This document discusses disaster recovery and business continuity solutions from CIO Office. It begins by highlighting the importance of having plans to ensure business continuity in the event of a disaster. It then discusses different types of disasters and failures that can cause data loss. The document emphasizes that backups alone are not sufficient and advocates for a comprehensive disaster recovery solution. It introduces CIO Office's Tech Advantage BDRS which provides near real-time backups, off-site storage, monitoring and virtualization to allow for fast recovery from any disruption. Pricing and features of the different BDRS systems are provided.
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
Preparing Your Business For A Disaster
1. Your System
Management
Experts
“What Every Business Owner Needs
to Know NOW About Disaster
Recovery & Business Continuity
That Will Guarantee Your Business
Stays Up And Running In the Event
Of A Tornado, Fire, Flood, Or Other
Data-Erasing Disaster”
2. Your System
Management
Experts
CIO Office Inc.
Serving Middle Tennessee Since 2000
Supporting small and medium-sized businesses by
offering voice & data integration and managed
services at an affordable price, backed by years of
experience
Partnering with strong vendors: Microsoft, HP, Dell,
Ingram Micro, Toshiba, NuVox, and others
3. Your System
Management
Experts
Outstanding Customer Service, but don’t take our
word for it….
“I definitely recommend CIO Office. They are very dedicated to what they do and the
customer service factor has been incredible.”-Ken Renner, VP Commercial Sales &
Leasing, Vastland Companies
“Just as people come to us for our expertise in countertops, we get the computer expertise
that CIO Office offers. We can have the smallest thing addressed in a matter of minutes
and keep the workflow going without any interruption.” –Mike Woods, Sales Manager,
Custom Fabrication, Inc.
“CIO Office is a business partner. Anyone that enters into a partnership with CIO Office is
going to be rewarded with the best advice and service that I know of out there in the IT
field in the Nashville area. They make computers easy.”- Gerry McKinney, CFO, The
Parent Company
“There is a definite impact on productivity and having system that we can rely on has made
a definite impact on us. That is what CIO Office brings to our company.” Angela
Lascelle, Office Manager, 360 Artist Agency
4. Your System
Management
Experts
What Your Will Learn Today
• The differences between Backup, Disaster
Recovery and Business Continuity
• Types of disasters, their frequency and
severity
• Why you should be afraid…very afraid
• The easiest way to insure your data isn’t lost
• How to put your backup on autopilot with
complete confidence that it works
5. Your System
Management
Experts
What Is Our Goal?
• Make sure you never lose critical data
• Minimize downtime
• Recover as quickly as possible in the
event of a disaster
6. Your System
Management
Experts
Why is this important?
• Of companies experiencing a major loss of
data
• 25% to 43% never reopen
• 51% close within two years of the loss
• A mere 6% survived over the long term
7. Your System
Management
Experts
Why is this important?
• Small businesses account for
• More than 99% of companies with employees
• 50% of all private sector workers
• Nearly 45% of the nation’s payroll
• Commitment to planning today will help support
employees, customers, the community, the local
economy and the country
8. Your System
Management
Experts
Business Continuity
. . . Is a holistic management process that
identifies potential impacts that threaten an
organization and provides a framework for
building resilience and the capability for an
effective response that safeguards the interests
of its key stakeholders, reputation, brand and
value creating activities.
9. Your System
Management
Experts
Not Just About IT Issues
• Plan for immediate disaster response –
including safety of employees
• Identification of critical processes
• Review insurance coverage
• Disaster prevention
• Key suppliers/service providers
10. Your System
Management
Experts
Where to Begin?
