Cyber resiliency in a multi-cloud environment – how hard can it be?

When data security is ranked as the leading challenge facing organisations that access and maintain data in cloud environments (above cost, complexity and lack of expertise), you know there’s an issue.

It’s one thing to rely on the standard backup and recovery tools available from a public cloud service provider (CSP), but what happens when most Australian organisations use three public CSPs on average? How do you juggle using three sets of tools effectively?

In truth, we believe you can’t – and you shouldn’t. Not if you value your business, and your data.

Why aren’t public CSP in-built tools enough to ensure cyber resilience?

While turning to a CSP’s in-built tools may appear to be a logical and cost-effective decision, they tend to offer only a basic level of coverage against the global flood of cyber-attacks, data theft and application outages. In addition, CSP backup and recovery offerings cannot scale, fully protect, or provide you with a unified view of your data across all your cloud environments.

With cyber resilience the new business imperative, it’s not a matter of safety in numbers. Having three times the tools doesn’t equate to three times the protection. Taking a fragmented approach to protecting your multi-cloud environment increases the opportunity for gaps to form in your security, backup and recovery efforts. As a consequence, organisational and reputational risk goes up – not down.

More frequent use of CSP tools is also associated with more operational downtime related to outages, application failures, human error, and even natural disasters. Despite 53% of Australian organisations agreeing that relying solely on CSP backup and recovery tools puts their organisation at risk, 55% use CSP tools all the time.

The only way to confidentially mitigate the impact of costly assaults on your multi-cloud environment is through third-party protection.

When it comes to CSP responsibility, you don’t likely know what you don’t know

Perception is a wonderful thing. But unfortunately, while you’d imagine that your CSP is responsible for protecting your data, that’s not the case.

Digging into the fine print of your end-user licensing agreement usually unearths that the CSP is only responsible for protecting the infrastructure, and that you are entirely responsible for protecting your data and workloads in that cloud environment. So, the offer of standard backup and recovery tools doesn’t even begin to cover your back – and your data – in case of a cyberattack. Times three.

Even using Microsoft or Office 365 doesn’t guarantee that your data is backed up in the cloud. Office 365 takes a shared responsibility approach. While they may store it, it’s your responsibility to control and protect it.

In our recent paper (2022 Research Report on Securing Your Enterprise in a Multi-Cloud Environment), we identified that 96% of Australian organisations didn’t realise who was responsible for what.

This brings us to the big question…

How can you be cyber resilient if you don’t have a handle on your cloud environments?

When you follow best practices for backup, data protection and disaster recovery, you are more cyber resilient. Best practice includes having a “3-2-1” backup strategy – one primary backup and two additional copies of their data, using at least two different storage mediums, with at least one copy offsite.

Backup timing is also critical – and this depends on what you’ve identified as your RPO (recovery point objective). For example, if you’re only taking data snapshots every 12 hours, can you afford to be without that data from 11hrs 45mins ago? Mission-critical data that hasn’t been backed up for more than 12 hours is more likely to be permanently lost in case of a ransomware attack or server failure. Yet, only 10% of Australian organisations are committed to continuous data backup, while 45% back up their data less frequently than every 12 hours.

While that ‘may’ work for some businesses, it certainly doesn’t for others. A case in point is law practice Colin, Biggers & Paisley, who says, “Losing even an hour of productive time costs a firm a great deal, and legal work never stops. It’s around the clock.”

Colin, Biggers & Paisley are just one of many Australian organisations that opt for solutions like Veritas NetBackup to ensure they are actively cyber resilient across single or multi-cloud environments. Such is the reliability of their Veritas backup and disaster recovery system that Colin, Biggers & Paisley proudly present the results of their twice-yearly data backup and DR audits to potential clients as a benefit of engaging with them.


In partnership with

Is cyber resilience the new conversation starter?

While the phrase ‘may you live in interesting times’ is widely regarded as an ancient Chinese curse, it was, in fact, said in 1939 by the American politician Frederic R. Coudert.

But, given the last few years, we all appreciate the sentiment regardless of where it originated.

The curse of cybercrime

Yes, these are interesting – and challenging times. And as discussed in the latest (July 2021-June 2022) ASCSC Annual Cyber Threat Report, it’s been an increasingly steep learning curve for many individuals, businesses and public and private sector organisations.

