Data Management

Is My Business Data Safe in the Cloud?

January 20, 2015

Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

One of the newest business technologies is “the cloud” that more and more people are using. It’s an elusive term that is difficult to pin down, and it is precisely that vagueness that inspires fear in those who are considering transferring sensitive business data to it.

The cloud, however, isn’t as mystifying as you may think, and, if you use an online data drive or social media, you are already using it. Simply put, the cloud consists of networks of servers worldwide that are capable of storing information.

The primary benefit of using the cloud for business is that it eliminates the cost and hassle of purchasing and maintaining a physical server. Also, employees don’t have to waste time downloading and running applications and programs when they can pluck what they need from the cloud and virtually put it back when they are done. While this all sounds well and good, the question remains, “Is business data safe in the cloud?”

The Human Factor In Network Security

December 12, 2014

Scott Blake is a Senior Network Engineer with Tech Experts.

As you’re aware, disaster can manifest in many forms. In the past, we have included articles about weather-related events and how to best prepare your business against disasters.

However, there is another type of disaster that’s unlike flooding or fires that can also have devastating effects on your business.

The Human Factor
When it comes to safeguarding your business both physically and virtually, you have the power and controls available to give the edge against company espionage, cyber-attacks, or absent-minded employees.

It comes down to three basic areas: Software, Hardware and People. Once you have a firm grasp and control over these areas, you will have reduced your risk level considerably.

Software
Make sure all of your company’s electronic devices – from company-owned smart phones, tablets, laptops, workstations and servers – are running anti-virus and have a firewall in place.

While some devices are easier to secure and manage than others, this is a critical area, so be sure to make the best attempt to cover all your devices.

Be certain that your data storage devices are running backups and the backups are indeed good. As an added form of protection, encrypt your data being stored, making sure you save the key offsite as well.

That way, if your data is comprised either through internal access or external, it will become very difficult to use the data that was stolen.

The size of your company and the amount of sensitive data you have will dictate the frequency of your backup schedule. Remember, it never hurts to be overprotective when it comes to your data.

Hardware
Have security/firewall devices in place. Make sure they are fully configured for your business and that the firmware is up to date.

A lot of security devices add increased measures through the firmware updates.

They often have the ability to fully lock down your internal network as well. Restrict Internet access to only websites necessary for your business operations.

If your business offers Wi-Fi access for either internal use or guest use, make sure that controls are in place to limit access to your company’s internal network. The best precaution is to place the guest Wi-Fi on a completely separate network.

While Exchange mail servers can increase overhead, they will also add a level of increased security to combat against viral infections being delivered via email and attachments.

I’m sure everyone is well aware of Crypto-Locker and its variants. The majority of Crypto-Locker infections were delivered through infected PDF files sent as attachments.

People
By nature, humans are (and will always be) the most random aspect to safeguard your business from. It is vital that you run full background checks on any employee that will be given access to sensitive data or hardware.

Restrict the use of portable media such as flash drives and external hard drives while employees are working on or in the server room. Some companies may go as far as banning all portable media devices entirely.

Be proactive in actively monitoring your employees and watch for any changes in behavior, appearance, attitude and tone of speech. These can all be signs something is wrong.

If you have questions or you’re looking for suggestions, call Tech Experts at 734-457-5000, or email us at info@mytechexperts.com.

(Image Source: iCLIPART)

When Nature Strikes Part 2 – Fire In The Sky

November 30, 2014

Fires in or around server rooms and data centers can ruin your data and put your business at risk. It’s a must to set up fire protocols when you build your room or building.

As I mentioned in Part One of “When Nature Strikes,” the two most important protocols to have in place for any “in case of…” are 1) Have a Plan and 2) Secure Your Data. When dealing with the possibility of fire destroying your server room or data center, you’ll want to make sure you also have Suppression, Containment and Insurance protocols in place as well.

Have a Plan
Disaster recovery plans are now becoming a requirement for many industries. To be prepared, businesses need to locate and define the regulatory requirements of their individual industry, which will also help avoid fines, penalties or negative press associated with noncompliance.

