We read a lot on Cyber Security, we spend a lot of time and effort into the Cyber Security strategies and best practices etc. As much as I enjoy all of that, for me there is almost one “leg” missing in all of this, the emphasis on having a decent and proper BaaS and DRaaS in place.
Everyone knows, or should know, that data is the single most important asset that any company possess. Accidental deletion, malicious actors, natural disasters, system and hardware failures, is ALWAYS a WHEN it will happen, never an IF it will happen.
Also, just a note here (before
In our company, we have really looked at a lot of different products, and specializing in the SME market, we have as an organization, basically “standardized” our backup software into 3 products at the moment.
Our standard protection plans are as follows:
- Onsite backups to a NAS device, with encryption on it..
- Offsite backups to external drives which is rotated daily. I always recommend to have 5 drives as best practice, Monday to Friday. Auto eject scripts run once the job complete to remove the drive from access. All jobs are encrypted, and an email is send upon completion of the backup job to the Customer to remember to rotate the backup drive.
- Cloud backups on data level (files, sql data etc. ) running every 2 hours, where customer internet speeds permit, we run it every hour.
- All local Laptops and PCs that have any business critical data on is backed up directly to the cloud.
More and more of our customers is starting to opt for the DRaaS options, and in such cases, we would back up the entire server to the cloud storage platform, and have a recovery server enabled so that WHEN it is required, we can simply start the DR Server up in the cloud, and provide the customer with a fully cloud ready DR Solution. In these cases, we will have the offsite backups push directly to the cloud in stead of the set of external drives.
We still have certain customers that do purchase their own hardware for the DR Side, and in those cases, we will have the local replications between the hosts in place every hour. In these events we will apply a “hybrid” solution as best practice, as the current product we use as our preferred backup product does not do local replications.
On the O365 / M365 we currently use a provider that allows us to back up all mailboxes, contacts, calendars, Teams as well as SharePoint sites daily to their cloud storage platform.
I am not sure if on this platform we are allowed to mention the 3 software providers we use, but it will be very interesting to find out in this community what and how you do your data protection strategy across your customer base, and within your organization.
