Important Questions To Ask Before Hiring An MSP For Backup Services

Data backupBest practices in data Backup and Disaster Recovery (BDR) are consistently evolving. Businesses, especially those on the smaller end, are discovering that investments they made five or ten years ago are no longer adequate security. Many also lack sufficient on-site expertise needed to understand and implement modern standards.

In response, businesses are turning to Managed Service Providers (MSP) to create backup solutions. It’s a sensible choice, since MSPs already provide cloud space and other application continuity options.

However, all MSPs are not created equal. A business looking to invest in BDR services needs to be certain their provider will be able to keep them safe using the latest methods. Here are five vital questions to ask when contracting backup and disaster recovery services from an MSP.

1. Are the servers geographically-distributed?

Single-site solutions for backup and disaster recovery are no longer adequate. These solutions are inherently vulnerable to disruptions, such as hacking and natural disasters. A redundant solution that involves multiple servers in multiple areas is a bare minimum for effective and reliable disaster recovery options.

2. What are the exact backup recovery processes?

Process transparency will do more to put a business at ease when hiring an MSP than just about anything else. “Trust us” should never be an acceptable answer. A reliable MSP will happily discuss their recovery process in as much detail as a business needs to ensure those processes will fit the need.

3. Who backs up the backups?

This is one question that many forget to ask, but it’s nearly as important as the question of MSP client security. A good MSP with backup recovery options will undoubtedly have their own security measures in place as well. Otherwise, if a disaster hits the MSP, how will the MSP ensure the disaster does not affect their customers?

4. Are the backups accessible through virtual machines?

There is no reason for a business to be locked out of their own backups. More MSPs are offering backups in a Virtual Machine Disk (VMDK) format, which can be viewed and accessed by their clients. This allows clients to directly oversee their own backups including testing to ensure the backups are being properly stored.

5. Are the backup chains self-reliant?

A common cost-cutting measure when putting together backups is to make them reliant on each other. The standard user-level Windows System Restore works in this basic fashion: it simply tracks changes past a certain point in time, rather than fully backing up the drive.

This is quick and space-efficient, but it’s not secure. A corruption in one backup image can theoretically corrupt all following backups that rely on it as a starting point. Every backup image needs to be self-contained and self-reliant to prevent cascade failures.

Disaster Recovery Should Be A Major Concern

Today, modern data backup and disaster recovery systems are as vital to a business as physical security. As businesses increasingly rely on their networks for day-to-day operations, significant downtime is simply not an option. Businesses seeking backup and disaster recovery solutions from MSPs should do thorough research before selecting a provider.

What Businesses Need To Know About Security In 2015

Mobile securityThere has been a data security arms race dating back to at least the 1970s. In recent years, however, that arms race has escalated steeply, with many global hacking and black-hat activist groups deploying increasingly sophisticated and wide-spread attacks that are difficult to defend against.

Worse, many of these attacks are done for no reason other than to prove they can be done. The recent high-profile attacks on the Sony and Microsoft gaming networks over Christmas, for example, were engineered by a small group who had no ideological, or monetary goal. Taking down the XBox and Playstation networks was simply an advertisement for the hackers’ do-it-yourself botnet software.

Bring-Your-Own-Device (BYOD) policies similarly bring big security challenges, with the majority of data breaches now coming from plain human error. Networks are growing faster than anyone can oversee them, much less protect them. Companies that desire safety from cyberthreats in 2015 will need to take security more seriously.

Major Network Security Concerns In 2015

1 – Visibility

Today’s Systems Administrator needs the ability to actually see what is happening on the network at any given time. The high-profile attack on Sony Pictures involved many terabytes of data being transferred out of the system, including complete uncompressed movies in production. Had Sony’s sysadmin even known this was happening, the hack could have been shut down far earlier.

Investment in network visibility solutions, such as “smart” systems alerting admins to potential issues, and admins who are capable of understanding what those alerts mean in context of the entire network, is neccessary.

2 - Mobile Application Management (MAM) over Mobile Device Management (MDM)

For many companies, the solution to BYOD security problems was Mobile Device Management (MDM). In this scenario, a business takes direct control of employee devices, dictating installed software and firmware.

The problem here is twofold. First, employees find this extremely intrusive and resent having to give up control of their personal devices. Secondly, MDM is not very effective – there are too many other avenues for attack. Additionally, if MDM damages the device, a nasty blame game and Human Resources problem can erupt.

Mobile Application Management (MAM) is a more valuable investment. By putting protections on the server side, restricting access to data and apps, MAM can block suspicious activity without putting onerous controls on workers’ devices.

3 – Flexibility

Finally, in a more general sense, businesses must find ways to improve cyberthreat response times. Hackers are intensely “in the moment,” monitoring their attacks closely, and quickly adapting attack strategy in response to defensive moves. When system administrators, or network security bots are handcuffed by procedures that guarantee day or week long delays, hackers have the advantage.

Businesses must take network security as seriously as a nation protecting its physical borders. Defense measures, such as Mobile Application Management, improvements in network visibility, and reduced threat response times are paramount. In 2015, anything less is an an open invitation for hackers.