between Bare Metal Recovery (BMR) and Disaster Recovery as a Service (DRaaS)…and does it matter?

Downtime is the Enemy of Presence

As businesses change and adapt, one thing is for certain: their online presence (website, ecommerce, service portal, public web services, etc.) continues to grow… and is so does the importance of that presence. Expanded presence offers tremendous opportunity, but also brand, business, and operational risk. Outages become much more noticeable and are no longer a “back-of-the-house” issue that can be hidden/minimized from customer view. Thus, downtime has an immediate and negative impact on the business: reputation suffers, automated income streams suffer, and ecosystems and collaboration quickly grind to a halt.

  • Take lettuce as an example. The tasty leafy green vegetable we buy from our grocery store now has its own website. This site allows you to see the organic process they use and why you should buy that product.  With a smartphone you can even make online purchases. If that web site is down, and you’re in a hurry for ruffage, you might make the run to your local store.  Who would have imagined such a thing just a few years ago?
  • Want or need to get a Covid test or vaccination – to be part of a public health solution? Schedule an appointment online!  We all understand how important that will be in the coming months.

When the services that manage customer facing systems are unreachable the impact of downtime is immediate. No test/vaccine or lettuce for you, only frustration, brand damage, and customer churn as they look for alternatives.

To counter the impact for downtime (and the follow-on effects), data protection products, especially those hosted/managed by third parties, have enhanced their Service Level Agreements’ (SLAs) downtime tolerances, modernizing those tolerances away from hours – to minutes. One such metric often found in one of these SLAs is the Recovery Time Objective (RTO) – i.e., how quickly you can recover from failure to full operations.  The bravest providers will only adhere to a stringent RTO when they have fully-orchestrated recovery and ready resources– when as part of a Disaster Recovery as a Service (DRaaS) offering.  There are tradeoffs to technology selection, however.   Let’s examine what it takes to counter downtime and how two different data protection technologies – Bare Metal Recovery (BMR) and DRaaS – compare.

Introductions to BMR and DRaaS

Bare Metal Recovery (BMR):  Bare Metal Recovery was developed to help protect physical servers (and has been extended to protect virtual servers).  When doing a BMR-style backup, you need to have an agent installed on the host server (physical or virtual) to enable the backups.  The agent allows you to backup an entire server by capturing a disk image, literally every bit on the disk(s). This, in turn, enables you to restore a complete system, including the operating system and its settings, applications (including their configurations and updates), files, folders, and volumes. This saves you time because you don’t have to re-install everything from scratch.  With a BMR backup, you have to completely restore the server to bring it back online.  You also have to provide the site (hardware or virtualized hardware) to recover from in case of a disaster.

Disaster Recovery as a Service (DRaaS):  DRaaS, as its name implies, is Disaster Recovery (i.e., capturing system backups to secondary location so that they may be booted in the event of emergency) – and a Service, meaning – the software to capture, recover, and boot plus the service infrastructure for which to recover/boot on – is made available as one complete offer – Disaster Recover… as a Service.   DRaaS is much faster than bare metal recovery, with the ability to start and run systems in the cloud (secondary location) in the event of a man-made or natural catastrophe. DRaaS lets you “instantly” boot a protected server or your entire site and immediately restore your presence and business operations.

With our definitions out of the way it is time to look deeper into the use cases for both solutions.

Comparison of BMR and DRaaS

BMR is ideally suited for tier 3 and 4 systems (by definition, less critical) such as workstations, desktops, laptops, development servers, and print servers. These systems are important, but not critical, to the business and can afford to be down for extended periods of time.  That is to say, these are not services that will directly impact brand, commerce, and critical business operations.    That said, BMR is extraordinarily flexible, when it comes time to recovery.  Administrators can recover full systems individual items such as files and folders.  Regardless, what BMR doesn’t have – is a destination.  An administrator must supply and define a recovery destination for the items or servers to restore back to – as to get the value of the recovery.

Disaster Recovery as a Service includes builds on these features and includes all the functionality of BMR to provide RTO in minutes. With DRaaS you skip the restore part (1’s and 0’s only move so quick) and go directly to booting them to quickly get services back online. The limiting factor is no longer the hydration of data, but the boot time of the servers within the environment. In addition to greatly reducing downtime and recovery times the complexity of recovery is also greatly decreased thru predefined orchestration…. oh…and you do not need a secondary site to manage or maintain…that is included in the service.