Trying to implement or even design a plan while in the middle of a disaster will only lead to a less than successful recovery. Make sure your team is ready for action and everyone knows what to do. It’s better to be overprepared than have a plan that goes up in flames.

Secure Your Data
Back up your data regularly. Manage a duplicate copy of all data, programming, and company processes at a different physical location or in the cloud. That way, you can continue working at a secondary location if your system crashes. One way to do that is to keep copies of all your data, programs, bare metal backups and virtual machines in data centers in other states.

If you maintain data backups and business software on location, make sure you store them in a fire rated safe. Fire safes can be purchased anywhere from $100 to thousands of dollars for a fully-loaded safe.

Suppression
Fire suppression systems for server rooms and data centers are essential to the server room itself. A fire suppression system will automatically extinguish a fire without the need of human intervention.

Design standards for fire suppression systems for server rooms and data centers are carried out with strict guidelines as the fire suppression agents used can be dangerous if not designed correctly. Fires within these types of environments are suppressed in two different ways.

Reduce Oxygen – This method uses argon, nitrogen and sometimes carbon monoxide to displace the oxygen in the room. The objective of this method is to reduce the oxygen level to below 15% in the room. By reducing oxygen to this level, it will suppress the fire.

Chemical and Synthetic – Most chemical and synthetic fire suppression agents have some form of a cooling mechanism. These systems use less gas and maintain a higher level of oxygen. However, high doses of any synthetic or chemical agent can be toxic, so making sure your design is correct is absolutely necessary. Synthetic fire suppression systems will deliver its payload within ten seconds.

Containment
A fire doesn’t have to be inside your data center to jeopardize IT equipment. Because radiant heat and smoke from fire in an adjacent room can be enough to damage sensitive network hardware, creating a protective barrier between your server room and the potential fire not only blocks indirect damage, but prevents flame spread as well.

Lightweight, flame-resistant ceramic panels can be used to build fire-safe archive rooms and data centers within larger, standard-construction buildings.

Insurance
Recovering from fire damage is expensive. Business insurance is crucial and it’s not only for physical property. The right kind of insurance will replace lost income as well. Make sure your business insurance policy is up to date and has the correct coverage to support your business in crisis mode.

Make sure you have all of your suppression and containment systems built and installed by certified professionals. Insurance companies will require this in order for you to acquire the policy and even collect on it.

No one wants to get burned after a fire. Again, make sure your company insurance is up to date and has the appropriate coverage needed to rebuild your business.

If you have questions or you’re looking for suggestions on prepping your business for recovery, not disaster, call Tech Experts at (734) 457-5000.

(Image Source: iCLIPART)

Cloud Vs. On-Premise Systems – Pros, Cons And Costs

August 22, 2014

A common discussion among the business owners I work with is whether to store their data in the cloud or an on-premise IT system. The conversation usually starts with the cost implications; however, there are many things that need to be taken into consideration when comparing the two options, such as some of the following:

Cloud
The recurring monthly service cost is often the main and sometimes the only cost factor that is considered when comparing cloud solutions with an on-premise option.

Pros
• Although much is said about cloud solutions outages, public and private clouds can provide much better reliability and uptime than an old, outdated and poorly maintained on-premise system.

• In the long term, the total cost of ownership (TCO) for cloud solutions is much lower than that for on-premise systems for most businesses.

Cons
• Offloading hefty workloads to the cloud demands sufficient bandwidth. Without it, any savings you might be making from not running an internal server could potentially be negated by slowness and productivity loss.

• Similarly, any increased needs in Internet connection costs should be accounted for in an objective comparison of moving to the cloud versus staying in-house. If you are contemplating moving to the cloud, talk to us about the amount of bandwidth you need for your business.

• When dealing with cloud servers, you will often find that while you can move as much data as you wish into the server, transferring data out usually has an associated cost.

• Moving large amounts of data to the cloud may take a significant amount of time depending on your office Internet connection; it may not be enough to transfer these workloads in a timely manner between endpoints.

On-premise IT systems
Many people mistakenly believe that the cost for on-premise systems start and stop with how much they need to pay for new hardware and software.