Australia is far from alone in being subjected to an unrelenting barrage of cyber-attacks, but obviously, it’s very close to home for us. And Victoria and Queensland, in particular, have reported disproportionately higher cybercrime rates relative to population size.

In the period covered by the report, ACSC responded to over 1,100 cybersecurity incidents. The sharp-eyed may spot that this is a 36% decrease in reported incidents over the previous year. However, ASCS suggest that the growth of Australia’s commercial incident response sector means that incidents they may have previously responded to are now being handled internally or by contracted incident response teams.

The cost of cybercrime

According to ACSC, the average cost to cybercrime-impacted Australian businesses is significant:

  • For a small business with 1-20 employees, the average cost of an attack is $39,555
  • For a medium business with 20-199 employees, expect to lose $88,407
  • And those large businesses, with 200+ employees, should anticipate writing off $62,233

Yet, considering the significant damage that stolen data can cause, it’s surprisingly cheap to acquire if you’re on the dark side. Visual Capitalist recently shared a price list for dark web data.

While passports remain a high-end investment (US$3800), an NSW Driver’s License can be had for US$150, and an Australian credit card, complete with CVV, is a mere snip at US$23.

As Brad, in the cult classic movie The Rocky Horror Picture Show, observed: “Life’s pretty cheap to that type.”

The hot cybercrime critical infrastructure sectors

ACSC says that 75% of all reported cybersecurity incidents in the 2021-2022 financial year were from the top 10 reporting sectors. Probably to their great relief, the retail sector is no longer part of that top 10, having been ousted by the electricity, gas, water and waste service sector.

The top three sectors under attack are the Commonwealth Government, which reported 24% of all incidents, followed by State/Territory/Local Government with 10% (although it must be noted that government sectors do have additional and more rigorous reporting obligations), and Health Care and Social Assistance at 9%.

The remaining seven top 10 sectors range from telecommunications to education, construction to manufacturing, and financial services to electricity, gas, water and waste services.

This ‘hot’ top 10 list makes the Australian Government’s Security Legislation Amendment (Critical Infrastructure Protection) Act 2022 even more relevant and timely. It places further security obligations on specific entities in the electricity, communications, data storage or processing, financial services and markets, water, health care and medical, higher education and research, food and grocery, transport, space technology, and defence industry – and their data centre and cloud service providers.

Notably, the bill not only aims to protect critical infrastructure organisations from cyberattacks but to enable rapid recovery through cyber resiliency.

And what about business email compromise?

ACSC’s new annual report also focuses on the highly lucrative area of BEC (business email compromise), and with good cause.

BEC is a strategy used by malicious actors to compromise organisations via email to scam businesses out of money or goods and trick employees into revealing confidential business information. And it’s also an entry point for malicious actors to move their focus to higher-value targets within business or organisation networks. A single compromised employee email can lead to a significant ransomware attack.

While ACSC says the number of BEC attacks declined in the 2021-2022 period, the average loss incurred per successful BEC increased to an Australian average of over $64,000. Unfortunately for Western Australians, their higher-than-average loss was $112,000 per report.

Property settlements have been a popular target due to the high value of transactions. You may remember the high-profile case of MasterChef contestant Dani Venn who lost (then thankfully recovered) $250,000 when PEXA (Property Exchange Australia), the online conveyancing giant, was hacked. This 2018 case was a wake-up call for many.

Ransomware: Here, there, and everywhere

Ransomware attacks were both high-profile and ubiquitous over the 2021-2022 period, reports ACSC. No sector was left untouched. Reported attacks were down, but ACSC states that it’s likely that they were significantly under-reported as victims instead chose to pay the ransom in an effort to return to a business-as-usual state ASAP.

The top five sectors under attack included education and training, information media and telecoms, State/Territory/Local Government and Health Care and Social Assistance.

Why does this all make cyber resilience a more important conversation than ever before?

We’ve discussed cyber resilience before. It’s something we’re passionate about. And at the risk of repeating ourselves (and if you don’t have time to read our earlier blog), here’s a quick recap of the difference between cybersecurity and cyber resilience:

Cybersecurity is how you protect your electronic data. It encompasses the processes, best business practices and technology solutions you put in place to safeguard your systems and network.