Why are these distinctions important?

Recovery is what matters… not backups

Speed / RTO: BMR is slower and more complex. To recovery you must:

  1. Set up recovery destination hardware (or virtualization)
  2. Restore/rehydrate the servers from the backup
  3. Boot the system into a “recovery mode” and configure networking/connectivity and maybe drivers
  4. Repeat for each system

Whereas for DRaaS – with orchestration – you click a button and all the systems come to life!

Testing: The only way to truly ensure recovery is available when you need it is to regularly test the environment to find out how it would behave in a failover scenario.

With BMR you need to manually complete all of the tasks above, a huge time and resource investment. It is no wonder that many organizations don’t test often enough; the resources required are too extensive. The opposite is true with DRaaS. At the core of DRaaS is automation, and automation is a huge time and resource saver.

With DRaaS the systems are already prepped and ready. They can be booted offline in an isolated network sandbox, be automatically powered-on and verified, and automation can ensure integrity by delivering verification of a booted/operating system (e.g., in the form of a screenshot or pingable services).

Price: The cheapest solution often end up being the most expensive solution; just ask anyone who got a “great deal” on a used boat. You get what you pay for.

Even though the cost of BMR software is very attractive, the costs of recovery quickly adds up in both direct and indirect costs. In testing management and recovery scenarios, there are a huge number of additional costs from preparation, labor, and reporting perspectives that don’t factor into the licensing cost.

Conversely, with the additional “insurance” paid for with DRaaS – you get the destination compute capabilities, the orchestration, and the automation – making both testing and actual recovery guarantees for IT to deliver on its promise to the business.   You can quickly build a case that not only is DRaaS price competitive, it’s necessary and perhaps even cheaper to recover.

Infrascale is here to help!  If you want to learn more on how Infrascale Disaster Recovery solutions can keep your data safe and your business operational, visit the Infrascale website or sign up for a product demo. MSPs welcome!

Making a Strong Defensive Play With Disaster Recovery: Perspectives for Financial Services, Healthcare, and Education

On February 6, the New York Times published a potent and timely article, How the United States Lost to Hackers, with the subhead, “America’s biggest vulnerability in cyberwarfare is hubris.” It’s a compelling read that both sketches a threat landscape long known to cybersecurity and data protection experts, and includes accounts of some exploits that have never been published.

Two key points from the piece are summed up in the following excerpts:

“At this very moment, we are getting hacked from so many sides that it has become virtually impossible to keep track, let alone inform the average American reader who is trying to grasp a largely invisible threat that lives in code, written in language that most of us will never fully understand . . . More hacking, more offense, not better defense, was our [government’s] answer to an increasingly virtual world order, even as we made ourselves more vulnerable, hooking up water treatment facilities, railways, thermostats and insulin pumps to the web, at a rate of 127 new devices per second.”

Take-away: Network hacks and data exploits against the U.S. government and businesses are now so widespread that our defenses often become overwhelmed. Part of the reason for the ubiquity of the hacks is that our official U.S. response has largely focused on offense, not defense.

Excerpt two:

“Only when the N.S.A.’s tools were hacked in 2017, then used against us, could we see how broken the trade-off between offense and defense had become. The agency had held onto a critical vulnerability in Microsoft for more than five years, turning it over to Microsoft only after the N.S.A. was hacked . . . By then it was too late. Businesses, schools and hospitals had yet to patch the hole when North Korea used it to attack one month later, or even two months later, when Russia baked it into a cyberattack that decimated vaccine supplies at Merck, cost FedEx $400 million and prevented doctors from accessing patient records.”

Take-away: The U.S.’s offensive-first strategy has had a direct impact on vertical markets that are at the crux of protecting the American people’s most important assets. Financial services, healthcare, and education institutions steward our money, our health, and our children’s development. Those institutions face ongoing attacks.

The U.S. does possess tools and expertise to play better defense, but that can’t happen overnight. Pandora’s box is open. Acknowledging the threat and acting accordingly is what’s necessary in the present.

