Disaster Recovery – The Basics

More and more I see companies who are backing up their data in quality ways, using a combination of good equipment, strong processes, and industry recommended best-practices.  Make no mistake – I’m happy about this.  But I’m also seeing many of these same companies who are considering their backup to be their disaster recovery plan.  Unfortunately, no data backup, no matter how good, is a disaster recovery plan.  Now, I’m not trying to preach about disaster recovery…well, okay, that’s a lie.  I’m planning on doing a little preaching.  But truly, there is a difference between a disaster recovery plan and standard data backup plan.  Ultimately, disaster recovery is the means to an end with the “end” being business continuity.  And everyone likes business continuity, right?  So whether you decide to put together a full-blown disaster recovery plan or just stay with your current data backup, knowing the difference can save your business lots of money.  Okay, I’m done preaching.  Here’s some valuable information about what makes up a good disaster recovery plan, and how to put one together…

Note:  A true disaster recovery plan includes phones, facilities, data, and more.  I’m just focusing on the data portion of things in this article.

Generally, “disasters” come in three flavors:

• Hardware failure (bad hard drive, motherboard, network card, etc.)
• Software failure (“bluescreen” is a familiar term for a reason)
• Physical failure (flood, fire, etc.)

So let’s keep things simple.  Good disaster recovery generally includes a mix of the following components:

• Quality data backup (preferably onsite and offsite)
• Imaging
• Redundancy

Let’s explore each of these in a bit more detail.

Data backup:

• Onsite – use a hard drive backup system (preferably a quality internal/external chassis that has removable drives).  In terms of reliability, ability to restore quickly, and length of service, hard drives are simply better than comparable tape systems.
• Offsite – Offsite backup solves a number of security & operational concerns, and is very cost effective these days (about $1 per GB per month is pretty common).  Because it’s automated, you don’t need to worry about people remembering to take data offsite and you can control the amount of data that is backed up offsite.

Imaging:  Imaging is the process of taking a “snapshot” of an operating system.  When applied to server systems, the use of imaging can literally save tens of thousands of dollars in recovery costs.  Imaging fails when it comes to restoring data granularly (a single e-mail, a single document, etc.), but for true disaster recovery, imaging can’t be beat.

Redundancy:  Creating a network devoid of “single points of failure” is almost always too expensive to employ, but the concept can be used effectively to significantly reduce the chance and effect “failure” can have on your business.  Some good uses of redundancy would be:

• Quality server design (multiple hard drives, fans, power supplies, etc.)
• Use of a quality SAN (Storage Area Network) in a virtualized server environment (VMware software is great in these environments)
• Server redundancy (two servers deployed in a fully redundant architecture).  Stratus Avance is amazing software that accomplishes this at a price small and medium sized businesses can absorb easily.
• Network switches deployed in a balanced architecture with enough capacity to assume full connectivity should one fail.

The last piece of a good disaster recovery plan is the plan itself.  Now that you have all these quality pieces in place, you still need to have a plan in place should a disaster strike.  Here are a few good ways to start putting your plan together:

1. Know your operational costs (by the day, by the hour, etc.).  Granted, this is only half the equation (operational costs don’t include the impact downtime will have on your clients, nor does it include other opportunity costs you may have), but it is an absolutely necessary ingredient for creating your plan.
2. Define your tolerance for downtime.  Some businesses can handle a day or two of downtime.  Others can’t afford an hour of downtime.  Determining how your tolerance for downtime will go a long way in putting your disaster recovery plan together
3. Define a budget.  If you know your operational costs are $25,000 per day (for instance), you then have good information from which you can create an appropriate budget for avoiding downtime.
4. Design your network appropriately (data backup, imaging, redundancy, etc.).
5. Put it on paper.  Just like everything else in business, putting it on paper helps make it happen.

How Much Power Should the Internet Police Have – And Who Are the Internet Police?

Time to look at a sensitive, exponentially issue-inducing question: who should police the internet and how much policing should they, or anyone, be allowed to do? In this blog, we will be looking at the topic of domain name policing in particular.

