Author Archives: Maria Koblish

“Bad boys, bad boys, whatcha gonna do?” In 1989, the TV show COPS made its debut with a unique concept: have a camera crew follow police officers as they take down thieves, drug dealers, and other criminals. Fast-forward nearly 30 years, and today approximately 95% of large police departments are using body-worn cameras (BWCs) or have committed to using them soon to record police officers’ day-to-day activities. While these innovative devices are improving police and community relations, even resulting in a 90% decrease in citizen “use of force” complaints, they’ve also created a mountain of seemingly unmanageable surveillance footage. Now, the question facing law enforcement agencies is, how is body camera footage stored?

Police Body-Worn Camera Usage Soars

Today, 34 states and the District of Columbia have created police camera laws, and they continue to be a focus of state lawmakers who are increasing funding through state and federal grants. That’s not all. Lawmakers now want recordings to be on high-definition video to enhance clarity, and protect officers from false accusations of misconduct. They also want to implement minimum retention time for BWC, dash cam, and static surveillance video (in Texas, for example, police camera video must be retained for at least 90 days). That’s a lot of video, requiring a lot of storage space. Think about it: with dash cams alone, police were dealing with terabytes of data; add BWC footage into the mix, and now they’re forced to manage petabytes.

Cloud Computing in Law Enforcement

Along with the influx of new video footage, agencies also need to store police reports, photographs, crime mapping, analytics, fingerprints, and other classified and sensitive information. To manage all this data, law enforcement agencies are increasingly turning to cloud computing. Most clouds are highly scalable, and able to increase storage capacity with the flip of a switch to accommodate increasing data needs. But when moving to the cloud, organizations need to keep in mind security and compliance laws and regulations that they are bound to.

Cloud Computing Laws and Regulations

The International Association of Chiefs of Police (IACP) has set up some Guiding Principles on Cloud Computing in Law Enforcement. Think of them as a CJIS checklist; most are pretty straightforward, and we’ve simplified many below (you can view the IACP’s more in-depth guidelines here).

1. FBI CJIS cloud compliance must be met.

Cloud providers must comply with the requirements of the Criminal Justice Information Service (CJIS) Security Policy and acknowledge that the policy places restrictions and limitations on the access, use, storage, and dissemination of CJI and must comply with them.

2. All data storage systems must meet the highest common denominator of security.

With the increase of locally-collected data such as body-worn cameras, law enforcement agencies should store all collected data at the highest level of security (often the FBI CJIS standard).

3. Data ownership and data mining.

Almost all cloud service providers specify that the client owns the data, but the IACP requires it in writing—along with the procedure for migrating data to another service, or back to in-house servers (this is known as cloud repatriation). The IACO also advises agencies to make it clear that data is off limits for any data mining or ancillary operations of that cloud provider.

4. Auditing.

Cloud service providers must allow law enforcement agencies to conduct audits of performance, use, access, and compliance.

5. Integrity.

Providers must maintain physical or logical integrity of CJI by separating law enforcement agency storage and services from other customers.

6. Availability, Reliability, and Performance.

The degree to which the cloud service provider is required to ensure availability and the performance of data and services is dependent on the criticality of the service provided. For some services, such as the retrieval of archived data or email, lower levels of availability may be acceptable, but for more critical services like Computer-Aided Dispatch, levels of 99.9% or greater are required.

Security and CJIS Compliance on the Cloud

The cloud offers a whole new way for law enforcement agencies to securely store valuable footage and files while remaining CJIS compliant and following IACP guidelines. Thrive works with state and local organizations and can help you make a seamless move to the cloud. Our Cloud service is a virtual private cloud solution designed for national, state, regional, and local government agencies. We ensure strict security protocols, 99.99%+ uptime, and a complete compliance package; meeting the requirements of CJIS, HIPAA, PCI, SOC, and SSAE16. Contact Thrive today to learn more about our Cloud services.

Enterprise networks do not have it easy. They are facing an unprecedented level of demand; driven by the combined pressures of digital disruption, operational complexity and cyber security.

The continued growth of mobility, the IoT and big data applications is adding to what is already a lack of insight into IT operations. Legacy, frequently siloed systems see many IT departments spending 3x as much on network operations as they do the network itself.

Add to this the ever-changing cyber security landscape and its easy to see why the industry is ready for a change. Business demand for SD-WAN infrastructure and services will see a compound annual growth of over 69% over the next 3-5 years (IDC). By the end of 2021, Cisco predicts that 25% of all WAN traffic will be software-defined.