The Defense of Data: Key Vertical Markets Share Realities

In this pervasive threat landscape, data’s protection and its recovery in the event of natural or human-caused disaster are inextricably linked. They are both part of a robust defensive strategy that prepares institutions for worst case scenarios. Storms, fires, power outages, and other disasters that destroy machines, systems, and data are in the news every year. However, malicious destruction and ransoming of data by bad actors are in the news almost every week! And they’re on an aggressive upward trajectory.

Recent revelations about SUNBURST code and AMNESIA-33 vulnerabilities have renewed a sense of urgency among business and government stakeholders. As the NYT article notes, condemning those who have been raising the alarm as “sowers of FUD” (fear, uncertainty, and doubt) has illustrated the collective hubris. It’s not a FUD mindset, but rather an informed and practical business sense that acknowledges risk. Institutions acknowledging such risk exist in a when, not if, scenario regarding data compromise and/or loss. Therefore, it’s not surprising that the CAGR (compound annual growth rate)  for “global disaster recovery as a service (DRaaS) grew more than 30% during 2014-2019,” and subsequent growth is predicted to continue over the next five years, according to a 2020 IMARC Group report.

The particulars of a DRaaS offering can vary, but fundamentally it’s a solution that replicates to, and recovers physical or virtual servers in, data centers managed and maintained by a third-party. With Disaster Recover (DR) now a necessity for SMBs, mid-markets, enterprises, and nonprofits across vertical markets, most organizations understand its importance, and factor DR or DRaaS offerings into their budgets as a non-discretionary cost.

Below, we take a closer look into the specific data realities for the vertical markets that touch most people directly via their money, health, and kids. When those things are attacked, recovering known good data is a non-negotiable part of defense.

Realities Specific to Financial Services

The digital transformation of financial institutions has only accelerated during the pandemic, as with other sectors. The proliferation of open banking and open finance platforms and the corresponding expansion of programmatic access usage (e.g., via APIs and SDKs) has compounded the risks to customer data. The situation requires extraordinary attention to guardrails and worst-case-scenario responses. Indeed, regulatory scrutiny and mandates surrounding financial data have intensified in recent years and are only likely to expand with increased federal data protection legislation on the horizon in the U.S.

Now add this truth: deep-seated trust must exist between clients and financial services companies. Any risk to that trust is an existential concern. But the Boston Consulting Group reports that “banking and financial institutions are 300 times more likely to be at risk of a cyberattack than other companies.”

Financial services companies need multiple layers of encryption, robust cloud security features, and immediate failover to prevent disruption and data loss. Seconds, not minutes, matter in disaster recovery scenarios for the financial sector. Consequences include a failed economy, and the potential for personal financial ruin for millions of people. It’s important to remember that many banks and credit unions maintain branches within various geographic regions. If a natural catastrophe occurs, multiple branches may simultaneously lose critical processing capabilities.

When disaster recovery is not needed as an emergency response, businesses must still prove that they are prepared for the worst, by addressing compliance audits and exams. Disaster recovery testing should be easy and efficient, but often it’s neither. Organizations continue to look for ways to improve their capabilities without a huge investment of time or resources.

Realities Specific to Healthcare

The NotPetya attack that destroyed vast quantities of computer data and data operations at Merck in 2017 (and at many other businesses) and the subsequent insurance fight was an eye-opener for all healthcare organizations. According to Bloomberg, “NotPetya so crippled Merck’s production facilities that it couldn’t meet demand that year for Gardasil 9, the leading vaccine against the human papillomavirus, or HPV, which can cause cervical cancer.” The case illustrated how data protection and recovery both need to be fundamental parts of a cyber defense strategy.

During the pandemic, vicious cyber attacks on hospitals have resulted in vast amounts of exposed, compromised, and lost patient data. Since November, one report indicates that healthcare organizations have seen a 45% increase in cyberattacks. Callous criminal hackers view the need for intact healthcare data, during a time of human suffering, as an opportunity to exploit.

