Infosec and Data Protection Research Provides New COVID, Cloud, and Compliance Insights for MSPs as 2021 Opens

Infrascale Survey: Across sectors, including financial services, healthcare, education, and manufacturing, 74% of executives have implemented new information security technology due to COVID-19

 

Reston, Va. – January 21, 2020 – Research from Infrascale, a cloud-based data protection company that provides industry-leading cloud backup and disaster recovery solutions, reveals new information security (infosec) insights important to MSPs in the new year. The research survey highlights business executive input, from a security perspective, on COVID-19, on cloud adoption, and on standards compliance. As 65% of those surveyed have seen an increase in information security breaches in their industry since the pandemic began, it’s not surprising that even more, 74% of all respondents, have chosen caution and implemented new infosec technology. A robust segment of leaders, across different industries, specifically turn to Managed Service Providers (MSPs) for help.

From the survey of more than 1,200 business leaders, Infrascale has revealed that education (44%), healthcare (51%), and manufacturing (53%) executives all cited a need for increased security as their top reason for selecting an MSP. Security is not the only top driver. Finance leaders chose reduced costs (57%) as their top reason, noting that an MSP is less expensive than hiring talent internally. For e-commerce retailers, increased security (46%) and reduced costs (46%) tied for the top spot.

“It’s never been more critical to have an encrypted backup and disaster recovery solution to ensure your business is always up and running. The increased threats to companies and MSPs have never been this severe, and it’s going to continue to get worse,” said Infrascale CEO Russell P. Reeder. “In this ever more challenging landscape, data protection and data recovery are top priorities for MSPs serving clients, especially as attack surfaces expand and attack vectors get more sophisticated,” he continued.

The survey further revealed which MSP services are most prominent for each industry. Finance (53%), education (51%), and healthcare (53%) executives all noted that the top service they leverage most with their MSPs is data protection, while manufacturing executives specified a subset of that category, cybersecurity services (58%) — focusing on computer network environments as their top MSP service. Executives across all these industries also named backup and recovery solutions (43%), cloud services (45%), and data analytics (48%) as key MSP services they use.

COVID-19 Prompts Industry-Specific Security Actions

Ramping up remote access work environments during COVID-19 has created a deluge of security risks and expanded attack surfaces that businesses are still in the process of addressing. It’s a common prediction that hybrid remote work trends will figure into the new-and-next normal this decade. As MSPs prepare for more flexible customer work environments, it’s helpful for them to understand what leaders in different industries have ascribed to COVID-19.

First, in broad terms, 81% of financial industry executives have implemented new information security technology due to COVID-19, with education second at 70%, and healthcare third at 67%. It’s noteworthy that 75% of financial industry respondents also have seen an increase in infosec breaches in their industry during COVID-19, the most among all industries surveyed.

Executives have named different kinds of infosec technologies they’ve leveraged during COVID-19, as well. According to survey respondents from the respective industries:

  • Cloud backup wins top technology for the financial (53%) and education (54%) industries
  • Encryption solutions earns the top spot for the healthcare industry (52%)
  • Antivirus/malware was the top technology implemented by the manufacturing industry (64%)

With so much new adoption of infosec technology in these industries, MSPs will be able to offer competitive security improvements and reviews of security controls throughout 2021.

High Demand for Cloud Signals the Need for Security and Ease

The vast majority of business executives, 95%, say they’ve moved some (64%) or all (31%) of their data to the cloud; their main reason, collectively, for doing so is improved security (68%), followed by ease of management (66%). When broken down by industry, finance leaders affirm security (71%) as their top reason for pursuing cloud-based solutions, while education (72%), healthcare (70%), and manufacturing (69%) industry leaders report ease of management as their top reason.

Reeder provided further insights: “While the survey data shows that more small and mid-market businesses have moved workloads to the cloud than one might think, there are still many workloads that are maintained on-premises and in private colocation data centers. Our conversations with our partners and their customers show that on-premises workloads will be here for a while. MSPs need to bolster their cloud migration and cloud security capabilities — especially for finance, education, healthcare, and manufacturing — so as to be prepared for the ultimate need of digital transformation and successful cutovers to the cloud.”

The survey showed executives are ready to embrace MSPs that are up to speed in the cloud — with 91% either extremely (61%) or very likely (30%) to work with an MSP that provides cloud-based solutions. By industry, the combined “extremely” or “very likely” enthusiasm for MSPs with cloud-based solutions was equally compelling:

  • Finance (94%)
  • Education (89%)
  • Manufacturing (87%)
  • Healthcare (83%)

MSP Infosec Strategy Must Target Compliance

Executive concern with regulatory compliance and industry standards is top of mind, according to the survey. While that’s to be expected, growing pressure on the new U.S. administration and Congress to pass comprehensive federal data protection legislation will keep compliance front and center in 2021 and beyond. Tech giants and other stakeholders are anxious for certainty around the rules of the road and hopeful that the U.S. will align with and potentially exceed GDPR’s framework. It’s vital for MSPs to be prepared for seismic shifts in the regulatory landscape in order to help their customers adapt quickly to any new industry requirements.

Right now, 88% of business executives surveyed said their company requires compliance with industry standards. The most common, applicable compliance regime overall is ISO 27001, noted by 37% of respondents. By industry, ISO 27001 is the number one standard of concern cited by executives in finance (38%) and manufacturing (49%). That international standard requires businesses to establish, implement, maintain, and continually improve upon controls that keep data secure.

HIPAA, the U.S. law which protects sensitive patient health data, is the top concern for education (32%) and healthcare (52%) executives. HIPAA is the number two concern for manufacturers and the number three concern for finance leaders. FERPA, which protects the privacy of student education records, was deemed number two for educators and number three for manufacturers. The latter regularly work with universities and state and local governments to offer educational programs for their workforces.

Methodology

The Infrascale SMB survey was conducted in November 2020. More than 1,200 business executives at SMBs or mid-market companies responded. All respondents are either currently working with or have previously worked with an MSP. Respondents work in a range of industries, including healthcare, education, accounting/financial/banking/insurance, manufacturing, and retail/e-commerce.

About Infrascale

Founded in 2011, Infrascale provides comprehensive, cloud-based data protection by delivering industry-leading backup and disaster recovery solutions. Combining intelligent software with the power of the cloud, Infrascale removes the barriers and complexity of secure, offsite data storage and standby infrastructure for real-time disaster recovery. Trusted and recommended by leading independent industry experts, Infrascale equips its customers with the confidence to handle the unexpected by providing greater availability, better security, and less downtime when it comes to their data. Visit www.infrascale.com or follow us on Twitter at @Infrascale for more information.

 

Media Contact

Joe Casados
joe@bospar.com
925-989-9813

 

Customer Success Requires People-Powered Support

At Infrascale the definition of customer goes beyond that of a transactional relationship. We believe that a customer is a partner with whom we strive to form a long-lasting, “people-powered” relationship. To achieve this mission, we work diligently to go beyond merely providing answers to questions when partners reach out for support. We endeavor to provide solutions specifically tailored to answer each partner’s support requests. In that light, providing links to knowledgebase articles, conversing with AI-powered bots, or merely fixing a bug cannot be the sole solution to partner problems. We do not serve a company or corporation; we serve real people striving to provide real value to their customers and communities. Quick fixes can’t, and won’t, suffice, especially since Infrascale is entrusted to safeguard business-critical data and systems – which are the livelihood of our partners and their customers. When disaster inevitably strikes, Infrascale is there with Customer Support Experts to provide our partners with predictable, personal, proficient, and proactive guidance — people-powered guidance — that will help pull them through those unimaginably difficult moments.

These are not simply words. Providing this level of support begins with a Philosophy of Support that underpins each interaction with our partners. The philosophy of providing people-powered support is our guiding light, our North Star, through which we turn our partner’s problems into successes, and weaknesses to strengths. Simply put, when a partner reaches out to Infrascale Support, they should expect a personally tailored response by a Customer Support Expert who will proactively work alongside them to achieve the desired outcome.

Predictable

People-powered support for our partners starts with being predictable. The worst time a partner should experience uncertainty is when they are facing a business continuity crisis. Infrascale provides data protection and disaster recovery. Our partners depend on us to be there when things go awry. When a partner reaches out to Infrascale support, we want them to know exactly what they should expect from each and every support interaction – including the timeliness of resolution. Infrascale works diligently to provide predictability through reliable reactive and reliable proactive support. Any time a partner reaches out, they do not have to worry about the skill level of the representative they will speak with. They do not have to worry about lengthy hold times. They do not have to worry about whether they will get an answer…  and the do not have to worry about getting their issue resolved.

Instead, when a partner reaches out to Infrascale support, they will speak with a representative who will take ownership of their case, who will see it through to the end and treat it with care as if it were their own. Our partners will not spend valuable time on hold. When they present an issue the Infrascale representative will work with them to find a resolution that meets their immediate needs.