What is SD-WAN?

SD-WAN is the application of software-defined networking technologies to wide area, enterprise networks. It is used to secure WAN connections between branch offices, remote workers and data centre facilities that are geographically dispersed.

Effectively a network overlay, SD-WAN is carrier agnostic and transport Layer independent. It promises reduced operational costs, greater control over network applications and simplified management.

Who needs it?

It might be easier to say who doesn’t need it. Any organisation that relies on public or private networks to operate their business should be considering SD-WAN. More specifically, if you are contemplating any of these initiatives, SD-WAN should be front of mind:

• Use of video or bandwidth intensive applications
• Deploying hybrid WAN topologies at remote locations
• Planning to review/optimise existing branch routers
• Migrating away from MPLS
• Increasing bandwidth/network resilience

Managed SD-WAN

Whilst SD-WAN promises greater simplicity and visibility, management of the network and its component elements is required to ensure your WAN infrastructure continues to be a business enabler, rather than an inhibitor.

Many businesses will seek to employ SD-WAN as a managed service from a trusted technology partner to ensure they make the most of the benefits available. Improvements in business agility, reduced capital expenditure, ease of management, reduced maintenance costs, even greater resilience can be realised.

Thrive has established best-practice processes and resources for managing the implementation of software-defined networks. Our network monitoring and management solutions are backed by leading SLAs and our customers benefit from the transparency of a single provider for CPE and the underlying connectivity.

Cloud adoption rates have continued to rise through 2018. Having been the driving force behind digital transformation for small and medium sized businesses, it is predicted that this year will see a tipping point for enterprise cloud adoption.

According to Forrester, this year will see over 50% of enterprise workloads moved to the cloud. This prediction is supported by the findings of a LogicMonitor survey published earlier this year, in which respondents foresee 83% of workloads will be in the cloud by 2020. The survey suggests 41% will be running on public cloud platforms, with 20% using private cloud and a further 22% adopting a hybrid approach.

The naysayers that predicted cloud would have limited appeal to medium-large enterprises have had to admit that the cloud “bubble” is not going to burst. Adoption rates have continued to grow year-on-year as organisations of all sizes seek to take advantage of the reliability, flexibility and cost-effectiveness that cloud brings.

While these benefits are widely accepted, some organisations still feel a degree of reticence around making the jump to a cloud first strategy. This may be because of a perceived gap between what ‘good’ looks like (i.e. the ability to move their desired apps to the cloud) and the realities of budget, skills and resource constraints. For some, this makes a cloud-first strategy something that organisations pay lip service to, rather than committing to digital transformation.

There are two other reasons that organisations often cite when asked about their hesitance to move: Firstly, the belief that their critical applications are not cloud ready, and secondly a desire to maximise ROI on legacy technology – adopting the cloud for new tech only.

One or more of these reasons may ring true for your organisation, but we’d like to point out that you can have the best of all worlds – maximise the returns on your legacy investment, migrate your business-critical apps to the cloud and realise the cost, scale and availability benefits of cloud infrastructure.

‘Traditional’ vs. ‘cloud built’ applications

The business applications market has been experiencing its own revolution in recent years. Larger organisations are effectively re-writing traditional apps in a native cloud environment; creating cloud-scale, container-based applications, rather than an on-premises solution based within a single OS.

Cloud-scale, container-based apps (like Netflix or Salesforce) can run in hyper-scaler environments on public cloud infrastructure. The sheer volume of containers used (thousands) means these applications can be rapidly scaled up and down. It also means they are incredibly resilient, even if running on low-level SLA hardware, as they can tolerate a lot of the underlying hardware going offline without affecting performance.

In comparison, most small-medium sized organisations don’t have access to the budget or development resource required to transition their legacy apps in to cloud-scale apps. As a result, they are more likely to rely upon traditional software applications.

However, this does not mean your apps aren’t cloud ready. For traditional business-critical applications that require 100% uptime, private cloud infrastructure or colocation of your hardware in a third-party data centre can deliver the same benefits of scalability and availability.

A hybrid approach

With applications at different stages in their lifecycle, your cloud adoption strategy is likely to feature a phased migration. Between their current and desired state, organisations will migrate some systems early to take advantage of improvements in availability, security and scalability.