In addition to the surge in attacks, healthcare app ecosystems are expanding rapidly, just like financial sector ecosystems. Apps are conveying sensitive electronic health records (EHR) and other patient and provider data. The regulatory requirements of the Health Insurance Portability and Accountability Act (HIPAA) govern this expanding environment. HIPAA protects patient information across a striking array of healthcare services and players. Those include: hospitals and health systems, private practice and specialty care, emergency medical services, pharmacies and pharmacy information systems (PIS) vendors, life science organizations, EHR and hospital information system (HIS) vendors, payers and pharmacy benefit managers (PBMs), insurers, and, perhaps most importantly, patients and caregivers.

Realities Specific to Education

While the pandemic resulted in major workforce adaptations across verticals, its impact on education has been nothing short of profound. Many schools have been leveraging learning management systems and take-home computers with preloaded software for well over a decade. But the lack of in-person contact between teachers and students, especially younger students, has consequences that are difficult to predict. The urgency to pivot back to a hybrid model has been palpable. From a data perspective, remote and hybrid learning models do not seem to pose life-altering challenges, but the reality is more complicated.

Student record maintenance, registration and grade reporting, curricula and instructional material, ERP and CRM systems used for compiling and processing student data, HR and payroll, institutional financial data, and proprietary research all require data integrity. They also require alignment with the Family Educational Rights and Privacy Act (FERPA), which protects the privacy of student education records and governs access to other forms of educational information.

Across the U.S., many public school districts, as well as parish and independent schools, still rely on legacy computing systems. These systems remain easy targets for hackers with grudges and relatively rudimentary skills. Disruptions and data loss can cost taxpayers millions of dollars, educators mountains of time, and students important opportunities. Fast failover and recovered data in a school system ultimately upholds continuity in learning and public trust.

It’s not only Americans’ money, health, and children being attacked. Just one week ago, a hacker tried to poison a public water supply in Pinellas County, Florida. By remotely taking control of a computer, the hacker increased the amount of sodium hydroxide — lye — in the water. Fortunately, a water treatment plant supervisor caught the change in chemical levels and corrected the problem before it created a public danger. But it’s a chilling example of cyber threats to public infrastructure that will yield tragic results if not immediately contained.

Amid escalated threats, honestly confronting cyber realities common across all verticals as well as those specific to each particular one is a first step in bolstering cyber defensive strategies. The next step is choosing the data protection and recovery tools and services that are best suited to a particular vertical environment and that will work in tandem in a disaster — whether human-hacked or nature-caused.

__________________

While Infrascale can’t address every attack scenario — few, if any, solutions can — we can help.  Request more information and a demo today.

Why Hybrid Cloud Backup Triumphs over Direct-to-Cloud Backup

As modern IT infrastructures explode with exponential data growth and as downtime becomes prohibitively disruptive for business operations, hybrid cloud backup seizes the opportunity and serves as one of the most important items in an IT toolkit. Hybrid cloud backup solutions combine both the performance of the traditional on-premises backup with the infinite scalability, and ever-decreasing costs, of public cloud storage. As a result, organizations can execute an industry-standard 3-2-1 backup strategy and instantly recover data while keeping implementation and maintenance costs low.  

What is hybrid cloud backup?

“Hybrid” in the name implies the use of two components – one part on-premises and one part in the cloud:

  1. Local/on-premises software or appliance: Such a utility (whether software or physical device) enables: frequent, non-disruptive backups over high-speed LAN (local area network); instant restores of the latest copies of the data; and easy-to-manage offsite replication.
  2. Cloud-based replication target. The use of the cloud enables low-cost, long-term archiving. Due to the scalability of the cloud, the entire solution is future proof: companies don’t have to purchase an unnecessarily large, local backup appliance nor upgrade it when data volumes grow beyond its capacity.

In hybrid cloud backup solutions, it’s typical that the local component (backup appliance) and cloud subscription come as a part of one single solution.  This makes replication easy to set up and optimized for performance, with WAN (wide area network) acceleration and bandwidth throttling. Additionally, to cover security/privacy/compliance requirements, most vendors maintain consistent encryption and key management through the entire pipeline from a source system to a long-term archive.

Hybrid cloud backup vs. direct-to-cloud backup

When compared to direct-to-cloud backup, a hybrid cloud backup approach has several outstanding advantages.