Personal

Our team aims to amaze and delight – to go beyond just fixing predictable problems or answering questions. Amazing support consists of providing direct and personally-connected solutions. Infrascale believes that a people-powered, personal connection requires seeking first to understand the entirety of the problem. This does not just entail understanding the technical nature of the problem, we must also understand the complete context of the problem – including the partner’s state of mind and their desired outcome. Once we have this understanding, we work diligently to tailor our response to the partners’ holistic question. Infrascale does not stop at providing a link to a knowledgebase article or reiterating a canned answer. Nor does Infrascale stop with tailored answers either. Personal connections continue with consistent and reliable follow through – until resolution of the issue. To realize this intent, Infrascale will assign a single Infrascale Customer Support Expert to work with a partner on an issue until it is resolved, i.e. Infrascale will not treat issues as a metric to be managed by a faceless group of support staff. When a partner contacts Infrascale Support, we treat the partner, and their issue, as if it were our own. We do this because we believe that our partners’ successes are our successes, and the best path to every success is through the personal connections we foster.

Consequently, when a partner reaches out to Infrascale Support they will never be greeted by AI-powered bots who have no regard, and no emotion, for the individual. This is especially important in these increasingly difficult and disconnected times. Infrascale Support is a team of people who care deeply about helping others by providing compassionate and empathetic help when it is needed most. The last thing Infrascale wants our partners to feel is as though they are alone in problem solving; we want them to know that we’ve got their back! If anyone were to ask our partners about how they solve for disaster recovery, we want them to say: “I know a guy!”

Proficient

Personal connections are all well and good, but if our partners find that the person they are connecting with is incapable of solving their issue, then the problem will persist. Even worse, that partner is likely unhappy that they didn’t receive the support they have come to expect! Simply put, Infrascale does not find this situation acceptable. A natural expectation, when anyone reaches out for customer support, is that the person providing support will be skilled and knowledgeable. For Infrascale this begins with an ongoing and lasting investment in our representatives and their training.

Many companies are more than happy to provide a very minimal level of training to their support representatives and they expect their support staff to “pick it up as they go along.” Of course, minimally trained support representatives are not capable of handling the wide variety of issues that arise, and in turn provide unsatisfactory support. Minimally trained representatives make avoidable mistakes, not because of a lack of inherent skill or empathy for the customers, but simply because they may not have all the necessary information to provide the best possible support. Infrascale deliberately strives to avoid these mistakes by providing extensive and ongoing training to our representatives which ensures that they are up to date on every product change, on every predictable issue, and every possible solution. When a partner finds themselves needing support from Infrascale, they know they are contacting a top-notch who will own their issue from beginning to end and provide expert support and advice every step of the way.

Proactive

Supporting a partner should not only occur when they reach out. We want to solve potential issues before they become actual problems. By analogy, fire departments do not start working only when they see flames. They pre-emptively test fire alarms, fill or replace extinguishers, and enforce emergency exit planning and feasibility. Infrascale treats support the same way. We believe we have an obligation to our partners to proactively ensure their services are working the way we promised. A partner should never have to call us as a last resort. We will be there, solving problems before they know the problem ever existed.

Trust is established between a service provider and their partners not just by the quality of the service they provide when things don’t go according to plan, but by how diligently they work to ensure that their partners always have what they need. Infrascale has a team, dedicated to Customer Success, proactively monitoring data backup and disaster recovery systems, services, and accounts, to ensure that nothing prevents a partner from executing their disaster recovery plan. Additionally, Infrascale offers a Guided Disaster Recovery Testing service, which provides partners with validation that their Infrascale Disaster Recovery solution has been thoroughly tested and is on standby to quickly restore access to their important data and business processes.

Philosophy in Action

Why does Infrascale have a philosophy of support? Because our partners deserve it! They put their trust in Infrascale to be there when the chips are down. For Infrascale to give our partners anything less than the best is simply not who we are. The last thing a partner needs during these challenging times is a vendor that only sees them as a case number. To Infrascale, our customers are our partners. Our partner’s successes are our successes, and we embody this people-powered philosophy in every support interaction.

Infrascale can be counted on because we believe in our philosophy of support and we make it a reality for every partner, every day.

 

Survey Says: Cloud Backup, Security Top Execs’ 2021 To-Do Lists

The pandemic sparked accelerated corporate adoption of cloud services, but, as we move into 2021, business executives increasingly seek ways to protect hosted data, infrastructure, and their organizations from an array of potential problems ranging from bad actors to data loss to vendor lock-in.

Public cloud will enjoy a compound annual growth rate of 18.3% between 2020 and 2027, reaching $88.7 billion by 2027, according to Global Industry Analysts.

Forrester’s “Prediction 2021” report is even more bullish, anticipating the global public cloud infrastructure market could reach $120 billion next year, up 35% from 2020. Without cloud computing, the world’s response to COVID-19 would have been a lot different, suggested Vice President and Principal Analyst Dave Bartoetti.

“When you look back at the public clouds developed in the last 15 years, it almost seems like they were designed to handle the global demand shock caused by the COVID-19 pandemic,” he wrote. “Without public cloud apps, development services, tools, and infrastructure available to every business and consumer on demand, imagine how different (and hobbled) the pandemic response would have been.”

Final Answer: MSPs Should Choose Cloud Backup

Managed service providers (MSPs) deliver the most value to small and midsize businesses by providing solutions addressing SMBs’ data protection, data analytics, and cloud services needs, according to a survey Infrascale conducted of more than 1,200 business executives.

“We conducted this survey to better understand the dynamics of how business executives perceive and select MSPs, as well as how MSPs can provide the greatest value to their SMBs and mid-market customers,” said Infrascale CEO Russell P. Reeder. “Based on the results, we recommend that MSPs continue to lead with solutions focused on security, data storage, and data analytics. Our most successful MSP partners are enabling their businesses to be more secure and to always access and analyze their data. The lifeblood of any business is its data, so it makes sense that securing it, backing it up, and analyzing it is most important to businesses.”

The report determined that general data protection was cited as the most-needed service by 53% of business executives surveyed.  Respondents cited specific protection services — #4 backup and recovery solutions (43%), and #5 cybersecurity services (41%) — as vital to their operations, the debut survey by Infrascale found.

With cloud backup, organizations are assured their data is secure in a secondary location, safe from harm if the primary site or location is damaged or goes offline for any reason. With anywhere, anytime access, cloud backup assures businesses that employees can recover from mishap whenever and wherever they need to, a capability especially vital during the pandemic. In fact, cloud backup is the most-needed service for 2021, with 59% of business executives Infrascale surveyed citing this as their top need for the new year, followed by antivirus and firewalls at 50%. 

Beyond the Cloud (Backup)

Of course, working remotely during a pandemic brings challenges — one of them being ensuring security. Sixty-five percent of respondents noted they have seen more information security breaches in their industry since COVID-19 started in early 2020 and 74% have implemented new security technology as a result.

In fact, the Infrascale survey found that security technology was second only to cloud backup (54%) in 2020.  Of business executives polled, antivirus/malware and network security (like firewalls and VPN) both received fifty-first percentile rankings. Encryption, and endpoint management software were not far behind.  A separate survey question shows that 2021 will be no different — both antivirus and firewall/VPN show 50%.

SMBs and mid-market companies are savvy to recognize the ongoing threats in the cyber world. By mid-November 2020, there were 113.1 million new malware samples, AV-Test determined. Threat capabilities are why cybercrime could grow to $6 trillion globally in 2021, according to an estimate by CyberSecurity Ventures. Another reason: understaffed IT organizations.

ISACA‘s 2020 State of Cybersecurity report shows 62% of respondents said their organization’s security team is inadequately staffed, potentially stressing current employees and thereby increasing the risk.

SaaS IT To Me

Software-as-a-Service (SaaS) was top-of-mind for many organizations, with 79% of business executives reporting they have adopted new SaaS technology, the Infrascale survey found. At 86%, the financial sector is most aggressively picking up this approach, which accelerates an organization’s time-to-benefit; can reduce costs, and delivers agility.

Because SaaS services are cloud based, the providers (i.e. the CSPs – cloud service providers) are responsible for maintenance, security, upgrades, and support, thus enabling internal IT departments to focus on differentiating tasks and projects.

By 2027, the worldwide market for SaaS is expected to reach $219.5 billion, according to Global Industry Analysts. The technology is being sold at a compound annual growth rate of 18.2% between 2020 and 2027, the research firm said.

Data’s All Folks!

Savvy business leaders are not only worried about the unknown of malware attackers, but also the known factor of vendor lock-in. Wanting to reduce complexity, some organizations have reduced the number of vendor partners that they’re willing to work with.

In addition, as technology sector giants have grown, acquiring startups and competitors alike, customers’ fear of vendor lock-in has increased. Despite open source, standards and common operating systems, a concern over a return to de facto proprietary days of yore exists, and business executives know that a surefire way to avoid dependence on one vendor is working with a service provider and store data off-site.

