When it comes to data protection and disaster recovery (DR), 2020 was one of the most challenging years yet. Last March, with just days notice, COVID-19 forced companies to take entire workforces remote. As IT rushed to provide access to data and applications, employees worked on home machines with outdated security, often connecting to servers and apps via complex, low performing virtual private networks (VPN).
The threat surface had been greatly expanded and bad actors had a path to access company data and resources. In fact, by the end of the first month of pandemic restrictions alone, security firm Barracuda Networks reported a 667% spike in phishing attacks, with the FBI just weeks later announcing cybercrime had quadrupled.
Still, employees were soon enjoying the newfound conveniences of remote, just as leaders were realizing productivity wouldn’t suffer. Now, regardless of COVID, it’s clear remote is here to stay. And if there’s been a silver lining for those in IT, it’s that, as IT plans out 2021, management can draw from the many lessons they’ve learned and improve data protection and DR.
To the cloud
When you’ve got a large number of employees working from home, infrastructure changes substantially. Prior to COVID, most companies centralized resources on premises or nearby data centers, with VPNs used for connecting. However, managing and provisioning VPNs proved complex, scale was lacking and performance was poor. Further, when it came to backing up data – storing copies on tape, disk, external hard drives or backup servers – there was no redundancy in the event of something like a flood or power outage. During some periods of the pandemic, IT couldn’t even get into their on-premises data centers to manage their systems.
As a result, companies have been moving resources and infrastructure to the cloud and relying increasingly on software, backup and infrastructure as a service (SaaS, BaaS, IaaS). Money that was previously allocated to on-premises resources is going elsewhere. For instance, many entities that used an on-premises version of Microsoft Dynamics have been transitioning to Microsoft 365.
Even so, while providing remote employees with easier access and better performance, SaaS can cause backup issues if you’re not careful, too.
There’s a misconception that SaaS apps and data don’t need to be backed up because the service provider handles it. In fact, according to a survey by 451 Research, nearly 50% of respondents said they depend on their SaaS vendor to protect data, another 25% don’t protect it all.
This is a dangerous assumption because SaaS vendors operate under a shared responsibility model. They ensure their service is secure, applications are available and data is safe during a disaster. But long term, granular protection of the data itself is actually the customer’s responsibility.
Even with Microsoft 365, if an employee accidentally deletes a key document and they don’t notice it for months, there’s a problem. Like many SaaS apps, Office 365 deletes all trashed items after 30 days. So unless it’s been backed up, it’s gone forever. Worse, if an employee deletes emails or documents related to illegal activity, and authorities launch an investigation, the information may be unrecoverable and serious legal troubles could follow.
There are point solutions that protect popular SaaS applications, but nothing for general-purpose data protection for SaaS. If there’s no point solution for a critical SaaS app, ensure the data protection part of the contract is ironed out with the service provider, and have them send along copies of your data on a regular schedule.
DR often takes a backseat to more pressing IT items until it’s too late. Then, when mission critical apps are down and data is jeopardized, IT finds itself in a scramble to find a fix as the C-suite, employees and customers simmer in frustration. Not convinced? Who would have ever predicted a global workforce would need to go remote with only a few days’ notice?
To effectively handle this new remote paradigm, IT must reevaluate and adjust continuity strategy so their company can keep going regardless of circumstances. To effectively plan, it’s important to keep the following common mistakes in mind:
- Catastrophes happen: When finances get tight, decision makers and IT leaders sometimes cut DR, counting on the unlikelihood of a catastrophe. It’s a classic case of being penny wise and pound foolish when you consider that an entire company could suffer missed sales, unhappy customers and a damaged reputation all to save a few bucks in the short term. If this is happening, correct it immediately.
- Be on the same page: There sometimes can be a disconnect between IT and business managers, particularly around which apps are most vital to operations. Instead of jointly prioritizing these, IT will decide on its own, setting the stage for mismatched expectations. When a DR situation occurs, business lines can be left waiting for key tools and data, while IT is restoring less important resources. Getting everyone on the same page can prevent a lot of headaches.
- Think it through: It doesn’t matter how quickly you spin up virtual machines (VMs) in the cloud or your offsite DR data center; if your users don’t know how to access them, you haven’t recovered. What’s more, apps don’t exist in a vacuum and dependencies need to be considered. Think it through – it’s not a mess you want to untangle while business is stalled and losing revenue.
This is a test
Testing is serious business, and when it comes to DR, good testing can mean the difference between a rapid recovery and a ton of permanently lost data and applications.
Remember, completing the backup and replication process alone isn’t enough. Neither is backing up at frequent intervals and safely storing them. Without regular testing, backup data is essentially a big blob of unused storage. Apps may fail to restore fully and not run. Data could be corrupted or infected with malware. Dependencies could be out of order, resulting in function loss.
These are issues you don’t want to discover when the C-suite is breathing down your neck, asking how soon the business will be back up. Test, retest, and when you think you’ve got it all down and you’re ready for a disaster, test again.
At your service
IT leaders can remove a lot of responsibility and overhead by enlisting a managed services provider (MSP). BaaS and DRaaS can simplify IT, free staff up, lower costs, increase ROI, enhance recovery speed and more.
The right MSP will ensure your backup and DR is handled by pros with years of focused experience creating plans, restoring files and conducting failovers. They’ll have partnerships with top software vendors in the space, relieving IT of maintenance and updates, while reducing tech investments.
If your IT services need to be always on and available to users, a MSP is a worthwhile consideration.
Click here for our free eBook and learn how to optimize BaaS, DRaaS and availability with managed services!