Will business data survive?
November 2018, This Week's Editor's Pick, IT infrastructure, Security Services & Risk Management
When it comes to business continuity and disaster recovery, companies often think it’s acceptable to have backups of their data to cater for unexpected events. At the same time, certain companies also try to ensure they have an alternate location for their staff to work from in case of an extreme event like flood, fire or political violence.
Iniel Dreyer, managing director at Gabsten Technologies warns that, while the above are necessary and should be part of any continuity plan, people need to realise that a business’s data really is key to any backup plan you may have. This doesn’t mean you simply need to make a backup of your data, but that you must ensure it is accessible, even in a worst-case scenario.
Even if a worst-case scenario happens and a business premises is inaccessible, a company could even have its employees working from home as long as they can access the applications and data they need to do their jobs. All too often, however, this will be a problem because the company’s planning did not cater for these types of events.
Dreyer gives an example of a fire, which is pertinent given recent events in Johannesburg. If a company’s building is inaccessible because of a fire, where is its data? They may have a backup copy in a fireproof safe, but how do they get to it when access to the premises is forbidden? Perhaps the company has a data centre and has designed it correctly so that it is fire proof, but again, even if you can access the location, how do you get to the data once the fire department has cut the electricity to the building?
The same concept applies to data on computers and laptops (and in certain cases, even mobile devices) these days. Executives may have critical information on their computers and if a device is stolen it’s easy to wipe the data remotely, but where is the data backup for easy access? In many cases, a USB drive would have a backup, but it would be in the individual’s laptop bag which is now in the wrong hands.
In cases like this, one has to consider how the backups were done. Is it encrypted so that even if the wrong people get it they can do nothing with it, or did the user simply copy files to a USB without thinking of the consequences?
And this applies to all companies, from large enterprises through to small- and medium-sized businesses (SMBs). Gartner recently found that only 35% of SMBs have disaster recovery plans in place, and Dreyer says these companies are hardest hit by disasters.
The cloud in a crisis
When an SMB loses its data, or access to its data, it can’t service its existing customers or get new customers. And for a small company on a budget this can have serious implications, both for the company and its employees.
A relatively cheap and easy solution is to use a service such as Dropbox to store your data in the cloud (although it’s advisable to ensure you meet local regulations in terms of storing sensitive data offshore). Cloud-based solutions like this are very useful. However, Dreyer says that these large companies would see an African SMB as a blip on the radar and if you have a problem it is very hard to be able to speak to someone and get help when you need it. You are basically on your own and you may end up having to download gigabytes of data from an international location before you are up and running again – if everything goes as expected.
What happens if you accidentally deleted a file from your cloud service provider’s server? What do you do then? Dreyer says this is why it is critical to have a local partner to phone when something goes wrong. In the worst case, you may need more than a phone call and a technician may have to come out and spend some time getting you up and running. International cloud services are cheap because there is no interaction apart from email, which may take a long time to be answered.
It’s worth reading the contracts, or terms and conditions of cloud providers to see what they actually guarantee to provide. They provide a convenient infrastructure, but do they back up your data? What happens if they are hit by a disaster or some form of cyber-attack like ransomware?
Even if you regularly back up your data to an external drive and keep it offsite, how sure are you that when you plug it in you will have all your data available. (How many people test their backups to make sure they can be restored?)
It’s all about service
The solution, according to Dreyer, is to deal with the basics before you get into the complexities of a full business continuity and disaster recovery plan. For example, ensure there are multiple copies of your data backed up, including having it available at a different location (not on the same site or in someone’s laptop bag). Additionally, you should store two copies offsite, one of them on a different medium than the original – a cloud solution could be used for this.
He warns that companies need to choose their cloud providers with care, ensuring they take the necessary steps to ensure that the data entrusted to them is available, even if their infrastructure goes down. As noted, the ability to contact a trusted service provider is also of importance.
In the end, it’s all about service, not just having your data stored somewhere. When you need help, you need to know it’s easily and conveniently available. And most important of all, always remember that your data is something you need to use. Getting it back from a service provider is one thing, but getting it back and available for normal business use quickly is another challenge altogether.