Pros
• They are more suitable than cloud solutions for large capacity file sharing of 50GB or more, or for operations that would be bandwidth-prohibitive in a cloud scenario, such as rural offices with weaker Internet connectivity.

Cons
• In contrast to standard computers or laptops, the average solid server has a mixture of multiple-socket processors, dual power supplies, multiple hard drives and numerous other components that all increase your electrical overhead cost. You should also factor in the cost of cooling your hardware, which is critical in maintaining these components.

• On average, organizations replace on-premise systems every five years, which means you will incur upgrade costs to retire old servers. Even if staying in-house may be cheaper than moving to the cloud when you consider the monthly costs, your five-year upgrade or replacement costs could be even more expensive, and opting for cloud solutions may still be better in the long term.

It is worth noting that while one solution may seem more favorable than the other, it may not apply to all businesses.

As such, it is important to objectively compare these factors based on your business needs and make the most suitable decision accordingly.

(Image Source: iCLIPART)

Benefits Of Going Paperless

August 22, 2014

Michael Menor is Vice President of Support Services for Tech Experts.

The “paperless office” has been a concept in American business culture since 1979, when it was first coined in Newsweek. As the technology improves and becomes more cost effective for small businesses, the paperless office is becoming a reality for more and more small companies. If you are considering going paperless or adopting a document management system, consider these five benefits.

Increased Productivity
Call it a variant of Murphy’s Law — when you need a paper file, it is inevitably located at the bottom of a large stack of files on the floor in the corner of somebody’s office.

For example, law firm personnel can spend literally hours every year looking for paper files. In an industry that typically charges by the hour, that’s not a productive use of time.

By contrast, you can immediately retrieve a scanned file from your document management system. With a document management system, multiple people can retrieve a given document at the same time, improving efficiency.

When you scan a document, you get an image of that file. To convert the image of the text into searchable text, you can use optical character recognition (OCR ) software — often included with a scanner.

Once you’ve made scanned files searchable, it becomes even easier to find them because you can search for any phrase in the document, such as a client name, not just the name of the document itself. This makes it incredibly easy to find invoice numbers or any other information that is usually hidden deep within a document.

Improved Customer Service
At one time or another, everyone has been on the receiving end of the dreaded phrase “I’ll have to check the documents and get back to you.” Consider how much happier your customers would be if you could say, “Let me pull up the document now and check for you,” resolving their question during a single phone call?

As an added bonus, the ability to search documents makes it less likely that you’ll overlook that key piece of information. More efficient service means happier clients who pay their bills faster.

Even better, improving your client relations will make your clients more likely to hire your firm for other services and make it easier for them to refer your business!

Reduce Operating Costs
Storage costs represent a major expense. Typically, office space is second only to salaries in terms of cost, especially in large cities. As the piles of paper grow, so do your storage costs.

Scanning documents can substantially reduce storage costs by eliminating a significant portion of your paper files and the storage space required to store them. You can then put the space once used for storage to more productive use.

Before you call a shredding company, read your state rules on the retention of physical files, especially in practice areas such as Real Estate or Financial Services.

Even if you have to keep the files for a specified period of time, scanning them will enable you to store them off-site as cheaply as possible. Scanning documents also reduces time spent requesting documents from the file room or even warehouse.

Finally, since you can easily email scanned documents, you can reduce your phone bill by faxing documents less often. Some paperless law firms have even eliminated their fax machines entirely and switched to online fax services.

With a paperless office, you can almost entirely eliminate the costs of printing, such as copy paper, ink and toner. With toner being one of the most expensive liquids on the planet, this can equal huge cost savings for your small business.

Better Security
Paper documents are subject to two risks — physical theft and destruction from a variety of disasters (fire, flood, etc.). When you scan confidential documents, you can restrict access to your eyes only. For example, you can limit the access of sensitive information or specific case files to select people.

Law firms subject to federal and state regulations regarding the protection of client information will find compliance significantly easier with scanned documents. Also, replacing a digital file is much easier than trying to replace a file cabinet destroyed by fire or flood.