• Vulnerability Assessment
• Probability
• Potential Impact
• List potential threats considering
• History
• Geography
• Technology
• Building Characteristics
11. Your System
Management
Experts
Key Causes of Data Loss
78% Equipment Failures
11% Human Error
7% Software Corruption
2% Computer Viruses
1% Natural Disasters
1% Other
12. Your System
Management
Experts
Equipment Failures
• Malfunction or complete failure of office
machinery
• Servers
• Desktops or laptops
• Fax machines
• Phone systems
• Network components
• Expect this type of failure at some time
13. Your System
Management
Experts
Human Errors
• Unintentional actions taken by
managers and employees acting in
good faith
• Most common causes
• Inadequate user training
• Fatigue
• Carelessness
14. Your System
Management
Experts
Third Party Failures
• Service delivery failures
• Electrical power
• Phone service
• Internet service
• Financial disasters
• Default of large customer
• FDIC bank closure
15. Your System
Management
Experts
Environmental Hazards
• Denial of access due to
• Smoke from nearby fire
• Hazardous substances in building
• Irritants such as
• Fresh paint
• Radioactive, biological or
chemical substances
16. Your System
Management
Experts
Other Disasters
• Natural events
• Tornados
• Floods and storms
• Man-made disasters
• Fires
• Gas leaks
• Water pipe leaks
17. Your System
Management
Experts
Terrorism and Sabotage
• Intentional, systematic, planned and
organized
• Based on malicious intent
• Possibility of very concentrated damage with
relatively little effort
• Perpetrated by
• Terrorists
• Computer hackers
• Disgruntled employees
18. Your System
Management
Experts
Understand Your Risks
Nashville was the 9th most dangerous city in the US for Long
Track F3 to F5 tornados between 1880 and 2003
19. Your System
Management
Experts
Evaluate Each Disaster Based on -
• Probability of occurrence
• Impact
• Human - possibility of death or injury
• Property – cost of repair/replacement
• Business – potential interruption of
operation
• Ability to respond
• Internal resources
• External resources
20. Your System
Management
Experts
Vulnerability Assessment
10
9
8
7
6
5
4
3
2
Probability
1 Impact
0
21. Your System
Management
Experts
Key Concepts
• Recovery Time Objective – RTO
• How long can your business survive before you
have to be operational to remain in business?
• How long before the costs of being down
outweigh the cost of recovery?
• Recovery Point Objective – RPO
• How old can your data be and still have value?
• How old can your data be before the cost of
recovering it outweighs the cost of protecting it?
22. Your System
Management
Experts
14 days 7 days 2 days 1 hour 1 day 2 days
Lower cost Higher Cost Higher Cost Lower cost
23. Your System
Management
Experts
On-line Resources
• www.ready.gov/business
• www.disastersafety.org/business_protection
• www.fema.gov/business
• www.rothstein.com
• www.thebci.org
24. Your System
Management
Experts
Books
• Business Continuity Planning: A Step-by-
Step Guide with Planning Forms on CD-
ROM, Third Edition
• Kenneth A. Fulmer
• Contingency Planning and Disaster
Recovery: A Small Business Guide
Donna R. Childs and Stefan Dietrich
25. Your System
Management
Experts
Disaster Recovery
. . . Is the process, policies and procedures
of restoring operations critical to the
resumption of business after a disaster.
26. Your System
Management
Experts
Backup
• Copying your data to a safe medium for
recovery in the event of data loss due to
disaster
• Protection from some disasters, like fire or
flood, requires two-step backup
• On-site
• Off-site
27. Your System
Management
Experts
Traditional Backup Methodology
• Backup is performed nightly
• Someone must remove the media and replace it
with tonight’s media
• Two-step backup accomplished by taking a recent
backup off site
• Relies on your staff to make sure that backup is
working
• Single snapshot per day
28. Your System
Management
Experts
Backup to Tape
• Slow – takes half hour to hours and hours
• Media degrades over time and is greatly
affected by the environment
• Tape drive is expensive
• Additional capacity is difficult to add
• Formats are typically proprietary – must have
same type of drive and same software to
restore
29. Your System
Management
Experts
Move to Disk Based Backup
Removable Hard Drives
• Backup and restore times are much faster
• Capacity is easily increased
• Solutions may use standard Windows file
systems
• Still requires user interaction
• Not as convenient to carry offsite
30. Your System
Management
Experts
Here’s the problem…
We think a good backup is good
enough.
31. Your System
Management
Experts
Criteria For A Solid Backup System
• Take the human element out of the equation
• Make sure ALL files are backed up
• Automated and easy
• Intra-day backups
• No impact on day to day operations
• Fast restores – and to dissimilar hardware
32. Your System
Management
Experts
Criteria For Off-Site Backup
• Secure data transfer
• Secure data storage
• Ability to receive data overnight
• Ability to send initial backup on hard drive
• Geographically separate from you
• Low cost off-site storage
• Regulatory compliance – HIPAA, SOX, GLBA
33. Your System
Management
Experts
Questions to ask…
• How much revenue, gross AND net, do you
generate?
• How many employees do you have, what is
their cost?
• How much of that is facilitated, or even
dependent, on your IT infrastructure?
34. Your System
Management
Experts
Questions to ask…
• How will a failure – even a short lived failure
– be perceived by your customers and your
employees?
• How quickly can you recover lost files?