Cyber resiliency is your ability to prepare for, respond to, and recover from a cyberattack. If you’re cyber resilient, you’re better equipped to defend your organisation from attack, limit the impact on your systems and data, and continue working during and after an attack.

Cyber resiliency isn’t a conversation that will go away anytime soon. And nor should it.

ACSC has taken the topic seriously with initiatives like AquaEx (a national cyber security exercise series in partnership with Australia’s urban water and wastewater sector and government agencies), which have helped participating industries and government to work together to strengthen cyber resilience across Australia.

And following the Federal Court of Australia finding that financial planning company RI Advice has breached its financial services license by having inadequate cybersecurity risk management systems, ACSC said: “…it is a strong reminder that company boards should consider cyber resilience as part of their statutory responsibilities.”

Finally, ACSC says, and we quote, that “Australia’s best defence in a rapidly evolving cyber threat environment is to build resilience across businesses and organisations, and among individuals.”

And we couldn’t agree more.

VMWare elevates Global Storage to Principal Partner

In further solidifying our relationship with VMWare, Global Storage has recently achieved Cloud Verified and Principal Partner status.

To become a Principal Partner we have demonstrated continued efforts in becoming an expert in VMware solutions and service, and have taken the necessary steps through Master Services Competency (MSC) achievement—or the equivalent—as well as demonstrated a growing company sales performance. Principal partners are the most qualified partners in VMware Partner Connect and with this distinction, they demonstrate a broad range of expertise and the ability to best serve their customers’ needs. 

As a Cloud Verified Partner you know that Global Storage will expertly deliver cloud infrastructure as a service—so your cloud strategy will be flexible and resilient today, tomorrow and for years to come. 

Global Storage is also the first Australian partner to have achieved the VMWare Disaster Recovery as-a-service certification. They are one of only six partners with this certification across Asia Pacific. 

Cyberattacks: The dynamic duo of business continuity and cyber resiliency to the rescue

What two things happen when you leave your business open to cyberattacks?


The first is that your cyber-risk management strategy, technology and processes are called into question by your stakeholders, customers and the Australian government. And if found wanting, you could face severe consequences, financial and otherwise.


The second is that your business may simply not bounce back. It may lack the resilience and customer loyalty needed to recover from the damage done by a cyberattack (and this is assuming you’re lucky enough only to be targeted once). According to Gemalto’s study of 10,000 global consumers, when a company suffers a data breach and their privacy is compromised, more than 70% will stop using the service.


However, let’s look at these two scenarios a little more closely. Then discuss how to offset them.

The compliance consequences (and you are right to be scared)


The Australian Securities and Investments Commission (ASIC) takes its role as a watchdog and enforcer of risk management very seriously. They’ve launched and completed significant civil penalty proceedings in the Federal Court against both the unwary and the ill-prepared.


If you think it couldn’t or wouldn’t happen to you, then think again. After all, as a business, you are legally required to comply with ASIC’s strict legal, regulatory, and contractual cyber security and resilience obligations, and data breaches are a legally notifiable occurrence.


Two recent local cases bring home the everyday reality of not adequately protecting your people, customers, and technology.

The eye-watering cost of failing to manage cyber risk


Case 1 (done and dusted): In May 2022, one organisation’s failure to manage their cyber security appropriately, which resulted in repeat breaches, attracted a $750,000 penalty. That’s a considerable amount to try to recoup, and for many businesses, the fine alone, without the subsequent loss of customer loyalty, would be a death blow.

This financial services licensee was taken to task following a significant number of cyber incidents between June 2014 and May 2020. In one of the incidents, says ASIC, ‘an unknown malicious agent obtained, through a brute force attack, unauthorised access to an authorised representative’s file server from December 2017 to April 2018 before being detected, resulting in the potential compromise of confidential and sensitive personal information of several thousand clients and other persons.’ Ouch.


ASIC Deputy Chair Sarah Court said “These cyber-attacks were significant events that allowed third parties to gain unauthorised access to sensitive personal information. It is imperative for all entities, including licensees, to have adequate cybersecurity systems in place to protect against unauthorised access.