First, hybrid cloud backup supports the attainment of the “3-2-1” goal. A 3-2-1 strategy means having at least three total copies of your data, two of which are local but on different mediums (i.e., devices), and at least one copy off-site. Thus, since hybrid cloud backup solutions are designed to store the latest versions of data locally, they adhere to this 3-2-1 backup rule.

Second, let’s cover backup speed. Most cloud backup products are built to protect data daily. Hybrid solutions, however, allow taking snapshots of data multiple times per day or even multiple times per hour. The frequency of these snapshots significantly decreases the impact of any data loss or corruption by increasing the number of recovery points available. This is commonly referred to as Recovery Point Objective (RPO).

Third, hybrid cloud backup is more robust when it comes to the replication of data to the cloud. Unlike the direct to cloud backup approach, hybrid solutions allow the data to replicate during non-business hours, accelerate WAN transfer (shorter time and less data) by deduplicating data across multiple sources and backup jobs, and as a result – perform more frequent backups. 

Last, but not least, recovery time is better. For the same reason above, having a local cache, hybrid cloud solutions provide nearly instant restoration of the latest versions of data, without the delay imposed by downloading data from the cloud (or alternate medium). This reduces the time to recover (minimizing downtime) business operations — commonly referred to as the Recovery Time Objective (RTO).

Hybrid cloud backup vs. local backup appliance

When comparing hybrid cloud backup to a standalone local backup appliance, hybrid cloud backup also has multiple advantages.

First, it delivers a “3-2-1” goal out of the box. There’s no need to set up tape or disk rotation, configure separate tools to replicate data offsite, and manage retention.

With hybrid cloud backup, the required local appliance footprint is minimal – and is only needed to hold a limited number of data copies. Usually, the appliance is treated as a “cache” of the latest data, while long-term archives are automatically transferred to the cloud. As a result, sizing of such an appliance is easy and companies are less likely to need an upgrade as the volume of data goes up.

Third, achieving security and data encryption goals is easier. A single solution for both on-premises and offsite backup storage means a consistent, end-to-end approach for encryption and key management.

What to look for when choosing a hybrid cloud backup solution?

Flexible retention – for both components. The retention policy needs of customers vary and are often driven by regulatory or auditing requirements. Vendors have different policies and features related to managing retention on-premises and in the cloud. These retention policies can range from maintaining a single local copy to multiple years of local retention. Likewise, off-premises/cloud retention can vary from 72 hours to 10 years. Verify that your chosen backup solution supports the unique retention requirements of your business. 

Data verification. By going with a hybrid cloud solution, you are choosing to trust a single vendor with both local and cloud backups.  Ensure that your hybrid cloud backup solution has built-in backup verification tools. These tools verify that your backup completed successfully, and ensures that you’re not left with data that is corrupted, either locally or in the cloud.

Comprehensive protection. Do you have other backup needs – such as endpoints like laptops and workstations? Do you have requirements to backup SaaS applications such as Microsoft Office 365, Google Workspace, or Salesforce.com? If so, ensure that your backup vendor provides a comprehensive portfolio of backup options. Maintaining your backups under a single umbrella, and with a single-pane-of glass for management, will simplify the implementation and support of the solution.

If you want to learn more about how Infrascale Disaster Recovery, our hybrid cloud backup solution, can keep your data safe and your business operational, visit the Infrascale website or sign up for a product demo. Don’t forget to check out our endpoint backup solution, Infrascale Cloud Backup, and our SaaS backup solution, Infrascale Cloud Application Backup, too. MSPs welcome!

 

Data Privacy Day: Will U.S. Reform Help Americans ‘Own’ Their Data and Help Businesses Protect and Recover It?

Some special days on the calendar are whimsical, some are too commercialized. International Data Privacy Day is neither. It highlights a massive and unwieldy problem requiring immediate global attention from individuals, businesses, governments, and organizations of every kind: Exponential data growth in our data-filled work, lives, and world means unprecedented personal and business data exposure.  