• If a server fails, how long will it be before
you are back up and running…how much
opportunity cost would this represent?
36. Your System
Management
Experts
Introducing CIO Office’s
Tech Advantage BDRS
• Built-in archiving to rid yourself of costly
tapes, offsite storage facilities and downtime while
waiting on restores.
• 24x7x365 monitoring and management, insuring
data integrity
• Comprehensive business continuity, disaster
recovery, and back-up, all in one
• Includes our TechAdvantage Basic Plan (Valued at
$150)
37. Your System
Management
Experts
8 Reasons Why You Need To Replace Your
Current Backup With CIO Office’s
Tech Advantage BDRS
1. Near Real-Time Backups: As frequently as
every 15 minutes
2. Complete Image: Backs up your entire server
including open files
3. Restores that are Intuitive, Flexible and Fast
38. Your System
Management
Experts
8 Reasons Why You Need To Replace Your
Current Backup With CIO Office’s
Tech Advantage BDRS
4. Secure Remote Storage
5. Secure Bandwidth Throttling Transfer
6. Monitored and Verified 24x7
39. Your System
Management
Experts
8 Reasons Why You Need To Replace Your
Current Backup With CIO Office’s
Tech Advantage BDRS
7. Virtualization
• Server Fails
• NAS Virtualizes Server
• One hour or less
• No reconfiguration necessary
• Backups Continue
40. Your System
Management
Experts
8 Reasons Why You Need To Replace Your
Current Backup With CIO Office’s
Tech Advantage BDRS
8. Overnight Disaster Recovery
• Replacement appliance delivered with
most recent off-site images
• Business can be back up and running in
24 – 48 hours
42. Your System
Management
Experts
How Much Would This Be Worth To Your
Business?
• No longer replace failed tapes
• Have you network back up in the time that it
takes an employee to have a coffee break
• Have the peace of mind that your records are
up-to-date and your business will not be one
of the casualties of a major disaster
43. Your System
Management
Experts
“It’s a no-brainer. The cost of the
plan is so low and the backup
coverage is so comprehensive. For
this price, you can’t even pay an
employee to change out the tapes Gerry McKinney
CFO
every day or cover the cost of The Parent
Company
failed tapes throughout the year.”
44. Your System
Management
Experts
Tech Advantage Tech Advantage Tech Advantage
BDRS-100 BDRS-2100 BDRS-3100
Tower Tower or Rack Rack
2 Servers 3 to 6 Servers 7 to 10 Servers
400 GB of Data 1 TB of Data 2 TB of Data
Monthly Fee $199.00 $299.00 $399.00
Setup Charge $995.00 $1,495.00 $1,995.00
Included Off-site 50 GB 100 GB 250 GB
Additional Storage $1.60 up to 500GB $1.60 up to 500GB
$1.60
Per GB/month $1.45 over 500GB $1.45 over 500GB
Editor's Notes
Go around the room and get everyone’s name and company. What is the one thing you would like to learn during today’s seminar? Amanda will write; while I facilitate. Then, I will erase the board.
Highlight where the company is today and some of the key vendors that we work with
At CIO Office, we view technology as a tool in your toolbox. By utilizing the appropriate solutions, we increase productivity within the office, reliability of your network, and profitability for your business. Here are a few comments from our current customers. Read through comments.
Today, I am going to talk about What Every Business Owner Needs to Know NOW About Disaster Recovery & Business Continuity That Will Guarantee Your Business Stays Up and Running in the Event of a Tornado, Fire, Flood, Or Other Data-Erasing Disaster. Although there is a lot of information to cover this morning, please feel free to interrupt me at any point with questions. We have an intimate setting to address questions specific to your business.We will spend some time today considering the types of disasters, their frequency and their severity. It is critical that you consider all of the potential risks and you may well have risks that you have not considered.We are going to learn the differences between Backup, Disaster Recovery and Business Continuity. These are related, but different concepts and I will explain each of them to you.We will also discuss why you should be afraid – very afraid – if you do not have a solid backup solution, and a business continuity plan in place. And – you can’t possibly have a solid business continuity plan if you don’t have a solid backup solution.We will discuss the easiest way to be sure that your data isn’t lost. And I will explain how to put your backup on autopilot with complete confidence that it works.
When we are discussing business continuity and disaster recovery, the goal is to make sure that you NEVER lose critical data while minimizing downtime and recovering as quickly as possible in the event of a disaster. And this isn’t like the saying that you can have any two of fast, cheap and good, but not all three. You MUST strive to achieve all three of these goals.
