Over the years, small and medium-sized businesses have become increasingly reliant on their IT hardware and systems to deliver mission-critical applications for their organizations and customers. So much so, that many of these SMBs are considering or have already moved their critical applications to cloud infrastructure. We have discussed the benefits in a previous post but what steps can be taken to remove the risk when moving to colocation?
What if you are not ready or, just can’t let go of your hardware, but need added security and protection for your mission-critical systems? Then you should consider colocation – often referred to as a data center – a colocation (colo) facility is a purpose-built building that offers multi-tenancy rental space for organizations to install and operate their physical servers. Colo’s offer significantly superior IT facilities to those typically found in an SMB office – much better than the server closet located next to the water cooler!
There are some considerations to look at when choosing a data center and these will vary depending on your specific needs. In general, some of the key factors include:
- Security – Physical & access policies
- Services – Power, network, cooling, fire suppression, etc.
- Redundancy & Fault Tolerance – Power, resource duplication, network duplication, power grids, etc.
- Network Throughput and Cost
The higher the specification for each of these, the more expensive space becomes. If you’re considering or have made a move to a colo it is a significant first step that is likely driven by your organization’s need for higher reliability and to de-risk your business in the event of an office facility failure, physical security breach or, even worse, a significant disaster such as fire or flood.
What about the second step? How can we improve reliability and remove the risk when moving to colocation? You have made an effort to move to a secure and fault-tolerant facility, so many of the same IT conditions and risks remain. Have you considered the risk of your server hardware failing? Whether it is at your office or in a colo – hardware still fails. When factoring in seamless data backup, recovery and restore, or business continuity, the cloud can answer this call. Although your servers may be installed in a colo, this doesn’t prevent you from implementing cloud-based services to address these issues. In fact, careful planning could lead to colocation and cloud services being located in the same facility providing an added benefit of saving on network traffic (or transit) because the data is, in fact, running on the internal network rather than over the internet.
When considering back up & restore services, a hosted, cloud-based backup allows businesses to protect their critical application data in the cloud and manage long-term retention needs. It can be as simple as installing a software agent on your physical server that encrypts all data before transferring it from your colocated servers to an array of redundant cloud-based disk storage. This “set and forget” approach eliminates the ongoing burden of backup and restore management and de-risks the organization by implementing a backup solution based on enterprise best practices.
Finally, ensuring business continuity means taking backup to the next level. Proper planning ensures small and medium-sized businesses can implement a cloud-based business continuity plan that provides instant recovery of the physical servers and data located in the colo and migrates them to a virtual server provisioned on the cloud in the event of failure. This gives near-continuous access to data volumes on physical servers. You can recover an entire database with near-zero RTO of minutes. Backup and replication technology records concurrent snapshots of single or multiple servers, providing near instantaneous data and system protection and recovery. You can resume the use of the server directly from the backup file without waiting for a full restore to production storage helping to reduce recovery windows to meet stringent RTO and RPO requirements.
Interested to learn more? Make sure to check out HostedBizz’s HBizzServer as the solution to any colo worries.
Polar vortexes and natural disasters: we hear about them all the time. As Canadians, we read about the plight of our southern neighbour during hurricane season – 2017 being a particularly bad year with Harvey and Irma inflicting severe damage throughout the southern US and Caribbean. Discussions around disaster recovery planning are becoming commonplace.
It’s only human to think “it won’t happen to me” but it’s just not the case. Mother Nature hasn’t exactly been smooth on us Canadians in 2017, either. In fact, we’ve experienced our share right here in Ottawa – headquarter city for HostedBizz! Major flooding in the spring due to a rapid thaw and record-breaking rainfalls over the last six months have led to some local disasters for individuals and businesses. While these disasters pale in comparison to the tragedies experienced in the US and Caribbean, they have resulted in significant damage to homes and businesses including offices closing dues to excessive flooding and damage to buildings.