But there’s no need to stop there. Legacy applications are seen to hold companies back, but this shouldn’t be the case. Moving these apps now to a Private Cloud (eliminating the need to re-build them) provides a true cloud first strategy through this blended, hybrid approach.

Many of your applications can be moved sooner than you think and Thrive’s team is ready to advise you on just this. Speak to us to find out more about them.

While email remains the most ubiquitous form of communication, with worldwide traffic set to hit 281.1 billion emails per day by the end of 2018, it isn’t the ‘be all and end all’ of office communiqué. Information can get lost, messages misinterpreted and deadlines missed. This doesn’t exactly make for a collaborative environment.

Moving office is a complex and time-consuming process that, if properly managed, can provide your organisation with more than just a new office – it can give you a better way of working. Your IT infrastructure forms a crucial part of this process, so how can you ensure you get it right?

The decision to move office is not taken lightly. Start-to-finish, the process can take major enterprises anywhere between 12 months and six years of careful planning and management. Apple’s move to its new Apple Park campus, for example, took over six years while UBS’ move to its new London office took around the same time and was coupled with a 12-weekend project that saw some 5,600 employees move into their new space.

You may think that a relocation is just about changing where you work, but it’s about so much more. By taking a little time and effort, it’s an opportunity to transform how you work too. There are few areas in your business where this transformation will have a larger impact than your IT. Modernising key systems, processes and infrastructure makes your staff more productive, your technology more cost-effective and your business more responsive. This ultimately helps IT to add more value to your business, which is what we’d all like at the end of the day.

Of course, taking on large-scale move projects doesn’t come without risk. This is why we’ve put together a list of the five biggest mistakes you should avoid when moving your IT to your new office.

1. Not conducting a thorough audit

It may sound obvious, but if you fail to take stock of what you’ve got then you aren’t going to be able to account for it later. Conducting a thorough audit is one of the most important steps you can take as it will help you understand the true size and scale of your network and show you the status of every device. Taking shortcuts will only create a recipe for disaster later on.

It’s also important to consider the lifecycle of your equipment and understand your contractual obligations – especially for services that you cannot move with you such as internet connectivity. Afraid it will take too long? There are network monitoring and product lifecycle tools that can help.

2. Not properly scoping your project

Your existing IT systems will be heavily entrenched in your day-to-day operations, so it may be tempting for you to leave them alone, but just because your existing setup is functional doesn’t mean it’s ‘right’. If your staff are complaining about slow network speeds, or your customers about siloed communications, the chances are that productivity is suffering.

It’s also the perfect time to think about the tasks that your IT team are undertaking on a regular basis and ask yourself: Are there better ways of doing these? Making your day-to-day tasks more efficient allows you to free up limited but valuable resource for larger scale projects.

By listening to the needs of key stakeholders, you’ll be surprised to find problems you didn’t even know existed. Discuss these with your IT provider so they can recommend solutions.

3. Not getting properly connected

With the proliferation of SaaS, colocation and hybrid networks it’s clear that a large proportion of your business will be based in the cloud. Couple this with your growing number of wireless devices and you begin to see the importance of installing the right connectivity into and around your new office.

It’s crucial that you don’t leave your connectivity as an afterthought; though you’ll be surprised how many project managers do. Failure to research the types of connectivity available at your new site, or to spec what you need correctly, can result in staff spending more time admiring the décor than actually working. Be sure to think about the devices you have, the tools you use, and of course the lead times for new services.

4. Keeping your old, failing IT equipment

Not all assets should be sweated, so moving them wherever you go might not get you far. Thankfully you have a range of options available; for equipment you’d like to keep you can opt for the ‘my kit, your place’ flexibility of colocation, if you wish to retire equipment you can put your IT in the cloud, or if you wish to blend both then hybrid networking is both a popular option.

If your applications are in the cloud already it’s unlikely they’ll require any change, while cloud ready applications can be moved into a ‘public cloud’ with minimal effort. Not all of your applications will be cloud ready, but this doesn’t mean they have to stay on-premises; instead, you can move them into your own ‘private cloud’ environment at a hosted data centre.

These approaches help save physical space, extend the lifecycle of your equipment and are cost-effective.

5. Not keeping your house in order

The final hurdle is always the most difficult. Even if you’ve performed your due diligence and finalised your connectivity and infrastructure, poor project management can undo all this work and, in the worst case, lead to delays or lengthy downtime.

