SaaS applications such as Office 365 are part of what is allowing the global shift towards remote working. Having everything in the cloud means that employees enjoy much greater flexibility about where and when they work, and organizations can reduce their real estate footprint. However, using cloud-based services does not mean that IT can forget about data backup and disaster recovery. While there are lots of good reasons to enable remote work in your organization, cloud services don’t end the need for complete data protection, wherever your employees are located.
Microsoft Office has long been the preferred communications, collaboration, and productivity application suite for organizations. So, when Microsoft shifted Office to the cloud with Office 365, it was a strong signal to organizations that SaaS was here to stay. All of this was good news to IT departments that are weary of the time and money spent on supporting the old on-premises model.
Now, with automatic updates, employees always have the latest version of the software and can collaborate seamlessly on documents. When integrated with Microsoft’s other powerful cloud platforms like Exchange, SharePoint, OneDrive and Teams, any size organization can have the full benefit of this powerful platform for communicating, sharing, and creating information to help drive their business.
Whether employees are working in the office, remotely or while on the move, they can utilize the Microsoft SaaS suite of applications thanks to support for operating systems ranging from Windows to Mac OS and Linux, including IOS and Android tablets and other mobile devices. With all of their data in the cloud, employees can move from device to device with complete confidence that the latest version of their documents and files are available to work on from anywhere, via any device.
As easy as this all sounds, there are still a bunch of requirements and policies that IT departments need to consider when implementing remote workers and Office 365.
BYOD Security Policies
Employees love the freedom that Office 365 gives them to use their own devices. While it may still be best practice for employees to use only business-supplied equipment, for many organizations, BYOD is here to stay. Thus, it is important to set up the right policies for remote workers. For instance, not sharing work devices with family members or, if that’s not possible, ensuring a separate password-protected account for the remote worker on the family machine.
Collaboration and Communication Policies
If the remote employee is using equipment provided by the business, the policy should be to disallow any sharing or personal computer use on the office-supplied laptop — or, at the very least, personal email and social media communications must have a separate account on the device. Email best practices are the same for all employees, and they should be well-trained to spot phishing attacks. Documents of importance to the organization should be worked on in SharePoint with proper version control and access controls implemented.
Configuration and Remote Access
Remote updating of laptop configurations is not so different for remote and office workers if remote desktop software is installed. OS updates have to be scheduled with the employee but are easily managed with an internet-facing WSUS server. Management of Office 365 licenses is also similar. Don’t forget that with more workers accessing internal servers remotely, you have to have enough certificates on hand to support NSA multi-factor authentication for those times when remote working volume spikes.
Office 365 Cloud Backup and Disaster Recovery
Finally, the need for regular data backup and disaster recovery planning does not go away just because the data is in Microsoft’s cloud. It is true that with cloud services, hard drive failures and lost laptops do not pose the same level of concern regarding data loss as they once did. But these are by no means the only ways to lose precious data.
The most common cause of data loss is user errors. Unfortunately, businesses often learn the hard way that many SaaS applications, including Office 365, lack comprehensive support to remedy these issues. Many SaaS providers specifically exclude covering user error issues in their terms and conditions. Users can overwrite files by mistake, accounts get deleted, folders disappear, and malicious emails are opened. In addition to the applications themselves, you need to have a comprehensive data backup and disaster recovery policy and workstation backup services that allow you to recover previous versions of a file, folder, or even an account.
There are other serious considerations around archiving and searching records. If you delete a user license when an employee leaves, Microsoft Office 365 will only keep a backup of an employee’s email, contacts and calendar for 30 days. OneDrive files are kept for longer, but not forever. Thus, when employees leave the organization, it is critical to have a full backup of their files and protection of historical email in case you need them later to maintain continuity with suppliers or customers. You may also need those long-term backups and archives because of legal actions and compliance with audit regulations such as GDPR, PIPEDA, and HIPPA, which require businesses to maintain intact records for multiple years.