Indeed, 58% of respondents to the Infrascale study already have discussed the possibility of lock-in — and they are concerned.

In addition to cloud-based data stored offsite and redundant data, disasters and bad actors are encouraging business leaders to demand local control of their data. Combined, 86% of poll respondents said having local control of data is “very important” or “important,” according to the Infrascale report.

Ding, ding, ding: CSPs Reign Supreme

Amazon, Google, and Microsoft face growing pressure to innovate. Having taken the top spots in the cloud-provider arena, they are now seen as leaders for new technologies, techniques, and inventions. They also face fleet-footed startups from around the world, backed by entrepreneurial venture funds, excitement, and energy.

CSPs play a key role: 58% of respondents to the Infrascale poll said CSPs are innovators. Also, 55% said CSPs are the best in the business. Other studies showed similar findings:

“Results from Gartner’s annual 2020 Tech CEO Survey show that 62% of tech CEOs whose primary revenue source is cloud services say they are the first in leading their industry in new trends and directions,” Gartner found.

Some of these new technologies include Internet of Things (IoT), artificial (AI), and machine learning (ML)), all of which will generate terabytes of data — information that must be protected and secured. In fact, Cisco’s Global Cloud Index estimates people, machines, and things will generate almost 850 zettabytes (ZB) of data by 2021, up from 220 ZB in 2016.

Understandably, then, 53% of business leaders said data protection is the most necessary service currently consumed, the Infrascale study found. Digging a bit deeper into exact data protection services for 2021:  59% for cloud backup  – the most-needed service; 50% for each of antivirus and network security tools/firewalls; 44% for encryption; 43% for disaster recovery; and 35% for endpoint management.  2021 is going to be the year of data protection.

 

Infrascale Survey Reveals that SMB and Mid-Market Business Executives Feel More Competitive With the Aid of Managed Service Providers

Cost Savings and Security Are Key Drivers of MSP Adoption, Research Indicates

 

Reston, Va. – December 16, 2020 – Research from Infrascale, a cloud-based data protection company that provides industry-leading cloud backup and disaster recovery solutions, indicates that most SMB and mid-market business executives (68%) believe working with a managed service provider (MSP) helps them stay ahead of their competition. The Infrascale research released today also suggests that the top reason that businesses opt to work with MSPs, chosen by 51% of respondents, is to save costs. The second most common reason survey respondents said they use an MSP is for increased security (46%).

Almost all of the respondents said that it is extremely or very important to have a predictable IT budget right now (96%). Especially in today’s unpredictable environment, it’s no wonder that 51% view working with an MSP as more economical than hiring internal talent.

When it comes to budgeting, the three areas of information technology noted as incurring the most expense by SMB and mid-market company executives are: information security (60%), data storage (48%), and data analytics/business intelligence (45%). The IT areas incurring the least expense in budgets are: application licensing (24%), digital transformation (21%), and data center automation (21%).

“We conducted this survey to better understand the dynamics of how business executives perceive and select MSPs, as well as how MSPs can provide the greatest value to their SMBs and mid-market customers,” said Infrascale CEO Russell P. Reeder. “Based on the results, we recommend that MSPs continue to lead with solutions focused on security, data storage, and data analytics. Our most successful MSP partners are enabling their businesses to be more secure and to always access and analyze their data. The lifeblood of any business is its data, so it makes sense that securing it, backing it up, and analyzing it is most important to businesses.”

 

Businesses Seek a Range of MSP Services — and Protection, Quality, Security, Support are Key

Data protection (53%), data and analytics (48%), and cloud services (45%) are the top three services that business executives said that they use from their MSP, followed by specific data protection services: backup and recovery (43%) and cybersecurity (41%).

When it comes to the selection of MSPs by SMBs and mid-market companies, the list of services that MSPs must offer before they are even considered are almost identical, with data protection again topping the list (in this case at 52%) followed again by data and analytics (48%), and cloud services (45%). However, 42% of respondents referenced technical support as the fourth most referenced must-have, followed by backup and recovery (41%).

Independent of the services offered, the six most important criteria for selecting an MSP, according to the Infrascale survey, are:

  • Quality of solutions (52%)
  • Attention to security (46%)
  • 24/7 support (45%)
  • Cost (38%)
  • Flexibility and special accommodations (37%)
  • Saving time/offloading time-consuming tasks (37%)

 

Cloud Backup and Disaster Recovery Solutions and Cloud Infrastructure Use are Widespread

Almost all businesses surveyed (98%) are using a backup solution and almost as many businesses (94%) use disaster recovery. In most cases, MSPs help provide these solutions. Eighty percent of businesses said they use an MSP for disaster recovery and backup.

The move to the cloud is official, as 97% have implemented cloud-based infrastructure with a cloud service provider. Seventy-two percent of respondents use an MSP for cloud-based infrastructure. Just 3% of business executives at SMBs and mid-market companies said that their organizations work with entities other than MSPs for assistance with cloud-based infrastructure. Meanwhile, 22% said they handle the responsibility for cloud-based infrastructure internally.

“SMBs and mid-market companies clearly have embraced MSPs to execute critical business capabilities such as cloud backup, disaster recovery, and cloud-based infrastructure,” Reeder noted. “The adoption of cloud-based infrastructure signals that almost all companies are embracing digital transformation. Infrascale’s survey results show that nearly all respondents have moved some (64%) or all (31%) of their data to the cloud. The fact that 79% of the executives surveyed said that their companies have adopted software-as-a-service application technology such as Microsoft 365 or Salesforce is another example of ubiquitous cloud adoption.”

 

Survey Shows That Businesses are Willing to Move to MSPs for the Right Solutions and Service

Thirty-nine percent said they have only worked with their current or previous MSP for one to three years, while thirty-one percent of the survey group said they have worked with their MSP for more than three years.

More than half of respondents (55%) said it took “a few weeks” or less to establish a good workflow with their MSP, including 19% who said it can take as little as a few days and 2% who said they were able to establish a good workflow immediately. Only 14% of respondents said it took three months or more to establish a good workflow with their MSP.

The Infrascale survey results indicate that working with an MSP can substantially reduce the time required to implement new technology solutions. Seventeen percent of business executives said that without the assistance of an MSP, their company would require three months or more to implement a new technology solution. Only 9% of respondents said three months or more would be required to implement a new technology solution when an MSP assists the company with that task.

“New cloud-based solutions are increasingly important to the competitiveness of today’s businesses, often yielding faster time to market, which in turn can boost revenue and market share,” observed Reeder. “The expertise and timing advantage that an MSP can provide is particularly important, considering that 61% of business executives report being frustrated with the amount of time it takes to implement a new technology solution.”

Other key findings from the research include:

  • Just over one third (34%) of business executives reported having a negative experience with an MSP. The biggest reasons, tied at 43%, were high costs and quality issues.
  • Slightly more (35%) have fired an MSP, with the number one reason (51%) being cost.
  • 81% of business executives said they are either extremely or very likely to explore additional third-party assistance, beyond an MSP, to build their company’s security, data protection, and/or remote work capabilities.

“A key takeaway from the Infrascale survey is that MSPs provide significant value for SMBs, particularly around cost savings and faster implementation of solutions that arm businesses with a competitive advantage,” said Reeder. “Business executives understand the importance of always having access to their data and keeping their systems up-and-running through cloud backup, disaster recovery, and cloud solutions to accelerate growth. As the research illustrates, businesses view their MSP as a highly capable provider of these critical functions. It’s not surprising that so many respondents see their MSP as an important ally in their competitive battle for growth.”

 

Methodology

The Infrascale SMB survey was conducted in November 2020. More than 1,200 business executives at SMBs or mid-market companies responded. All respondents are either currently working with or have previously worked with an MSP.

Respondents work in a range of industries, including healthcare, education, accounting/financial/banking/insurance, manufacturing, retail/e-commerce, and other sectors.

 

About Infrascale

Founded in 2011, Infrascale provides comprehensive, cloud-based data protection by delivering industry-leading backup and disaster recovery solutions. Combining intelligent software with the power of the cloud, Infrascale removes the barriers and complexity of secure, offsite data storage and standby infrastructure for real-time disaster recovery. Trusted and recommended by leading independent industry experts, Infrascale equips its customers with the confidence to handle the unexpected by providing greater availability, better security and less downtime when it comes to their data. Visit www.infrascale.com or follow us on Twitter at @Infrascale for more information.

 

Media Contact

Hannah Ruark
hannah@bospar.com
540-599-7887

What is DRaaS (Disaster Recovery as a Service) – Part 1: Basics

What is Disaster Recovery as a Service?