The fact is, it can happen to any business anytime. From an IT perspective, disaster readiness isn’t just about preparing for major events like a fire destroying a building. It is equally important to consider minor events such a record rainfall that leads to flooding and rendering a place of work such as an office building unusable for several weeks. By the way, that photo you see is the office location for a HostedBizz client. Their office will be closed for a minimum of six weeks resulting in massive disruption to their business. Thankfully this did not happen as they had already implemented a full Disaster Recovery and Business Continuity plan a couple of years ago that included off-site backup, cloud servers, and remote desktop capabilities. In this case, what could have been a catastrophic event for their business was a mere inconvenience to all staff accessing their IT systems remotely within 90 minutes – back to business as usual.
Business dependency around IT systems and data loss as well as having recovery strategies is nothing new, however, continually assessing the vulnerabilities and risks to the business and testing these assessments is essential. Do your Disaster Recovery Plans support the changing needs of your business? Don’t save it for a rainy day to find out.
Learn by the example set by 4Te. Using HostedBizz, they set themselves up for success by building a disaster recovery plan that incorporated the cloud. Read the case study here.
There is always a considerable burden of critical activities that fall on the shoulders of IT staff. Whether these activities are installing new hardware, applications, or essential systems maintenance, there is never enough time to complete everything that needs to be done.
This results in almost all organizations having critical applications run on end-of-life (EoL) servers or end-of-life operating systems (OS). We have seen, time and again, critical applications such as accounting, email or CRM solutions running on an old OS that are running on old hardware.
Typically, this combination of old hardware and old, non-supported operating systems forces IT staff to delay the decision to start time and resource demanding upgrades. Often they end up doing nothing. Your business now has plenty of options in the cloud.
Given the age of the applications and the age of the OS, these services are likely running smoothly. If nothing in the environment changes, the fact that the OS and applications are no longer supported by their vendors is inconvenient, but not the highest risk to business continuity. It is the EoL physical servers that represent the most significant risks. Supposing there was a hard drive failure, or worst still, a server failure: what would you need to do to get critical applications back up and running? This would be a tremendous amount of work, which would result in trying to rebuild old replacement servers and re-loading applications onto an old, non-supported OS.
By leveraging the capabilities of cloud, your company could very merely transition the OS and the applications onto fully-redundant cloud infrastructure. This would deliver redundant servers, redundant hard drives, full backups, and all of the other mission-critical benefits of being in a data center.
Cloud servers and backup allow companies to avoid the headaches of managing their own IT hardware requirements. Not only does this save time and money, but it can scale alongside the business.
At HostedBizz, we have made these transitions hundreds of times on behalf of our clients. We can create a snapshot of your full EoL infrastructure into our redundant, managed cloud. The result is no end-of-life hardware to ever worry about again, just fault tolerant, elastic computing, hosted professionally on your behalf. Learn more by checking out our list of hosted products, here.
Ransomware: the Latest Cybercrime Boom
Ransomware has become the threat-du-jour for organizations of all sizes. IT teams struggle to keep up with the rapidly changing threat landscape and a barrage of attacks from cybercriminals while end-users face regular cyber threats such as phishing, vishing, whaling and other internet-villainy.
It is hardly surprising that ransomware has become so ubiquitous and lucky – it’s a booming business for cybercriminals and has an impressive ability to sneak past existing defenses like secure email gateways and desktop anti-virus software.
The frustration of those affected by these problems is palpable. Most are now looking at a broader cross-section of strategies and tactics to protect themselves and, more importantly, recover post attack, rather than rely on pure-play security solutions alone.
The key to better protection lies with essential systems and processes that assess vulnerabilities, educate end users and ensure data recovery. Basic security is no longer sufficient. Preparing for Ransomware attacks involves training, testing, policies, and preparation – which can sometimes be daunting to a SMB owner.
Using a multi-layered approach to data protection that includes the ability for end users to identify potential threats plays a big part in reducing vulnerability. Use the following tactics to augment an organizations security and defense:
- Use a third-party provider to conduct simulated phishing e-mail campaigns, a safe and secure method to assess vulnerability at the end-user level. These simulations provide real-time and valuable information regarding employee behavior and assists management in understanding corporate risk.
- Implement a cybersecurity education and testing program that raises awareness and trains users to be more cyber alert and how to react to potential threats. More critical than perpetual education is an ongoing management commitment to testing the effectiveness of it. These education programs are often available through the same provider and are surprisingly affordable.