Case 2 (currently in the hot seat): In July 2022, ASIC held a fund services organisation to account for ‘multiple failures to meet the obligations of its Australian financial services licence, including a failure to meet organisational competence requirements.’


ASIC’s allegations include that the organisation failed to ‘have in place adequate risk management systems’ or to ‘have adequate resources (including financial, technological, and human resources) to provide the financial services and carry out supervisory arrangements.’

In this case, ASIC is seeking:

  • Declarations and pecuniary penalties from the Court.
  • An order for an independent expert to be appointed to review and report on the organisation’s systems, processes and controls.
  • A requirement for the organisation to implement a risk management and compliance program once the report is received.

The date for the case management hearing for this instance is yet to be scheduled by the Court. But, if found liable, you can be sure that the resulting fine will result in a sharp intake of breath (and perhaps even a few tears) when announced. And the fallout from the loss of customer loyalty could be even more devastating.

So, if you’re not yet sitting up and taking notice of how you manage your cybersecurity risk by now, perhaps you should be. Because if it can happen to them, it can happen to you.

Can you recover? (Clue: Preparation, not cure)

Now, we sincerely hope you won’t ever be impacted by a cyberattack. But the sad statistical reality is that you are more than likely to be.

The World Economic Forum currently ranks cybersecurity failure as one of the top ten risks in terms of likelihood of occurrence. Frighteningly, if you are classified as a small business, one in eight of you won’t recover, ever. All of which makes cyber resilience and recovery a board-level priority, along with business continuity.

As part of their Annual Cyber Threat Report 2020-21, the Australian Cyber Security Centre (ACSC) offered this wise advice: “While the costs of impacts are difficult to quantify, the costs of remediation for a cybercrime or cyber security incident can be far greater than early and ongoing investment in prevention.

We’d like ACSC to add ‘and cyber resilience’ to the end of that comment.

Your ability to be cyber resilient and recover to a business-as-usual state as quickly as possible is as essential as having the right cyber security solutions in place. It must be said, ASIC is also a big advocate of this approach, freely providing excellent information on good cyber resilience practices.

And to clarify up front, remember that cybersecurity and cyber resilience are not the same. So, here’s a quick recap of how they differ:

  • Cybersecurity is how you protect your electronic data. It encompasses the processes, best business practices and technology solutions that you put in place to safeguard your systems and network.
  • Cyber resiliency is your ability to prepare for, respond to, and recover from a cyberattack. If you’re cyber resilient, you’re better equipped to defend your organisation from attack, limit the impact on your systems and data, and keep on working during and after an attack.

Where and why does business continuity come into it?

Having an effective cyber business continuity plan is vital to the ability of your organisation to be cyber resilient. A business continuity plan and cyber resilience don’t work in isolation from one another but walk side by side as a team. Think Batman and Robin.

Your cyber business continuity plan guides you through the practicalities of survival at the moment of impact, and gets you out the other side, perhaps a little bruised – but alive and kicking – by providing:

  • Clearly defined crisis management roles and responsibilities so everyone in the organisation knows exactly what they have to do and can simply get on with it – like a well-practised fire drill.
  • A detailed IT security crisis communication plan and processes that outline all reactive measures and control efforts, so you don’t have to second guess ‘what next?”.
  • The incident response actions needed to keep your data safe (and to make sure you don’t accidentally open your business up to a data breach while distracted by a disruption!).
  • An up-to-date checklist of all IT-dependent applications, like your website and intranet, social media accounts, shared drives and collaboration platforms, and all your IT assets.
  • And lastly, those all-important how-to instructions for secure access, security workarounds, and fail-safe backup systems ensure you have access (and can keep working) throughout the disruption.

Reducing the burden of risk management

As the cost and frequency of data breaches continue to rise, maintaining a tight focus on cyber resilience and business continuity is key to survival and ensuring legal compliance.

We believe that although the deluge of cybercrime can appear daunting, with robust, intelligent cybersecurity solutions and a top-down cyber resiliency strategy, we will all hold our own.