An Immense Problem Space

First, let’s dig in and consider the data growth. Estimates in 2019 concluded that the entire digital universe in 2020 would be some 44 zettabytes of data, that is, “40 times more bytes than there are stars in the observable universe.” This sheer amount of data, structured and unstructured, and the speed of its creation threaten our capacity to control it. Its large cyber surface area and the pitfalls of its exposure — some the result of data attack and some the result of data loss — are many: data and intellectual property theft, data laundering, identity and anonymity attacks, discrimination, ransomed data, reputation damage, lost revenue, and customer exploitation of every kind. Of even bigger concern, however, is that this isn’t an exhaustive list. 

As known and unknown patterns of risk expand, the idea of privacy — being free from the observation, interference, and the intrusion of others — will become a distant memory if data protection and recovery don’t keep pace with its growth.  

Now consider Americans’ behavior and beliefs on this matter. On the one hand, Americans freely give away and potentially expose their data via apps constantly. But on the other, Pew Research reveals the public’s dismay about data collected by companies and the government.

Regarding Americans’ views of data collected by companies:

  • 81% feel they have very little or no control over data collected
  • 81% feel the potential risks of companies collecting data about them outweigh the benefits

Regarding Americans’ views of data collected by the government:

  • 84% feel they have very little or no control over data collected
  • 66% feel the potential risks of the government collecting data about them outweigh the benefits

Wow. The sense of powerlessness is high in those percentages and trust in business and government is low. Unsurprisingly, Americans want more ownership of their data and accountability for those who would misuse it or be negligent in its management. That’s why the theme of this year’s Data Privacy Day, which is spearheaded in the U.S. by the National Cybersecurity Alliance (NCSA), is “owning your data” and thus your privacy. On a larger scale beyond special days, the situation has created enormous pressure on business and government to get behind a unified strategy and tame the data behemoth.

The Push for Federal Reform

In democracies, government is tasked with addressing issues of basic public goods. Data protection and recovery are increasingly being viewed through this lens as privacy rights factor in, but the issue is unique. It intrinsically connects business and government within a tech-based reality, as both possess big data and government relies on tech business innovators to help solve challenges. Safeguarding commerce and improving Americans’ trust and sense of control by protecting data privacy are imperative for the private and public sectors. But there’s even more at stake. U.S. government and military officials view data growth, exposure, and protection as a matter of national security, especially as AI-driven competitive technologies are exploited strategically by rival nations.

Think tanks, non-profits, and executives expect the Biden administration and 117th Congress to take up comprehensive federal data protection legislation. Tech giants and other stakeholders are anxious for certainty around the rules of the road and hopeful that the U.S. will align with and potentially exceed the European Union’s GDPR framework. As one writer explained, “… the United States increasingly finds itself in a position that’s unprecedented since the dawn of the internet era: laggard,” while the EU aggressively pushes to become “the most data-empowered continent in the world.”

Liberty and Substance For All?

What might federal reform look like beyond aligning with GDPR? Well, there’s a model. U.S. states have historically served as experimental venues for major legislation and our most populous state, in November 2020, enhanced the California Consumer Privacy Act (CCPA) with the California Privacy Rights Act (CPRA), via voter proposition. Most provisions are set to take effect in 2023. These are voluminous laws and aggressively protective of consumers and businesses in some areas.

In a nutshell, the CPRA: adopts key GDPR principles, includes new rights protecting consumers and their data, modifies other existing rights to further protect consumers and their data, gives some relief to SMBs, establishes some exemptions, and, quite poignantly, introduces a “sensitive personal information” category that imposes new restrictions on business use of certain personal information.

Of course, federal reform may change and exceed the California model, but it’s an indicator of some key consumer and business concerns about data growth, exposure, privacy, and protection. As with HIPAA, specific to health records, and FERPA, specific to education records, (both concerned with personally identifiable information, PII), a new federal law would override any existing state legislation with which it conflicts courtesy of the U.S. Constitution’s supremacy clause and become the law of the land.

That’s what everyone wants: A united vision of data privacy and protection that clarifies priorities and requirements, instead of patchwork rules coming from every state and multiple continents.

With this new administration’s apparent will to genuinely balance stakeholder needs and especially consider the needs of the public, such a federal law, like GDPR, would help Americans “own their data.” At least in part. There’s no doubt provisions will help businesses improve existing practices with an eye toward efficiency and resiliency, and manage some forms of liability. And not least, government will probably further clarify its authority to control the impacts of cyber warfare — which is aggressive, sophisticated, and ongoing.