On the disaster recovery front, remote worker’s devices are more vulnerable to loss, damage and theft because of the public nature of the places they may work and their frequent mobility. They are just as exposed as any other part of the business to ransomware attacks, which are on the rise. Office 365 and other Microsoft services are often a primary target of such attacks.
Thus, it is crucial to maintain endpoint security for remote devices, managing the remote user’s anti-virus and spam protection. Given the vulnerabilities associated with Wi-Fi, especially public Wi-Fi services, employees should use a VPN to access the enterprise intranet, as well as for connections to cloud-based applications like Office 365. Despite the higher risks that are associated with remote work, a comprehensive offsite or cloud data backup service is your ultimate backstop should they experience difficulties.
The need for these precautions shouldn’t outweigh the advantages of remote work, and there are ways to avoid the extra overhead associated with managing your remote workforce. Look for a partner who can help you get the most out of the Microsoft productivity platform with cloud-based data backup and disaster recovery, as well as management of Office 365 licenses, user account management, end-point security, training and set-up assistance.
Thrive to the Rescue
Your Backup and Disaster Recovery Experts
Thrive is a trusted global provider of comprehensive cloud, data protection and security services. Office 365 Cloud Backup and Disaster Recovery are some of our top rated services.
Since 2001, Thrive has provided these robust and secure managed cloud and disaster recovery solutions from a scalable multi-tenant infrastructure, supported by our first-class in-house technical team. Thrive delivers highly flexible and responsive solutions with outstanding value and service, using state-of-the-art technology to offer ultimate protection and peace of mind.
We are driven to be your trusted partner and to ensure that we deliver a Thrive Experience that meets your business requirements with the reliability, scalability and support that your business demands.
Office 365 Cloud Backup and Disaster Recovery Services
Contact us today to discover your options around Office 365 Cloud to Cloud Backup services, and about other Thrive services that can help you to meet your operational demands while protecting and recovering your most valuable asset – your data.
How to Securely Support Remote Workers in the CloudIn the past, it was often only the largest enterprises that could afford to put the systems in place to make flex-time, work-from-home options, or entirely remote workforces possible. For many small to medium enterprises, the logistics associated with remote access servers, VPNs, token systems for authentication, backing up home workers’ data, and implementing disaster recovery simply made remote working too costly. This has all changed in the cloud era, which is now allowing enterprises of almost any size to cost-effectively support part-time or full-time remote workers with the right resources.
For IT managers needing to set up cloud services for remote workers, there are several things to consider. These include services for cloud, security, backups, and disaster recovery. Additionally, there are HR policies that need to change, extended employee training, new equipment and software licenses, and configuration of network access and permissions for these more mobile employees.
On the hosting front, the cloud solves one of the biggest issues — scaling. As employees become more mobile and move in and out of the office, the need for remote access infrastructure can become quite unpredictable. For instance, if a snowstorm closes schools, most of your staff may suddenly want to work from home. Fortunately, the cloud’s ability to scale on demand means that you can accommodate them.
Managed Cloud Services are based on multi-tenant virtual machines running environments such as VMWare, Hyper-V, and Nutanix. Because virtual machines can be spun up at a moment’s notice, you should have on-demand access to these resources with no practical limits. They are perfect environments for supporting business operations that are unpredictable such as remote work.
You may also want the option to use cloud infrastructure for more sensitive and predictable operations. The option may also be available to co-locate some of your own compute and storage hardware in the same facility alongside cloud infrastructure to create a hybrid cloud setup for added flexibility and security. Ideally, the two services can be bundled together in a single cost-effective offer.
On the most basic level, you will need your cloud supplier to provide the networking and data infrastructure to support remote workers. This includes remote access servers, data storage, and operating software. This is known as Infrastructure as a Service (IaaS). Your remote workers will need fully redundant private networking with direct, secure connectivity including VPNs and firewalls. If your operations are widely distributed, the cloud provider should be able to offer you multiple certified data center options along with clear service level agreements (SLAs).
