We already wrote about putting you on the [fast track to entrepreneurism]. There are incredible numbers around entrepreneurs making their way into the country. This is especially true in The Golden State. There is another thing that is true. Whether you’re just starting your business or a leader in an established organization, you have to deal with risk.
The ability to mitigate risk in your organization’s infancy is necessary for success. Entrepreneurs juggle the requirements of trying to reduce the impact on taxes. They follow a list of mandatory regulations longer than a CVS receipt. All while trying to find new business and actually deliver what they sell.
We’ve all been part of a meeting or worked on a project that was more of a pain than it should have been. Far too many slides of a PowerPoint presentation. A flurry of document versions flying everywhere. Confusion about which is the most current and who made the last change. Did anyone take meeting minutes?! Some things never change.
Document management solutions exploded onto the scene as organizations struggled with data sprawl. They’ve all got on-premises and cloud flavors. They are all made with the sole purpose of helping to manage documents for your teams. All in the name of collaboration. More…
Ransomware, a malicious software designed to block access to a computer system. It encrypts the files and then spreads through your entire network infecting every device. It attacks everything including your local backup devices. The attacks happen quickly. Often spread through phishing emails. ransomware injects a kind of cyber venom. Once released, the toxin paralyzes entire IT infrastructures. More…
Advancing technologies are more than changing society and business. Accelerating technological advances are transforming the way in which we live. The world is being re-shaped as never before. We don’t have the policies and regulations to govern the use of these technologies. This is because we lack perspective. How will others exploit technology? The rules of ethical conduct and best practices are being developed. The juries still out in some cases. Think FaceBook and Cambridge Analytica. More…
It can be difficult to understand the power of cloud computing. The transformational impact it can have on a business is staggering. There are different types of clouds. There are differences between the Public Cloud, the Private Cloud, and Hybrid Clouds.
Before we describe each one of these cloud types, let’s look at the components that make up cloud computing.
The need for video and voice collaboration software revolved around mobile workers. Workers in the field needed a way to keep in touch with their peers in a central office. We’ve all had to tune in for ‘state of the union’ conference calls. How many of us can remember sitting through a long, boring PowerPoint presentation? The collaboration work-life was good.
There were a couple of pain points as workers and environments changed. The expensive telephone contracts didn’t help. Neither did those long-distance charges. To say nothing of the pile of actual telephones.
Webex broke through and changed the game, but now that arena is becoming crowded and complex. Let’s take a look at some of the solutions available. Then we’ll dive into the nuts and bolts. We’ll make sure your mobile teams can work while adhering to any security compliance.
Owning, operating, and building your own business provides satisfaction and pride. There are also risks and challenges. Not every start-up business succeeds.
Many small business start-ups fail in just a few short years, if not sooner, according to the Small Business Administration. Don’t let that happen to you. The time and effort you invest in working on your business before you get started working in your business will pay off handsomely.
The Global Entrepreneurship and Development Institute ranks the United States as the best place in the world to start a business. If you want to start in the Golden State, you’ll find yourself with another leg up. California boasts the highest startup survival rates in the nation at 82.3%. California has one of the highest rates of new entrepreneurship as well. Couple that success rate with year-round perfect weather, the most beautiful beaches in the world, Disneyland, and you’ll wonder why you never considered a startup in the first place!
Of course, starting a new business on your own isn’t all sunshine and rainbows. There are many things to take into account. There’s almost no way you’ll be an expert in all (or even most) of the skills required to start a successful business. Topics will vary depending on the type of business you intend to start. But here are 5 things which are an absolute must!
You know that your business needs to be backing up its data, but you’re not sure about the best way to do it.
In this blog post, we’ll give you all the info you need to choose the best data backup strategy for your business.
Consider Your Business Requirements
The first step in any corporate data backup strategy is to consider what you need your backups for.
The main reasons to back up your business’s data are:
To keep from losing and having to re-do work
For compliance purposes
To keep from not being able to work because of lost documents and application file
Of course, in an ideal world, you’d just back up your entire IT in real-time, in several locations, with an infinite number of file versions, and be done with it.
But that wouldn’t be very cost-effective, even if your business could afford it.
As much as possible, you need to analyze your requirements for each type of data (financial records, CRM data, ERP data, marketing documents, etc.). You should consider things like:
How much of this data can I afford to lose in terms of time? (For example, if you perform backups every 4 hours, then you should be willing to lose up to 4 hours’ worth of data)
How fast do I need to be able to restore this data if the original copy gets lost?-How long do I need to keep this data for?
What’s the likelihood that I’ll ever need to retrieve this data?
Am I required by law to protect this data from deletion?
