3 Legs of the BCP Stool

The “3 Legs of the BCP Stool” metaphor highlights the foundational aspects essential for a strong Business Continuity Plan (BCP). These legs represent critical components that support your plan’s effectiveness and resilience in the face of disruptions:

• Business Continuity Planning: Yes, the first leg is the same as the concept itself. This is all about the people, places, and processes. During an event, where do people go? What do they need to do to keep the business running? And what’s the plan for each department within an organization?

• Crisis Management: This includes physical safety, employee protection, and related communications. For example, how will you communicate with your staff during a severe weather alert, or relay information to the fire department or law enforcement during a fire or active shooter situation?

• Disaster Recovery (DR): The “things” part of a BCM program. How will you recover from a server failure? A network outage? A cryptovirus? Do you have backups or workarounds in place? What is the priority for systems recovery in the event of a disaster?

Understanding these elements is key to developing a comprehensive BCP strategy. While each component has its unique focus, they are all interconnected and must work together seamlessly during a crisis. It’s important to have a solid plan in place for each aspect and regularly revisit and update them as needed.

12 Professional Process Steps For Business Continuity Management

Without a thorough plan in place, many organizations fail to recover from a disaster. Luckily, we’ve developed twelve professional practice steps to a successful BCM program. Working through the steps is time-consuming, but investing the resources to develop, practice, and revisit a BCP will put you in a position to navigate unexpected outages, natural disasters, or dangerous workplace events.

1. Program Initiation and Management

Establish the need for a BCM Program (and identify the program components) by gaining a clear understanding of your risks and vulnerabilities. This can be through the development of resilience strategies, response, restoration, and recovery plans.

The main objectives of this professional practice are to obtain leadership’s support and funding—then you can start to build the organizational framework and develop the BCM program.

2. Risk Evaluation and Control

Identify the risks/threats and vulnerabilities that are both inherent and acquired which can adversely affect your organization, its resources, or its image. Once identified, threats and vulnerabilities will be assessed as to the likelihood that they would occur and the potential level of impact result.

Your business can then focus on high-probability and high-impact events to identify where controls, mitigations, or management processes are non-existent, weak, or ineffective. This evaluation results in recommendations from the BCM Program for which additional controls, mitigations, or processes should be implemented to increase resiliency from the most commonly occurring and/or highest-impact events.

3. Business Impact Analysis (BIA)

During this step, your organization should identify the likely and potential impacts of events on your business or its processes. Moreso, the criteria that will be used to quantify and qualify such impacts. This includes the following:

• Financial Effect
• Operational Effect
• Customer Effect
• Regulatory Compliance
• Reputational Impacts

The criteria to measure and assess these impacts must be defined and accepted, then used consistently to define each organizational process’s Recovery Time Objective (RTO) and Recovery Point Objective (RPO). The result of this analysis is to identify time-sensitive processes and the requirements to recover them in an acceptable timeframe.

4. Business Continuity Strategies

Use the data collected during Risk Evaluation and BIA to identify available continuity and recovery strategies for your organization’s operations and technology. Recommended strategies must be approved and funded, and must meet both the recovery time (RTO) and recovery point objectives (RPO) identified in the BIA.

You should also perform a cost-benefit analysis on the recommended strategies to align the cost of implementing the strategy against the assets at risk.

5. Emergency Preparedness and Response

Develop and implement your organization’s plan to respond to emergencies—this may impact the safety of employees, visitors, or other assets.

The emergency response plan should document how your business will respond to emergencies in a coordinated, timely, and effective manner to address life safety and stabilization of emergencies until the arrival of trained or external first responders.

6. Business Continuity Plan Development and Implementation

The Business Continuity Plan is a set of documented processes and procedures that will enable your organization to continue or recover time-sensitive processes. This is usually created to allow processes to continue at the minimum level within the timeframe acceptable to the business.

In this phase of the Business Continuity Management Program, the relevant teams design, develop, and implement the approved continuity strategies and document the recovery plans to be used in response to an incident or event.

7. Awareness and Training Programs

A program is developed and implemented to establish and maintain awareness about the Business Continuity Management (BCM) Program and to train your organization’s staff so that they are prepared to respond during an event.

This training program should ensure staff members understand their roles and responsibilities in the event of an emergency or business disruption. The team will also regularly conduct mock exercises to test the effectiveness and readiness of the plan.

8. Business Continuity Plan Exercise, Audit, and Maintenance

To continue to be effective, a Business Continuity Management (BCM) Program must implement a regular recovery exercise schedule to establish confidence in a predictable and repeatable performance. As part of the change management program, the tracking and documentation of these activities evaluate the ongoing state of readiness.

This tracking will allow continuous improvement of your organization’s recovery capabilities and ensure that plans remain current and relevant. An audit process will also validate the plans are complete, accurate, and in compliance with organizational goals and industry standards.

9. Crisis Communications

Define the framework to identify, develop, communicate, and exercise a crisis communications plan. This plan should address how communications will be handled before, during, and after crises. The communications plan is developed collaboratively with your organization’s public information and internal information resources where they exist to ensure consistency of communication.

The plan should address the need for effective and timely communication between the organization and all the stakeholders impacted by an event or involved during the response and recovery efforts.

10. Coordinating with External Agencies

Establish policies and procedures to coordinate response, continuity, and recovery activities with external agencies at the local, regional, and, if necessary, national levels. But don’t forget to prioritize compliance with applicable statutes and regulations.

This also includes establishing a process to obtain mutual assistance support from and provide the same to other organizations when requested.

11. Program Improvement

The program must be evaluated and improved continually to ensure that it remains proactive.

Your organization should monitor industry trends, emerging threats, and the results of its own exercise program to identify potential gaps or other areas that require improvement. Regularly reviewing and updating policies, procedures, plans, and other documentation will ensure that your BCM Program is effective and continues to meet organizational goals.