One of the most challenging aspects of working from home is ensuring that data backups are running regularly and are error-free. Unlike the in-office desktop PC, home PCs and laptops are not connected to the LAN 24/7; this can make running and managing backups difficult. Fortunately, cloud-based backup services are always connected to the user’s machine. Thus, it is possible to run continuous or scheduled backups of the contents of the remote machine throughout the day. A good backup service should also offer an internal backup system for the machine as well.
SaaS applications, like Salesforce, Microsoft 365 or G Suite help to ensure that remote workers are keeping their data in the cloud, but these SaaS services also need to be included in the backup service landscape. Most SaaS providers do back up their servers, but these backups are often limited in scope and have few recovery points to restore from. Many SaaS providers won’t take responsibility for partially or fully restoring your data, especially in the common scenario where user error has caused a failure, corruption, or breach.
Without strict enforcement and training, many end users tend to save their files on their PCs in local folders like “My Documents” rather than on company servers. These machines are often turned off during normal backup windows which complicates data protection. To prevent data loss, IT managers should search for a workstation backup solution that offers resume and cache functionalities, along with the ability to back up locally saved workstation data.
With remote work, risks around email phishing and other security concerns increase. Thus, it is critical to have continuous backups of user data so that it is possible to restore previous versions of files and roll back user error or outside threats such as ransomware or crypto-type attacks.
Finally, it is critical to have a disaster recovery service (DRaaS). There are, after all, worse things than snow days. Flooding, fire, disgruntled employees and outside cyberattacks can shut down your business, sometimes costing you days and weeks to recover. As businesses and organizations pursue their digital transformation, the stakes are only mounting.
Remote workers and their data have to be included in the recovery plan. The disaster may be something that occurs in their home or co-working space and yet not affect any of your offices. To complicate matters, if you have a BYOD policy, they may be working off of their machines. You will have to quickly replace non-standard laptops, tablets, or other devices and restore their data.
DRaaS providers can not only protect your data assets; they can also provide an entire disaster recovery service. Your IT department will obviously want to take the lead on recovery efforts, but they probably won’t have a lot of experience doing it and might also be feeling the pressure.
A DRaaS provider should be able to help. After all, it is their day-to-day business to help businesses and organizations of all kinds and sizes to recover from these kinds of events. They should consult with you beforehand to put a disaster recovery process in place, and they can help save you many hours and days by guiding the IT team in the right direction when you need to recover.
Working remotely is becoming increasingly popular and for younger generations of workers, it is often viewed as essential. The good news is that supporting these new, more flexible work patterns is much easier and cost-effective with the cloud and managed services. This is not only making the workplace more flexible and attractive, it also enables you to on-board workers faster, accommodate partners and suppliers that are collaborating with you and, generally, make your business or organization more agile — as well as safe and secure.
Thrive to the Rescue
Your Backup and Disaster Recovery Experts
Thrive is a trusted global provider of comprehensive cloud, data protection, and security services.
Since 2001, Thrive has provided these robust and secure managed cloud and disaster recovery solutions from a scalable multi-tenant infrastructure, supported by our first-class in-house technical team. Thrive delivers highly flexible and responsive solutions with outstanding value and service, using state-of-the-art technology to offer ultimate protection and peace of mind.
We are driven to be your trusted partner and to ensure that we deliver a Thrive Experience that meets your business requirements with the reliability, scalability, and support that your business demands.
Contact us today to learn more about how Thrive can help you to meet your operational demands while protecting and recovering your most valuable asset – your data.
What is a Recovery Time Objective (RTO)?RTO Basics
Following a data disaster, a Recovery Time Objective (RTO) states the maximum acceptable length of time that you have to recover your IT infrastructure and services and restore normal business operations.
Determining your RTO is an exercise that encourages your business to fully evaluate and appreciate the impact of downtime and determine a set of priorities between IT and executive leadership. IT teams can then use the RTO to select and gain approval for the most cost effective, rapid and comprehensive disaster recovery solution that meets their business needs.
The RTO is determined by evaluating the monetary value of downtime to your business, which includes disrupted services and transactions, customer and partner attrition, additional IT and customer service staffing costs, and potentially hardware replacement expenses. Another factor may include legal costs to address liabilities such as data regulation infractions or customer claims. Keep in mind that downtime costs per hour tend to escalate over time as issues cascade and cause further indirect impacts.
