Here is a brief presentation on the importance of having a backup and recovery plan for your electronic data, especially planning for that recovery in the event of a natural or man-made disaster.
Business-Critical Backup: Preparing for a Disaster
1. BUSINESS-CRITICAL BACKUP:
PREPARING FOR DISASTER
Justin Winzenried
NetWize - Account Executive
jwinzenried@netwize.net
801-716-5354
Mike Fullmer
NetWize – Director of Sales
mfullmer@netwize.net
801-716-5344
2. Why Plan Disaster Recovery?
“A company that experiences a computer
outage lasting more than 10 days will
never fully recover financially. 50% will
be out of business within 5 years.”
"Disaster Recovery Planning: Managing Risk & Catastrophe in Information Systems" by Jon Toigo
• The #1 reason for implementing a disaster recovery
solution is to keep from going out of business when
disaster strikes.
7. Man-made Disruptions
• Deleted Files
• Corrupted Data
• Compliance Whistleblowing
• Theft
Could your business
survive if your file
server was stolen?
DISGRUNTLED EMPLOYEES
11. Definitions:
• Business Continuity (BC) - The ability to
continue your critical business functions during
and immediately after a disaster
• Disaster Recovery (DR) - the long-term ability to
rebuild your business capabilities after a disaster
12. Understanding Cost Considerations
Disaster Recovery Timeline - Offsite Backup is Only Part of the Story
48hr
Lower Cost
24hr
1hr
Disaster
High Cost
1hr
High Cost
24hr
48hr
Lower Cost
RPO
RTO
Recovery Point Objective
Recovery Time Objective
How old is your data backup?
How much can you afford to lose?
How long will it take to restore your
business? How long can you last before
you don’t have customers?
13. True Cost of Ownership (TCO)
• Identifying all the costs associated with DR and BC
• What is the cost of my DR service?
• What costs are incurred during an emergency?
• How much revenue will my company lose while systems
are being restored?
• How often am I testing, and what is the cost associated
with that?
14. Risk – Natural Disasters
• Earthquake, fire, flood, hurricanes, tornadoes, etc.
• Is your data stored far enough offsite where it won’t be
affected?
• How far of a reach will the natural disaster have that your
trying to protect against?
• Will power and network be available to execute your DR
plan?
15. Risk – Man-made disaster
“According to analyst firm IDC, about 70% of
all successful attacks on computer networks
were carried out by employees and insiders”
(http://iosafe.com/industry-stats)
16. Risk – Man-made disaster
To protect against internal threats, are you:
• Implementing permission controls?
• Implementing group policies?
• Do you have the ability to monitor and control employee’s
access?
• Training users about acceptable computer use policies?
17. Risk – Man-made disaster
To protect against external threats ask yourself:
• What security is currently in place?
• Passwords, encryption, firewalls, etc.
• What physical security do I have?
• Door locks, key cards, laptop locks, bezel locks, etc.
• Do I have regular security reviews or audits?
18. Disaster Declaration
• A specific event that starts your disaster recovery plan.
• This needs to be defined and written down. Although not
all situations can be accounted for, basic guidelines and
rules can clarify when a disaster should be declared, and
when it should not
20. The NetWize Approach
How we approach disaster recovery:
1. Protect the File – First and foremost, is there a solid
backup solution in place?
2. Protect the Server – Is there solid equipment installed
with proper warranties? Do we need onsite failover,
virtualization, and shared storage to mitigate hardware
failure?
3. Protect the Company – Do we have offsite failover,
offsite storage, and high availability implemented?
21. Review
Ask yourself the following about DR:
•
Do I have a written plan in place to address emergency
situations?
•
Are my backups working? Do I really know how long it takes
to restore from backup?
•
Do I know all the costs associated with being down, and
bringing my systems back up?
•
Are there policies or regulations that require my business to
have a disaster recovery plan?
22. Top Five List - Backup Gotcha’s
5. No test restores
4. Backup timing – when was your last backup
3. Only one copy of backup
2. No offsite backup
1. Do not backup local workstations
23. Understanding Cost Considerations
Disaster Recovery Timeline - Offsite Backup is Only Part of the Story
48hr
Lower Cost
24hr
1hr
Disaster
High Cost
1hr
High Cost
24hr
48hr
Lower Cost
RPO
RTO
Recovery Point Objective
Recovery Time Objective
How old is your data backup?
How much can you afford to lose?