- Most notably, plans should include the ability to restore infected data and systems into a pre-ransomware, production state. Implementing data backup policies that provide offsite data storage provides 100% confidence for data recoverability. Having the offsite copy with a DRaaS provider gives added assurance that critical systems can be recovered in the cloud promptly in the event of a significant corporate-wide security breach.
To learn more visit hostedbizz.com/phishinginfo or contact us at 1-855-464-6783 and ask us for a free, introductory Phishing Simulation.
Protect Critical Data from Ransomware Attacks by Having a High Integrity Backup Solution
Many of us are not that well informed as to what ransomware technology really is and why it is being talked about so often. In order to debunk the fear behind this phenomenon, we thought we could provide insight into the best way to protect yourself against it – ensuring your company has a robust backup solution in place.
What is Ransomware?
Ransomware is a type of malware that prevents or limits users from accessing their system. This type of malware forces its victims to pay the ransom through certain online payment methods (often Bitcoin) in order to grant access to their systems or to get their data back.
How can I prevent a ransomware attack?
Email attachments are the number one way ransomware can strike. Training is key. Ensure your staff are diligent in what they open from email. They should never download or open attachments from sources they do not know or have solicited. They should verify who the sender is. Admin controls are also key – ensure staff cannot install unauthorized programs or modify their work machines. Block access to untrusted websites.
How do I protect my company from a ransomware attack?
The best solution to ensure that you are protected and able to reverse any ransomware attack is to have a backup solution in place that runs regularly. If your company is victim to a ransomware attack, there is the chance that you may lose a document started earlier that day. With a proper backup you can restore your system to an earlier snapshot or clean up your machine and restore other lost documents from a backup, this will provide you with peace of mind. It is important to remember that CryptoLocker (a form of ransomware) can also encrypt files on drives that are mapped. This includes any external drives such as a USB thumb drive, an external hard drive, a shared network drive or any type of file stores that you have assigned a drive letter. So, what you need is a backup solution that not only stores your data on premise (without necessarily being mapped/assigned a drive letter) but also to an offsite backup service.
Why to an offsite backup service you ask? If by chance the infected computer is able to access shared drives and potentially the local backup repository it could render your on-premise backups useless as they would also be encrypted by the ransomware attack. If you use IT best practices and have an additional backup offsite IT WILL NOT be affected by the ransomware attack as there is no path for it to access the offsite storage. We prescribe to the 3-2-1 rule: 3 copies of your data, on 2 different storage devices and most importantly, keep 1 offsite.Having an offsite copy will allow you to wind back prior to the attack and be back up in running without having to pay anyone. The offsite copy is your critical data insurance policy.
Ransomware is not trend to take lightly, it is important that your employee base is properly educated and diligent about what they download and which attachments they open.
Dealing with ransomware attacks can be easy as long as your company has a proper backup solution in place and follows the 3-2-1 rule.
Unsure where to start to protect your organization? HostedBizz’s free ransomware training course provide a great baseline for how to critically assess your organization’s phishing preparedness. In less than 10 minutes you can complete the online course and start protecting your systems from this potential pitfall.
We are thrilled that HostedBizz has been recognized by The Ottawa Business Journal for extraordinary growth over the past three years.
We have seen substantial growth in the number of customers that we have helped move to the cloud. Increasingly, clients are seeing the benefits of moving their computing to the cloud. The cloud delivers substantial benefits concerning redundancy, security, ease of management and cost compared to traditional on-premise servers.
Customers are also looking to HostedBizz to roll out cloud backup for business continuity and disaster recovery at very affordable costs. These services ensure that customers can get comfort having copies of their critical data stored in our cloud. This allows for files to be retrieved in the event of accidental deletion, but more importantly, these backups can be restored onto cloud servers within the HostedBizz Cloud which allows for a full restoration of services in the event of a disaster or significant network outage.
We want to thank all of our customers and employees that have helped us win this award, and we are looking forward to continuing our success as we onboard more customers and broaden our services.
A reprint of the Ottawa Business Journal can be found here: OBJ Recognizes HostedBizz
Thank you all.