Disaster Recovery as a Service (DRaaS) is a service model that provides backup and recovery via the use of a third-party cloud environment, whereby all of the disaster recovery functionality, including orchestration, are provided as-a-service. As-a-service means that the consumer of DRaaS need not own, nor manage, the recovery computing environment. Since DRaaS does not require a dedicated, physical secondary site, trained IT staff, nor upfront investment, it’s generally available at a lower cost than a self-constructed solution. Like other DR (disaster recovery) solutions, DRaaS keeps your business-critical applications operational and enables your company to run even when bad things happen: a hardware failure, a ransomware attack, or even a natural disaster. As an upgrade from traditional backup-only products, DRaaS provides very short recovery timelines (minutes) and on-demand, ready-to-use compute resources, for instant restoration of the applications. DRaaS is an effective solution to eliminate data loss and downtime – at a fraction of the cost of doing it yourself.

Why Disaster Recovery as a Service is important for business?

Today, businesses depend on software and computers more than ever before – not only as the backbone of operations, or as a powerful back-office suite, but also as important differentiators and as communication platforms. However, these systems are built from hundreds of building blocks that can, independently, break! Failed server components, bad application updates, ransomware, flood, and fire – all of which are disasters — have the potential to bring your business to its knees. It’s not a matter of “if”, it’s just a matter of “when” it will happen.

Traditionally, IT relied on backups to resuscitate applications in the event of disaster. However, in modern times, backups fail to solve critical data loss and downtime problems:

  • Backups data often appears missing, incomplete, or non-restorable
  • When a server fails, procurement of replacement hardware takes days!
  • Data restore can take hours and days of labor and waiting

DRaaS does not suffer from these issues and brings much more to the table: the ability to bring operations back to production in minutes, backup testing automation, scalability, and the opportunity to leverage the on-demand nature of the cloud. DRaaS is an affordable and easy-to-manage utility — even for small and medium-sized businesses (SMBs) — that may not have trained IT staff, deep pockets to set up failover data centers, or time to build comprehensive business continuity plans.

For the intrepid do-it-yourselfer, DRaaS can be used as a self-serve product. Conversely, DRaaS can be delivered by MSPs for the not-so-technically inclined company needing extra management and care.

Why Disaster Recovery as a Service is important for Managed Services Providers?

While the “service” part of DRaaS is more about it’s being offered as a all-inclusive product in the cloud – it can also be framed as how the product is supported. As noted above, many SMBs could benefit from a DR solution, but not all of them have trained staff and time to implement it. This is an opportunity for MSPs – and an important differentiator versus their competitors – to provide turn-key DR services (on top of a DRaaS solution). When the service of managing DRaaS is offered at a reasonable price point, and with low implementation and management costs, it becomes an integral add-on to the MSP toolkit to help SMBs with their IT needs.

Additionally, one feature of the Infrascale Disaster Recovery (IDR) product is that every backup can be automatically validated. IDR boots a virtualized copy of a protected computer in an isolated environment. During boot, it takes a screenshot of the system and performs an “inside-out” test by running a small application inside the machine. A daily backup verification report, with screenshots of virtualized protected systems ready to be used in event of a disaster, can help build trust between an MSP and a customer. Thus, an MSP that helps with IT, can now help with DR, integrate DR with other offers to the SMB, and provide real-time feedback and peace of mind to their customer that the DR solution is working!

What Defines a DRaaS Solution v. DR alone?

Every DRaaS offering should include the following:

  1. Capture of source physical computers or virtual machines (full images and incremental updates). This is done either using an agent that is installed on the source system or via interaction with the API of the virtualization platform (agent-less). Note: agent-less capture simplifies rollout and management of the product.
  2. Replication of source data to the cloud. Data can be replicated as discrete incremental image files, as changelogs (for sync-based solutions), or as unique data blocks (for solutions that support over-the-WAN deduplication).
  3. Configuration of DR run books. Boot sequencing and configuration allows restoring entire environments with a single click. Different solutions may achieve this with graphic sequence editors, simple list ordering, or scripting. 
  4. Automated failover (AKA recovery, AKA spin-up) of protected computers and networks in the cloud. At the time of disaster, individual systems or the entire environment can be spun up in the cloud. Older DR solutions required a phone call to the vendor’s support and formal declaration of disaster. With modern DRaaS solutions, a customer can start a single server or their entire environment (via DR run book) through a user interface.
  5. Failback from the cloud location back to the source. Since the recovery infrastructure is running in the cloud environment, and business operations are restored, the failback can be scheduled at a convenient time. To be a DRaaS means failback should be as simple as the failover.

According to Gartner, DRaaS offerings must also have a standardized SLA for recovery, amongst some other capabilities.

How is DRaaS different from regular backup or Backup as a Service?

With DRaaS, the data, applications, and network configurations are copied to the cloud. In the event of a disaster, the entire infrastructure can be quickly restored in the cloud. Thus, business operations can be resumed with this new, temporary, infrastructure. By using prepared run books, taking frequent snapshots of source systems, and automatically testing failover, recovery point objective (RPO) – maximum time period of potential data loss – and recovery time objectives (RTO) – target time between incident and recovery – can be decreased to minutes.

Conversely, traditional backup or Backup as a Service (BaaS) solutions take copies of data (and sometimes server configuration) and write them to disk or tape. These copies can then be taken offsite, or to the cloud. Unlike DRaaS, these copies are intended to be restored to the same, or new hardware, and not instantly restored as a functional server (that is, the data is not “spun up” and ready to go).

Therefore, there is a major difference in approach to recovery for these types of solutions:

  • DRaaS: Failover in minutes, then resolve the original problem – at your own pace
  • Backup: Rush to resolve the problem, then perform a restore
Backup vs DRaaS

 

What makes the Infrascale Disaster Recovery solution unique?

The Infrascale Disaster Recovery product is feature-rich and meets all of the definition above. Here are some other capabilities that our customers love and chose us for:

  1. Flexible scheduling, throttling, and deduplication during capture and replication of computers. This helps to avoid degradation of performance on source systems, and keeps storage and network usage at bay. 
  2. Local (on-premises) DR to avoid reconfiguration of networking and decrease latency. In most cases, businesses face “micro-disasters”, when just a single computer fails. Many solutions can perform on-premises DR either by spinning up a copy of the failed machine on a local DRaaS appliance or by doing an instant restore of the virtual machine to an on-premises hypervisor.
  3. Automatic testing of backups with boot (screenshot) verification. Automated testing of backups is the best way to ensure that every backup is usable and is often a key reason why companies choose a DRaaS solution instead of traditional backup products.
  4. Granular restore of individual files and folders. Where applicable to solve the disaster, it’s usually quicker and easier to restore individual files and folders than the whole system. 
  5. Restore to dissimilar hardware or hypervisor. When a server fails and needs to be replaced, chances are it’s going to be virtualized, not restored to a new dedicated box. Also, many companies today have both VMware and Hyper-V hypervisors in place. This makes physical to virtual and virtual to virtual conversion a valuable feature. 
  6. Convergent Backup and Disaster Recovery Solutions. IDR is both backup and DR. It allows storing the long-term archives of data and, unlike sync-based products, provides the necessary “air gap” between the source system and the secondary copy, not letting malicious change instantly populate to the secondary site. At the same time, an organization can enjoy instant DR spin-up times both on-premises and in the cloud, while still being able to roll back to an archived restore point made years ago.

DRaaS is an effective solution to eliminate data loss and downtime. Backup and spin up/recover at a fraction of the cost of doing it yourself. The Infrascale Disaster Recovery DRaaS solution builds upon the benefits of DRaaS and goes beyond: no extra site, no extra IT resources, and no fuss to failover or failback – in minutes! Be confident your data is protected. Gain the control and flexibility around your data and data operations.

If you want to learn more on how Infrascale Disaster Recovery solutions can keep your data safe and your business operational, visit the Infrascale website or sign up for a product demo. MSPs welcome!

 

Disaster Recovery Orchestration | The Importance of Orchestration

Many have heard the adage that in this world nothing can be said to be certain, except death and taxes. However, in 2020, we may want to also include cyber-attacks and other disasters that jeopardize your data. The global pandemic has seen a huge rise in people working from home, shopping online, and being more digitally connected than ever. Unfortunately, this presents an ideal opportunity for bad actors seeking to create havoc. 68% of business leaders feel their cybersecurity risks are increasing, and on average only 5% of companies feel they are protected. It also presents more complexity for IT — managing more remote workers and equipment — on top of their data center and business operations.

Uptime is an operational imperative — as we know that its inverse, downtime, has enormous costs and impacts on business. Thus, any form of downtime — from an Exchange crash, to a site-wide disaster (tornado, hurricane, flood), to a ransomware infection — can cost an organization dearly in terms of lost revenues and productivity.

However, if: a) you have implemented a DR solution, b) that solution has orchestration capabilities, and c) failover testing has shown that the DR solution and its orchestration are at optimal performance, then an organization can dramatically reduce the amount of downtime and stress associated with these incidents.

When examining potential DR solution providers, it is increasingly important to find objective measures to separate the contenders from the pretenders. One of the key differentiators is how a solution provider delivers orchestration — the orderly recovery of a server environment during an outage. Orchestration ensures that critical servers, applications, and their dependencies come online in an automated fashion, without incident. When looking at a vendor’s failover and failback features, pay special attention to orchestration and how much customization and control you have in the orchestration process. These features can save time, save energy, and bring your critical data and applications back online with minimal loss to your business.