When it comes to preventing this, partnering with an IT provider with experience of managing office moves is key, as they will be able to walk through your move project with you and help you avoid any potential stumbling points along the way.

IT RELOCATION SERVICES FROM THRIVE

Your moving process may seem complex and time-consuming, but it doesn’t have to be. With the right tools, partners and planning, the move to your new space can be a breeze. Thrive has extensive experience in scoping and managing office moves, so you’re in safe hands.

Like to find out more about how to manage your IT office move project? We’re here to help.

As we have become dependent upon IT to perform even the most mundane of tasks in the workplace, when there is a problem with systems availability, it can leave an organisation effectively dead in the water.

This puts even greater pressure on IT teams to minimise downtime and deliver an ‘always on’ network. The trouble is, most organisations are not able to provide 24/7 support to their workforce. This is where managed service providers can add genuine value.

Aside from the provision of round-the-clock support, there are three key areas in which a managed service provider can add value:

Identifying weaknesses and minimising downtime

Simplifying IT systems for end users can add a layer of complexity to the network that IT departments must manage. Systems going down, even for a short time, can have a profound effect on the bottom line, not only in terms of lost productivity, but also in terms of resource devoted to solving the problem.

In addition, because today’s IT systems are so integrated, the effect of an outage can be felt as a ripple effect across the business – not just at the point of failure.

Filling gaps in skills and knowledge

The complexities of systems can also lead to gaps in the skills and knowledge of IT teams. Often solutions such as mobility platforms require specific technical knowledge to be effectively managed and maintained. Without it, you’re not likely to get the most out of your investment.

Optimising network performance

Having the tools in place to correctly monitor and manage the network is key to ensuring networks function correctly and perform to their maximum. Management information and detailed performance metrics allow IT to proactively manage assets and identify weaknesses before they become performance-affecting.

Prevention is better than cure. Proactive monitoring and preventative maintenance makes more sense than relying on a break-fix mentality; especially if the aim is to maintain 100% availability.

Technology roadmaps play an important role in life-cycle management. However, a purely technical assessment of product life-cycles doesn’t always represent good value. Assets that reach end of life from a support contract or balance sheet perspective may still have a role to play within your infrastructure.

While many tools on the market will focus solely on the technical aspects of network devices such as end of life and end of support, what they don’t do is take it one step further and analyse the business impact if a device fails. In some circumstances the effects would be negligible, while in others it can result in extensive downtime.

Tools that do take business impact into account provide a much clearer view of an IT environment, allowing you to manage it intelligently. If an asset isn’t business-critical, it can be “sweated” well beyond its usual lifespan to create greater long-term return on your initial investment. Of course, the opposite is also true. If an asset is business-critical, it is essential that it remains within support.

In conjunction with road-mapping, review workshops are a great way of conducting impact analysis and identifying potential weak points within your network, establishing if they’re minor or business-critical, so you can take appropriate action.

With the right managed service provider, it’s possible for IT teams to ensure their network is secure, stable and available, 100% of the time.

Discover how Thrive has maintained 100% availability for more than 6 years and counting.

When it comes to managed services, we find that many providers default to status quos. Conversations between end users and prospective providers often revolve around cost reduction and cleaning up ‘messy’ IT setups by taking the problem away from the end user.

But what many people don’t realise is that managed services providers can – and should – do so much more. It’s the status quo that masks the full potential that managed services offer.

That’s why we were pleased to find an article recently written by Cisco that gets under the skin of the matter and shows that the true value of managed services can be uncovered by doing one simple thing: Asking the right questions.

Let’s end the status quo

Cisco observe that the discussions you’re having with your managed services provider will probably focus on the short-term tangible benefits of cheaper IT services – with customers generally wanting the best deal they can get, which is essentially ‘more IT services for less cost’.

This isn’t anybody’s fault specifically – it just seems to be the conversation providers are having – but the end result of this is a commoditisation of goods and services. Instead, Cisco argue that IT is not looked at as a commodity as it underpins nearly everything an organisation does. We couldn’t agree more.

So, what is the real value in managed services? Cisco state that ‘maintaining the status quo for less cost and “taking the mess away so we don’t see it” prevents the customer from obtaining real value from a managed services provider’.