Environmentally Sound
If environmental issues are important to you and your business or you have clientele that care about these issues, going paperless can boost your status in the community.
For example, digitization of your files will result in fewer photocopies, reducing company paper consumption.

The less we use today means the more we leave behind for future generations. If you are part of the Green Revolution, making your business paperless is a great place to start.

Going paperless will save your firm time and money – but be wary of anyone selling you a magic software product that will fix all your problems. Like anything else, you get out of it what you put into it.

There are many organizations that can help with this type of solution, but make sure their company culture matches you own. After all, the last thing you want is to try and go paperless with the help of Xerox or any copier company whose main interest is in hardware and consumables.

(Image Source: iCLIPART)

What Happens To Stolen Data After A Breach?

June 30, 2014

Data breaches have become so common that virtually everyone has been impacted by a breach in some way. Breaches at big retailers make the news, and replacement credit cards ominously arrive in the mail from our banks.

However, there is a lot more to most data breaches than meets the eye, as is the case with more traditional robberies, the theft of data is often just the beginning of the crime. If criminals can’t use or sell stolen data without being caught, then the data quickly becomes worthless. As a result it’s critical to understand what happens to data after a breach.

Understanding the Criminal Infrastructure
While “hacktivist” groups will periodically expose data to further an ideological cause, the vast majority of breaches are perpetrated by criminal groups focused on financial profit. Since very few of these attacks result in the direct theft of currency, criminals need a way to turn their stolen data into money.

Even in the simple case of stolen credit card information, criminals either need to sell the cards to other criminals or use the cards directly to commit fraud. In either case, the card data itself is a precursor to future fraud.

This may seem incidental at first, but there are important consequences. Specifically, the ability to monetize stolen data requires a very different set of skills than those needed to breach a network in the first place.

A network breach can be a relatively targeted operation perpetrated by a few attackers. However, once a breach is successful, the scale of the operation changes entirely. Whether the stolen data is personally identifiable information (PII), payment card data, or login credentials, the attackers face a challenge of scale. Millions of individual records need to be monetized either by reselling them or using the data directly for profit.

The sheer volume of data makes it impractical to do these tasks manually, and this is where cybercriminals need help. In most cases help arrives in the form of botnets that can automate the processing of individual records, and a larger ecosystem of organized crime that can consume the stolen data. Here are a few examples.

Direct Financial Fraud
Payment card breaches such as the recent attack against Target have obvious financial impacts and motivations. Yet while it is relatively simple for a criminal to derive value from an individual stolen credit card, doing the same for millions of cards is another thing entirely.

This is where the larger criminal ecosystem comes into play. The attackers behind the breach will sell the stolen card data to brokers, who in turn sell cards in batches to lower level criminals who use the data to either buy goods online or print cards to be used in physical stores.

This ecosystem shares a common problem in that stolen credit cards have a very limited shelf-life. As soon as it becomes apparent that a specific merchant has been compromised (Target for example), all of the compromised cards will be quickly deactivated.

This means that freshly stolen and active cards are highly valuable ($100 or more), while older cards can be worth pennies. This is a serious spread, and criminals need to know which sorts of cards they are buying, and the state of the cards they are holding.

To address this challenge, criminals will periodically test a subset of their cards by using them to make small online purchases. Attackers can drop a few hundred credit cards into a botnet programmed to make small purchases, and quickly determine the percentage of cards that are active and working.

Oddly enough, charities such as the Red Cross are a common recipients of these charges because they commonly receive small donations, and the purchase is unlikely to raise red flags with the consumer. Disrupting these validation steps could provide an interesting way to devalue the black-market price of stolen cards, and make the attacks less profitable for an attacker.

Stolen Credentials
End-user credentials (usernames and passwords) are another common target of attackers, and can provide considerable long-term value for additional attacks and fraud.

Unlike payment cards, there are no centralized authorities to deactivate compromised usernames and passwords in the event of a breach. A website that is compromised may lock out affected users so that they have to change their passwords, but there is nothing keeping an attacker from using the stolen credentials at other sites.

A 2011 study from PayPal unsurprisingly found that 60% of users reuse passwords at multiple sites, meaning that a breach at one site can easily spider out to other sites around the Internet.