Why is this important? According to a 2003 study, as many as 43% of all companies who experience a “major loss” of computer records never reopen, 51% closed within 2 years and only 6% survived long term. That means that if a disaster were to hit the Lansing area and affect all of our businesses, most of us would be looking for other jobs. Even if you are able to reopen, how do you regain the trust and confidence of your employees and your customers?
Consider also that small businesses account for more than 99% of companies with employees, 50% of all private sector workers and 45% of the nation’s payroll. Those figures are according to the US Department of Homeland Security. Our local and national economy clearly depends on small businesses being prepared for disasters. Commitment to planning today will help support employees, customers, the community, the local economy and the country.
Business continuity is the most comprehensive of these three areas, requiring a holistic management process that identifies potential impacts that threaten an organization and provides a framework for building resilience and the capability for an effective response that safeguards the interests of its key stakeholders, reputation, brand and value creating activities.
Now, this is much, much more than a just a discussion about IT issues. First and foremost, you need a plan for dealing with in progress disasters while you are at work. Much like the plan you may have developed at home when your children were young, you and your employees should know how to evacuate quickly and have a place to meet safely outside your building. You need to know how to contact all employees and their emergency contacts. Do your employees know where to take shelter if there is a tornado? Should you have employees trained in first aid and CPR? Do other employees know who is trained? Once you have made it through the immediate disaster, do you know which processes are critical and do you have a plan in place to restore them as quickly as possible? Will you need to have an alternate business location? Do you have contact information for all of your key vendors available? Are your customers able to contact you?You will also need to review your insurance coverage. You will need to know what will your insurance cover in the event of a disaster. Disaster prevention should also be considered. I am certain that you all have fire extinguishers and sprinklers in your offices, you lock your doors when you leave and you may have a security system. And when it comes to IT issues, you also need to consider your day to day cyber security. Certainly a virus or hacker attack can be just as damaging as many other disasters. So you need to consider not only how you will recover from an event, but also how you can prevent events from happening in the first place.Lastly, if you have vendors that provide a critical product or service, do you know if they have a business continuity plan in place? If not, do you have alternate providers that you could turn to in the event that your vendor is not able to provide their product or service? I’m certain that KI’s clients would not want to do business with a firm that was not concerned about business continuity. If they have a problem, they want to know that we will be able to respond.
So where do you begin? You begin by performing a vulnerability assessment. You need to consider the potential threats that may occur, their probability and their potential impact. Consider your company’s history – what events have previously occurred – as well as the geography, your technology and the events that may occur due to the structure of your building.
Refer to True Hard Facts About Data Loss sheet in handout packetAs you consider the potential threats, it may be helpful to think about different types of disasters. Lets take a closer look at each of these disaster categories.
Perhaps one of the most probable disasters is a malfunction or complete failure of office machinery, such as servers, desktops and laptops, fax machines, phone systems or network components. You should expect that you will experience these types of failures at some time. However, there is a lot that can be done preventatively to address equipment failures-although it is not our topic of discussion today, we offer a preventative maintenance program called Tech Advantage that can dramatically reduce the likely hood that your business will experience any downtime associated with network failures. We would be happy to give you more information about this program.
Human error, those unintentional actions taken by your employees acting in good faith. These are most commonly caused by inadequate user training, fatigue and carelessness. Perhaps an employee deletes a critical file, or opens up a document as a starting point for a new one, and saves over the original. These types of events may happen fairly frequently, but with a good backup system, shouldn’t be terribly severe.
I’m certain that you have all experienced third party failures from time to time. These include service delivery failures such as electricity, phone and internet service. How well will your business function without these services for an extended period? Less frequent but also to be considered are defaults of a large customer or an FDIC bank closure. Imagine that your bank has been closed and you are denied access to the funds you have on deposit.
Perhaps a type of disaster that you have not considered is environmental hazards that lead to a denial of access situation. Perhaps your office has been damaged by smoke from a nearby fire. There may be hazardous substances in the building, or irritants such as fresh paint, radioactive, biological or chemical substances that will prevent you and your employees from working there for a period of time. All of your equipment may be functioning properly – you just can’t go near it.
Next consider those disasters that were probably the first ones you thought of – fire and other similar disasters. These include natural events such as tornados, floods and storms, as well as various man-made disasters such as gas and water pipe leaks.