12. Store, Update, and Distribute Your Plan Regularly

The Business Continuity Plan is a living document that must be regularly reviewed and updated to ensure it remains accurate and relevant. Follow these steps to ensure your plan maintains its effectiveness:

• Ensure all team members have access to the latest version of the plan, including any relevant updates or changes.
• Store the plan in a secure location.
• Test your backup procedures regularly to ensure they are functioning correctly.
• Perform annual reviews and audits to identify any necessary changes or improvements.
• Distribute the plan to all relevant team members, including new employees, and provide training on their roles and responsibilities in case of a disaster.
• Regularly communicate updates and changes to the organization to ensure everyone is aware of their roles and responsibilities in an emergency.

Start Managing the Right Way With Thrive

Diving into the process of business continuity management is best guided by experienced professionals who are familiar with the intricacies of these twelve steps. Contact us to learn more about how we can help you tackle your business continuity challenges.

The post 12 Steps to a Successful Business Continuity Program appeared first on Thrive.

MSPs and Business Continuity Go Hand-in-Hand

MSPs are third-party companies that specialize in managing and maintaining a company’s IT infrastructure, applications, and other technology-related services. They work proactively to ensure their clients’ systems run smoothly, are secure from potential cyber threats, and quickly recover from disruptions or outages.

By partnering with IT-managed service providers, your business can delegate the management of complex IT environments—which frees internal resources to focus on core business functions. There’s no denying the fact that MSPs and business continuity go hand-in-hand.

How to Hire an MSP Who’ll Ensure Business Continuity

Hiring an MSP is a critical business decision that demands careful consideration. Before signing any contract, ensure they align with your business goals and have the expertise and experience to support your unique IT needs. Look for an MSP who can offer the following:

Optimal Security Measures

Cyberattacks are becoming more sophisticated, and businesses of all sizes are at risk. Reliable IT-managed service providers should have the tools to protect your systems from malware, ransomware, phishing attacks, etc. They should also proactively monitor your networks for vulnerabilities and provide prompt solutions when needed.

Ease of Access/Availability

System outages and disruptions can happen at any time. That’s why you need an MSP partner who’s available 24/7 to provide support and resolve issues quickly. Ensure they offer multiple contact options, including phone, email, chat, or a dedicated portal.

Scalability

As your business evolves, so do your IT needs. Your MSP should be able to scale its services and resources as needed without interrupting your operations.

Budget-Friendly Plans

MSPs offer a range of services with varying prices. Choose an MSP that offers plans that fit your budget without compromising on the quality of service.

Experience and Reputation

Choose an MSP with a proven track record of providing excellent services to businesses in your industry. Don’t hesitate to ask for references and reviews from their existing clients.

Thrive: Your Trusted IT Managed Service Provider

At Thrive, we understand the importance of business continuity. We offer reliable and comprehensive managed IT services so we can take care of your IT infrastructure. Our team of experts is available 24/7 to provide support and ensure your systems are running optimally. Contact us today to learn more about how we can help your business thrive.

The post The Impact of MSPs on Business Continuity appeared first on Thrive.

Here are the key questions you should be asking when creating a plan to protect and recover your data in the case of a natural disaster:

What does your current backup situation look like?

The first step toward improving your data protection practices is to consider your current IT infrastructure and systems. Do you have a disaster recovery plan in place? If not, why not?

The assumption that nothing bad will ever happen to your data exposes your business to major risks and devastating losses. It’s not a question of if your data will be destroyed or compromised; rather, it’s when.

Even the most cautious organization will run into situations like natural disasters, hacking attacks, or even user error, where their data is lost or compromised and needs to be recovered. A well-prepared business should always have a comprehensive backup and disaster recovery plan at the ready.

Have you talked to your employees?

By developing and instituting clear internal processes and best practice standards for data management, businesses can help to prevent data loss following natural disasters. Once employees are properly handling files and information day to day and know the correct steps to take during adverse events, your business is a critical step closer to ensuring data protection and successful business continuity.

How often do you test your backups?

Even if you have a backup system in place, how often do you test your procedures and backups to make sure that you can rely on them when you need them the most? It’s not unheard of for a business to lose everything in a fire, and when attempting a recovery, they find out that the entire backup is corrupted or doesn’t work properly. You shouldn’t hope that your backups are reliable, complete, and ready to go; you need to guarantee that they are.

Where do your backups live?

Many businesses rely on their servers for backup, either on-premise or off. In these cases, you should be sure to design a network of backups that offers sufficient redundancy and to have the appropriate resources and expertise to maintain and service them.

What backup approach works for you?

Many organizations that maintain their own data centers also use third party cloud-based solutions for a secondary backup. Having servers in diverse locations supports data loss prevention by minimizing risks due to natural disaster.

A hybrid approach that combines on-premise servers with third-party managed cloud infrastructure can provide geo-redundancy and additional managed services capabilities.

Take advantage of Disaster Recovery as a Service (DRaaS)

The most effective way to enable data loss prevention is to create a seamless disaster recovery plan that includes Disaster-Recovery-as-a-Service (DRaaS). DRaaS simplifies many of the backup and recovery processes, provides storage-related cost savings, and allows businesses to backup their data more frequently with less administrative complexity.

In the event of a natural disaster, a third-party DR service provider can typically help you recover much faster because of their significant and specialized training and resources. DRaaS providers also have the experience of handling multiple catastrophic events in a diverse range of scenarios and can contribute their expertise around handling real world failovers. Third party service providers can rapidly respond when disaster strikes to assist your business in successfully minimizing damage to your data, reputation, and business continuity.

Thrive Specializes in Data Loss Prevention

By following data protection best practices, your organization can weather natural disasters and reduce or eliminate disruption to your business.

Working with Thrive will allow you to avoid costly outages and data loss that could harm your operations, reputation, and profitability. Preparation means businesses gain a competitive advantage by keeping the lights on during the storm.

Stay Safe in the Cloud with Thrive

Questions? Ask Our Experts!

The post How to Enable Data Loss Prevention in Case of Natural Disasters appeared first on Thrive.