The questions you should be asking

All this starts with a simple conversation, and what better time to have this than during sales pitches and exploratory discussions. Cisco recommend the following 10 questions:

1. How does the managed service help us compete more nimbly?
2. How does the managed service help us adopt technologies more rapidly?
3. How does the managed service help us transform our business to more digital-capable and cloud-consumable applications and services?
4. How does the managed service provide us with transparency into IT issues without defocusing us?
5. How does the managed service fix our IT infrastructure problems and optimise our environment, not just take the mess away from us?
6. How does the managed service enable better collaboration and innovation within our organisation?
7. How does the cost of the managed service get repaid in bottom-line contributions to efficiency and innovation?
8. How does the managed service prepare us for the next technology wave rather than prevent us from catching it?
9. How does the managed service encourage a partnership rather than just a business transaction?
10. How quickly can the managed service program adapt to new market trends with complementary capabilities for new technologies?

Asking these questions will help you understand the value of managed services to your business now and in the future, as well as give you a solid business case with which to justify your investment. They will also help you see how committed your supplier is to eliminating your IT mess – not just moving it somewhere else.

Getting the most out of your partnership

Once you’ve asked the right questions of your provider, your attention should turn to maximising your relationship with them. Make sure you take full advantage of the benefits you discussed at the outset and always be sure to invest time and resource into your relationship with them – and always ensure you’re looking at ‘the bigger picture’ of your wider IT setup.

If you have a contract that is due for renewal within the next 6 months, be sure to act now rather than waiting 2-3 months before renewal. Use this time to assess your current partner and meet other potential suppliers. This will help you benchmark your current supplier against others to see if they are delivering value, or if it’s time for a change.

A copy of the original article from Cisco can be found here.

If you would like to discover more, a member of our team is here to help. 

For many, the impending GDPR compliance deadline is a cause for concern. For others, it represents an opportunity. Building a business case for change can sometimes be a challenging task for IT professionals, especially if there is no compelling event to sharpen the minds of c-level execs.

Most organisations realise the value of data, especially when it is lost in a data breach or systems failure. However, outside a demand for instant access, users rarely stop to think about their storage environment.

The on-rushing storm of compliance represents an opportunity to review your data storage situation. Understanding what data is stored, where it is stored and how it is stored is a good place to start. After all, if data sovereignty is an issue, you will need an accurate picture of your data storage and where it goes when in transit. A comprehensive infrastructure audit will also identify if your storage is fit for purpose in a modern business environment that prioritises scalability and agility.

More complex WAN and SAN infrastructures can be difficult to manage without the right level of systems intelligence and analytics. This management is often made more complex when the infrastructure in question comprises a mix of on-premise and Cloud components, multiple vendors and multiple protocols.

Infrastructure management has always been a core component of the IT skill set, but keeping “right-sized” in a dynamic environment has become more challenging. A challenge made more difficult when IT is expected to increase efficiency whilst reducing risk and lowering costs.

Effective infrastructure management is about making the right decisions at the right time. Informed decision making is dependent upon access to up-to-date management information and business insights.

Your choice of data centre management solution will have wide ranging implications; not just for IT, but across your organisation. Access to the right business intelligence will allow you to identify any under (or over) utilised resources, plan future spending and avoid unnecessary capital outlay.

It will also enable you to proactively monitor and manage your estate, identifying issues before they become service-affecting, reducing risk and maximising systems availability.

Of course, management is just one component of performance. At the heart of the data centre sits the technology itself.

Modern infrastructure has made great strides in eliminating technology silos and become more agile. Server consolidation and virtualisation has helped improve efficiency and scale-out approaches to storage, such as clustering, have enabled organisations to adjust rapidly to changing demand in a big data world.

Whether you choose to locate your data centre on-premises, in the Cloud or a hybrid of both, you owe it to your data to provide the best possible environment.

While you might think Shadow IT is a sinister and dark art, you might be surprised to discover just how many people in your organisation may be affected by it.  Often, they don’t even know they are part of it. The General Data Protection Regulation (GDPR) is the new legal framework which will run alongside the existing Data Protection Act 1998, and will enforce regulations to tighten the usage and liabilities of “Shadow IT” – using unauthorised, cloud based services to store and share data.

It’s fair to say that popular consumer cloud applications have found their way into all areas of current business practice. Take healthcare, in a recent survey conducted by the BMJ, over a third of NHS doctors who own a smartphone admitted to using app-based messaging (33.1%) and picture messaging (46%) to send patient-related clinical information to their colleagues.