Lastly, are intentional, systematic, planned and organized attacks carried out by terrorists, computer hackers or disgruntled employees. These events are based on malicious intent and carry the possibility of very concentrated damage with relatively little effort. I think I would include theft in this category as well.
It is important to understand your risks- as you can see from this diagram, Tennessee is at an increased risk of tornadic activity- there have already been 17 tornados in Tennessee in the first half of 2009Is your business near a railroad, river, are there restaurants near-by that increase risk of smoke damage from a fire, etc.So, you need to look at where your business is located in terms of natural risks – floods, earthquakes and the like – as well as what hazards may be caused by surrounding businesses or transportation routes.
When you look at each of these disasters, you need to evaluate each one first based on the estimated probability of its occurrence. For example, it is our experience in our office that the power will go out for an extended period about once every 18 months – typically on a bright and sunny day. Our internet service goes down significantly less. So on a scale of 1 to 10, with one being unlikely and 10 being very likely, I would assign power loss a 10 and internet loss a 3.Next you need to assess the impact that the event will have on your business. The first area of potential impact is the human impact – what is the possibility of death or injury. Both of the events previously considered are unlikely to cause death or injury, so I would assign a value of 1. You might assign a higher value. For example, if you have employees who have health issues or disabilities that may rely on an elevator to leave the building or electricity to provide oxygen.The second area of impact is property impact. In this area, you need to consider the cost to replace property lost or damaged, as well as the cost to set up temporary replacements and the cost to repair. My power failure example is not likely to actually damage my equipment, so I would assign a low value. Fire would score high on the property impact scale.The last area of impact is the potential business impact. Consider if this event will interrupt your business, cause employees to be unable to report to work, cause customers to be unable to reach your facility – either physically or by phone. The event may also cause you to be in violation of contractual agreements, cause fines or penalties to be imposed or interrupt critical supplies or product distribution. For example, one of the services that we provide for our clients is monitoring of our clients’ networks, servers, desktops and mail services. If our monitoring servers lose power or internet service, we are unable to provide that service. If our email server loses power or internet service, we will not be alerted to events that need attention. Without these third party services, we are in violation of our contracts and are unable to provide services to our clients. So I would score these losses very high.Next you need to assess your resources and ability to respond. You need to assign a separate score to your internal resources and to external resources. If your resources will have the necessary ability to respond, assign a low score; if not, the score will be higher. For each potential emergency, you need to ask two questions:-Will we have the needed resources and capabilities to respond if key employees, contractors, vendors, etc. are not available? -For this emergency, will external resources be able to respond to us as quickly as we may need them, or will they have other priority areas to serve?This chart shows a rather simplified vulnerability assessment based solely on the broad categories and consolidating all of the potential impact and response questions into one bar. You would not want to spend large amounts of money to address vulnerabilities which score very low, but you will probably find that many of them can be dealt with very easily. Once you have addressed those, you will want to look at the vulnerabilities that have a higher impact, but lower probability and determine whether to accept the risks involved or to correct them. These decisions will most certainly involve senior management or the business owner.
This chart shows a rather simplified vulnerability assessment based solely on the broad categories and consolidating all of the potential impact and response questions into one bar. You would not want to spend large amounts of money to address vulnerabilities which score very low, but you will probably find that many of them can be dealt with very easily. Once you have addressed those, you will want to look at the vulnerabilities that have a higher impact, but lower probability and determine whether to accept the risks involved or to correct them. These decisions will most certainly involve senior management or the business owner.
Now as you review the results of your vulnerability assessment, you need to consider two more concepts. First, what is your recovery time objective? In other words, how long can your business survive before you have to be operational to remain in business? Also consider how much time has to pass before the costs of being down exceed the cost of faster recovery?The second concept is recovery point objective. Consider how old your data can be and still have value. Certainly, if you have a business where your customers are placing orders on line and you do not have a printed record of what they have ordered, any lost data is lost revenue and an unhappy customer. But perhaps your customers call or fax in orders and you print the orders as you enter them. Any lost orders can be reentered without too much difficulty. But – how old can your data be before the cost of recovering it exceeds the cost of protecting it?
It is important to understand that the shorter your goals for recovery time and recovery point, the more money you will need to spend to achieve them. If your recovery time objective is 2 hours, you are going to need to implement a solution that provides for an alternate site that can take over your critical processes on short notice. If you have a staff that is needed to carry out those critical processes, you will need to have an alternate office for them as well. And if you want to be absolutely sure that the plan will work when needed, you will have to have periodic tests to make sure that everything functions as expected – yet another expense.