Once the downtime value is determined, businesses next need to grade the criticality of their applications, systems, and data and identify any related inter-dependencies. This will help to prioritize what to restore first (and subsequently), and identify the length of time required to get the business back online.
RTO Key Considerations:
- Determine maximum acceptable monetary loss from downtime
- Determine downtime hourly monetary loss value
- Divide acceptable monetary loss by the hourly monetary loss for the RTO
- Determine hours needed to restore apps, systems, and data
- Compare the RTO to the current recovery time
- If RTO > current recovery time, your RTO is achievable
- If RTO < current recovery time, your RTO is not achievable
Meeting Your RTO Example:
If your backup and recovery capabilities can restore your systems and data within your RTO timeframe, your business will be able to mitigate risks around data disasters.
- $50,000 maximum acceptable loss
- $10,000 per hour losses
- $50,000 / $10,000 per hour = RTO is 5 hours for a maximum financial loss of $50,000
- Current recovery time is evaluated at 4 hours
- The current recovery time of 4 hours is under the Recovery Time Objective of 5 hours and is therefore achievable; the business should avoid major losses from data disasters
Failing to Meet Your RTO Example:
If your current services and solutions are unable to recover and restore your data quickly enough to meet your RTO, the business stands to suffer unacceptable damage and consequences.
- $50,000 maximum acceptable loss
- $10,000 per hour losses
- $50,000 / $10,000 per hour = RTO is 5 hours for a maximum financial loss of $50,000
- Current recovery time is evaluated at 24 hours
- The current recovery time of 24 hours is more than the Recovery Time Objective of 5 hours and is therefore not being met; the business continuity is at high risk
Other Considerations
While the monetary calculation can give you a good metric to base your RTO, it’s also important to consider the “soft” factors of what downtime can mean to your business.
How will customers react and how will you be perceived? Will your competitors use this as an opportunity to steal business? Will customers go elsewhere, and you not only lose an immediate sale but the lifetime value of a customer? Are you going to be answering questions on social media about this downtime?
Some of these factors may be quantifiable in your assessment, while others may need to be considered in a broader context of reputational and other risks.
What About Backup Timing?
The Recovery Point Objective (RPO) is a measurement of the business’s maximum acceptable data loss (i.e. 15 minutes worth of data) as expressed by a correlating target backup interval (i.e. backups running every 15 minutes).
You should also establish your RPO and apply the same criticality, interdependency, and prioritization as you do with your RTO. RPO helps you decide what to backup and when, to ensure that you are capturing the right data at the right frequency to support a successful recovery. Read more about RPOs here.
RTO Services and Solutions
There are a range of services and solutions that support different RTOs. The chosen RTO can affect the price, configuration, and IT resources required. Working with a flexible, customer-centric backup and disaster recovery service provider can help you to determine the most cost-effective and responsive solution for your business.
Backup as a Service (BaaS)
Backup as a Service (BaaS) offers fully configurable online backup and recovery processes, supported by Thrive’s support services. These services are scaled for your organization so that you get the control you need with the support that you want.
Backups can be performed automatically according to flexible backup schedules, allowing for businesses of all sizes and needs to meet their specific RPOs. Communication is initiated by your systems, and your information is encrypted using AES (Advanced Encryption Standard), before being pushed via a secure SSL/TLS connection to Thrive’s datacenters. All of the backups are also incremental and only move new or changed data.
Thrive’s Network Operating Centre (NOC) proactively monitors the data centers, operations and customer data transfers to ensure optimal backup and recovery with BaaS services to support your Recovery Time Objectives (RTO).
For environment failover and replication services, see our Disaster Recovery as a Service offerings.
Disaster Recovery as a Service (DRaaS)
Disaster Recovery as a Service (DRaaS) enables your company to replicate data and deploy a Disaster Recovery (DR) environment without needing to construct a second physical data center.