A Recovery Point Objective (RPO) is a metric used to determine how often data backups should run, and to evaluate what services and solutions match your business needs. The RPO is determined by understanding how much data loss your business can tolerate.

Some businesses and organizations may have mandated RPOs due to data privacy and compliance requirements, such as the financial and legal industries.

Why is this important? Data is dynamic and constantly changing over time, while backups only capture data at a specific point in time. The length of time between each scheduled backup is known as the backup interval. The wider the interval, the higher the likelihood that your data will change during that time, and the more risk you take as that data remains without a backup until the next backup. In the event of a data disaster, a higher backup frequency enables more recovery points to restore from and shrinks the interval between backups so that data has a better chance of being captured.  Your RPO defines the maximum allowable amount of lost data measured in time from a failure occurrence to the last valid backup.

Meeting Your RPO

For example, an e-commerce business may conduct around-the-clock online transactions. They evaluate their systems and business model and determine that losing more than 15 minutes worth of data would be extremely detrimental to their operations, customer service, revenue, and reputation. They decide that their RPO and backup interval should never exceed 15 minutes. They then choose a solution that is capable of running a backup schedule at 15 minute intervals, such as at every quarter hour on the hour (0:00, 0:15, 0:30, and 0:45).

If a failure occurs, with successful backups every 15 minutes, they would always be able to recover without major threat to their business continuity. Here are two examples on how it would play out:

• If they experienced a system failure at 0:03, they’d only lose 3 minutes worth of data.
• If failure occurred at 0:52, they’d lose 7 minutes of data.
• For both scenarios, since the time between the last backup before failure and the data disruption are well below the 15 minute RPO (3 and 7 minutes respectively), both losses are survivable for the business.

Failing to Meet Your RPO

Conversely, if a business can only withstand an hour’s worth of data loss, yet has backups running every two hours, that business is not meeting their RPO and is at risk of losing critical data. The risk escalates the further in time the failure occurs from the last backup.

For example, if they run their backups every odd hour on the hour (1:00; 3:00; 5:00, et cetera):

• A failure at 1:40 is less damaging than one that occurs at 4:55.
• The first incurs 40 minutes of data loss, which is acceptable according to their RPO of 1 hour.
• The second incident incurs 1 hour 55 minutes of data loss, which definitely does not meet their RPO and may seriously damage their business.

For this business, without the appropriate 1 hour backup interval, meeting their RPO of 1 hour is a game of chance and does not meet their business needs. If a data disaster occurs such as a ransomware attack, user error, or natural disaster, they stand to suffer damage and potentially opening themselves up to liability, loss of business, and compliance risk.

RPO Services and Solutions

There are a range of services and solutions that enable backup intervals that support different RPOs. The chosen RPO can affect the price, configuration, and IT resources required. Working with a flexible, customer-centric backup and disaster recovery service provider can help you to determine the most cost-effective and responsive solution for your business.

Backup as a Service (BaaS)

Backup as a Service (BaaS) offers fully configurable online backup and recovery processes, supported by Thrive. These services are scaled for your organization so that you get the control you need with the support that you want.

Backups can be performed automatically according to flexible backup schedules, allowing for businesses of all sizes and needs to meet their specific RPOs. Communication is initiated by your systems, and your information is encrypted using AES (Advanced Encryption Standard), before being pushed via a secure SSL/TLS connection to Thrive’s datacenters. All of the backups are also incremental and only move new or changed data.

Thrive proactively monitors the data centers, operations, and customer data transfers to ensure optimal backup and recovery.

Disaster Recovery as a Service (DRaaS)

Disaster Recovery as a Service (DRaaS) enables your company to replicate data and deploy a Disaster Recovery (DR) environment without needing to construct a second physical data center. DRaaS replication ensures that your production site and DR site are in sync, allowing you to meet demanding Recovery Point Objectives (RPOs).

What About Restoring Backups?

BaaS allows both local and cloud restores from your backups based on your RPOs and the stored backup snapshots.  DRaaS extends recovery capabilities to allow for full recovery directly into cloud infrastructure in just minutes, giving your organization the Recovery Time Objective (RTO) that you need for true business continuity.

Thrive to the Rescue

Your Backup and Disaster Recovery Experts

Thrive is a trusted global provider of comprehensive cloud, data protection and security services.

Since 2001, Thrive has provided these robust and secure managed cloud and disaster recovery solutions from a scalable multi-tenant infrastructure, supported by our first-class in-house technical team. Thrive delivers highly flexible and responsive solutions with outstanding value and service, using state-of-the-art technology to offer ultimate protection and peace of mind.

We are driven to be your trusted partner and to ensure that we deliver a Thrive Experience that meets your business requirements with the reliability, scalability, and support that your business demands.
Contact us today to learn more about how Thrive can help you meet your operational demands while protecting and recovering your most valuable asset – your data.

The post What is a Recovery Point Objective (RPO)? appeared first on Thrive.

Veeam Backup & Replication is the foundation of the Veeam Platform, providing backup, recovery, and replication for your critical workloads including VMware, AWS, Microsoft Azure, Windows, Linux, enterprise apps, and much more. 

But why do you even need backup and replication, you might ask? Here’s why… 

The Achilles heel of information technology has always been the non-physical nature of data records. Electrons can disappear in startlingly large quantities in less than the blink of an eye. This can happen with a simple user error, by clicking on the wrong menu item for instance, or through sophisticated attacks such as ransomware, which encrypts your data, effectively scrambling it beyond recognition or usability — unless you pay to have it de-encrypted. Then there are natural disasters, like fires, floods, tornadoes, etc. Although, these latter threats are arguably more dangerous to physical files than they are to electronic data given the relative ease with which electronic data can be protected. That is why even before the modern information age, keeping backups of critical data has always been essential. 

Learn More on Thrive’s Disaster Recovery as a Service

What’s a Backup and how does it work?