Print handouts from these websites
Give away book
So, how is disaster recovery different from business continuity? Well, disaster recovery refers to the process, policies and procedures for restoring operations critical to resumption of the business after a disaster. In effect, this is the real life test of your business continuity plan.
That brings us to backup. Very simply a backup is simply the process of copying your data to a safe medium for recovery in the event of data loss. Of course, if you want to be protected in the event of a disaster, you will need to have a two-step process. The first step copies the data creating the on-site backup; the second step gets a copy off-site
Traditionally, the backup process has been scheduled to occur nightly. Someone must be responsible for making sure that the correct media is in the drive at the end of the day. The two-step backup is accomplished by assigning someone the task of manually taking a recent backup off-site. Using this methodology, you are relying on someone to make sure that the media is rotated and handled appropriately. If you want to have any assurance that the backups are working properly, that person needs to be trained to look at the results of the backup, checking for errors. They should also be performing periodic test restores. We do have clients who are able to perform these tasks. We have many more that have no idea if their backups really worked, would not have any idea how to do a test restore, and still others who make no attempt to rotate the media or take media offsite. And even those who do make this process work, may sometimes find that the backup media they need is offsite when they need it to restore a file.Recently, we have worked with three companies who thought that they had good backups, when in fact they had no backup at all, because the backup jobs had never been created, or they had backups that were failing. One company even had their previous IT company tell them that they shouldn’t worry about the error messages that were being generated by the backup software. My techs will tell you that I don’t like to see ANY errors on backup jobs and that I take backup failures very seriously.Another problem with this system is that it captures only one snapshot per day. If your backup is scheduled at 10pm – you have a picture of 10pm. If you work hard all day and a fire starts at 4:30pm, you risk losing the entire day’s work. And if when that fire starts, last night’s backup is in someone’s purse and they are forced to evacuate without it – you will most certainly lose more than that one day.
Historically backups have been done to tape. Tape has a number of limitations, they are slow to backup and slow to restore. We have had clients with large amounts of data that were unable to backup all of their data between the time the employees left at night and when they arrived the next morning. Tape media degrades over time and is greatly affected by the environment in which it is stored. So if you have been putting the backup tape in your pocket and leaving it in your car during the summer and winter, you probably have tapes that cannot be relied on. In fact, estimates are that anywhere from 42 to 71% of tape restores fail. Tape drives are expensive, particularly as the capacity increases. And increasing the capacity is difficult. You can’t just buy a bigger tape; you need a tape drive that will accommodate a tape with more capacity. So typically, people make the decision to do only a partial backup. This decision leads to the possibility that some critical information is not available when you need it because it was inadvertently left out of the list of files and folders to be backed up.Now maybe you are wondering why it is a bad thing to just backup your data. You are 100% sure that you know where your data is and you just want to back that up. If you have a server and the server fails in a way that requires that the system be completely reloaded, it will take about 4 hours for the operating system to be reloaded. Then you have to restore the data, which won’t be useful until you reinstall applications. Then we need to be sure that all of the users are set up and set up properly. Oh, now you want to print – we have to reinstall the printers first. It seems simple, but in fact it will take at least 2 days before the system is running acceptably and probably longer before it is running smoothly.Tape formats are usually proprietary – you need the same type of drive and the same software to restore the data. While that isn’t an issue when your system is new, it may be very difficult and expensive to get your data back if your server and tape drive are destroyed. Data backed up to tape is rarely encrypted because that increases the amount of time and space that the backup takes, so if your tape falls into the wrong hands, your data is easily compromised. On the plus side, tape media is cheap and small – so it is easy to toss in your purse or pocket and leave in your car.
Over the last 3 to 5 years, there has been a transition to hard disk based backup solutions. There are many, many products to choose from and the features of each are a bit different. But generally, this type of solution offers much faster backup and restore times and the ability to increase the capacity easily. Simply buy a bigger hard drive and slide it into the drive tray. Many solutions use standard Windows file systems, and I would recommend that if you are looking at this type of solution that you insist on that. Like tape, you still need to be sure that someone removes last night’s disk and replaces it with tonight’s. You also need to be sure that someone is responsible for keeping a current copy offsite. And if the drive falls into the wrong hands, it is even easier than tape to get the data off. Most solutions are also much larger than tape media, so it may not fit in your pocket or purse, which may reduce the likelihood that you will actually take it offsite.