DRaaS extends recovery capabilities to allow for full recovery directly into cloud infrastructure in just minutes, giving your organization the Recovery Time Objective (RTO) that you need for true business continuity.
DRaaS replication ensures that your production site and DR site are in sync, allowing you to meet demanding Recovery Point Objectives (RPOs). Learn more about RPOs here.
The Thrive DRaaS solution offers both Warm Site Failover, and Hot Site High Availability Replication and Full Failover. These Thrive services enable businesses to achieve RTOs that range from seconds to 48 hours from the time of a declared data disaster. Speak to our disaster recovery experts to find the right services to meet your RTO.
Thrive to the Rescue
Your Backup and Disaster Recovery Heroes
Thrive is a trusted global provider of comprehensive cloud, data protection, and security services.
Since 2001, Thrive has provided these robust and secure managed cloud and disaster recovery solutions from a scalable multi-tenant infrastructure, supported by our first-class in-house technical team. Thrive delivers highly flexible and responsive solutions with outstanding value and service, using state-of-the-art technology to offer ultimate protection and peace of mind.
We are driven to be your trusted partner and to ensure that we deliver a Thrive Experience that meets your business requirements with the reliability, scalability and support that your business demands.
Contact us today to learn more about how Thrive can help you to meet your operational demands while protecting and recovering your most valuable asset – your data.
What is Disaster Recovery as a Service (DRaaS)?What is DRaaS?
Disaster Recovery as a Service (DRaaS) is a fully managed IT Disaster Recovery Service. It typically applies to servers, rather than desktops. If your servers have failed whether by a hardware failure, a software update that doesn’t work properly, a power outage, or a ransomware attack, then your DRaaS provider will get you back up and running in a DR site.
In most DRaaS cases, IT departments oversee the restoration process, but a third-party provider guides the way with their experience. Depending on the service level purchased, businesses may be able to recover IT systems in minutes, hours or days following a failure. The service should also include regular testing of your Disaster Recovery solution to ensure that it is all working properly, and meets compliance and regulatory requirements.
The Benefits of DRaaS
DRaaS solutions have many benefits. Human error is a large cause of IT downtime. It’s very easy for IT departments and system end users like employees and partners to make honest mistakes; we’re all human after all. But sometimes there are also intentional, internal threats to businesses that can be harder to manage. An unbiased, independent provider is often best to ensure that failures don’t end up as total data loss, and that the cause of the disruption is accurately assessed and identified.
In addition to internal threats, recoveries are very stressful and difficult scenarios unless you are experienced and well-rehearsed. It is quite common for the pressure to become overwhelming, or for the recovery process to become a difficult and drawn out affair as unexpected issues mount, all the while the business revenue suffers. It’s important to have someone on your team who has the experience of many IT recoveries and isn’t distracted by internal pressures or other tasks. Your recoveries will be more consistent and faster, resulting in less downtime and less damage to your business.
Choosing the Right DRaaS Provider
Implementing an effective DRaaS solution is not a simple matter. Your provider will act as your trusted partner, ensuring not just that you have the most appropriate DR solution, but also that this solution is managed, maintained, monitored, adapted and scaled properly for years to come.
There are a few key points that you need to consider when choosing a DRaaS provider:
- Location
- Performance
- Testing
- Specialized Experience
- Pricing
- Breadth Of Capabilities
- Levels of Service
Read more about choosing the right DRaaS provider.
Thrive to the Rescue
Your Backup and Disaster Recovery Experts
Threats to business continuity continue to evolve. From ransomware to employee error to natural disasters, a variety of events can cause outages, and the costs of downtime can be high, even for short incidents. It’s up to IT organizations to be prepared. But how do businesses choose the best disaster recovery strategy while also making the most of limited budgets and resources?
Thrive offers DRaaS and business continuity solutions for businesses of all sizes.
Contact us today for your customized solution.
COVID-19 | Securing the Extended Corporate Perimeter: Work from Home Security TipsThe corporate perimeter has grown with many employees performing their daily responsibilities from their homes. We must consider the risks associated with accessing corporate resources remotely. The following are basic security tips for those that are working from home and what they can do to strengthen their security posture.