A backup is a copy of a set of data or a full system that is made at a specific time and stored away, either on the business premises, at an offsite location, or in the cloud — or some mix of the three. A backup is time-bound. Even seconds after it is made, a backup will no longer represent the existing live data set, which is continuously changing. For many kinds of data, this isn’t a problem. Sometimes it is even an advantage. For instance, in the case of a ransomware attack where the entire data store has been compromised, having a clean backup of your data and systems taken from a point in time before the infection is the only way to recover from the attack.

A Veeam Backup makes a point-in-time archive of all the files, settings, snapshots, binaries, and configuration files that make up a virtual machine (VM) or system. This archive is stored in a single file (*.VBK) that is often compressed and deduplicated to save disk space. Completed backup files give the business a point in time from which to recover any files that are associated with a system or application. If backups are completed with regular frequency, they can be very effective at preventing data loss entirely and at recovering data in the event of accidental or purposeful deletion. Backup provides a very strong RPO (Recovery Point Objective) solution. Veeam also provides Veeam Cloud Connect, which enables the capability to make backup copies offsite to a Cloud Connect Service Provider to ensure offsite and ransomware protection for backups.

Get the latest Insights on Ransomware

What’s Replication and how does it work? 

Replication makes a copy of a running Insightsng virtual machine and then synchronizes updates from that running VM at regular intervals so that the replica is ready to run with the most current information should the need arise for a failover. The content of a replica changes with each new synchronization. Failover can take place very rapidly and often results in little to no downtime for the business and a very low RTO (Recovery Time Objective). 

In today’s virtual environments, where critical services such as e-commerce and supply chain are being provided to customers, or where automated manufacturing and smart processes generally rely on instantaneous access to changing data, the live nature of the data is critical. In case of a failure of a primary system, it is essential to have a failover to a redundant system that can immediately restore the service. In this case, more than the data is replicated. The virtual machines, as well as the underlying network, have to be replicated so that services accessing a given IP address will continue seamlessly. Again, the replication may be on the enterprise premises, in a physically distant alternate location, or in the cloud – or some mix of the three.

What are the differences? Backup vs. Replication  

Now that we have discussed the importance and the process of replicating and backing up your essential business systems and data, let’s talk about the differences between the two. When it comes to backup and replication, the most frequently asked question is – do you need one of these solutions, or do you need both? 

The two terms, Backup and Replication, are often used interchangeably, but they aren’t the same thing. Sometimes they are presented as alternative ways to protect your systems, as if you must choose one or the other. The thoroughness of the replication solution sometimes makes enterprises believe incorrectly that they can dispense with backups since there is always one or more replications of the live data store at any time. However, this misses the point that data that is corrupted or lost is also replicated in the failover system. If an employee hits the wrong key or a ransomware attack encrypts data in the primary system, it will be replicated through the redundant systems based on the replication frequency. Because of the trend towards Continuous Data Protection (CDP) and low recovery point objectives (RPO) for frequently replicated systems, it is also essential to have historical backups with longer RPOs. 

So, for most businesses Backup and Replication are both essential and you should employ them together to ensure that you have a full data protection and disaster recovery plan. What mix of replication and backup your business needs will depend on the nature of your data and the role it plays in your business. The required availability of systems and the budget you have for disaster recovery will also play a role in these decisions.  More critical and frequently changing systems will be stronger candidates to add replication, but will also add cost to the solution.  Options for failover may also exist to balance costs including both “Warm” and “Hot” (high availability) Disaster Recovery as a Service (DRaaS).  A good DRaaS provider will be able to provide a cost-effective solution to meet your managed disaster recovery requirements while ensuring that both replication and backup processes are provided to balance availability with data protection. 

Partner with Thrive for Veeam Backup, Recovery, and Replication Services. 

As businesses pursue digital transformation strategies that integrate data across their internal silos for end-to-end data-driven processes, they will have to consider replication for either partial or full failover scenarios, as well as complementary backup services. As your DRaaS partner, Thrive works with you to determine what mix of backup and replication makes the most sense for your business operations. We will help you to analyze the role that your data plays in your business and assess the cost of data loss vs. the cost of the disaster recovery effort. And, if your business needs it, we will design an appropriately scaled DRaaS solution to ensure that your essential services are restored and up and running before your customers have even noticed.

About Thrive

Thrive is a trusted global provider of comprehensive cloud, data protection, and security services.

Since 2001, Thrive has provided these robust and secure Managed Cloud and Disaster Recovery solutions from a scalable multi-tenant infrastructure, supported by our first-class in-house technical team. Thrive delivers highly flexible and responsive solutions with outstanding value and service, using state-of-the-art technology to offer ultimate protection and peace of mind.

We are driven to be your trusted partner and to ensure that we deliver a Thrive Experience that meets your business requirements with the reliability, scalability, and support that your business demands.

Have questions? Contact Us!

Related Services

High-availability replication and DRaaS

Rapid Replication, Failover, Multiplatform Replication

Veeam Cloud Connect

Veeam Appliances

Warm Site and DRaaS

VMware Hyper-V and Nutanix

Veeam BaaS and DRaaS Solutions

Veeam Platinum Cloud Service Provider (VCSP)

The post Backup vs. Replication: Opposing or Complementary? appeared first on Thrive.

The trend towards remote working has been growing for several decades, but recently due to world events, many businesses have had to adopt supporting technologies and processes quickly and under pressure. The remote working trend has also dovetailed with the move to the cloud and software-as-a-service applications like Office 365. Cloud services are a great help in implementing remote working and in helping teams to collaborate even when not working in the same location. Cloud-enabled services and applications are often misunderstood, however, when it comes to security measures. Along with their SaaS services, businesses also need to consider using cloud-based security and disaster recovery services in parallel from a trusted DRaaS provider.

SaaS and Cloud providers like Microsoft, Salesforce, Google and others promise to secure the infrastructure that hosts the cloud application. But these SaaS providers are not responsible for covering all of the possible data and security issues that can arise, so customer support for backup, replication, and recovery services needs to be considered.