In order to find sites where credentials are re-used, attackers again turn to botnets in what are called credential stuffing attacks. In these attacks, stolen credentials are fed into distributed botnets, which in turn slowly and deliberately test those credentials against high-value websites.

These attacks can afford to be patient, and will slowly test logins from many different IP addresses to avoid rate and reputation-based triggers that could expose the attack.
This strategy can transform a seemingly innocuous breach into something far more serious. If an attacker is able to take-over a victim’s account on an e-commerce site, they could easily commit fraud in the victim’s name.

Such fraud may take longer to identify because the attacker is using the victim’s real account and from a site that the victim is known to use.

Credentials to social media sites are also highly valuable, enabling an attacker to easily impersonate the victim and infect his or her social networks.

Likewise, compromised personal webmail accounts can be a goldmine for an attacker. Such access not only provides the attacker insight into the victim’s identity, but can also be key to breaking into additional online accounts.

Most sites and applications have an option to reset or resend a user’s password to the email address on file. If the attacker has access to the victim’s email account, he can again use a botnet to proactively find online accounts where that email is used, and then obtain or reset the victim’s password.

These are just a few examples, but it serves to illustrate why it’s important for security teams to consider the lifecycle of stolen data.

In order to monetize a breach, attackers often need to go through additional steps, and this provides additional opportunities to mitigate the effects of a breach.

Likewise, companies can insulate themselves from the impacts of breaches elsewhere on the Internet by knowing how criminals attempt to automatically use stolen data.

This of course won’t prevent breaches from happening in the future, but it certainly is possible to mitigate the damage.

(Image Source: iCLIPART)

Does Your Organization Have A Security Program?

April 29, 2014

No matter how large or small your company is, you need to have a plan to ensure the security of your information assets. Such a plan is called a security program by information security professionals.

Whether yours is five or 200 pages long, the process of creating a security program will make you think holistically about your organization’s security.

A security program provides the framework for keeping your company at a desired security level by assessing the risks you face, deciding how you will mitigate them, and planning for how you keep the program and your security practices up to date.

Think you don’t have anything of value to protect? Think again. The key asset that a security program helps to protect is your data – and the value of your business is in its data.

You already know this if your company is one of many whose data management is dictated by governmental and other regulations — for example, how you manage customer credit card data (PCI Compliance) or even how you handle sensitive patient information (HIPAA). If your data management practices are not already covered by regulations, consider the value of the following:

Product information, including designs, plans, patent applications, source code, and drawings.

Financial information, including market assessments and your company’s own financial records.
Customer information, including confidential information you hold on behalf of customers or clients.

Protecting your data means protecting its confidentiality, integrity, and availability. Also known as the C-I-A triangle. The consequences of a failure to protect all three of these aspects include business losses, legal liability, and loss of company goodwill. Consider the following examples:

Failure to protect your data’s confidentiality might result in customer credit card numbers being stolen, with legal consequences and a loss of goodwill. Lose your clients’ confidential information and you may have fewer of them in the future.

A data integrity failure might result in a Trojan horse being planted in your software, allowing an intruder to pass your corporate secrets on to your competitors. If an integrity failure affects your accounting records, you may no longer really know your company’s true financial status.

Having a security program means that you’ve taken steps to mitigate the risk of losing data in any one of a variety of ways, and have defined a life cycle for managing the security of information and technology within your organization.

Hopefully the program is complete enough, and your implementation of the program is faithful enough, that you don’t have to experience a business loss resulting from a security incident. If you have a security program and you do experience a loss that has legal consequences, your written program can be used as evidence that you were diligent in protecting your data and following industry best practices.

Getting started in the right direction
It doesn’t matter whether your security program is five pages or 200 pages long. The important thing is that you have a security program and that you use it to address your company’s security in an organized, comprehensive, and holistic way. You can adapt the above elements to create a security program for your organization, or, if you need help, give us a call at (734) 457-5000.