To start this examination, we’ll start with a maxim: an ounce of prevention is worth a pound of cure. As related to downtime, when disaster strikes or critical systems crash, IT administrators have to be thoughtful about how — and in what order — they restore applications. This needs to be pre-planned. The order of operations is crucial for seamless system restoration. For example, if your environment utilizes a dynamic host configuration protocol (DHCP) server to manage leases on your machines, this server would be among the first applications to be brought online, because of the importance of assigning IP addresses and providing configuration information. You may also want your Active Directory (AD) server to come online shortly thereafter, if not concurrently, to automate network management of user data, security, and distributed resources.

After you resuscitate these core systems you will want to restore your production workloads such as SQL Servers, Exchange, and other mission-critical apps. Then, you can boot your secondary applications. Order clearly matters, and orchestration of the sequencing is the means, by which DR solutions restore applications in a predetermined order.

Not all vendors treat orchestration equally; you have to uncover if — and how — DR solution vendors can deliver this functionality. There are four core ingredients and components of orchestration:

  • Runbooks: Most cloud recovery providers offer a simple DR runbook that presets the order, in which your systems (VMs) recover. The runbook defines a group of machines that are powered on (simultaneously) with a single command. The real power of orchestration, however, is the ability to determine the actual order (not just a group of applications that boot simultaneously). This is where scripting comes into play.
  • Scripting: To complement a runbook, IT can create simple, customized scripts (basic commands) that execute more complex configurations. This includes everything required to fully automate recovery. For example, scripts can be used to ensure that machines without DHCP servers can be rebooted with their proper network configuration, such as IP and MAC addresses.
  • Testing: Another key component of orchestration is the ability to test the failover process and ensure the runbook and scripts work as expected. Unfortunately, many DR vendors charge for DR tests or require formal disaster declarations to perform these tests. Increasingly, IT administrators are looking for a self-service failover solution that puts the control back in their hands. You’ll want to test your orchestration periodically after the initial setup, system variables continuously change (for example, when you deploy new service packs), it’s not a one-and-done activity.
  • Failback: After your production servers are running, IT is freed up to rebuild your hardware in anticipation of application failback. Once the hardware has been properly configured (post disaster), then it’s time to restore applications and their operating systems. If it’s a physical machine, then you can use a USB drive or disk to recover from a pre-installation (PE) environment. If it’s a VM, you can simply push the guest back to its corresponding host. All of this can be done while capturing any changes made by the users while working with the ‘booted’ image (during the outage).

At Infrascale, we’ve invested in orchestration to be the easiest and most customizable DR solution on the market. We have enabled runbooks to boot specific VMs and groups of VMs. We’ve built this in a way of a simple drag-and-drop interface that lets you build out your orchestration sequencing.

 

Example Orchestration Scenario

 

Example Orchestration Scenario – Boot Group & Wait 

 

Example Orchestration Scenario – Server Actions

 

For further information, see orchestration overview and details.

Beyond the runbook and boot sequencing, Infrascale offers unlimited, on-demand testing so you can freely test and retest your orchestration… on your time, and for no extra fee! We even offer a guided disaster recovery service to help you ensure your plan is ready to go!

Because of the features and flexibility provided by Infrascale Disaster Recovery, our clients get very excited about the power of our solution. One such client is required to maintain a constant uptime because they are a military contractor. Unlike most companies working with the government, their product is so vital that they are not able to shut their systems down – even for testing. And testing is something that they are also required by their regulatory compliance to do! Prior to working with Infrascale this company was forced to take backups of their entire infrastructure, fly the entire team out to their colocation in the middle of the country and test – all within a two-week window. Not only was this costly, but due to the sensitivity of the data and time constraints, it was difficult. When Infrascale came along, we were able to assist this client in completely pre-configuring failover in the cloud so they could fit into the strict time constraints, they were able to do it all securely and safely. Now, instead of dreading the failover test every year, they treat it as a vacation. What normally took weeks to complete now takes just a few hours!

Punchline: As you give disaster recovery solutions (DR) a closer look, you must ask any prospective vendor how they manage the orchestration process. Ask if you can take the offer to go beyond simple DR runbooks and help to create a comprehensive business continuity and DR playbook. When orchestration is well planned, coordinated, and tested, it can dramatically reduce the amount of downtime for any type of micro- or macro-disaster. And… just as important, it will have a positive impact on your stress level, by giving you the confidence of knowing that you can recover from anything thrown your way.

 

Cyber Monday Is Imminent. Are You Ready?

Cyber Monday is always the Monday after Thanksgiving. In 2020, that date will be Monday, November 30. Are you ready?

No, we don’t mean ready to make a lot of online purchases. Or, from a retailer perspective, ready to process higher-than-usual data transaction volumes. Those are givens. Rather, are you prepared for a secure Cyber Monday?

Cyber Monday has grown significantly since its beginnings in 2005 as a marketing ploy to give smaller retailers with an online presence a chance to compete against brick-and-mortar retail giants (and Amazon, of course). In 2019, Cyber Monday racked up sales to the tune of $9.4 billion of spending, an almost 20% YoY increase from 2018. And, similar to Black Friday, the onslaught of deals now exceeds and extends beyond this one day. That said, Cyber Monday still exerts the strongest economic gravitational pull of any economic-centric “day” outside of China’s Singles Day (which takes place on November 11 each year).

The total Cyber Monday spend referenced above is based on data derived from more than a trillion visits to thousands retail sites. It also includes transactional data from 80 of the top 100 U.S. online retailers. And, while there’s no way to know the exact amount of data involved, it’s safe to say that simply calling it enormous is a huge understatement.

Transactional data: into the vortex

So, what happens to all of the transactional data generated over Cyber Monday? The answer is… complicated.

Let’s start with the retail website where the data first gets collected.

In most cases when you transact with an e-commerce store (i.e. provide payment for a cart of items), the payment data is tokenized and processed only by banks and credit card processors.    The retailer, for compliance reasons, should not be holding on to any raw credit card data – only the token that references the data. Further, any Personally Identifiable Information (PII) – such as name and address – must also be carefully managed, as to comply with privacy laws. For the sake of understanding customer behavior, the retailer has the payment information stripped, the PII is “anonymized” (i.e., given a random identifier or placeholder values that prevent identification – yet still provides a tie to your previous purchase behavior) and the rest of the transactional data (e.g., your Christmas gifts and quantities) are left to process.

From here, to perform the analysis, the vendor either “transforms” the data into a format their database works with and loads it into the database (ETL), or loads and then transforms it (ELT) — mashing it with all of your purchase history and the histories of millions of others. There are literally hundreds of database and data analysis solutions and platforms on the market, running from legacy systems like Oracle and hot new unicorns like Snowflake to open source stalwarts like MySQL…and everything in-between.

At the same time data is being collected, the vendor – unless prohibited by your browser settings – leaves a tracking mechanism behind in your browser, typically a cookie but sometimes an even more invasive method like cross-device tracking that has all sorts of marketing uses. Once a vendor can track your purchasing preferences and other online actions, you become a prime target for ads, emails, and all sorts of marketing efforts, as we are all (sometimes painfully) familiar with.

While there are regulations (such as GDPR in Europe and CCPA in California) that place restrictions on how data – like PII – is used and who can access it, it’s still more “Wild West” than “buttoned-up” when it comes to companies using and profiting from consumer data. That’s something we are all going to have to live with for the foreseeable future.

From the business perspective, e-commerce transaction/revenue increases like those found on Cyber Monday are a godsend. This is especially true for small and medium-sized businesses (SMBs) that don’t have brick-and-mortar locations and marketing resources that retail behemoths do. And technology has gotten to the point today where even a neighborhood restaurant can get up and running with a database solution in minutes as opposed to not being able to afford an on premise, legacy database install like back in the old pre-cloud days. They can even do important marketing activities like email campaigns for free.

All of the above scenarios run on today’s new “oil” – data. All that value, of course, comes with risks and threats.

Hey, consumers – it’s scary out there

As a consumer, once you supply your personal information to any website or app, it becomes a potential target for hackers. While most vendors try to act responsibly with customer data and keep it secure, many do not. But even if a company does its best to protect your personal information, that doesn’t mean it won’t be hacked and used by bad actors. There are numerous examples of this, but famous ones like the Equifax breach from a few years ago – where 147 million people had their personal information stolen – are never that far from the news cycle.

There are also more direct security threats to deal with, such as phishing scams, ransomware attacks and plain old-fashioned malware.

In phishing and spear phishing scams, individuals get an unsolicited email (often personalized, seeminging from someone you know) asking for personal information and/or money. They go to personal and business emails alike. Particularly nefarious is the spear phishing flavor of this threat, where the attacker adds more personalization and makes it tougher to detect as an attack.