So here is the problem. Some of you are sitting there thinking that what I have just described is a pretty good backup system. You, or someone in your office, are very disciplined and you know that your backup is taken offsite every day. And you firmly believe that a good backup system is good enough. And maybe for you it is. But, let’s look at the criteria for a backup system that is a great backup system.
First, the human element should be completely eliminated from the equation. I need to know that my backups are going to happen just like clockwork and it won’t matter if half of the office is off work or out of the office. Next, I need to be absolutely sure that every file that is part of my system gets backed up – every time. I didn’t mention this as a problem with the other solutions, but frequently businesses have some database applications, or they are running Exchange for calendaring or email and certain files are always open and never get backed up. This creates problems when the data is restored. I don’t want to restore the data and then spend several more hours dealing with the problems created by the fact that a file was open and did not get properly backed up.The backup should be automated and easy. This insures that the backup always happens!Backups taken during the day are a huge benefit. I am sure that most of us have worked on some project for significant time and then made some terrible mistake and wiped out hours of work! Early in my career at KI, I worked all day on a data conversion and program upgrade for a client in Kalamazoo. Everything was complete and working properly. Because the client had limited disk space, it was very expensive in those days, I needed to clean up the files that were left by the conversion process so that they would have enough space to work. Unfortunately, I put a space where it didn’t belong and promptly began deleting every file on their system. I remember thinking that if the Lord had any plans to take me off of the earth any time soon, that was the perfect moment! Fortunately, I had a backup from before I began and I was able to stop the process before all of the files were gone, but being able to go back 15 minutes would have been a big improvement!The impact on your operation should be minimized as much as possible. Ideally, you should be completely unaware that a backup is in progress. If you need to work late one night, you shouldn’t be thinking that you have to be sure to be off the system by 9pm because that’s when the backup starts.And you should be able to restore a partition, folder, file, database, mailbox or message quickly and easily. And should you have a server that is completely destroyed, you should be able to restore the backup to the new server, even if it is drastically different from your old server.
When you evaluate an option for off-site backup, there are a number of additional criteria that should be met. For many of us, the idea that our data is going to be sent to an offsite location somewhere across the country is scary. We want to be sure that no one else has access to our data. In fact, for some it is a regulatory requirement that the data be kept secure. So perhaps the most important question to ask is if the data transfer is secure. Can your information be intercepted and stolen? Then you need to understand how your data will be stored. You should not only be concerned about whether or not others have access to your data, but also is the facility safe – able to withstand disasters or loss of power. You need to understand what will happen in the event of a disaster? You need to be able to get the data back quickly, and if you have even 10GB of data, which is a relatively small amount, that cannot be transmitted overnight. So does the provider have a plan in place to get your data back to you, overnight, without use of the Internet. And if your initial backup is large, do you have the ability to copy it to a hard drive and send it to the data center for loading.You should also consider where the offsite location is relative to where you are. If you are just sending the data across town and there is an event that causes widespread damage to our area, your data may not be as safe as you had hoped. Utilizing data centers in geographically separated areas provides additional protection from disaster.Offsite storage must be reasonably priced – and believe me there are some solutions that are decidedly not reasonably priced. And - depending on your situation - you may also need to be concerned with various regulatory requirements, such as HIPAA, Sarbanes-Oxley and Graham-Leach-Bliley.
Ask yourself these questions. Now the answers to these will be different for each of you and you don’t need to share your answers with the group. If you want to work through this with me later, I’d be happy to talk to you about it.How much revenue, gross AND net, do you generate?How many employees do you have, what is their cost? How much of that is facilitated, or even dependent, on your IT infrastructure?
How will a failure – even a short lived failure – be perceived by your customers and your employees?How quickly can you recover lost files?If a server fails, how long will it be before you are back up and running…how much opportunity cost would this represent?
Now that you’ve given that some thought, I’d like to see a show of hands – would everyone who believes that they have all of these systems in place right now – today – that if I stormed into your office and took a sledge hammer to your server, you could be back up and running tomorrow please raise your hand. Anybody?
Well, we have been working on a solution that is specifically designed with small business in mind. We have looked at many solutions and we have even adopted not one, but two solutions, only to abandon them when they did not deliver as promised. The result of our year long evaluation is CIO Office’s Tech Advantage BDRS, a solution that we believe will meet the needs of our clients. It is a solution that meets multiple regulatory requirements. If you fall under some of these regulations, we would need to discuss your particular situation with you in detail. Moreover, this solution addresses all three of the critical areas that I have discussed this morning – Business Continuity, Disaster Recovery and Backup. This solution utilizes a Network Attached Storage Device or NAS to perform the backups and provide disaster recovery and business continuity.