Types of Data Backup
There are three different types of data backups:
Real-time is pretty self-explanatory. You back up your data basically as soon as it’s created or edited – right up to the second, or as close to it as possible. Real-time backups are great if you’d prefer not to lose any data, as you would if you backed up every hour, for example.
One downside to real-time backups is that they can be expensive and resource-intensive. You usually need a persistent network connection and high-speed, high-capacity storage drives.
Another issue is that real-time backups can also back up malware and maliciously encrypted and corrupted data, along with your other files. This can worsen security breaches and lead to the data loss that you were trying to prevent in the first place.
Periodic backups are backups that you perform after a certain length of time. For example: every hour, day, or month.
As mentioned, with periodic backups you accept the risk of losing any data created between one periodic backup and another.
But periodic backups are also cheaper and less resource-intensive than real-time backups. You can run them overnight to avoid overloading your networks and storage systems.
You can perform them on cheap yet reliable hard drives or tape drives since they don’t require the speed and I/O throughput of real-time backups. They let you cancel a backup in the event that all your production files are encrypted by a Cryptolocker-style virus.
If you’re like a lot of businesses, you may find that a combination of real-time and periodic backups works best for you:
Real-time backups for your most important and most actively-used files.
Periodic backups of your least important, seldom-used files. And as a hedge against malware, cryptoviruses, and corrupted files.
Geolocation backups is what I call it when you back up your data to a different domestic or international region.
These kinds of backups keep your data from being destroyed in a localized disaster like a natural disaster or power outage.
They also allow your employees to continue working in the event of a localized disaster. This usually only works as part of an overarching business continuity framework, though.
(You’ve backed up your data in a safe location- but do your employees know how to access it? Do they have access to their applications, too? What about desktops?)
Deciding on a Data Backup Strategy
So now you’ve thought about your business’s practical requirements for backups. And you’ve learned about the main types of backups and their pros and cons.
Now it’s time to formulate a corporate data backup strategy and put it into place.
Ultimately your strategy will depend on your business’s unique requirements. It’ll also depend on your budget and overall priorities as a business.
If you need any help, you can reach out to us or ask your questions in the comments section. We’ll be happy to provide advice based on our 20+ years’ developing our own highly-resilient storage network for our cloud platform.
You’re backing up your business’s data – but are you doing it the right way?
In this edition of CXO Tactical Advisor, we’ll explain why you shouldn’t be backing up just for the sake of backing up. You need to have a data backup strategy that aligns with your practical business requirements, and you to need to plan and execute it with diligence and exactness.
James Elliott here, your Tactical CXO Advisor, with another in our practical series of [tips for] strategic IT deployments for your organization.
Wanted to start with a quick question: do you do backups? And the answer a lot of people give, yes, we have backups, but the real question is: do you have backups that work for your business?
And so today we’re going to be talking about a couple of real simple points:
Practical business requirements
The types of backups
And, most important, restoration
Practical Business Requirements
First when we talk about practical business requirements, we don’t want to back up just for the sake of backing up, we want to back up and have meaningful backups that we can use for business.
A couple of examples of those is: one, we don’t want to lose time for our employees re-entering data, so we want to make sure that we have backups that cover day to day work.
We also want to have backups that cover potential loss where we have people at work but they can’t do their work because the system is down.
We also want to have what we call incremental backups and that’s going to deal with things like financial closings, operational closings for your ERP system.
Another consideration might be disaster recovery. So you want to have your data in a location where you can recover should something like an earthquake happen here in California. We definitely have a provision for that.
Just sit down and think about what realistically you can think of that you would need a backup for.
Types of Data Backups
So now move to types. We’re going to talk specifically about each one of the types that goes with those topics.
First type of backup: realtime backup. So realtime backup is where the data is as close to real time is backed up on a drive or a mirrored system.
That data is basically available for retrieval in, say, 15 minutes time. So take the system down, you would transfer over and bring it back up.
The next type we have is periodic. So that would be end of day, end of month. But it basically allows you to go back and select a period of time where you can go and restore the data and know exactly what data to put in subsequent to that.
And the last type is what we call geolocation data. And that’s the data that’s located in a different geographic region, usually different for kind of risk. So earthquake-type data in LA you would maybe back up in Dallas, be worried about tornadoes say in Oklahoma. You may want to have your data located on the eastern seaboard.
Data Recovery: Real-Time Backups
So moving down into our most important point, and that’s the restoration of data or what we call restore, very important.
The restoration of data is both planned for and tested. We want to make sure that you understand that restoring John Doe’s data because he lost a file last week is not what we consider a test of restoring data.
We want to actually write out scripts for each type of the data loss so that both the technical team and the employees on the floor know exactly how to resolve their work and get back to where they were prior to the event that occurred.