Ransomware – where data is seized or some threat is made, such as locking down a critical system or exposing the data – goes after money and is no longer just a business concern, as attackers have expanded to individuals.

Malware includes ransomware and a whole host of other scary threats like viruses, spyware, adware, and the like.

Hey, SMBs – it’s scary out there

SMBs are subject to the same cyber threats as consumers year-round, not just with heightened Cyber Monday activity. They also have more data and valuable information than individuals, so the number of attacks is higher, the attackers are more relentless, and there are more and different types of threats to worry about. Some of these include:

  • Data loss and compromise
  • Costs related to damages and data recovery
  • Business downtime
  • Loss of external party trust (customers/partners/suppliers)
  • Loss of employee trust
  • Loss of business viability

This blog post on the subject of “How Cyber Awareness Can Save Your Company” takes a deeper dive into these cyber threats if you’re interested in learning more.

Cyber Monday is coming  – are you ready?

If you’re not feeling as secure as you’d like ahead of diving into the Cyber Monday deals or, for SMBs, having your IT stack ready for the spike, then there’s still time to change that equation. Even if you do feel secure, there’s always room for improvement. Always. There is no strategy or solution that is 100% impenetrable. It’s really about managing risk in a smart, purposeful way.

If you are a consumer:

  • Research and acquire antivirus and/or antimalware software
  • Research sites that you haven’t used before that are not well-known – it’s a jungle out there!
  • Make sure the site you are about to make a purchase on is secured and encrypted (via SSL issued by a reputable certificate authority — represented by a lock icon/“https” prefix in the address bar of your browser)
  • Save all confirmation messages and receipts
  • Strengthen your passwords
  • Check your credit card statement regularly and/or set up credit card alerts with your bank

For SMBs and other businesses experiencing Cyber Monday from the other side of the proverbial looking glass:

  • Use Cyber Monday as a forcing function to thoroughly assess your customer database and other IT infrastructure security
  • Stay current with your security software
  • Have procedures in place to deal with a consumer data breaches
  • Educate your employees on security best practices and how to avoid attacks like phishing

And last, but certainly not least – protect your data by backing it up and ensuring it’s recoverable in case of a disaster like the situations described above. 

Whatever you do, have a BDR solution ready ahead of the Cyber Monday chaos

Along with the bottom line impact of Cyber Monday’s sales to your company’s revenue stream, the data you gather from the day itself and surrounding days brings the most value. That’s why it’s critical to have a backup and disaster recovery (BDR) plan – and solution – in place.

In addition to the cyber attacks that hit many SMBs, the additional site traffic and transaction volume can lead to self-inflicted damage such as insufficient IT resources failing at the worst possible moment and resulting in downtime. In a recent survey about the costs of downtime, 37% of SMB respondents lost customers and 17% lost revenue. The survey also reported that software failure (53%) and cybersecurity issues (52%) were the most common downtime causes, followed by hardware failure (38%), human error (36%), natural disaster (30%), and/or hardware theft (24%).

Comprehensive data protection powered by BDR is readily available and can even be tailored to specific industries, use cases and IT environments.

The unstoppable train that is Cyber Monday rolls on

For an event that has been around less than 20 years, Cyber Monday’s importance to retail is immense. It’s also growing, as the chart below shows.


Source: Adobe Analytics

 

It’s not a stretch to predict that $10 billion is the floor for this year, and the total will likely be much higher.

Cyber Monday’s benefits are enticing. For consumers, there are great deals to be had and near-limitless options available via online shopping. For businesses, it’s one of the best opportunities to juice your sales numbers and pick up new customers that you can then turn into repeat customers.

The threats are out there – external and internal – and some of the most common have been outlined above. The bad news is that the malevolent actors, as they always do, see events like Cyber Monday as an opportunity to go after consumers and businesses alike with tried-and-true approaches like phishing along with newer and more sophisticated attacks such as ransomware and cloud-jacking. The good news is that there are strategies and solutions available that are proven to keep most attackers at bay, ensure your data is backed up and recoverable in case of disaster, and ultimately help lead to a successful day. It is possible to shop Cyber Monday deals and protect valuable personal information at the same time.

So, now with some Cyber Monday context and advice in hand, the question from the beginning of this post remains: are you ready? Happy – and safe – cyber shopping and holidays!

 

Salesforce Data Recovery Service has been Retired.
Is Your Data at Risk?

In July 2020,  Salesforce announced that they were retiring their Data Recovery Service for backup and recovery. This add-on service enabled customers to recover their Salesforce data that had been inadvertently lost through accidental deletion, overwriting, or simple user error. With the retirement of the service, Salesforce no longer keeps “backups from which customers can recover from errors made in the past.

Salesforce was very candid in explaining why they chose to discontinue Data Recovery Service. They stated that the service did not “meet our high standards for customer experience due to the length of time and reliability of the process. This process takes a minimum of 6-8 weeks to complete and we cannot guarantee 100% data recovery.” Despite the shortfalls that many experienced, the Data Recovery Service was relied upon by many thousands of Salesforce customers as the last resort for backing up and recovering their mission critical SaaS data.

Data Retention, a Core Business Need

A core element of backup and recovery is data retention. Data retention, also known as backup retention, is the continued storage of an organization’s data for compliance or other business reasons. Effective data retention policies are critical to business of all sizes — small and medium sized business (SMB) up to enterprises — as they anticipate recovery from data loss associated with: cyberattacks such as ransomware, malware, and phishing threats; disasters, whether they be human caused (both malevolent and accidental) or natural; litigation and other legal discovery/processing needs; and intrusion/editing caused by internal bad actors.  

The consequences of losing mission critical data can be crippling to a business. As indicated in the Infrascale blog post, “How Cyber Awareness Can Save Your Company” these costs include:

  • Business downtime (lost revenue, lost opportunity)
  • Loss of customer trust
  • Loss of employee trust
  • Loss of business viability

Of the business costs listed above, the most dangerous is the potential loss of overall business viability. The possibility of going out of business due to data loss is a frightening, and unfortunately growing threat.

The stakes are real, and the consequences of not creating a retention policy, and the backup processes that enforce the retention policy and protect the data, is significant.

Dose of Reality: You are Responsible for your Data

News Flash:  A SaaS provider, such as Salesforce, cannot detect data loss!  Thus, they don’t (and won’t) accept responsibility for customer data. It’s a common misconception that SaaS providers fully back up your data on your behalf, and that your data will be recoverable whenever you need it.  Most SaaS providers, including Microsoft 365, G Suite, Box, and Dropbox, only retain backups of your data for a limited period of time. In the case of Salesforce, your deleted, lost, or corrupted data will only be retained for 15 days (without additional protection).   

Why is it Important to Backup my Salesforce Data?

As the world’s #1 customer relationship management (CRM) platform, Salesforce is deeply embedded within the business operations of over 150,000 customers – from small businesses to Fortune 500 companies. It has been reported that 88% of Fortune 100 companies use at least one Salesforce applicationAmong the most critical Salesforce data generated by these organizations is: 

Client and
Customer Data

Accounts and
Planning Information

Leads

Contacts

Opportunities

Contracts

Financial Data

Employee Information

 

This data is mission-critical for a successful business and enable it to compete effectively in the market. Likewise, the temporary or long-term loss of this important information can be the death-knell of an organization – regardless of size. 

Now is the Time to Act… before it’s too late!

If you haven’t already deployed a Salesforce data backup and recovery solution for your important Salesforce information, please don’t wait another minute to act!  Be warned, however, that general SaaS data backup and recovery solutions only provide backup support for Microsoft 365 and G Suite. You need a solution developed specifically for the backup and recovery of your Salesforce data set.

Infrascale Cloud Application Backup (ICAB) for Salesforce provide the peace of mind you need for your business-critical Salesforce data. With ICAB for Salesforce your SaaS data is always protected and always available… on your time. Infrascale provides unlimited Salesforce data backup history – mitigating the risk of data loss from human error, data corruption, malware/ransomware, and gaps in retention policy.

It’s not a matter of if your Salesforce data will be compromised, it’s a matter of when it occurs. Don’t wait, act now!

Backup and Recovery 101: The Basics

Science fiction celebrates machines that can transport a person backward or forward in time. Many people would love to be able to do the same with their lives — to relive experiences or to revise decisions and actions. By analogy, in the world of information technology, backup and recovery is a time machine for data.

Backup and recovery help businesses ensure their critical data and systems are protected and recoverable in case of a disaster or other emergency. Properly configured backup and recovery provides flexible options to ‘rewind’ to a previous state of the data, to get the system up and running again, as if nothing happened. By regularly backing up computer systems to a safe and secure location, businesses mitigate the risk of data loss, system downtime, and possible financial losses and reputational damage.

Backup and recovery are both processes and a set of tools to implement the processes in a robust, secure, and easy-to-manage manner. To grasp the broad picture of backup and recovery, it is important to identify the basic terms and concepts behind them.