Protect Your Video Meetings
The COVID-19 crisis has led to a surge of users utilizing video conferencing platforms like Zoom, Webex and Lifesize. We have witnessed an increase in social engineering with video conferencing focused content, fraudulent installation files and direct attacks like “Zoom-bombing” where uninvited guests crash unsecured meetings. Thrive has put together a few items to consider when you are using video conferencing.
Be Cautious When Using Video Conferencing
-
- Do not click links in chat windows unless from a trusted source.
- Only download the video conferencing client directly from the legitimate platform’s website and not from anywhere else.
- Do not take or post pictures of your video meetings on Social Media or elsewhere.
- Do not post public links to your meetings.
- Do not share your meeting ID.
Securing Your Meetings
-
- Add a password to all meetings by automatically generating a meeting password.
- Use waiting rooms to prevent users from entering the meeting without being admitted by the host.
- Disable participant screen sharing to prevent your meeting from being hijacked by others.
Privacy Considerations
-
- A host can record a Zoom session, including the video and audio, to their computer. Be careful saying or physically revealing anything that you would not want someone else to see or know.
- Meeting participants will know when a meeting is being recorded as there will be a ‘Recording…’ indicator displayed.
Secure Your WiFi and Home Modem
Confirm your Wi-Fi routers have a strong password. Most wireless routers come pre-set with a default password. This default password is easy to guess by hackers, especially if they know the router manufacturer. When selecting a good password for your wireless network, make sure it is at least 20 characters long and includes numbers, letters, and various symbols.
Check that the admin access of your modem also has a strong password and is not using the default credentials provided by the manufacturer. If the device is internet facing, a default password is an invitation for hackers onto your home network.
Use Corporate Issue Devices for Work Only
Don’t use corporate issued devices for personal communications or web browsing. If you don’t have an extra device, ask your Manager for one or if you can be provided with a virtual desktop to log into work. This will reduce the risk of potential infections spreading from your personal email or web browsing habits to corporate resources.
Use Your Corporate VPN
An important way to secure corporate data as it moves between employees and corporate systems is to use a corporate VPN. VPNs provide an additional layer of security that encrypts data transfers in transit.
Use MFA Multi-Factor Authentication
Individuals should enable MFA to authenticate to all resources (Banking Websites, Cloud Apps, Corporate VPN, etc.) that support MFA integration. The primary benefit of Multi-Factor Authentication is that it provides additional security by adding another layer of identity verification by requiring multiple credentials. The more layers and factors in place, the more the risk of an intruder gaining access to critical and sensitive systems and data is reduced.
Operating System and AV Updates
Run the latest Operating System updates and ensure all machines on your home network have an updated AntiVirus program running. This is the first layer of defense for many personal machines and should be updated regularly.
Internet of Things (IoT) Home Devices
Update the firmware of your IoT devices if available and take any devices offline that are not regularly updated and patched. Attackers may use these as a pivot point to capture your home network traffic and then use to leverage access to corporate networks.
Phishing Campaigns
Only download and open expected files from known senders. Exercise extreme caution if a file or URL is received from an unknown party. Offerings are already available on the dark web to help criminals perform COVID-19 content focused Phishing campaigns.
Web Browsing for Coronavirus Information
We have noticed an increase in websites and domains that use COVID-19 and coronavirus themes in an attempt to distribute malware. Only view trusted websites to get the latest news and information such as those below.
Official John’s Hopkins University Live Threat Map
An interactive map outlining confirmed cases worldwide
https://coronavirus.jhu.edu/map.html
CDC: Coronavirus Situation Summary
Center for Disease Control and Prevention
https://covid.cdc.gov/covid-data-tracker/#trends_weeklycases_select_00
WHO: Coronavirus Information
World Health Organization
https://www.who.int/health-topics/coronavirus
This is a big adjustment for many people. Remember, that by working from home we are helping to slow the spread of the Coronavirus. Stay safe and healthy.