No Need to Panic — Innovators Are On it

As the zettabytes continue to multiply, much work in managing and securing data within a unified framework needs to be done. But the good news is that much work that’s innovative and well tested already is being done. Too much to tick off in this blog, but developments in cloud data warehousing, edge analytics, and hybrid management, as well as network cybersecurity and data protection are pivotal right now in ensuring an ecosystem that supports the privacy and integrity of data.

Additionally, there is a fundamental truth widely applicable to data and, really, to all computing, worth calling out. That is, in almost every data attack and data loss scenario, accessing known good state is crucial. When there are questions of data integrity of any kind, known good state must exist and be a measure for fixes, or the fix itself.

Rooted in that truth, Infrascale focuses on delivering world-class backup and recovery that can be spun up in minutes. Most organizations cannot afford unplanned and prolonged downtime. They need to recover as quickly as possible. Regardless of the nature or size of the business, protecting and maintaining the data is paramount. Losing critical business data can cause irreparable harm, even to the point of failure. Infrascale Disaster Recovery gives customers unlimited disaster recovery and failover testing, a patented Deduplication File System (DDFS) that’s fast (with every backup looking like full image), unlimited resource utilization, no required capital expenditure, recovery image screenshot verification, and unlimited restore points replicated to the cloud.

Consumers, businesses, and governments need this level of trusted and cost-effective data protection and recovery … to get everyone on the same page and in control of their data destinies.

Infosec and Data Protection Research Provides New COVID, Cloud, and Compliance Insights for MSPs as 2021 Opens

Infrascale Survey: Across sectors, including financial services, healthcare, education, and manufacturing, 74% of executives have implemented new information security technology due to COVID-19

 

Reston, Va. – January 21, 2020 – Research from Infrascale, a cloud-based data protection company that provides industry-leading cloud backup and disaster recovery solutions, reveals new information security (infosec) insights important to MSPs in the new year. The research survey highlights business executive input, from a security perspective, on COVID-19, on cloud adoption, and on standards compliance. As 65% of those surveyed have seen an increase in information security breaches in their industry since the pandemic began, it’s not surprising that even more, 74% of all respondents, have chosen caution and implemented new infosec technology. A robust segment of leaders, across different industries, specifically turn to Managed Service Providers (MSPs) for help.

From the survey of more than 1,200 business leaders, Infrascale has revealed that education (44%), healthcare (51%), and manufacturing (53%) executives all cited a need for increased security as their top reason for selecting an MSP. Security is not the only top driver. Finance leaders chose reduced costs (57%) as their top reason, noting that an MSP is less expensive than hiring talent internally. For e-commerce retailers, increased security (46%) and reduced costs (46%) tied for the top spot.

“It’s never been more critical to have an encrypted backup and disaster recovery solution to ensure your business is always up and running. The increased threats to companies and MSPs have never been this severe, and it’s going to continue to get worse,” said Infrascale CEO Russell P. Reeder. “In this ever more challenging landscape, data protection and data recovery are top priorities for MSPs serving clients, especially as attack surfaces expand and attack vectors get more sophisticated,” he continued.

The survey further revealed which MSP services are most prominent for each industry. Finance (53%), education (51%), and healthcare (53%) executives all noted that the top service they leverage most with their MSPs is data protection, while manufacturing executives specified a subset of that category, cybersecurity services (58%) — focusing on computer network environments as their top MSP service. Executives across all these industries also named backup and recovery solutions (43%), cloud services (45%), and data analytics (48%) as key MSP services they use.

COVID-19 Prompts Industry-Specific Security Actions

Ramping up remote access work environments during COVID-19 has created a deluge of security risks and expanded attack surfaces that businesses are still in the process of addressing. It’s a common prediction that hybrid remote work trends will figure into the new-and-next normal this decade. As MSPs prepare for more flexible customer work environments, it’s helpful for them to understand what leaders in different industries have ascribed to COVID-19.