DRaaS is a Business Growth Strategy

Transformational changes, as we experienced in 2020, bring challenges and unforeseen business opportunities. Improving enterprises’ growth opportunities and ensuring business continuity are two areas where the cloud plays a vital role. Organizations that embrace the cloud transform into asset-light entities that are agile, more competitive and focused on the growth of their businesses. Cloud-based disaster recovery as a service (DRaaS) is the foundation of a sound business continuity strategy that keeps the company running, even in the aftermath of a disruptive event.

Enterprises with mature cloud adoption improved business resiliency and reliability as they reduced downtime by 58% and monthly critical incidents by 55% with cloud migration.1

Ride the waves?

It is always prudent to ride the waves of change than to fight them. New trends, including SaaS and IoT, have shifted enterprise data to the edge and the cloud. A recent IDC report found that only 30% of stored data is stored in internal data centers. It makes the most sense to have your backup applications near your data in the cloud.2

The rising cyberthreats serve as a constant reminder and a motivator for moving corporate data to the cloud to be better protected. Business continuity requires air-gapped backup copies that are readily available in the event of a disruption. DRaaS is the wise option for a full recovery and the lowest downtime.

Gartner predicted that cyberattacks were likely to impact one organization every 11 seconds by the end of 2021. Aside from being costly, breaches will damage an organization’s reputation and cause loss of customers and trust. Cyber-attacks tend to have a long tail, and their impact on enterprises lasts for years.3

DRaaS makes good business sense?

DRaaS is the most precious business insurance policy that one can find. The value of DRaaS is rarely appreciated until we need it, however it turns out that businesses need disaster recovery a lot. Gartner says 76% of organizations reported at least one incident in the past two years that required an IT DR plan.4 Let’s look at some of the business benefits of DRaaS:

  • Budget-friendly OpEx. The cloud model offers a utility consumption model where you pay for what you consume. The new model removes the expensive upfront CapEx investments and lowers operating expenses for simplified testing.
  • Free scarce IT resources. DRaaS frees IT teams to focus on more valuable business initiatives.
  • Maintain business continuity. Cloud-based backups are air-gapped and beyond bad actors’ reach, ensuring business continuity with the least disruptions.
  • Data protection. Cyberthreats are a constant danger that requires resources beyond IT teams’ abilities. About 81% of organizations consider security their top challenge.5
  • Continuous compliance. DRaaS enables enterprises to respond to audits and demonstrate compliance with proper reporting and documentation.

Learn more about how to grow your business with our cloud DRaaS by visiting: Global Storage

Sources:

  1. McKinsey Digital February 2021. “Cloud’s trillion-dollar prize is up for grabs.”
  2. Seagate 2021. “Rethink Data. Put More of your Business Data to Work from Edge to Cloud.”
  3. Gartner December 2020. “How to Cut Costs for Backup and Recovery Software, Now and in the Future.”
  4. Gartner April 2020. “Survey Analysis. IT Disaster Recovery Trends and Benchmarks.”
  5. Flexera 2021. “Flexera 2021 Stare of the Cloud.”

Global Storage achieves Australian first with VMware disaster recovery as-a-service certification

Providing Flexible and Intelligent Cloud Solutions for Data Protection and Business Continuity

FOR IMMEDIATE RELEASE –

Global Storage is pleased to announce that they are the first Australian partner to have achieved the VMWare Disaster Recovery as-a-service certification. They are one of only six partners with this certification across Asia Pacific.

Gavin Hoffmann, Director of Sales and Marketing, says ‘This recognition from VMWare really highlights our commitment to providing exceptional disaster recovery services to our clients. We’re thrilled that we can showcase our skills and be the leader in ANZ for the development of these services in partnership with VMWare.’
As digital transformation initiatives and cloud adoption continue to accelerate, the need for business continuity, data protection and management has never been greater. The need to reign in data sprawl and extract business value match the enterprise’s quest for visibility, insight and desire to lower capital expenditures and cloud operating costs.

The new certification allows Global Storage to provide services enabling clients to replicate their data and virtual infrastructure to Global Storage cloud environments. The DRaaS model eliminates costly capital expenses and frees IT from spending valuable time on lengthy planning, acquisition, deployment and management cycles or business continuity.