Everyone needs to have a security program because it helps you maintain your focus on IT security. It helps you identify and stay in compliance with the regulations that affect how you manage your data. It keeps you on the right footing with your clients and your customers so that you meet both your legal and contractual obligations. Its life cycle process ensures that security is continuously adapting to your organization and the ever-changing IT environment we live in. And, of course, it’s the right thing to do because protecting your data’s security is the same as protecting your most important asset.

(Image Source: iCLIPART)

One Last Time… How Important Are Small Business Backups?

December 30, 2013

tlfheadshot_web — Thomas Fox is president of Tech Experts, southeast Michigan’s leading small business computer support company.

Last month, I shared with you my personal experience with local search and how it impacted the surgery my dog Daisy needed. This month, I’m going to share with you my personal experience with the importance of offsite backups.

Earlier this month, we had a pretty bad fire at the house. Everyone got out ok, including Daisy and Bailey, but the damage is incredible. We’re living in a condo for the next six to nine months while the house is repaired.

The fire started in the center of the house, where all of my networking equipment is located, including my Fortinet router and my Western Digital network attached storage (NAS) device.

I use the NAS primarily to store old tax information, backups of my Quickbooks files, backups of my extremely important pictures from Michigan Football games, and other personal information.

The Fortinet, NAS and everything else that was in that room are completely destroyed – all that remains is a charred mess of plastic connected together by the thin copper wire that used to be Ethernet cable.

As is always the case, the fire was completely unexpected. And, it happened so fast that we had just enough time to get ourselves and the dogs out. There was no time to save network equipment, much less anything else.

And that’s the important thing to take from this. No matter how convinced we are that “it could never happen to me,” it’s our responsibility as business owners to be prepared for any eventuality.

Fortunately, all of my personal data is protected by the same industrial strength backup solution we use for our business clients – our Experts Total Backup service.

All of my files and documents were backed up to the Tech Experts cloud servers, and nothing was lost. Our Experts Total Backup service works quietly in the background, compressing and encrypting your files before sending a copy of them to the backup server in the cloud.

A few days after the fire, once things settled down, it took just a few hours to copy everything down from the cloud and onto a new NAS unit.

So, what’s the take away from all of this? Expect and prepare for the unexpected. If I didn’t have an offsite backup for my data, I would have lost a ton of information, but none of it mission critical (except, perhaps, my U of M football pictures).

A similar disaster at a small business would be catastrophic in the best instance, and deadly if the company didn’t have offsite backups.

And as I’ve written many times before, your business’s backup is only as good as the last time you tested it.

Whether your backup is onsite using tape or other removable media, or offsite using a service like Experts Total Backup, you must routinely test and verify your backups.

Thanks!
Everyone around me has pitched in to help, but a few folks have gone above and beyond.

Leski Insurance Agency and MEEMIC Insurance Company (734-242-6759) have been incredible.

The Frenchtown Fire Department was on-scene in minutes.

Annette Perna-Taormina from Gerweck Real Estate took literally one day to find us a temporary place to live. Call her for your real estate needs at (734) 243-4200.

Finally, friends Michele Paled, Marlene Messina, Tammi VanAken, Candie Mulligan, Kim Harper, and my mother Carol have been incredibly helpful and supportive.

Why Should You Backup Your Data?

August 22, 2012

by Jeremy Miller,Technician
Even though it’s common knowledge, I thought I’d offer a quick refresher on data backup and why it is important.

What is a data backup?
A data backup is a copy of your data stored in a different location. This can be as simple as copying a document or picture to an external drive or disk.

It could also be a copy of your entire operating system, so if your system crashes you could recover it relatively quickly. Backups are usually not stored on the same location as the primary data.

Why should you backup your data?
You should always backup your data to at least one external source. It is best practice to have at least one on-site backup and one off-site backup.

You never know when a catastrophic event will take place. There are a number of things that can corrupt your data to the point of needing recovery.

For example, you could corrupt a file from losing power, or selecting cut instead of copy when moving files and the process errors out.

If you have files that cannot be replaced such as photos or emails that you have saved, and they become corrupt, the only way to guarantee recovery would be to have backup copies of these files in a different location.

The different location is one of the most important parts of backing up data. The reason is because if the drive your original data is on fails, and your backups are stored on the same drive there is a good chance you will not be able to recover your backups either.