While the cloud provider takes care of the infrastructure, data and access remain the customer’s responsibility. The access risks compound as workers increasingly work remotely and communicate through email, which is the number one vector for malware.

Secure access to the cloud for remote workers today is usually ensured by either using an SDP or split-tunnel VPN. In either case, the security of remote access relies on user authentication. It is important not to make the mistake of relying on the employees to set up and manage their passwords. Individuals are notorious for setting easy-to-remember but also easy-to-guess passwords. Set up strict corporate password policies and enforce them. Also enforce regular intervals for employees to update their passwords.

Even with these stricter password policies in place, businesses would also be wise to employ multi-factor authentication (MFA). There are a number of ways for bad actors to manipulate or trick your employees into unintentionally revealing their passwords making it a good idea to have a second authentication method as a further roadblock. Traditionally, MFA was done using tokens, but it has become much simpler today to use the employee’s smartphone to send a code that they then enter into the SaaS login credential screen. There are a number of good choices for MFA available such as Google Authenticator, or options recommended by Microsoft. Need help determining which MFA solution is the best fit for you? Ask our Microsoft 365 experts today!

Even MFA access through SDP or a VPN will not always guarantee security for your most precious data; internal employees can also act maliciously. Therefore, it is a good idea to design your internal data access policies to ensure that each end user only has access to the applications and data that they need to do their jobs.

Segmenting your data collections is another good policy to adopt for additional Cybersecurity and data protection. Having all your eggs in one basket is never a good idea. Using various software-defined networking techniques such as SDPs or SD-WAN, you can literally define the connection between the user’s device and a specific server. They can be completely restricted to this network slice. Finally, think carefully about which workers get remote access; not everyone needs it all the time.

One main vector for security breaches is via email “spear phishing” attacks, which attempt to induce people to reveal personal information, such as passwords and credit card numbers by posing as reputable companies.

Phishing is a common technique for extracting passwords from employees with some IT professionals reporting 1000+ phishing attempts hitting their email inboxes a month. Other malicious email campaigns include sending attachments with embedded trojan code, or links pointing to compromised websites that auto-download malware onto users’ systems.

All employees are at risk of making a split-second poor decision and exposing their computer to these attacks. Threat actors are adept at choosing topics that people are eager to learn more about, often playing off trending fears and anxieties to lessen people’s natural caution and common sense. As a sign of the times, many organizations are reporting increased email phishing and Business Email Compromise (BEC) attacks since the beginning of the COVID-19 pandemic, with many messages claiming to offer breaking news or free tests. Once the pandemic has finally abated, threat actors will move on to the next anxiety-provoking topic.

While Microsoft and other email SaaS providers often try to help filter unwanted senders’ messages by verifying the IP address to guard against phishing, oftentimes their off-the-shelf attempts lack comprehensive protections and may lag behind in updating against the latest threats. IT professionals should look to enhance their email security by looking for Managed Anti-Spam and Anti-Virus solutions that offer services for scanning both inbound and outbound emails to eliminate spam and known attacks and Managed IT Services for analytical reporting, Cybersecurity, and on-demand expertise from a trusted DRaaS provider.

While it is critical to stay on top of the latest security threats and trends, it is also the case that malicious actors are constantly innovating new attack strategies. Barely a week goes by that some new kind of threat is launched and discovered. From denial of service to trojan horses and ransomware, you can never rule out the possibility that your business will be the next headline victim and cautionary tale.

How does a DRaaS Provider enhance Microsoft 365 data protection and cybersecurity?

That is one of the most important, but not the only, reasons to have a comprehensive backup and rapid disaster recovery service. Another reason is that employees unintentionally delete data all the time. They are the most common source of data loss. Even IT professionals can make configuration mistakes that can open data to being hacked or even lost. So, a comprehensive backup and disaster recovery option is essential for restoring your data.

This is where cloud services expand their usefulness from a means to collaborate efficiently, to storing and protecting your critical and everyday business data. Disaster Recovery as a Service (DRaaS) has become increasingly important in an era of escalating natural disasters, cyber-attacks targeting critical public institutions and businesses, and sophisticated social engineering campaigns bombarding your business day and night.

The good news is, as the importance of DRaaS has risen, the affordability has too. Many savvy organizations are leveraging the flexibility and rapid responsiveness inherent in cloud-enabled backup and recovery. After all, one of the many reasons that you adopted a cloud model was to get away from the capital costs and ongoing operating expenses associated with running and maintaining your own internal data infrastructure. Now that there are a range of cost-effective disaster recovery services available, businesses are finding that DRaaS makes good common sense.

In addition to helping you to recover from a disaster, an experienced DRaaS provider can also proactively help you to prevent data disasters from occurring in the first place and enable your business to work securely no matter where your end users are located. As a third party specializing in helping businesses recover from various disasters, they are best placed to anticipate what your business might face in the future. They can help you to design your security approach, as well as prioritize your data resources, segmenting them and working with you to create a plan for ensuring that the most critical data is restored as quickly as possible to keep you up and running.

The possibility of remote working and cloud-based services have been a godsend for many businesses, allowing them to remain operational in these difficult times. It is unlikely that the workplace will return to what it was and remote work is probably the new normal or highly significant for many businesses going forward. Your DRaaS provider can make sure that you do it securely and ensure that you can also recover gracefully if anything goes wrong.

Want to know more?

Thrive to the Rescue

Your Backup and Disaster Recovery Heroes

Thrive is a trusted global DRaaS provider of comprehensive Cloud, Data Protection, and Cybersecurity services and can help to guide as you work through your SMB or enterprise DR planning process.

Since 2001, Thrive has provided these robust and secure Managed Cloud and Disaster Recovery solutions from a scalable multi-tenant infrastructure, supported by our first-class in-house technical team. Thrive delivers highly flexible and responsive solutions with outstanding value and service, using state-of-the-art technology to offer ultimate protection and peace of mind. Thrive is an accredited Microsoft Office Level 1 backup and DRaaS provider.