In the beginning there was data…

Data is at the core of backup and recovery.  Simply put, data is any kind of information that is stored on a computer in a binary format. To make data manageable and allow for its manipulation, data is stored as a chain of bytes referred to as files. Files have human-readable name formats and are stored in containers (folders).

Folders are organized in a hierarchy called a directory system: a tree that provides organization the information so it can be identified and located by users or software applications. 

Regardless of the structure of data, at the physical level, data is stored on storage devices called disks.

An analogy for the data/structure concepts above is a traditional library with paper books.  In a library, words (data) are brought together to form books (files). Bookshelves and book catalogs are the directory structure, various library premises are storage devices (disks), and the entire library building is the computer system.

… and then there was data backup

Regardless of any potential security measures implemented for our fictional library — metal detectors and alarm systems (firewall), library security guards (antivirus software), video surveillance (monitoring and reporting software), and so on — there is always a risk of accidental or intentional property damage (data loss or corruption).

If your computer is turned off, nothing can happen to the data stored on its disks.  That is to say, when you turn the computer back on, the data will be in the same place as it was before.  Your only concern need be for the physical safety and operation of the computer — and its disks. While storage corruption is a potential reality, it is not the highest concern. The true threats to the data only become possible when you turn on the computer (and connected it to the internet). Those threats include malware, ransomware attacks, failed hardware, application and system updates gone wrong, and the most inevitable of them all — accidental deletion due to human error.

To avoid risks and mitigate impact associated with data loss or corruption, businesses must implement data protection policies and procedures (beyond those security measures!) An integral part of such policies and procedures is a data backup and restore strategy.

Backup, the noun, is a new, stored copy of data. To back up, the verb, is the act of creating and storing a copy of the source data. The goal of the backup process is to have copies for a future need to recover backup data or restore system functionality from a copy.

Most backup and recovery tools provide a choice as to the level of data protection. That is to say, a choice of which data, at what level in the structure or storage medium, to protect via backup. The following list of backup types is not exhaustive, but merely a starting place for exploring the concepts and approaches to data backup and recovery.

File backup

Imagine a few words or paragraphs in a book were deleted, some book pages were torn out or covered with coffee, or the book itself was stolen from the library. We lost bits of data, and we may not be able to read and understand the text in its entirety. This is a simple concept of data loss or corruption at the file level. To avoid, or more importantly to overcome, damage to our data, file backup is an appropriate backup solution choice.

In this type of backup all data from the original file is copied byte-by-byte into a new copy of the file. Therefore, the backup copy of the file is identical to its original, at a given point in time.

File Backup

To ensure that no part of the original file is changed while the backup process is running, file backup is best accomplished when data is ‘idle’, that is, not involved in any other process than backup itself. Otherwise, after restoring your critical files from backup, you may find out that while you have successfully copied the data, the files may not be consistent with one another (version-wise).

File backup does not include any kind of synchronization between the original file and backup copies. To keep your backup up-to-date, the backup process should be run repeatedly to capture ongoing changes.

Disk backup

Now, consider that a part of our fictional library caught fire or flooded, and a great number of books (data) are now lost or corrupted, resulting in closed premises. This gives an idea of data loss or corruption at the disk level — as the disk itself has suffered. To mitigate the consequences of restoring data to the exact state before the disaster, we should employ a disk backup strategy.

Disk backup entails creating an image (copy) of a computer storage device (HDD, SSD, or the like) at the block level (comparing to the file level). In case of an operating system error or a disk failure, this type of backup allows for the full restore to the exact state of the disk (including data residing on it) at a given point in time.

Disk Backup


System backup

Again, referring to our ‘library’ analogy, imagine the entire building was destroyed in a fire, earthquake, or by tsunami. No need to explain the aftermath — all data is gone with the library being out-of-service completely (there may not even be a building!) But, if we had copies of all books and other data arranged and ready in another building, we could simply continue operating and providing library services.

Mitigating the impacts of this type of data loss requires use of a system backup. System backup manages backup operations for the entire operating system and storage attached to it, including files, applications, system configurations, and so on. In this type of backup, the configuration state, the files, and all system data are saved as a single file (image or snapshot), ready to be recovered and run instantly, if the primary system goes down or its data gets corrupted or lost.

System Backup

A system backup approach ensures that not only the user data in the system is protected, but also preserves overall integrity and operational state of the system. This helps in restoring the system (and user data) to a “last-saved” operational state.

Optimizing backup and recovery


Backup priorities and scope

Not all information needs to be protected. For example, temporary data may be deemed non-critical, and therefore does not need to be backed up. However, when data is critical, it should be backed up immediately.  Obviously, the time needed to complete backup directly depends on the size of data and the speed the data can be transferred with. Both are hard to be traded off.  Luckily, there is a technique based on the data change tracking. It allows transforming data from the original state to any other state by applying changes that were made to the data in between. This technique defines backup methods: full, incremental, and differential. They give an opportunity to have a scope of the data as a tradeoff  for execution time minimization.

The scope of a full backup entails creating a copy of all data selected for backup, whether some parts of it changed or not. This is usually done on Fridays or over the weekend when substantial amounts of data can be copied without affecting business operations. Subsequent backups performed Monday through Thursday, until the next full backup, can be differential or incremental (see below), to save time and space on the storage media. Full backups should be done at least weekly.

As the amount of data grows, the process of backing up the full data set becomes time-consuming. If you have large amount of data to back up, and only a few files changed or were added, then it is reasonable to choose incremental or differential backup where only changes are copied.

With an incremental backup, only files that have changed since the previous backup are backed up. Subsequent incremental backups only add files that have changed since the previous one. On average, incremental backups take less time because fewer files are backed up. However, the data recovery process takes longer as the data from the last full backup must be restored, plus the data from all of the subsequent incremental backups. At the same time, unlike differential backup (see next paragraph), changed or new files do not replace old ones, but are added to the storage medium independently.

With a differential backup, every file that has changed since the last full backup is backed up every time. The value in differential backup: speed up the recovery process! All you need is the last full backup and the last differential backup to be on your way to recovery. Differential backups are growing in popularity — primarily because all copies are made at certain check points in time. This is particularly important when restoring your business data after a virus or ransomware infection — when knowing that check point is a critical factor.

Backup targets

For optimal data protection, companies must make the right choices about where to store their backup data.

The main and the most essential recommendation is to store backup data separate from the originals. The approach here is obvious — if a problem occurs, it will be localized in one place (and only impacting that copy), thus allowing you to continue using the non-affected data and to get your business systems up and running without major interruption. For example, if the hard drive on your computer breaks down, a physically separate backup drive will function.

Further, it is necessary to choose the right media for storing backup data. This can be a direct-attached storage (for example, an external hard drive, connected directly to the computer), or online storage (network-attached or cloud). Directly attached storage provides reliability and speed, while the online storage provides ease of accessibility to backups and permanent, physical separation from the original data. But, as in all things, a combination of, and balance between, all available options is preferred.

Additionally, retaining multiple copies of data (ideally in multiple locations) provides insurance and flexibility to restore to a point in time not affected by data corruption or malicious attacks.

Backup schedule and frequency

For best results, backup copies should be created on a consistent regular basis to minimize the amount of data lost between backups. Sometimes it can be very painful to lose even just a few working days due to a missed backup. To decide how often to make backups, we must be clear about least painful timespan to lose data for. The more time between two backup copies, the more potential for data loss when recovering from the backup.

Schedule and frequency of backups is called the backup policy. The backup policy depends on the needs and requirements of the company and is defined by criticality of data and the risk of its loss. There is not a golden standard for every company, but a good rule of thumb is to implement the following backup policies:

  • weekly full backups, with daily incremental backups, for moderate risk data environments; and
  • daily full backups, with hourly incremental backups, for high-risk data environments.

Backup consistency

There is no point in making backups without checking their consistency — else we may suffer corrupted data or lose a part of our data irrevocably.

Backup consistency is a combination of validity, accuracy, and integrity of the original files, application data, and the operating system of a source computer or a virtual machine. Data consistency is critical for any backup and restore system, regardless of its scope and corporate security policies.

As soon as the initial backup of the data is created, you must immediately check that the data can be restored. Backup and recovery management tools provide different techniques to check backups for data consistency. For example, as part of its image-based system backup, Infrascale Disaster Recovery offers the boot verification option to check if a system backup can boot and run, and thus safely be used to restore or spin-up.

…. and last but not the least, recovery

Regardless of industry, when an unanticipated event takes place and brings day-to-day operations to a halt, an organization needs to recover as quickly as possible and continue to provide services to its clients. From data security breaches to natural disasters, there simply must be a plan for when disruption occurs. Not having an effective disaster recovery plan established can put the organization at risk of high financial costs, reputation loss, and even greater risks for its clients and customers.