We are constantly reminded of the anonymity and opportunity the internet affords its users. These freedoms are one of the founding principles of the internet: that it be an open canvas on which anything can be painted and anyone we want can view it. The internet was supposed to be a virtual land where the most typical, average person could stake a claim and make a small piece of it their own.

Like all newly-settled worlds, however, it cannot remain so forever. Various organizations have come about to monitor the internet and keep its users and their information safe. The Internet Corporation for the Assigned Names and Numbers (ICANN), a non-profit in contract with the U.S. government, exists to manage internet addresses and oversee the addition of new domain suffixes. The most popular suffixes currently in use are .com, .net, and .org.

 A recent article on CNET.com once again brings to light the issue of domain name – and ultimately internet – governance. The United States government, among other governments both national and local, is looking to gain more power to allow or deny domain names. This has been a battle that has been raging in the internet background for as long as it has existed, and is a topic filled with shades of gray. For the past seven years, the domain suffix .xxx has been contested over by three camps: those who wish to use it, those who wish that it not be used at all, and those who wish not to be forced to use it.

Many adult content webmasters want to have the suffix .xxx be as useable as .com or .org, to give them their own space on the internet and make them easier to find. Currently .xxx is not a functioning domain. The United States government and many conservative organizations do not want the .xxx domain to exist, seeing it as comparable to allowing an adult video store on the same block as the white house.  On another end of the argument are those who see this new domain as a way to keep all of these adult content websites in one centralized location, so no one can accidentally stumble upon them or so they can be blocked more easily. Some adult content webmasters, and some webmasters who have sex education information on their websites, or others whose main purpose is not adult content but some exists on their site, do not want to be forced to join this new domain.

 Over 115 new domain name proposals are expected this year, and some raise controversies, such as the .gay domain. Whose responsibility – or right – is it to say whether or not the .gay or .freetibet domains can be used? If the former were used, it may upset millions of conservatives. If the latter were used, it may upset a government with rule over billions of people. Yet what about the people who want to use those names? What about their rights? They aren’t breaking any laws.

The debate over domain name allowance is explosive because it induces issues about freedom of speech and how much of a role governments should be able to play in the direction and access of the internet. Another example of governmental power over the internet is seen recently in Egypt, where the government shut down the internet in the entire country in an attempt to control its people. Is it right for a government to control something that belongs to no one, and yet belongs to everyone?

Product Spotlight – McAfee SaaS Web Protection

More and more businesses are looking for a good way to protect themselves against the litany of harmful viruses, spyware, and other malware that comes from the web.  In my article Web & Spyware Defense I cover some of the technologies that are effective at defending your business from web-based threats.  Here, I’d like to focus on the one of the products we believe balances effectiveness with cost, the best.

McAfee SaaS Web Protection  is a service provided by McAfee (formerly MX Logic) that effectively “scrubs” incoming and outgoing web traffic to ensure web threats don’t get in or out of your network.  It also provides options for limiting access to certain sites and can generate some valuable reports on web activity (by user, device, site, etc.).  Additionally, it includes a simple, straight forward user interface and has a price point under $3 per device per month.

How it works

The architecture of the solution is very simple: your company’s Internet/web traffic is routed through McAfee SaaS’ servers and scrubbed for harmful software.  Basically, it is a standard, cloud-based solution.

Effectiveness

We have deployed this solution for a number of our clients and it simply works.  There is no substitution for seeing how a product or service works in an actual production environment and this is one that lives up to the hype.

Note: Cloud solutions are often incredibly valuable solutions, but like any technology, they aren’t for every business.  At ITP we always recommend reviewing technology solutions within the context of your specific business goals, culture, processes and people.  Of course, if you need some help with that we’ve got some great people here at ITP that can help.

Random Thoughts – Avoid Spyware by Managing your Internet Traffic

So let’s start with a bold statement: If you’re not managing your Internet traffic you’re throwing money out the window.  A pretty strong statement, I know, but hear me out before you pass judgment…

For most small & medium-sized businesses the two areas of their technology that cost the most are:

1. Managing and supporting desktops
2. Internal IT staff members and/or IT consulting

Spyware, which is more malicious and prevalent than ever these days, affects both the functionality of your desktops and the efficiency of your IT staff or consultant.  Hence, it’s a hard hit on your bottom line.  In fact, I believe that if most businesses ran the numbers on what spyware really costs them, they would be mortified.  The good news is that there are technologies available that do a great job protecting you from spyware and other threats (see my article, Web & Spyware Defense  for more).  The bad news is that it takes more than just your antivirus software.