There are 8 reasons why you should replace your current backup with CIO Office’s Tech Advantage BCRS. Reason number 1 is that it provides near REAL TIME backups. When we deploy this solution in your office, a complete image of your server is taken. Thereafter, changes to that initial image are captured in preset increments, which can be as little as every 15 minutes. These incremental images are rolled up to provide daily, weekly and monthly images. For those who are interested, we can go into more detail about exactly how this is done offline.The second reason is that we are capturing a complete image. We will have your complete system state, as well as all applications and data. Backups are not done on a file by file basis, but rather by looking at each individual block of data, regardless of what file it may belong to. This is the most efficient method of backing up and it eliminates problems encountered while attempting to backup open files. Additionally, the backup is encrypted on the local device and is completely unusable to anyone who does not have the key that was established when the device is deployed.Thirdly, our BDR solution provides fast and flexible restores. You can recover files, folders, partitions, individual mailboxes or messages as well as databases and tables using a quick and intuitive process. And remember that because we are backing up in 15 minute intervals, we can be very flexible about which version of a file or database is restored.In case of a complete system failure, we also support a bare metal restore to a different configuration. So in other words, if your server fails beyond repair, you can order new hardware, without any software and we can restore the image of your old server to your new configuration.
Secure Remote Storage – This is a big concern. I have already mentioned that the data is encrypted on the local device. Additionally it is transmitted via an encrypted tunnel to a secure offsite facility where it is stored in an encrypted and compressed format. Once it is received at the first location, it is transmitted to a second remote facility. When it is all said and done, your data exists in three different geographic regions, providing additional assurance that your data is safe. The encryption that occurs at the time of backup and during the transfer insures that the data is useless to anyone that might be able to intercept it during transmission. Our encryption technique uses the 256-bit Advanced Encryption Standard, which has never been broken and is currently considered the gold standard of encryption techniques.Secure Bandwidth Throttling Transfer – I have already discussed the secure aspect of the transfer, but you may be wondering how all of this data will be transmitted without slowing your internet access. We employ Adaptive Bandwidth Throttling to be sure that your operation is not affected. This technique allows us to use only unused bandwidth for the data transfer. We can also limit the bandwidth that is used for the transfer. Now, if your initial backup is quite large, we have the option of copying the data to an external drive and shipping it to the remote storage location. We prefer not to do that because transfer of incremental backups cannot occur until after that initial image is loaded. Now we do need to look at how much bandwidth you have as we need to be sure that the incremental backups can be transmitted in a reasonable amount of time. If you do not have sufficient bandwidth, you can find yourself in a situation where the amount of data to be transferred is constantly increasing.This is a completely managed solution. Both the NAS device and the attached servers are monitored 24 hours a day, every day of the year. Additionally, we will periodically perform a test restore as additional assurance that your data will be available when needed. If there is a failure of any of the processes, we are notified via phone and email and can take immediate corrective action. If there is a problem with the NAS device itself that cannot be repaired either remotely or onsite, an overnight replacement will be shipped – preloaded with all stored data – directly to your location.
Most importantly, our NAS device also serves as an on-site virtual server. If any of your servers fail, our server virtualization technology embedded in our NAS allows your server and applications to be restored and rebooted in less than 30 minutes in most cases. It may sometimes take several days to receive a replacement server, perhaps less if you only need to replace a specific component, but the NAS will have you up and running while you wait for the repair. Since the NAS is capable of multi-tasking, it will be continuing to backup while it is running your business. When your server is replaced or repaired, the current image from the NAS will be restored and virtualization will stop. During virtualization, there will be no reconfiguration necessary; the virtualized server will be identical to the failed server in terms of IP address, services and applications. This is also a function that we will test after implementation to be sure that there will be no problems should virtualization be necessary.
And remember, that if a NAS is destroyed, a replacement is shipped – preloaded – directly to your location – or location that you specify. So, if you have a fire or flood or theft and your server and NAS are both destroyed, you will be backup and running the next day.
Now, perhaps you are thinking this sounds too good to be true or that it sounds like something you can’t afford. After all, you have a lot of data, so it is probably going to cost a lot of money. Well that leads me to the biggest benefit of all – the price. Here is what one of your clients has to say about the solution.
Go through chart – skip the Premium level unless someone is interested.Amanda please hand out the order forms…