The number of apps and the volume of data across all walks of industry is mostly unquantified and therefore an enormous risk. Five of the biggest and most common cloud application organisations that may fall foul of GDPR when it takes effect are:

• WhatsApp
• OneDrive
• Dropbox
• Evernote
• Google Drive

However, not all will necessarily breach the same regulations. Chances are, many applications will create organisational risk for any number of the following reasons:

• The right ‘to be forgotten’ cannot be enforced
• ‘Privacy by design’ – retrospective privacy is not compliant with GDPR, in other words privacy must be built into the app at the time of design and not as a patch or upgrade?
• ‘Storage of data’ is restricted to inside the EU
• ‘Transfer of data’ is restricted outside of the EU
• ‘Pseudonymisation’ – no personal data can be attributable to a specific user

This of course is just the tip of the iceberg.  A study by Bluecoat recently noted that only 2% of all enterprise applications are GDPR ready. Ultimately, this means businesses will have to manage and protect their own data and the consequences of failing to do this correctly could be costly.

So, what can and should you do?

Without question, it is vital that you establish exactly what data and applications are in use within your business. The obvious place to start is to poll your staff and users. Ask them to identify what applications they are or have been using for business purposes. Having done this, conduct a thorough network discovery audit. Network discovery audits are common amongst IT support organisations, they will help you assess the data types and volume traversing your network. If you’re not sure what one is, ask your incumbent IT support company for help.

Once you know which apps are being used in your business, you can make decisions around whether they are necessary and should continue to be used. Managing apps is a complex process that naturally introduces increased risk with the more applications you utilise. Review whether you can consolidate your applications to a smaller number to make them easier to manage.

Likewise, identify what data is being used by each app, who is using it and why, how is it being accessed and determine where it needs to be stored moving forward – on-premise, Cloud, or across a hybrid model. Ultimately, you want to be GDPR compliant by design & secure by design.

Your audit and subsequent findings will help you understand your current application and data capacity, utilisation and distribution. Most importantly, it will highlight any gaps in your GDPR compliancy.

If you’ve done all the above, you’ll need to create a roadmap to compliance and that includes making sure you have a strong policy in place for your users. Once again, if you’re struggling with this, there are any number of organisations available to help you here. One potential speed bump however, will likely be getting budget purely for GDPR compliance – no one likes unexpected overheads! One way to potentially overcome such an issue is to look at your existing IT projects and see where you can ‘design in’ any GDPR requirements to those.

There’s a lot of noise going around right now about being GDPR ready, and for good reason. But don’t overlook those so called ‘harmless’ apps in constant use on your smart devices, permitted or otherwise. You won’t feel so smart if you get caught out by something you didn’t know about.

At Thrive, whilst GDPR isn’t our core business, we know how important it is to our customers and their IT infrastructure. It’s why we’re helping our partners conduct necessary audits to avoid potential risks ahead.

If you’re unsure or concerned about the effects of GDPR on the cloud apps your business uses or those potentially in use as Shadow IT, or whether your business is GDPR compliant, get in touch.

If you’re thinking about replacing or enhancing your company’s disaster recovery (or DR) capabilities, you’re likely to be in for a pleasant surprise.

Thanks to continuing advances in cloud technology, today you can achieve better protection at a lower cost than at any time. Still, Disaster Recovery as a Service (or DRaas), as the cloud service is called, isn’t necessarily the best alternative for all companies.

This article offers a brief overview of the three generic approaches to disaster recovery. It then provides a list of nine questions to ask yourself about your operations.

Your answers to those questions will help you choose the disaster recovery alternative that best meets your company’s needs. The two familiar, well-established alternatives for disaster recovery are backup/restoration and system mirroring.

Backup/restoration protects your systems to your last backup

With backup/restoration, you make a full copy of your system and data files at regular intervals. You move the copy to a remote site where a secondary or backup infrastructure is waiting to be activated.

If your primary systems go down, you restore your most recent system and data files to the secondary infrastructure. You then shift your workload to the secondary site until you can resume operation at your primary location.

Mirroring provides fast, complete protection at high cost

With system mirroring, you run two functionally identical systems all the time.

A secondary or backup system replicates all the activities of the first, in near real time. If the first system goes down, the workload shifts to the backup system.

DRaaS offers fast recovery and complete protection at lower cost than mirroring

DRaaS mirrors the operation of your current systems. But you need not own and operate redundant infrastructures.