But keep in mind that the management of your Internet traffic can do much more than defend against incoming threats – it can also help you increase productivity and reduce HR risks. 

Remember when you were deciding whether spam protection was necessary for your business?  Well, managing your Internet traffic is the same discussion, only it’s a more costly one.

What’s New…….

ITP, in a joint effort with our partner, Converged, is holding an event on February 11^th at the Chophouse in Madison that will display two of today’s most valuable technologies for business.  If you want to understand more about how you can guarantee network availability for your business; or how unified communications are changing the way businesses communicate with their customers, then you should attend this event.  Featuring live demonstrations of Stratus Avance high availability software and Shoretel VOIP phone systems, you will see how you can drive business through innovative, always available communications.

Automated Offsite Backup

There is no question that the secure, reliable retention of data is absolutely critical to good business operations – and, of course, that includes the ability to recover your data in the event of a disaster.  Consequently, more businesses are prioritizing their data backup procedures including regular verification of data integrity and disciplined off-site storage of backup media.  Yet, businesses are finding that even with rock solid procedures, there are still many areas of concern.  Here are a few  of the most prominent concerns:

Traditional Onsite Backup Issues

• Media (tapes or drives) must be tested regularly to ensure data integrity
• Reliability – most onsite backup systems (software & hardware) fail to backup all of your data.  Often a few corrupt files, or an open database connection can derail the backup process
• Lifespan – a quality backup system will last between 2 and 4 years depending on the quality
• Maintenance – In order to have confidence in the backup system it needs to be maintained regularly.
• Security – For any given onsite backup solution, there needs to be an off-site option.  Often, this amounts to an employee taking the backup media home with them.  Obviously, this presents significant data security concerns – especially if the employee needs to be terminated at some point.

Make no mistake, onsite backup is a good thing – it’s just that there are some undeniable drawbacks.  Consequently, more businesses are turning to automated offsite backup as a solution (i.e. backing up to the cloud).   The one notable drawback is that you have an ongoing monthly cost, yet the advantages often outweigh the concerns about ongoing cost – especially considering the fact that costs have fallen significantly over the past 12 to 18 months.  And the operational benefits are undeniable:

Benefits of Offsite Backup

• Security – Encrypted data transfer means that automated offsite backup is often far more secure the traditional onsite backup
• Automation – No switching tapes, drives, or transporting backup media to other locations
• Reliability – Today’s online backup systems are highly reliable.
• Retention – retaining data for more than two weeks is easy to accomplish, and for even longer retention periods, offsite backup is significantly less expensive than onsite data storage

Like all technologies, backing data up to the cloud isn’t for everyone.  And even if you do decide to invest in cloud-based backup, it doesn’t mean you need to abandon your onsite backup.  In fact, having some onsite backup never hurts because when it comes to your data, you have to be 100% certain that you can recover what you need when you need to recover it.

Web & Spyware Defense

There are few IT issues that are more pervasive or costly for businesses these days than spyware.  Spyware not only affects the system it infects, but also tries to distribute itself to other systems.  Additionally, it can be incredibly difficult to “clean” the infected system, often requiring the system to be rebuilt. Worse yet, standard methods of protection often fall short because users can easily circumvent them and click on a link or advertisement that invites spyware into their system by accident.  Much like spam defense solutions, deployment of onsite devices have become more popular, and to some extent those devices are effective.  But the significant upfront costs and the maintenance required to support the devices have both become detractors from these solutions.  Consequently, cloud-based solutions have been growing in popularity. 

In essence cloud-based web defense solutions provide:

• Protection against harmful links, sites, and spyware
• Granular control of the websites staff members can access
• Integrated reporting showing web activity for staff members
• Low-cost, zero maintenance solution

As always, this solution should be reviewed in context of your specific business needs and goals, but cloud-based protection against spyware have proven to be quite effective.  And with the additional control you get for managing your outgoing web traffic, cloud-based spyware protection is quite a powerful solution.