How long will it take to restore your
business? How long can you last before
you don’t have customers?
Justin Winzenried, with Netwize an MSP based out of Murray Utah.Been in the IT Industry since I was 17. I started out as a technician and moved up from there. The last 2 years I have been in an advisory role, managing our customers accounts.Today we would like to discuss what happens when a disaster hits and how you can plan ahead to ensure your business is up and running.My first run in with data loss was when I was about 13, the hard drive crashed in my computer and I lost all of my data which equated to roughly 500mb of songs and pictures. I was devistated.How many of you know of a client who has lost data?Obviously data has grown at a crazy rate, having a backup and recovery plan has become crucial to our business.
The #1 reason for having a disaster recovery solution is to keep from going out of business when disaster strikes.Reports show, A company that has an outage lasting more than 10 will never fully recover finacially, 50% will be out of business within 5 years.
The ULTIMATE DISASTER!There are a few disasters that if they happened, we most likely would no be concerned about getting our data back but, lets look at some examples that would concern our business.
In Utah, we are pretty far removed from many of the common Natural Disasters. The big one for us on this list is an earthquake and it seems to be a matter of when, not if. What will happen to you business when an earthquake happens?Do you have a plan in place so that your business can be back to functional in a timely manner?Is your data far enough offsite that it would not be damaged?
Hazardous spills or Gas leaks can cause evacuations that can last for hours, sometimes days.Are you set up to work from home?
Most Disasters are not dramatic or newsworthyThey are mundane and may only affect a single companyTalk about water line breaks and flood. LJ Cooper flooded, RotoAire Flooded. Servers sitting on the ground.Air conditioner leaking, multiple clients.
If you have ever seen Office Space, you will get what this slide is showing. That movie may have been a bit dramatic but, sometimes not so far from the truth.Mark Steel, Employee uses fire extinguisher on server.Having a locked server room and a process for employees to save client documentation on the server could save you from a big headache.
Nova – Internet line was cutA secondary internet line is becoming a standard for businesses.
Many people do not associate a virus with a disaster situation.What we see here is a form of RansomWare called CryptoLocker. This has been showcased on several news stories lately.A piece of Malware that generally comes in through email, if opened it will encrypt any file it can find.If the user has mapped drives to the server, it will encrypt those as well. If this infects your servers and you do not have a backup, this would certainly be a disaster.This little virus has wreaked havoc on companies without a backup.Having a backup that is properly monitored and tested could mean the success or failure of your business
Disasters big and small occur daily.How many of you know your business has a disaster recovery plan
RTOHow long will it take until data is usable, and you are back to normal?RPOAfter the disaster, what point in time will my company be operating at? 1 hour prior to the disaster? 1 day? 1 week?The maximum tolerable period in which data might be lost from an IT service due to a major incidentCan my backup solution support my RPO?
How much am I loosing with employee salaries?How much revenue am I loosing?How much am I paying to get the system up and running?Is there an additional charge for testing? When I’m testing, is business effected (downtime, lost potential revenue, etc.)
Disaster Reach:For example, a typical fire won’t have as much of a reach as an earthquake or hurricane – Great Chicago Fire, 1871 -- 3.3 milesIf the disaster hits, how will you communicate between employees?
This is interesting……. 70% of attacks on computer networks were executed internally.
Some events that might trigger a disaster declaration:Downtime exceeds 1 hourA warning is issued from the government about a natural disasterA natural disaster strikes with no advanced warningServer or data gets compromisedProduction hardware failureIt might also be helpful to define what would not trigger a disaster declaration
Having a good strategy is great, but without implementing it you’ll never get off the ground. What do we need to do to implement our strategy?
Protect the file – Do we have a backup in place that we know is doing its job?Are the backups successful?Are test being run to ensure recovery?Protect the Server – Is our hardware Reliable and under warranty? Do we need to have an onsite failover? If so we virtualization and possibly shared storage would be needed.Protect the company – Do we have a failover site that can run our current operation? If so, how often are we testing that it will work in the event of a disaster?
Obviously there are many more questions you need to ask yourself about DR, but answering these questions will help you identify DR improvements from a business perspective
RTOHow long will it take until data is usable, and you are back to normal?RPOAfter the disaster, what point in time will my company be operating at? 1 hour prior to the disaster? 1 day? 1 week?The maximum tolerable period in which data might be lost from an IT service due to a major incidentCan my backup solution support my RPO?