As a first step toward DRaaS, you virtualize your primary systems. You can then choose where to run your primary workloads. You can run your workloads:

• On infrastructure you own.
• On dedicated cloud infrastructure you use like a utility.

Either way, a DRaaS provider mirrors the operation of your primary system on a virtual machine in a remote location.

You can set up your infrastructure in a Private Cloud or a Hybrid Cloud environment.

Depending on your security and compliance needs, you can keep your cloud infrastructure 100% private and exclusive to your company. You can know exactly where your data resides, and no one else has access to your systems.

As for day-to-day operations, you don’t have to worry about managing your shadow systems. Or if you prefer, your IT team can manage and control the them remotely.

When your primary system goes down, your primary workload switches to the DRaaS system. The automated cutover [failover?] process can happen within about 20 minutes.

With DRaaS, both your operating cost (OPEX) and capital costs (CAPEX) can be much lower than for backup/recovery and system mirroring.

Do your homework before you go shopping

As you weigh your disaster recovery options, your evaluation will be much easier if you’ve gathered some key information in advance. You’ll have a much clearer idea of what disaster recovery capabilities you need after you’ve answered these questions:

1. For what kinds of potential disasters do you need better protection?

Many different threats can interrupt the operation of your systems. Here are a few:

• Natural disasters (floods, tornadoes, hurricanes, earthquakes, volcanoes).
• Loss of electrical power or network connectivity
• Terrorism and acts of war, including cyber warfare
• Hacking, viruses, denial of service attacks, cyber crime, crypto-locker extortion
• Random, unforeseen equipment failure.

To which of these threats are your systems most vulnerable?

How likely are you to experience a disaster related to one of these causes?

2. What might be the consequences of a system disaster?

What are the risks of an IT disaster for your company?

Here are some common, measurable consequences of system downtime:

• Loss of revenue
• Loss of customers
• Higher operating cost
• Hardship or harm to employees, customers, or constituencies
• Legal liability
• Exposure for regulatory noncompliance.

Other consequences, such as damage to your brand, are harder to measure but are no less real.

What would be the actual costs of downtime for your company? What might be the consequences?

How much revenue would you lose? What’s your exposure to legal or regulatory liability if your systems were to go down?

3. Which systems and workloads would be most important to restore or recover in the event of a disaster? Which would you want to recover first?

Which of your systems would be most damaging to your business if they were to go down? Which would be most harmful to your customers or clients?

How much secondary infrastructure would you need to perform a full recovery? Consider the compute capacity, data storage space, operating systems, application software. Also consider the physical space and staffing needs.

4. How long could you afford to go without your mission-critical systems?

What is your hourly cost of system downtime?

If you were to experience a disaster today, for how long might your systems go down? How long would it take you to recover?

What is your ideal Recovery Point Objective (RPO)? What is your Recovery Time Objective (RTO)?

5. What are your current DR processes, systems, and capabilities?

Which disaster recovery technologies or systems do you have in place?

How many different DR processes and technologies do you use across all your systems?

How often do you thoroughly test your DR processes and capabilities to ensure they work?

What are your current RPOs and RTOs?

How often and how thoroughly do you test your DR processes and systems?

How much do you currently spend on disaster recovery, including the cost of redundant infrastructure and all related operating expenses?

If your current approach is backup/restoration, how often do you back up? How much important data might you lose if you had to recover from your most recent backup?

6. How much staff resource can you commit to DR?

How many people on your IT staff would you be able to commit – part time or full time – to enhanced disaster recovery capabilities?

Who on your staff would you train in the deployment and use of DR systems?

How many people must be trained to provide full protection?

7. How much can your company afford to spend for DR?

Considering the potential risks your systems face, how much would your company be willing to spend on DR as a kind of insurance policy to mitigate disasters? I

8. What regulatory compliance and security factors must you consider in choosing your DR alternatives?

How secure must your data be? What security and compliance standards must your systems meet?

Who can have access to your systems?

9. How soon must you upgrade your disaster recovery capabilities?

How fast do you need to implement new DR systems and protocols? When do you need new capabilities in place?

Your answers to the foregoing questions will help you narrow down your best options for disaster recovery.

Once you’ve thought through your potential exposure and your needs, you’ll be ready for a side-by-side comparison of your three broad options for disaster recovery. If you feel ready to discuss your needs with a Thrive consultant, please contact us here.