If you are constantly making changes or installing and removing software then taking a backup image of your PC during a known-good configuration would be a great option.

You could set up your PC with a fresh-install of your operating system of choice that is up-to-date and just the way you like it.

Then you could take an image backup of the instance that way if you want to recover to that state it will only take the effort and time to load the image. There will be no hunting for drivers or remembering settings for printers, it will be easy to just load and go.

What is the best backup option?
Choosing the right backup is based on the kind of data you need to backup and how often it needs to be protected.

You must decide if you only need to backup some files, most files, all files, or the entire operating system.

Then you must decide how much money you want to spend on your backup solution. You must also decide where you want to store your backups such as an external hard drive or using a cloud storage service.

We offer Experts Total Backup, a cloud-based off-site storage system that’s rock solid and secure. It operates entirely in the background, encrypting your files and replicating them to an off-site storage system.

In conclusion if you have data that you cannot or do not want to lose then you must backup your data. This is the only way to guarantee that you do not lose any data. Once you have these backups you must test and safeguard them.

Keep a few copies so that if one backup gets damaged you have more to fall back on. Testing your backups is a great way to know that you will be able to restore from your backed up data.

Data Management: From Storage To Security

January 20, 2012

One of the most important aspects of maintaining a smooth running safe and secure network comes down to data management.

How you or your company manages its data is important because if managed improperly, or not managed at all, you risk losing years of important confidential data due to failed hardware or even worse, theft.

Data management needs to begin with an audit of your various assets and how they should be managed properly.

This is the first step because you need to know what you have to manage and more importantly how it needs to be managed (can you use a simple flash drive backup, do you need a NAS, how secure does the data needs to be, should data be encrypted, etc.)

An audit should take place at the beginning of your data management plan as well as at the end which will be touched on later.

During your data management audit you need to first lay out what data is being used, when it is in use, when your slow periods are, and how securely you need to store this data.

For example client credit card data requires much more security than say your pictures from the company party.

After establishing what data you have as stated above you need to separate it into its various classes.

Generally people will store all of their data together so if that is your plan, you need to plan your security based on your most important and confidential data sets.

Some people may have a very large amount of data and smaller data sets that need more extreme security.

In these cases backup sets can be separated to allow less confidential data to be backed up to a less secure and much cheaper backup device while you could have a more secure setup for your confidential data.

One major consideration when it comes to backing up your data is encryption.

The stronger the encryption on data the longer it will take to recover in the event of a data loss.

Encryption is one of the best methods to store data, determined by level of security – it can be high or low.

Again the amount of encryption contributes greatly to recovery time. Data can be managed and stored in many different manners.

Some of the various storage solutions are; a network drive to another computer, a NAS, a flash drive, an external hard drive, data drives and tapes, offsite backups, etc.

Depending on your needs and the amount of recovery time needed, your choices can vary.

For instance, if you have 1 TB of data you are backing up chances are you would be doing an onsite backup rather than offsite to decrease down time in the event of a crash.

A terabyte of data in an offsite backup is going to take a very long period of time to download to your server if your only recover option is to download from the Internet.

A much better solution for this amount of data would be a data drive like a “REV” drive. A REV drive in combination with good backup software offers plenty of space to backup and encrypt your data.

Backups via tapes or data drives should have at least the previous night’s copy taken offsite each night to ensure that you keep one data set safe at all times. It is a horrible idea to store all data onsite.

After you have a plan in place, run through the audit again once things seem to be running smooth to see what is in place, how its running, how secure it is in the event that a data set is stolen, and is the backup time/recovery time acceptable.

If the answer to any of these questions makes you feel your backup solution may be inadequate, it may be a good idea to try something different.

Even though it would cost more money to change data management solutions, it will save you money and hassle in the long run if you find it does not meet your company’s needs.

For a full data management audit give us a call today and we can happily sit down and discuss with you possibilities for your backups and data management as this only touch on a very small portion of data management.

Your data is very important and generally people do not realize just how important it is until they’ve either lost it or had it stolen due to poor management practices.

Feature Article Written By:
Tech Experts

« Previous Page