Forty-three percent of the SMBs we surveyed said that they have paid $10,000 to $50,000 to ransomware attackers.
Infrascale Survey 2020

The average amount paid for a ransomware attack in the fourth quarter of 2019 was $84,116. This is up from an average of $6,733 just 12 months prior.
Coveware Ransomware Marketplace Report

60% of SMB organizations close within six months of being a ransomware victim.
Cybersecurity Ventures

 

Final Lesson:  Implement backup and recovery.  Your business depends on it!

Most organizations cannot afford unplanned and prolonged downtime. They need to recover as quickly as possible. Regardless of the nature or size of your business, protecting and maintaining your data is your business. Losing critical business data can cause irreparable harm on a business, even to the point of failure.

Looking for a full-fledged, flexible, and reliable backup and recovery solution? Learn more about Infrascale Cloud Backup tailored to protect your critical data residing on mobile devices, laptops, and desktops. Also, explore features and options offered by Infrascale Disaster Recovery to prepare your business data and systems for instant recovery in case of unexpected emergencies, either accidental or intentional.

Internet Day Is a Great Time to Take Action Against Cybersecurity Threats

There’s seemingly a “day” for everything under the sun. And, if anything in our collective business and personal lives deserves its own day, surely the internet is high on the list. That said, there is indeed a day devoted to one of the most impactful inventions of all time: Internet Day on October 29. This day commemorates the first transmission “across” the internet, which consisted of two computers at the time. It also crashed after only two letters were transmitted, but beginnings are tough in the tech industry. Just take a look at what a website looked like back in the day. Be forewarned – if you are a UI/UX professional, this might be the scariest thing you see this Halloween season!

Frankly, it would be hard to overstate the internet’s impact. Amazon.com alone has been one of the greatest – or most destructive, depending on your vantage point – internet innovations. Remember having little or no choice but to commute to a physical store to buy something? Or, from a business perspective, how about sending physical letters and postcards by mail to reach prospects and customers? While these examples might seem like they are from the Stone Age, we’re talking the 90s here.

Maybe the best term to describe the internet, especially with regard to the changes it has fostered for SMBs, is “accelerant.” There is hardly a business process or operation that hasn’t been sped up in some way, shape or form by the internet. Whatever clichéd term is the next level up from “game-changing” is a better fit for describing the changes wrought by the internet. However…

This is why we can’t have nice things

Like all things we grow to enjoy and depend on, someone or something ALWAYS comes along to ruin it for everyone. Such is the internet’s story.

It’s hard to pinpoint when the first hacker appeared on the online scene, but it likely wasn’t long after that first transmission. And since then…yikes. The internet has become the world’s largest virtual haunted house, which is ironic given how close Internet Day and Halloween are on the calendar. And, just as with a real haunted house, threats abound everywhere. Even a journey of a few steps (or clicks, as the case may be) can be scary – if you don’t know what to look for, that is.

The source of a lot of the scariness is what is commonly known in the business world as “F.U.D.” Short for Fear, Uncertainty, and Doubt, F.U.D. is rampant because the vast majority of consumers and businesses know little to nothing about what’s really going on behind the URL we happen to be parked at in any given moment.

Common causes of F.U.D.

Depending on how seriously you take security in general, and data protection specifically, there’s a not-insignificant chance that a malevolent actor is trying to access, observe, and/or steal your personal information. So, it’s not as if F.U.D. isn’t warranted.

A quick tour through the most common – and potentially damaging – causes of F.U.D.:

Malware: A blanket term for any type of malicious software that has the express purpose of attacking data, devices or other tech infrastructure, malware comes in many forms. Viruses, ransomware, spyware, adware, worms, Trojan horses…it’s a pretty scary cohort. The bad guys and girls, like all successful criminals, constantly shape-shift their approaches and tools to stay a step or two ahead of the victims. A good example of this is zero-day vulnerability, where the attack (i.e., insertion of malicious code) is unknown to the developer and is entrenched prior to the software even being released (hence the name).

The two primary vessels for malware delivery are email and, you guessed it – the internet.

Ransomware: As the name implies, your company’s data can be stolen or made inaccessible until a ransom is paid. In the old days, one had to steal a physical object or kidnap a person for an effective ransom strategy. That’s a lot of work and involves numerous controllable and uncontrollable variables. But with the internet, it’s an order of magnitude easier for hackers who know what they are doing.

A particularly nefarious type of malware, ransomware is a nasty problem that grows bigger each year. A 2019 Malwarebytes study found a 365% increase in business ransomware attacks. And an Infrascale survey from earlier this year revealed that close to half of SMBs have experienced ransomware attacks, and nearly three-quarters of those SMBs have PAID the ransom! Depending on the amount of money demanded, one attack could be an existential crisis for an SMB.

Phishing: This type of attack is delivered via email and typically takes the form of a request for personal and other sensitive information such as credit card numbers, usernames and passwords, and bank account information (hello, mysterious Nigerian prince!). We’ve all seen these in our work and personal inboxes. While many are sloppily done and obvious, others are close replicas of legitimate organizations and require a discerning eye.

Phishing comes in many flavors, and one of the most effective is “spear phishing.” Whereas most phishing attacks are like an email blast you would send to hundreds or thousands of prospects, a spear phishing attack is personalized. Yes, that means the hackers have to do more work to track down names, email addresses, job functions, titles, and other personal information. But that also increases the likelihood that an unsuspecting victim will bite.

A recent and particularly relevant example is a group of Iranian hackers sending threatening emails to voters with the goal of influencing their choices. They ultimately got caught via some mistakes made in the included video, but they had access to public voter registration data, which is…unsettling. Unlike with a traditional phishing attack, which is primarily about getting information like credit card numbers, this incident was more like spear phishing in that it was trying to elicit a response from the victim fueled by malevolent intentions.

Internal threats: Your own employees are also potential threats. In fact, more than a third of data breaches involved internal actors, according to a 2020 Verizon data breach investigation report. Sometimes this is because they are careless or don’t know any better. Other times they do so with criminal intent. A recent example is an employee at Tesla’s Gigafactory in Nevada who was approached by a ransomware group and offered $500,00 to install ransomware on the company’s network. He ultimately went to the FBI with the information, but not every victim is so honest.

Artificial intelligence: A hacker with experience and know-how is a potent security threat. But a hacker armed with AI-powered tools and capabilities? That’s the subject of its own blog post – or series of them – but suffice it to say that such a hacker is his/her own army as opposed to a solo invader.

Let’s stop here, even though there’s plenty more scaring potential out there. And post-COVID, with the greatly increased number of employees working from home and using their own computing devices (aka “endpoints”), the attack surfaces have increased tremendously. Hackers have taken note, and attacks continue to grow apace.

It’s possible to mitigate F.U.D. and make the internet less frightening

Sure, it can be scary out there on the internet. But all is not lost!

While it’s sometimes difficult to determine what is true and what is false on the internet, one thing that is an absolute truth is what has worked in the past to thwart cybersecurity threats doesn’t necessarily work now. The malevolent actors are always looking for weaknesses in business’ security perimeters, and they are frequently successful.

And, while spending more money on cyber security solutions can help fight attacks, this approach does not guarantee that the number of breaches will drop. It’s more about how strategically you spend the money, which solutions you buy, and how expertly they are implemented and managed.

If you do one thing to protect yourself on the internet, do this

While there are many solutions you can buy and many approaches to take when it comes to protecting your data and endpoints, there is one in particular that brings as much bang and protection for the buck as any of them: backup and disaster recovery (BDR).

Investing in BDR focuses on any business’ most coveted asset – its data. A comprehensive solution set like the one Infrascale offers mitigates data loss, data inaccessibility and downtime caused by those with malicious intent, accidents (like employee error), server crashes, and natural disasters. All of these situations come with a price. And the longer they persist, the bigger the bill.

Another “truth” about operating in the age of the internet is that offsite data backup is not enough. To keep the lights on and your business running without costly cybersecurity-caused interruptions, the critical technology infrastructure and business processes that manage your data must also be recovered.

Infrascale’s secret sauce is the combination of intelligent software with the power of the cloud. This potent mix removes the barriers and complexity of secure, offsite data storage and standby infrastructure for real-time disaster recovery. Further, it instills the confidence to handle F.U.D. by providing reliable backup and boot-readiness in minutes – which result in less downtime and faster business recovery.

Don’t be scared. Every haunted house has an exit.

Despite Internet Day’s proximity to Halloween, there is no reason to be scared when it comes to maximizing the internet’s reach to operate and grow your business. Despite the myriad threats and hackers found online, it’s inspiring to see businesses fight back and, in many cases, prevent and fix the damages incurred.

For better or worse, the internet isn’t going anywhere. If anything, it will only become a bigger part of business activity and our personal lives. So, we all need to deal with it and do our best to operate on it as safely and responsibly as possible. The good news is that it’s possible to do just that.

If you’re going to do one thing to commemorate Internet Day this year, face down F.U.D. with the right business and disaster recovery tools for the job. That’s not scary, it’s smart.

Happy Internet Day!