We are driven to be your trusted partner and to ensure that we deliver a Thrive Experience that meets your business requirements with the reliability, scalability, and support that your business demands.

Contact us today to discover your options around partnering with us to provide your customers with data loss prevention solutions and rapid ransomware recovery with services such as Cloud to Cloud Backup for Microsoft 365, email archiving, and Thrive DR services. Regardless of internal user error, ransomware attacks, or when a health disaster strikes, ensure your business continuity by meeting your operational demands while protecting and recovering your most valuable asset – your data.

Questions? Ask Our Experts!

The post What’s Missing in Your Microsoft O365 Security and Data Protection? appeared first on Thrive.

DRaaS is a perfect example of an on-demand cloud service that is always on and scales with your client’s needs. For you and your customers, there is the added benefit that you don’t need to keep a second data center for redundant servers and communications services. An additional perk for you is that DR brings in new customers, such as SMBs, who will find it easier to start small and scale as they grow.

DRaaS offers three other main benefits to your customers:

1. Immediate recovery from any kind of disaster with system failover to a secondary infrastructure within minutes.
2. Depending on needs and resources, customers get the flexibility to customize the scope of recovery from all types of disasters, from malware and ransomware to hurricanes and wildfires.
3. DRaaS offers seamless redundancy and no single point of failure to keep data securely protected in the cloud and away from the primary site.

Working closely with a customer to plan for recovery from a disaster that could jeopardize their business, requires that you get a clear understanding of their key operations and those parts of the business that are mission-essential. This disaster recovery planning approach is more strategic and collaborative between provider and customer than with a managed backup service, and requires you and the customer to predefine playbooks for exactly how to respond to different disaster scenarios. This is your opportunity to take your relationship with your customer to a new level. If you are able to add value and insights, you can earn their trust and develop a longer-term relationship with greater revenue potential.

Working on the disaster plan will involve taking the customer through a thorough risk assessment to identify vulnerabilities in their infrastructure. You may ask, which components are the most important and how do they impact their critical business functions? You will need to calculate both the financial and non-financial costs. Besides loss of revenue, there is the potential loss of opportunity; for instance, companies that recover faster, gain a competitive advantage.

The goal of all this analysis is to develop with the customer what they believe is their realistic recovery time objectives (RTO). In other words, how long can their infrastructure afford to be down? This is often a compromise between what they view as ideal and what they can afford. Similarly, you will also set the recovery point objectives (RPO), which define what level of data must be recovered and at what time-based increment or schedule, which should follow directly out of the analysis of critical business functions.

Qualities and Benefits of a Reliable DRaaS Partner

Having a technology partner that is focused on providing disaster recovery can be helpful during this process. A good DRaaS partner will have extensive experience in helping companies recover from many different kinds of disasters. This experience can be leveraged in formulating a sound disaster plan. Should the time come that a disaster does occur, it’s good to have team members onboard who routinely handle disaster situations and can meet the challenge with a measured and effective response that only comes with experience.

Your DRaaS partner will be particularly useful in the setting and defining of RTO and RPO objectives. These objectives set the parameters for the SLA you agree to and define your relationship and your obligations going forward. This includes identifying the cost-effective services and configurations that are recommended for your customer to meet their RTO and RPO, including full or partial failover, and hot site or warm site replication. It is critical to get it right at the beginning, and this is where the extensive experience of a DRaaS partner can be drawn upon to ensure that the defined service achieves the customer’s objectives as well as your own.

Finally, your ultimate objective in defining a DR plan for your customers is to identify where they are most vulnerable and to help them to address those weaknesses to prevent disasters altogether. Again, you will have to move the needle on your relationship to go beyond reacting to their needs to anticipating them, and as a result, positively shape the way they operate their business.

This is why DRaaS is much more than an additional revenue stream or a sticky service, although it is both of these things. It is above all an opportunity to move you from being regarded as just a service provider to being a trusted strategic long-term partner for their business.

Thrive to the Rescue

Your Backup and Disaster Recovery Heroes

Thrive is a trusted global provider of comprehensive cloud, data protection, and security services and can help to guide as you work through your SMB or enterprise DR planning process.

Since 2001, Thrive has provided these robust and secure Managed Cloud and Disaster Recovery Services from a scalable multi-tenant infrastructure, supported by our first-class in-house technical team. Thrive delivers highly flexible and responsive solutions with outstanding value and service, using state-of-the-art technology to offer ultimate protection and peace of mind.

We are driven to be your trusted partner and to ensure that we deliver a Thrive Experience that meets your business requirements with the reliability, scalability, and support that your business demands.

Contact us today to discover your options around partnering with us to provide your customers with data loss prevention solutions and rapid ransomware recovery with services such as DRaaS Veeam managed appliance for VMWare and HyperV, DRaaS physical server replication, and other Thrive DR services. Ensure your business continuity by meeting your operational demands while protecting and recovering your most valuable asset – your data.

The post Find Your DRaaS Partner and Make Disaster Recovery a Strategic Part of Your Service Portfolio appeared first on Thrive.

In the spring of 2007, just before the 2008 financial crisis hit, Nassim Taleb presciently published a widely read book called The Black Swan: The Impact of the Highly Improbable. As if reading from a crystal ball, Taleb laid out his thesis that as our global economy scales and becomes more and more complex, we begin to see the unforeseen and unpredictable more and more often. He argued that to be competitive and truly profit from these unpredictable “black swan” events, you have to organize your business strategy to be ready for them, even if they seem very unlikely.

Effective Enterprise DR Planning Includes Cybersecurity, Public Health, and Natural Disasters

Since then we have had at least two of these worldwide seismic events. The most recent, the current pandemic, has been a wake-up call for every business worldwide. Disasters on a global scale do happen and, as it turns out, some businesses have been better prepared to meet the needs of their customers during this event. These companies have not only realized a short-term competitive advantage, but they have secured a firm foundation for their future growth.