“We are excited with Global Storage’s introduction of our VMware DRaaS solution to the many new markets served by our partner of many years. The combination of our leading solution and Global Storage’s market deep knowledge and innovative services offer reliable customer solutions and dependable local services backed by local expertise,” said Guy Bartram., Director of Product Marketing at VMware, Inc.

https://cloud.vmware.com/providers/draas-powered

About Global Storage

We go where the data is and deliver a comprehensive suite of enterprise cloud services for computing, backup, disaster recovery, storage, and regulatory compliance. With over two decades of data management experience, the Global Storage team is uniquely qualified to help companies of all sizes realize agility, efficiency and intelligent data management across diverse cloud environments.

Formed in 1997, we have 50+ staff across our branches in Melbourne (head office), Sydney, and Brisbane, and our satellite offices in the US. In 2021, Global Storage achieved ISO 27001 Certification through BSI Global.

How much is your customer data worth? And how much should you pay to protect it?

Modern businesses rely on data for every aspect of their operation. How you protect this data on a daily basis helps to define the operational integrity and success of your business. Along with intellectual property, financial data, and employee records, customer data demands special attention. While there is a cost associated with professional backup and disaster recovery services, it is minimal compared to the extensive losses associated with many data loss scenarios.

The real business value of customer data

The value of data is well-known, with an entire field of study called infonomics concerned with the economic value of information. However, despite the ability of data to transform every aspect of business, according to Gartner analyst Doug Laney, many companies manage their “office furniture with greater discipline than [their] information assets.”

According to Gartner, information has three foundational measures:

  1. Intrinsic value – How correct is your data?
  2. Business value – How relevant is your data?
  3. Performance value – How hard does your data work?

Customer data is particularly sensitive due to its high value across all three measures. The people who trust you with their data are largely responsible for your success, with data integrity offering a range of immediate and follow-through benefits. In order to measure the real cost of data backup and recovery services, it’s important to weigh up the direct costs with the following potential impacts of data loss.

Recovery Costs

There are a range of immediate and ongoing recovery costs associated with any data loss scenario. Lacking or incomplete backup solutions may cause data loss, with each accident or security incident needing to be analysed, corrected, and secured to ensure it doesn’t happen again. As you might expect, this can be an expensive exercise, with a single security incident enough to cause substantial damage to your balance sheet.

Loss of business continuity

In order to define the value of your customer data, it’s important to understand the opportunity costs associated with data loss. Whether it’s due to data theft, natural disaster, or human error, lost or compromised data has a range of potential impacts that threaten your ongoing productivity. Along with the immediate and direct costs associated with recovery, data loss is likely to compromise the continuity of your business operations.

Non-Compliance

Compliance is a serious issue for any business, especially when you’re dealing with private customer records. Depending on your industry sector and jurisdiction, non-compliance may have significant financial and legal implications. Professional third-party backup services allow you to meet stringent compliance obligations, including service-level agreements, reporting, and record-keeping. Non-compliance often comes with substantial fines, with prevention always better than cure.

Reputation damage

Integrated data backup solutions help you to avoid data loss and enable immediate recovery should a security event occur. Along with the immediate costs associated with recovery and non-compliance, and the long-term damage of lost business continuity, there are more indirect costs associated with reputation damage. A single security incident can threaten the hard-earned reputation of any business, with preemptive data backup and recovery measures needed to ensure a strong and enduring reputation.

Complete data backup and recovery solutions for Microsoft 365

From limited to substantial, from immediate to long-lasting, there are a number of real costs associated with data loss events. In order to secure your business and get it ready for the future, it’s important to look after your valuable data assets. Specialised third-party solutions are required for any business, especially those that rely on cloud-based software services such as Microsoft 365.


If you’re ready to take responsibility for your data, please download our white paper, Best Practices for Backing Up Microsoft 365

Data Protection in the Cloud

With the increasing trend of organisations thinking of or currently migrating critical production workloads to the cloud whether it’s a hybrid or public provider model it is still important to look at your data protection, there are the obvious advantages and benefits over the private cloud model and these have been documented numerous times and there is no need to go into detail about them again, but just to refresh a cloud should provide infrastructure, environmental, human resource and software licensing savings; this in turn allows the business to focus strategically on core business services.

