Understanding the Importance of Data Storage and Backups for Small Business - 17/4/2018

| Tuesday April 17

Small Biz Matters – a half hour program each week where you can work ON your business rather than IN it.
with Alexi Boyd from Boyd Office Management Services
Date: 17 April 2018

The Cloud. We get it, we use it. We count on it.

Every day when operating as a small businesses we rely heavily on the cloud and internet storage. We assume it's safe, secure and backed up SOMEWHERE. We assume it's available anytime and reliable and we assume the content we produce is ours to do with what we wish. But we’re not careful enough.

But like all things (except death and taxes as they say) you can’t be sure of it. You need to be in control with this extremely important tool of your trade. What if you can’t find an important document? What if the storage you relied on suddenly wasn’t there? What if you never backed up?

Well today we have on the show another great expert; Gunnar Habitz to help us navigate through the complexities of Cloud storage but like always on Small Biz we’ll make sure you have practical strategies to ensure you take control.

Welcome to the show Gunnar.


Topics we’ll be covering:

  1. Cloud overall

  2. Cloud storage vs. cloud backup comparing different tools

  3. How does a typical IT setup of Small Biz Owners look like

  4. Who should provide help

  5. How long to keep data

  6. How and how often to get data back

  7. Why isn’t all safe in the cloud

  8. Why storing in Australia is important (Dropbox stores in the US)

  9. The CEO view: Business Continuity and Risk Management instead of just backup

  10. Cyber insurance

  11. Ransomware attacks

  12. Example case of a disaster that really happened

  13. What about the new “Notifiable Data Breach” law in Australia

  14. What to backup how

  15. Practical tips

  16. How to get attention for the topic


1. Cloud overall (see graphs at the bottom of this document)

  • Benefits for customers: agility, flexibility, choice, PAYG

  • Public, Private, Hybrid cloud

  • Cloud is a journey instead of destination

  • Fear, trust, proof, procedures, risk management


2. Cloud storage vs. cloud backup comparing different tools

  • Cloud synchronisation services: Dropbox, Box, Google Drive, Microsoft OneDrive

  • Many of them don’t have versioning (Dropbox EVH has 120 days)

  • What’s deleted on one device gets deleted on another as well upon connection

  • Hard to get anything back from the cloud sync providers

  • Proper cloud backup provides versioning in all possible local retention possibilities and clients can get back their data as part of the service by themselves of their partner


3. How does a typical IT setup of Small Biz Owners look like

  • On-premises: notebook(s), printing, potentially a server for files or databases

  • Cloud services like Office 365, Google G Suite, AWS, Xero/MYOB, CRM, specific apps


4. Who should provide help

  • Managed Service Providers (MSPs) deliver IT as a service based on SMB demands including backup, but also on-premise infrastructure from capex to opex

  • The Small Biz owner should focus on the business outcome, not on technology


5. How long to keep data?

  • Legal companies often require 7 years, some even longer

  • That makes moving between different backup technologies rather difficult


6. How and how often to get data back?

  • User can retrieve data by themselves or via partner

  • Restoring should be free as part of the backup pricing, not to pay extra for every restore

  • According to a worldwide study of 2016, about 6% of restored data comes from accidently deleted files

  • Database operation restoration is slightly less


7. Why isn’t all safe in the cloud

  • Tricky balance: hard to get anything deleted when needed (e.g. wrong posting) while on the other side hard to find what has been there when needed

  • Cloud sync providers run their own backups to provide their service with best possible availability rather than helping clients getting it back (even against $)


8. Why storing in Australia is important

  • Many industries require data to be stored in Oz like healthcare for legal reasons

  • Even NZ companies often cannot store their data in Australia

  • The marketing departments of those companies often store data on Dropbox (no-go!)

  • Storing data encrypted in the US is possible, but NSA might want to see on the way back

  • Dropbox stores in the US for the premium experience vs. local law, but how to proof?

  • Microsoft runs Azure in Australia and not in New Zealand (yet)


9. The CEO view: Business Continuity and Risk Management instead of just backup

  • Worldwide standard ISO 31000 has been created by Australia/NZ initially (2004)

  • Provides principles and generic guidelines on risk management

  • Example: 6% of data restored * cost of getting it back (but how to estimate?)


10. Cyber Insurance

  • Some see backup like an insurance, but the reality is different

  • The cyber insurance covers for lost revenue in a data loss, but doesn’t get the data back

  • The backup providers gets the data back, but doesn’t cover lost revenue

  • It is a complementing solution usually not offered together


11. Ransomware attacks

  • Talking about a concrete example

  • Can arrive per email or even inside an internet connected printer or scanner


12. Example case of a disaster that really happened

  • Usually we talk about statistics that 60% of SMB companies go out of businesses after a severe disaster within a year, 80% don’t survive the second year

  • Spoken to a victim of a real story at the Australian Information Security Association (AISA)


13. What about the new “Notifiable Data Breach” law in Australia

  • In place since 22 February 2018 to report data breaches within 30 days

  • Most often data breaches haven’t been made public not to destroy brand value

  • Fines now official: $360K for individual and $1.8M for companies if not reported on time

  • Many IT resellers told at an ARN event that their customers are not ready yet

  • European General Data Protection Regulation (GDPR) from 25 May goes even beyond, it aims primarily to give control back to citizens and residents over their personal data

  • View of the Ransomware programmers: “if you don’t pay me in Bitcoin, then I will breach your data and force you to pay the fines”


14. What to backup how

  • Different areas: Cloud Backup, Cloud DR, Endpoint Backup, Cloud to Cloud

  • On-premise server into the cloud using leading software such as Veeam

  • Some services are already in the cloud such as Exchange into Office 365

  • Even Office 365 is not covered by backup, therefore it needs e.g. SkyKick


15. Practical tips

  • Forget about the rotating external HDDs which often have unencrypted, easily visible files in it

  • Most important is redundancy, even use RAID 1 in a NAS to ensure availability

  • Guidance rule of 3-2-1: 3 copies of the data, 2 kind of media, 1 offsite location

  • Think to fail: what happens if building gone, NAS drive stolen, computer hacked

  • Think to be back fast not to lose revenue and keep serving customers: use Disaster-Recovery-as-a-Service

  • Use risk management to calculate the probability with the options

  • Making sure you can not only save but extract the data


16. How to get attention for the topic

  • Turning from backup (like dentist) into business continuity (winning smile)

  • Business consultants often convince owners better than box moving IT resellers

  • “World Backup Day” every 31 March (even backward) to raise attention to the topic

  • Software vendor Veeam has even taken the 30 March as “Availability Day” to make the point not “you don’t have backup” but rather “you want to aim for availability”


To find out more, go to their website: www.keepitsafe.com or contact sales@cloudrecover.com.au


cloud computing, on premise, hybrid