But if disasters are unpredictable black swans, how do you plan for them? Taleb shows through a series of examples how important it is to think through the worst kind of risks that you might face and take out insurance against those possibilities. If the risk seems low to everyone else, then it will probably turn out that it doesn’t cost that much to insure yourself against it. And a corollary of this principle, if the worst happens, you will also probably be one of the few survivors. Which can put your business in a very strong competitive situation.

One of the important pieces in your disaster insurance strategy has to be a good disaster recovery plan for your company’s data. Cybersecurity events fall into that class of newly emerging black swan threats that face every business. As we embrace autonomous technologies built around IoT, AI, and machine learning, we are unleashing tremendous productive potential, but we are also setting ourselves up for a potential perfect digital storm.

Much as public health professionals have been warning us of the possibility of a pandemic for the last few decades, cybersecurity professionals have been trying to alert the world to its precarious state around digital security. No one knows exactly how or what will occur, but most who work in this field are concerned that we have a good chance of seeing a major cybersecurity event in the coming decades. Will your business be ready to survive and potentially even profit from it?

Key Considerations for SMB and Enterprise DR Planning

As gloomy as these threats are to contemplate, effective enterprise DR planning has to start with thinking through the worst-case scenarios that you might face so that you can ensure that resources and processes are in place to prevent or rapidly recover from a disaster.

Here are some key considerations at a glance.

1. Start by looking at what parts of your business systems, applications, and data that you simply cannot afford to lose.
2. Then take it to the next level by asking, “If all of my competitors were knocked down by the same event as me, what kinds of data recovery would give me an immediate advantage?” There could be an easily achievable difference between being minimally operable and able to pounce on a once-in-a-lifetime opportunity.
3. In developing a good data disaster recovery plan, you need to analyze the vulnerabilities in your IT infrastructure and identify the critical components of your operations. This has to be linked to a thorough analysis of your business functions and an assessment of which are the most critical to your ability to not only survive but successfully compete.
4. You must also ensure that your disaster recovery plan is well understood by your teams. Ensure that they are prepared to execute the DR plan when the time comes. This is difficult to do when the threat is a black swan event that is unpredictable and looks to most people consumed in their daily to-dos as highly theoretical, at best.
5. For this reason, it is important to fully script out the responses to a wide variety of emergency scenarios. Training and periodic trial runs — fire drills — are also a good way to ensure that when the moment comes, people will have developed some engrained patterns that they can fall back on when their amygdala has gone into overdrive.
6. To ensure that you have the skill sets and coverage needed during a disaster, also think about engaging the services of a third-party disaster recovery team. We have firefighters and other first responders for a very good reason. Training and constant practice in dealing with disasters is the only good way to be prepared for them when they strike. However, most businesses and organizations want to avoid having ‘constant practice’ with recovering from disasters for obvious reasons.

A Disaster Recovery partner can allow you to focus on your day-to-day operations, while also having access to reliable and specialized backup and recovery support. A DR partner can apply the deep expertise that they have honed with disasters day in and day out to your specific business needs. They can help you think through your business priorities, identify vulnerabilities in your systems, design backup systems and protocols, and provide critical and rapid response support. This will ensure that you cannot only recover gracefully but seize the moment when your competitors cannot.

Thrive to the Rescue

Your Backup and Disaster Recovery Heroes

Thrive is a trusted global provider of comprehensive cloud, data protection, and security services and can help to guide as you work through your SMB or enterprise DR planning process.

Since 2001, Thrive has provided these robust and secure Managed Cloud and Disaster Recovery solutions from a scalable multi-tenant infrastructure, supported by our first-class in-house technical team. Thrive delivers highly flexible and responsive solutions with outstanding value and service, using state-of-the-art technology to offer ultimate protection and peace of mind.

We are driven to be your trusted partner and to ensure that we deliver a Thrive Experience that meets your business requirements with the reliability, scalability, and support that your business demands.

Contact us today to discover your options around data loss prevention and rapid ransomware recovery with services such as DRaaS Veeam managed appliance for VMWare and HyperV, DRaaS physical server replication, and other Thrive DR services. Ensure your business continuity by meeting your operational demands while protecting and recovering your most valuable asset – your data.

The post Enterprise DR Planning: Disaster Ready Means Ready to Compete appeared first on Thrive.

The escalating frequency and severity of these natural disasters is posing an urgent and critical threat to businesses and organizations located along the Gulf of Mexico, the North American Eastern Coast from Florida all the way to Newfoundland and Labrador, and the Caribbean. Already struck by economic hardships from the pandemic, these regions simply cannot afford another catastrophe on their shores – and yet they are barreling towards them at an alarming pace with many organizations unprepared and without hurricane disaster recovery in place.

While the season typically peaks by September 10, the second half of the 2020 season is projected to be just as volatile. The National Oceanic and Atmospheric Administration (NOAA) has predicted that in total, we may see between 19 – 25 named storms between June and November 30 – the first time that the agency has ever predicted that we may have to start using the Greek alphabet to name our storms.

Out of those 19 – 25 named storms, NOAA forecast that 7 – 11 will become hurricanes, with 3 – 6 of those becoming major hurricane events with extreme damage and potential loss of life. As of this writing in early September, we have already seen 15 named tropical storms. Out of those, 5 became hurricanes with one developing into a major 3+ category storm. The 15th tropical storm was named Omar on September 1, breaking the previous record held by Ophelia in 2005 for earliest named 15th storm of the season.

Enabling Effective Hurricane Disaster Recovery

While early preparation is the best way to mitigate risks to businesses from a wide range of threats, given the early onset, rapid succession and severity of these storms, many organizations have been caught flat-footed. Most have had little time to check that their hurricane disaster recovery plans are in place and updated after only recently activating pandemic planning processes. Many are looking for help to address IT business continuity with their already stretched resources and expanded demands for DR.

An experienced cloud backup and disaster recovery service provider can address many of those business needs by lending their specialized expertise for effective hurricane disaster recovery planning and best practices while also recommending the best and most cost-effective Disaster Recovery as a Service (DRaaS) solutions. DRaaS providers can support your team with on-demand services such as managing your offsite data replication to a secure datacenter and ensuring that data is stored geographically distant from threatening storm systems.