First, in broad terms, 81% of financial industry executives have implemented new information security technology due to COVID-19, with education second at 70%, and healthcare third at 67%. It’s noteworthy that 75% of financial industry respondents also have seen an increase in infosec breaches in their industry during COVID-19, the most among all industries surveyed.

Executives have named different kinds of infosec technologies they’ve leveraged during COVID-19, as well. According to survey respondents from the respective industries:

  • Cloud backup wins top technology for the financial (53%) and education (54%) industries
  • Encryption solutions earns the top spot for the healthcare industry (52%)
  • Antivirus/malware was the top technology implemented by the manufacturing industry (64%)

With so much new adoption of infosec technology in these industries, MSPs will be able to offer competitive security improvements and reviews of security controls throughout 2021.

High Demand for Cloud Signals the Need for Security and Ease

The vast majority of business executives, 95%, say they’ve moved some (64%) or all (31%) of their data to the cloud; their main reason, collectively, for doing so is improved security (68%), followed by ease of management (66%). When broken down by industry, finance leaders affirm security (71%) as their top reason for pursuing cloud-based solutions, while education (72%), healthcare (70%), and manufacturing (69%) industry leaders report ease of management as their top reason.

Reeder provided further insights: “While the survey data shows that more small and mid-market businesses have moved workloads to the cloud than one might think, there are still many workloads that are maintained on-premises and in private colocation data centers. Our conversations with our partners and their customers show that on-premises workloads will be here for a while. MSPs need to bolster their cloud migration and cloud security capabilities — especially for finance, education, healthcare, and manufacturing — so as to be prepared for the ultimate need of digital transformation and successful cutovers to the cloud.”

The survey showed executives are ready to embrace MSPs that are up to speed in the cloud — with 91% either extremely (61%) or very likely (30%) to work with an MSP that provides cloud-based solutions. By industry, the combined “extremely” or “very likely” enthusiasm for MSPs with cloud-based solutions was equally compelling:

  • Finance (94%)
  • Education (89%)
  • Manufacturing (87%)
  • Healthcare (83%)

MSP Infosec Strategy Must Target Compliance

Executive concern with regulatory compliance and industry standards is top of mind, according to the survey. While that’s to be expected, growing pressure on the new U.S. administration and Congress to pass comprehensive federal data protection legislation will keep compliance front and center in 2021 and beyond. Tech giants and other stakeholders are anxious for certainty around the rules of the road and hopeful that the U.S. will align with and potentially exceed GDPR’s framework. It’s vital for MSPs to be prepared for seismic shifts in the regulatory landscape in order to help their customers adapt quickly to any new industry requirements.

Right now, 88% of business executives surveyed said their company requires compliance with industry standards. The most common, applicable compliance regime overall is ISO 27001, noted by 37% of respondents. By industry, ISO 27001 is the number one standard of concern cited by executives in finance (38%) and manufacturing (49%). That international standard requires businesses to establish, implement, maintain, and continually improve upon controls that keep data secure.

HIPAA, the U.S. law which protects sensitive patient health data, is the top concern for education (32%) and healthcare (52%) executives. HIPAA is the number two concern for manufacturers and the number three concern for finance leaders. FERPA, which protects the privacy of student education records, was deemed number two for educators and number three for manufacturers. The latter regularly work with universities and state and local governments to offer educational programs for their workforces.

Methodology

The Infrascale SMB survey was conducted in November 2020. More than 1,200 business executives at SMBs or mid-market companies responded. All respondents are either currently working with or have previously worked with an MSP. Respondents work in a range of industries, including healthcare, education, accounting/financial/banking/insurance, manufacturing, and retail/e-commerce.

About Infrascale

Founded in 2011, Infrascale provides comprehensive, cloud-based data protection by delivering industry-leading backup and disaster recovery solutions. Combining intelligent software with the power of the cloud, Infrascale removes the barriers and complexity of secure, offsite data storage and standby infrastructure for real-time disaster recovery. Trusted and recommended by leading independent industry experts, Infrascale equips its customers with the confidence to handle the unexpected by providing greater availability, better security, and less downtime when it comes to their data. Visit www.infrascale.com or follow us on Twitter at @Infrascale for more information.

 

Media Contact

Joe Casados
joe@bospar.com
925-989-9813