Many customers talk about cloud backup solutions and how cheap they need to be. Cost objectives can often mask the initial criteria as to what the backup solution is for and what disaster recovery scenarios that customers are trying to protect themselves against. While cost is a huge factor to consider, it’s not the only one.
What are your requirements for Cloud Backup Solution?
- User-friendly, anywhere access?
- Secure and private storage of your critical data?
- Additional archival storage capacity?
- Automated backups?
- Full disaster recovery capabilities?
Determining the criteria that you need to accomplish with an offsite backup solution must be the primary goal when choosing a cloud backup vendor/application. After establishing the overall objectives for your off-site backup requirements, then and only then, is it time to look at choosing the right partner/application for your cloud backup requirements.
Price vs. Value
There are a growing number of low-cost, cloud backup providers entering the market. The reason that this trend continues is due to the relative ease of setting up a cheap backup solution. It is not difficult to buy inexpensive storage hardware, leverage open source applications, and rack up equipment in a closet to run a cloud backup solution. The real question, however, when looking for a cloud backup solution is not “what does it cost?” but what VALUE does it provide to your company? Will it meet all of your requirements for retention, user access, privacy, security, reliability, redundancy, etc.? With free backup services, you get what you pay for. In choosing your backup vendor, it is imperative that you consider the following:
- Solution Certifications – Do they have military grade digital and physical security? 256-bit AES and 448 Blowfish encryption with multiple tiers of security; Iris scanning, private secured facility, caged and locked cabinets along with host-level firewall protection as well as account level firewall protection using best of breed security hardware.
- High-Speed Network – Check to ensure that the facility has at least 1Gbps bandwidth and has connectivity to multiple ISPs.
- Privacy is Critical – Once your data is stored, make sure that only you have access to it. This can be provisioned by having a unique encryption code per user during set-up, required for all access…don’t lose it!
- Flexible Storage – As your data requirements grow, make sure that your vendor can materially increase their data store.
- 100% Canadian – This is a significant requirement for Canadian business. Companies want their client data to remain in sovereign Canada. Make sure that your network access never traverses outside of Canada.
- Easy to use – With backup solutions you need to ensure that the end users can retrieve lost or accidentally deleted files. Make sure that the answer is simple enough to remove this retrieval requirement from the IT department.
We would be happy to help you through the potential minefield of different backup solutions. Fill out this contact form, and we will get back to you shortly.
Cory Mac Donell
Cars, electronic goods, and software are just three types of products that manufacturers check for quality before they’re out “in production.” Imagine what might happen if companies didn’t test their products before buyers try them! The same logic should apply to computer backups and disaster recovery (DR) plans. Organizations must design and plan their backups to cover all their important systems. Many companies still “test” (i.e., use) their backups and DR plans for the first time during an actual recovery, after a malware attack, hardware failure or another disastrous event that cuts off their access to important systems, applications, and data. According to one survey, almost 1-in-5 organizations surveyed (18 percent) “had concerns” or were “not confident at all” in their disaster recovery plan in 2017.
The short-sighted nature of skipping tests ought to be self-evident. If it isn’t, the following reasons spell out the importance of making sure backups and DR work before you need them.
1. Gain trust in a system
Once a backup plan and system have been implemented, it must be tested immediately. The sooner any shortcomings are found and addressed, the more likely it is that backups will serve their intended purpose.
It’s normal to discover flaws in design after implementation. But people sometimes are surprised. The dependability of traditional consumer-grade backup and disaster recovery systems can mislead business leaders into believing that enterprise backups work just as well “out of the box.” In fact, the more complex the computing environment, the more customized the backup processes and DR plans must be and the less likely it is that a solution works appropriately when it’s first implemented.
Regularly scheduled (or surprise) tests provide ongoing confirmation of the effectiveness of backup and DR plans. The time to learn that a backup disk is faulty or a file is corrupted is NOT when the data it’s supposed to store is required!
2. Make sure the plans fit the business environment
Are all servers covered? What about data created on notebook computers or mobile devices? Does the backup plan retain data far enough in the past to ensure the organization meets regulatory requirements? Do backups make the team “e-discovery ready” should litigation arise? These are just some of the questions organizations must ask when they test their backup and DR plans.