Have questions? Our team is ready to help you weather the storm. Contact us today!

Thrive to the Rescue

Your Backup and Disaster Recovery Heroes

Thrivee is a trusted global provider of comprehensive cloud, data protection and security services.

Since 2001, Thrive has provided these robust and secure managed cloud and disaster recovery solutions from a scalable multi-tenant infrastructure, supported by our first-class in-house technical team. Thrive delivers highly flexible and responsive solutions with outstanding value and service, using state-of-the-art technology to offer ultimate protection and peace of mind.

We are driven to be your trusted partner and to ensure that we deliver a Thrive Experience that meets your business requirements with the reliability, scalability and support that your business demands.

Contact us today to discover your options around data loss prevention and rapid ransomware recovery with services such as DRaaS Veeam managed appliance for VMWare and HyperV, DRaaS physical server replication, and other Thrive DR services. Ensure your business continuity by meeting your operational demands while protecting and recovering your most valuable asset – your data.

The post Ensure Hurricane Disaster Recovery During Record Breaking 2020 Season appeared first on Thrive.

It is no surprise then that the latest trend in disaster recovery is Disaster Recovery as a Service (DRaaS). Relying on the cloud to provide flexible, scalable backup resources, DRaaS is always on and always available. Disaster recovery services provide the fastest options for restoration of operational and other kinds of data, and it can automate many of the tasks. Along with the agility and speed of recovery that DRaaS makes possible, it also provides increased flexibility, improved security and saves you money. Having access to your backup data without having access to computing to run your business is only part of the equation in a disaster.

In traditional disaster recovery, IT maintains or has access to a second, standalone data center for the disaster recovery operations. This duplication includes storage and compute resources as well as duplicate network resources such as firewalls, routers and switches. There are also extra operational processes such as configuration, maintenance and support. In addition, there is the time needed to access the equipment at the second site as well as the time needed to re-route network traffic to this new location.

The manual side of disaster recovery can be the Achilles heel for many businesses because their backup operations are manual. This puts the burden on data center employees, who unless the business is very big, are often caught up in other day-to-day operational tasks. It is not always easy to ensure backup tasks remain on the daily to-do list despite more pressing short-term issues.

Rapidly growing businesses also need to expand their redundant data center to match the growth of the business. This can impose the need for significant expenditures at a time when all available Capex is being used to increase productive capacity. As with manual operations, long-term strategic issues such as disaster recovery often fall lower on the priority list when the business is consumed with short-term issues.

Cost-effective and Reliable Disaster Recovery Services for Businesses of all Sizes

Disaster recovery services address most of these shortcomings. The pay-as-you-go approach of cloud services is one of the principal drivers of the trend to the cloud, and it is no different with DRaaS. It moves disaster recovery to the expense side of the ledger where it can more closely match the ebbs and flows in revenue, and it ensures that precious capital resources are available for expanding productivity to meet growing demand.

Disaster recovery services can automate the tasks associated with replication, backup and restoration. The cloud provider takes over the day-to-day operations, administration, and maintenance of the DR data center and associated services, which frees IT to focus on the more pressing concerns of managing the fast-growing digital operations side of the business.

In addition, disaster recovery services can also assist in disaster avoidance. Failing over just one or a few Virtual Machines (VM) and running those workloads from a Cloud site without having to formally declare a disaster and initiate all of the associated actions with disaster declaration can be invaluable.

Documenting and automating the restoration process or “run book” of Virtual Machines (VM) with your DRaaS provider through the use of features such as Failover Plans can ensure that the appropriate steps are taken more rapidly and without having to make those decisions during the disaster declaration process, since they were determined well in advance.

The DRaaS provider also brings their expertise and experience in handling disaster recovery and prevention daily; whereas most business’s IT departments will only occasionally deal with data restoration tasks and may never experience a full-blown loss of data — at least, not until it happens.

Your DRaaS provider can work with you to develop your Disaster Recovery Plan. They can help you to assess the risks and business impacts, lay out the best ways to prevent data loss from occurring and help your IT staff to prepare for how best to respond and recover from various disaster scenarios. Finally, they can help you to test these systems regularly to ensure that the plan is comprehensive and update it when new threats emerge.

This last point is perhaps the most significant. Cyber-security threats are the area most prone to rapid change, and the area where it is most difficult for IT departments to stay current. Again, the DRaaS provider is singularly focused on the security of their data center operations and is completely attuned to the current state of security threats. Their infrastructure is also separate and apart for that of the businesses they serve which offers additional protections through these barriers.

In this era of digital transformation, the cloud is playing a key role in the development of information and operational technologies. It allows businesses to be more agile, responding quickly to shifts in demand and enabling them to be more flexible and adjust their offerings and services to optimize the customer experience. Cloud providers offer the latest capabilities and leverage the most advanced technological platforms. Every business today needs to put cloud at the heart of their business strategy and, now more than ever, that includes disaster recovery services.

Thrive to the Rescue

Your Backup and Disaster Recovery Experts

Thrive is a trusted global provider of comprehensive cloud, data protection and security services.

Since 2001, Thrive has provided these robust and secure managed cloud and disaster recovery solutions from a scalable multi-tenant infrastructure, supported by our first-class in-house technical team. Thrive delivers highly flexible and responsive solutions with outstanding value and service, using state-of-the-art technology to offer ultimate protection and peace of mind.

We are driven to be your trusted partner and to ensure that we deliver a Thrive Experience that meets your business requirements with the reliability, scalability, and support that your business demands.

Contact us today to discover your options around DRaaS Veeam managed appliance for VMWare and HyperV, DRaaS physical server replication, and other Thrive DR services that can help you to meet your operational demands while protecting and recovering your most valuable asset – your data.

The post Disaster Recovery Services Should be Part of Your Cloud Strategy appeared first on Thrive.