Spam defense

It’s generally accepted that spam protection, is a requirement for the productive use of e-mail these days.  Traditionally, businesses have used software to filter out the volumes of spam, but more recently, the use of local hardware appliances have become popular.  Yet, there are drawbacks to both these solutions that have opened the door for more seamless solutions like cloud-based e-mail defense.  In short, traditional solutions, whether hardware or software-based, allow spam to get to your network, using up your valuable bandwidth along the way. 

Additionally, most (but not all) of these traditional solutions don’t:

• Provide e-mail continuity (retain e-mail when your e-mail server is unavailable)
• Provide the ability to securely view e-mails without downloading them
• Include the ability to send & respond e-mail if your mail server is down. 

In essence, these are some of the greatest advantages of cloud-based spam protection.  But there are other, less acute advantages, as well:

• Almost no upfront costs
• Zero internal costs for managing or administering the system
• Little to no training required
• Seamless deployment
• Integrated reporting

Like any technology, isn’t a perfect solution for every business and should be analyzed within the scope of your specific business needs, goals, and operations.  However, the advantages are compelling enough that it’s worth taking a close look.

iPad vs. Netbook

If you have watched TV or talked to a human in 2010 you know the general buzz and “coolness” factor of the iPad.  The question I have been getting more lately is to compare the iPad with a Netbook.  Some might say its not a fair comparison but from a business standpoint both have around a $500 price point at their lowest and both aim to provide fast access to your data with long battery life.

So lets compare:

As you can see there is no clear “Winner” the answer to which device is best for your business depends on the specific needs of your users and applications.  If the instant On and battery life of the iPad is a requirement for walking around and meeting patients than the iPad is your winner.  If you need Windows to run that mobile application or Internet Explorer for that one key web application than you need a Windows Netbook.

Don’t forget about the Linux netbook as an option.  Linux offers better battery life and performance for basic web usage. You can still Remote Desktop to your windows machines or use Logmein if you need Windows without the worry of Windows Update or Antivirus holding your ATOM processor down.  My favorite is by a long time Linux company System 76 (http://bit.ly/hZHXi1).  If you haven’t tried Linux in a while take a look again at how far Ubuntu has come in the consumer market.

Windows, Linux or Apple give us a call to find out which is right for your business and your application challenges.

Options For Defending Against Spyware

Spyware is everywhere and it’s costing businesses and organizations a ton of money in lost productivity alone.  Traditional methods of combating spyware (such as installing software on your systems) have proven mostly effective.  The problem is that mostly effective isn’t really good enough.  So what other options are there?  Currently, I believe the two most viable options currently are:

• Deploy a device onsite
• Subscribe to a service

Onsite Protection

Devices like Barricuda Networks Web Defense device 

and others work by filtering web traffic through their device which resides at your office between your firewall and your LAN (traditionally).  It functions as a filter both for incoming and outgoing traffic and is quote robust from a configuration and reporting standpoint.

Benefits

• Powerful
• Robust functionality
• Granular reporting

Drawbacks

• Large upfront cost
• Annual maintenance costs
• Allows “malicious” traffic to utilize your bandwidth
• Need to maintain hardware

Service-based Protection

Service-based protection such as McAfee’s Web Protection Service works in a similar fashion to the onsite protection model except that the “filtering” occurs offsite.  Basically, your web traffic is routed through your service-provider’s systems.  In this model you don’t need to purchase hardware or maintain it – you just redirect your web traffic through their systems.

Benefits

• Easy to set up
• Very low initial cost
• Stops malicious traffic before it gets to your network
• No hardware maintenance or upgrade costs
• Highly effective

Drawbacks

• Recurring monthly cost
• Adequate reporting functionality

With these options, the days of combating spyware with just onsite software are probably coming to an end.  Don’t get me wrong, onsite software is still necessary, but in all probability, adding another layer of defense is probably a solid, cost-effective decision at this point.