3. Gain understanding of the DR process
Once IT professionals do practice runs, they understand how the DR plan works. They will also gain the confidence to tackle any “This is not a drill!” scenarios.
4. Learn how to work with parties involved in DR
When a DR team tests the plan, members learn how to work with each other. They can also collaborate on changing the DR plan whenever updates are needed.
5. Determine a reasonable recovery time objective (RTO)
RTO is the amount of time a system or data can be unavailable before a business suffers material consequences. Those consequences usually mean the business starts to lose money. Should a system go offline, people will ask how long it will take to bring back online. Timing a test recovery effort gives an approximate answer to that question. Timing specific phases of the process helps IT staff identify potential pinch points in the process and re-shape up-to-date RTO estimates during the recovery process. If tests reveal that the RTO is inadequate, changes can be made in the plan, the systems or elsewhere to achieve an acceptable RTO.
6. Keep plans consistent with the current computing environment
Organizations regularly implement new systems, replace old ones, add users to their computing environments, retire old systems and take other actions that affect current backup and DR plans, even potentially rendering them obsolete. Once updated, they must be tested again against the current environment. Organizations can also schedule periodic tests to detect changes and possible issues that might fly under the radar.
7. Enable offline testing of changes to a DR plan
Once backups exist, copies of those backups can be used in virtual machines to test changes to the DR plan without affecting production environments. Such “offline testing” helps organizations do things like reduce RTO and incorporate changes to the backup and DR plan, all without hampering daily operations or taxing production environments.
8. Successful tests cost less than the consequences of unsuccessful recoveries
Losing data that organizations use to serve internal users, customers, or both can result in a variety of adverse effects like litigation, lost business, and the negative impacts on cash flow such events cause. Any one of these consequences will likely cost less than the time required for regular testing of backups and DR plan.
We understand the importance of making sure backup processes and disaster recovery plans work properly before they’re needed. Learn more about both here.
Value-added resellers (VARs) and Managed Service Providers (MSPs) need to offer cloud-based options to compete for and retain business, but many VARs recoil at the daunting thought of building cloud infrastructure that quickly scales. Cloud requires a substantial up-front capital investment. That financial burden seems to grow when VARs contemplate the transition from capital sales revenues to Monthly Recurring Revenues (MRRs). The impact on the VAR’s business model becomes multifaceted and a little intimidating.
This way of thinking doesn’t jibe with reality. VARs don’t manufacture the hardware or code the systems they resell to customers. Why would they need to build their cloud infrastructure to deliver cloud services? They need to resell cloud services and focus on the value they can add in the process. To effectively resell the offerings of a Cloud Service Provider (CSP), VARs need to consider specific criteria. Some are visible to customers – others are not. Here is a quick checklist.
Don’t build – label
CSPs can offer “white-label” cloud services that VARs can incorporate into their brands. These services should look and work like something the VARs made and maintain, even if it belongs to a third party.
Create a “cloud suite” of IT products
Few customers move their entire IT infrastructure, all their applications, and data, to the cloud in one fell swoop. That’s why VARs need to offer a gentler migration path that’s easier for customers to embark upon. CSPs that offer a suite of products, like backup, disaster recovery, cloud servers and so forth, help VARs create a “cloud strategy” their customers can use to move IT operations and assets to the cloud at a comfortable pace. VARs benefit by setting up their cloud suites and roll them out using their brands.
Add value to current customers
Customers may already have all the services they need. VARs who want to convert customers to the cloud (and its MRRs) must do more than simply replace traditional offerings with cloud IT. They need to differentiate the cloud. If they don’t, the cloud looks like a commodity approach in which cost is the only difference. VARs must design and build cloud practices that create value unavailable elsewhere. That extra value, whatever form it takes, can result in incremental revenue streams that supplement MRR.
Remember what prospective customers want
Differentiation and added value can help VARs and MSPs move existing customers to the cloud. Prospective customers may notice differentiators, but they initially shop for “bread and butter” services and features like backup, uninterrupted access to business data, disaster recovery, security, support and so forth. VARs and MSPs that offer highly demanded services via the cloud effectively expand their product portfolios.