The advantages are clear but what other critical requirements are there? Does disaster recovery, business continuity, backup and archiving compliance ring a bell? It is important when an organisation is in the process of choosing a cloud provider that along with providing robust IaaS SLAs that the provider can also provide data protection SLAs.

Has the provider had previous disaster recovery experience? Can it provide your organisation with a clear path during a disaster? Does the provider in fact provide backup, archiving and restore functionality at all? Who maintains the backup, archive and disaster recovery? Is the disaster recovery tested? Cloud providers located at Tier 3 data centres provide numerous N+1 redundancy features but the fact remains there have been two Tier 1 vendor outages in the last 6 months that affected hundreds of customers. So whether you organisation is looking or currently moving towards either a public or hybrid cloud strategy ask the provider about data protection, your data is your business.

The Importance of Disaster Recovery Testing

When considering disaster recovery, any organisation that has seriously examined the impact of a total loss of IT systems would have determined that the desired recovery time objectives (RTOs) are tight. After all, time is money.

The backup mechanism in place determines the minimum RTO possible. Tapes have a finite data transport speed and must be physically moved between sites. Server-based backup solutions, which can perform live replications to a DR site, are a huge improvement in both speed of data transfer and availability, but these require significant skill sets in order to install and manage. With respect to recovery times, there are many other factors that can delay recovery of systems to a running and transactionally consistent state.  How do you determine these factors? Through regular disaster recovery testing.

Disaster preparedness goes beyond taking regular backups. It comes down to knowing that the required resources and recovery skill set is available when needed. It’s reasonable to expect that in-house technical staff can perform tasks such as restoring database backups – the processes for this are well defined and tested. However, restoring platform operating systems and dependent services is a different story, and is complicated when (as is commonly the case) the available recovery platform is dissimilar from that of production. Often physical systems are restored to virtualised systems as part of a cost-effective disaster recovery solution. This is known as a physical to virtual conversion, or P2V, but is not always a straight-forward exercise.

With training and disaster recovery testing exercises, in-house technical staff can develop sufficient knowledge to perform adequate recoveries.  But is the training expense and time invested in this cost-effective? Do you have the man-power to perform sufficient tests such that the time taken for recoveries is within the required recovery time objective? Maybe you can achieve this with a one-off testing exercise, but with the evolving inter-dependencies of typical business systems, will the lessons learnt be applicable in future?

An option worth considering is to engage the services of a dedicated disaster recovery service provider. Such a provider has specific skills in platform management, server-based backup and recovery systems and specific experience recovering a variety of common server technologies such as email and database dependent systems. A disaster recovery service provider should provide your organisation with regular disaster recovery testing exercises that are professionally project managed, executed with a prudent level of isolation from production and will present a professionally prepared report addressing the actual recovery times against the agreed RTOs.

Your in-house IT personnel deal with operational issues every day, and are ideally qualified to validate the correct operation of business systems as restored by a disaster recovery service provider. The coupling of your in-house IT expertise with a disaster recovery service provider able to efficiently restore production systems in the shortest time possible, is a key element to a successful business continuity plan, and ultimately to the survival of a business from a crippling disaster.

Get in touch for a Free, No‑Obligation Consultation

Arrange a chat with our experienced team to discuss your data protection, disaster recovery, cloud or security requirements.

  • Arrange an introductory chat about your requirements
  • Gain a proposal and quote for our services
  • View an interactive demo of our service features

Prefer to call now?
Sales and Support
1300 88 38 25

By filling out this form you are consenting to our team reaching out to you. You may unsubscribe at any time. Learn more by visiting our Privacy Policy

Hidden
This field is for validation purposes and should be left unchanged.

© 2021 Global Storage. All rights reserved. Privacy Policy Terms of Service

The Global Storage website is accessible.

Download
Best Practices For Backing Up Microsoft 365

By filling out this form you are consenting to our team reaching out to you. You may unsubscribe at any time. Learn more by visiting our Privacy Policy

This field is for validation purposes and should be left unchanged.

Download
5 Myths About Backing Up Microsoft 365 Debunked

By filling out this form you are consenting to our team reaching out to you. You may unsubscribe at any time. Learn more by visiting our Privacy Policy

This field is for validation purposes and should be left unchanged.