So have a script where we actually will pull the plug on the system and then we’ll want to restore over to the other data. And so we’re going to is basically simulate a drive failure for example on the primary database.
We’ll move over, switch everything over to the new system, and then we’ll bring it back up and then we’ll have users actually test their data.
So we’ll say, okay, we know at 1:10 in the afternoon, the system went down and we’re going to test our last entries and make sure that we capture exactly where we left off.
Data Recovery: Periodic & Geolocation Backups
Next we want to actuallypractice a periodic restore. So the same thing, at this point we’ll say we need to restore to last night’s data because we had a Bitlocker virus.
So we’re going to restore the system. Bring all the data backup online. Then we’re going to instruct our employees to gather all the information and work that they did so that we can reenter, basically recreate the day or part of the day or whatever the important part is.
And then the last is usually because of some sort of natural disaster, but it could also be an Internet outage or something like that. We want to test our geographical backup.
The most common way that geographic backups work these days is that we use a remote access solution where people that were in the building, say in LA, they had an earthquake.
They’ll be able to work on the system in Dallas, but there’ll be doing it from their home until we can restore business operations in LA. So it’s important that when we do that simulation, we make sure that we have already built a complete script.
We’re going to need to find a server. We’re going to need to turn on remote access, make sure that our Internet connection’s all up, test all that stuff, make sure that we’re ready for operation, and then turn it over to the remote users. You’ll want to test that process beginning to end.
Hope today’s information helps. Remember to reach out to your IT department and ask a couple of these questions and see what kind of answers you get back. Make sure that you include your questions down in the comments below, and I will get back to you directly. And of course we’d like you to like and subscribe to our future shows. We’ll see you next time.
PCI DSS hosting is a service in which a hosting company hosts an IT solution in such a way that it complies with the Payment Card Industry Data Security Standard. It makes it a lot easier for businesses to fully comply with PCI DSS.
What is the Payment Card Industry Data Security Standard (PCI DSS)?
The Payment Card Industry Data Security Standard is a set of data security standards developed and enforced by the Payment Card Industry Security Standards Council (PCI SSC), which is run by five of the world’s largest payment card brands: American Express, Discover, JCB International, MasterCard, and Visa.
Any business that processes, stores, or transmits the data from the payment cards of one of these brands has to comply with PCI DSS requirements. Failure to comply with PCI DSS can result in penalties. Such as increased payment processing fees, having your ability to accept payment cards being revoked, and fines in the tens or hundreds of thousands of dollars.
How to Comply With PCI DSS?
Complying with PCI DSS can be difficult for many businesses, especially those that don’t have a lot of IT security measures in place, whose IT budgets are small, or that don’t have any on-staff IT employees. The latest version of PCI DSS, for example, is nearly 140 pages long and has more than 100 total requirements. It includes advanced requirements such as:
Implementing and configuring firewalls
Implementing and regularly updating and running the antivirus software on all devices in the cardholder data environment (CDE)
Implementing an authentication system
Implementing a CDE-wide logging system
Implementing physical security measures to protect the hardware in the CDE from unauthorized access, such as video cameras and ID scanners
Performing internal and external network vulnerability scans and penetration tests
Implementing intrusion detection and prevention systems (IDS/IPS) and change detection systems
Many businesses don’t have the ability to comply with these requirements by themselves, usually either because they can’t afford to implement them or because it requires someone with more IT knowledge, skill, or experience than what they have on-staff.
Hosting helps businesses to comply with PCI DSS because it comes with security measures that satisfy most of the requirements.
For example, most hosted solutions, even those that haven’t been designed to comply with PCI DSS, come standard with PCI DSS-compliant features such as authentication (login) systems. And many hosting companies already comply with many aspects of PCI DSS without having to do anything different.
Scan their networks and systems for vulnerabilities
Follow authentication practices
Implement and maintain physical security measures at their data centers
Implement and maintain logging systems
Regularly perform vulnerability scans and penetration tests
Implement and maintain intrusion detection systems (IDS/IPS) and change detection systems
And implement and maintain security policies and incident response plans.
In addition to these default security measures, hosting companies will also include additional security measures to ensure that a hosted solution is fully compliant with PCI DSS. Such as specially-configured firewalls and antivirus software.
Oftentimes, hosting will not by itself make a business compliant with PCI DSS. However, in some cases, all a business that signs up for PCI DSS hosting will have to do is create security policies and incident response plans. It helps ensure that all of its employees, contractors, and partners understand and are capable of following them.
The hosting company will take of everything else. This includes implementing and configuring all of the advanced security measures. Which a lot of businesses, especially small businesses that don’t have any full-time IT employees, would not be able to do by themselves. And constantly monitoring and maintaining these security measures (which many businesses’ employees might not have time for).