Plan for revised cash flows
Cloud-based services lead to MRR, which stabilizes cash flow in the long run. Cloud is typically more profitable than on-premise technology sales and makes it easier to nurture ongoing relationships with clients.But these cash flow, profitability and customer engagement improvements can take time to materialize. That’s why VARs need to effectively launch cloud service sales and minimize foreseeable cash flow issues. VARs can use tactics like the following to balance these concerns:
- VARs can sell cloud services as part of their capital sales. For instance, selling a server gives a VAR the opportunity to incorporate cloud backup for the applications and data that are on the server.
- VARs can also promote the positive effects cloud has on a client’s financial statements when they replace large capital investments that are difficult to forecast accurately with more manageable monthly operating expenditures.
Modify sales compensation plans to reflect MRR
VARs need to re-evaluate not only their cash flows but also those of their salespeople. Sales compensation plans must reflect the value of winning long-term contracts while helping the VAR evolve into a cloud-based MRR. Paying large commissions up front to encourage salespeople to close long-term contracts creates an immediate culture change but can harm short-term cash flow. To minimize this harm, VARs can pay commissions each month on recurring margins and otherwise restructure compensation plans.
Choose the right partner
The right CSP contributes significantly to the initial and ongoing success of a VAR’s cloud services. The right CSP helps the VAR launch the right services for customers. The right CSP offers services that the VAR can brand as its own. The right CSP effectively supports the VAR’s cloud business with marketing, technical, and business support and advice.
Want to provide enterprise-class cloud services for your customers? Give us a call. We can help.
← Older posts
When you decide to bring a new technology into your business, you’d like to shorten the time it takes between decision and usage of said technology. Here’s a great way to shorten that road: use hardware and other systems that are already set up and fully managed instead of buying and configuring your own. Cloud infrastructure is already here: 95% of businesses are embracing the technology.
Benefit 1: Faster implementation may be one of the first benefits you notice when you opt for infrastructure as a service (IaaS), but it won’t be the last. Consider these other advantages of putting your hardware in the cloud instead of your office.
2. Highly specialized server expertise
Cloud service providers (CSPs) employ experts who diligently care for servers – and their customers’ data and applications – full-time. They use their expertise to monitor the infrastructure to ensure that nothing fails.
3. Enterprise-grade security
Few companies outside the field specialize in data security the way CSPs must. They apply best practices to every facet of security, from multiple physical access controls to sophisticated malware defenses. As a result, client applications and data enjoy better protection than they would if they resided in client offices.
4. Enterprise-grade redundancy
CSPs design their infrastructure to ensure redundancy at every level. Redundancy means that, even if a component (a router, a server blade, an Internet connection) in the CSP’s infrastructure fails, customers never lose the services they pay for.
5. Effective backups
Access to business applications and data isn’t lost if a server hiccups. CSPs keep multiple copies of your data, often in different locations, Beyond providing redundancy, these multiple copies help customers restore accidentally deleted data and deal with other data integrity issues.
6. Disaster recovery
Rather than work from data based in the cloud, certain customers choose to house their disaster recovery solution in the cloud for premise-based servers. Should regular service be lost, the customers can quickly restore infrastructure in the cloud, keep access to critical data and services, and keep their businesses in operation.
7. Reduced IT expenses
Consider all the up-front and ongoing costs of new systems: servers, software, operating systems, electricity and cooling, staff to manage these assets, and so on. CSPs enable you to share many of these assets and related costs with their other clients, subject to your requirements. You pay an amount that more closely matches the computing capacity, storage and expertise you need.
To stay competitive, CSPs continually upgrade their infrastructure to keep their technology current. Their customers benefit from the latest technology with none of the attendant additional capital costs.
8. Flexible capacity
You can quickly add or subtract computing capacity as your needs expand or contract. This technical flexibility means your computing dollars pay only for the cycles you use. This elasticity also allows you to set up trials or demos in the cloud, then tear them down when you no longer need them.
9. Easier budgeting
Fitting recurring fees for cloud services into an operating budget is easier than squeezing a project cost into a capital budget. And unlike project costs that can spiral out of control, monthly fees remain stable and predictable.
Interested in the business benefits of choosing IaaS over premises-based computing projects? Call us. We’ll help you understand how IaaS can help you run your business more smoothly and profitably.