We’ll cover the best practices businesses should apply when adding hybrid cloud backups, as well as common challenges and components to consider.

What is Hybrid Cloud Backup and How Does it Work?

Hybrid cloud architectures combine on-premises environments with one or more cloud resources, and hybrid cloud backups use this combination to create a more comprehensive strategy for data protection.

Hybrid cloud backups work by having data backed up to on-premises storage devices, such as servers and hard drives, and then saved as a copy to cloud storage. By having data stored in both locations, businesses improve their redundancy and have a backup they can use in the event of a disaster or outage. To ensure both copies are up-to-date, data is synchronized regularly, based on the level of tolerance a business has for lost files as part of their recovery point objective (RPO).

What Are the Benefits of Hybrid Cloud Backups?

Businesses that use hybrid cloud backups can enjoy benefits such as: 

• Improved redundancy: Saving a copy of your organization’s data in the cloud means that you have easy access to a backup that can be used during a disaster. This is one of several redundancy measures a business should implement when executing a disaster recovery plan.
• Better disaster recovery: Restoring data from the cloud can help businesses achieve their recovery point objectives (RPO) and recovery time objectives (RTO).
• Scalability: Storage capacity needs are not likely to be consistent from month to month. Having cloud storage as part of a hybrid backup solution means that businesses can easily scale based on their resource needs.
• Cost-Effectiveness: While it can cost more to store data in multiple locations, these expenses far outweigh the average cost of downtime businesses may experience during an outage, data breach, or other type of disaster. Hybrid storage can also be more flexible thanks to the flexibility and scalability of cloud storage, allowing businesses to only pay for what they need.

What Are the Challenges of Hybrid Cloud Backups?

Hybrid cloud backups can provide greater data protection and create more flexible storage options, but there are some challenges businesses may face when implementing a hybrid solution.

Because hybrid cloud is a mix of cloud and non-cloud environments, organizations need to manage complexity to leverage the environments effectively. There may be several different tools, security configurations, and processes to navigate to minimize vulnerabilities and keep backups effective. In fact, 32% of businesses list struggling with migrating workloads when moving to public cloud environments as one of their biggest challenges.

Data can also get fragmented when it spans across on-premises and cloud environments. It’s important that data is organized, classified, and synced properly to avoid issues associated with fragmentation.

Infrastructure security measures from cloud providers can make hybrid cloud backups more secure, but businesses also need to understand their role in keeping data protected in transit and at rest. Organizations should also understand which compliance measures they need to have in place to align with relevant data privacy regulations for their industry or type of business, which can get harder to unify when more environments are added.

Other challenges can include risk of vendor lock-in, lack of necessary in-house skills, and cost management associated with cloud storage and backups. Flexibility is a benefit, but vendor lock-in can make your future options feel rigid. Having someone available who can help you navigate backup options can help you manage costs and keep your options open.

Important Components of a Hybrid Cloud Backup Strategy

The essential components of any hybrid cloud backup strategy will consider the infrastructure used for backups, how data will be synchronized and replicated, where data will be managed, and the security measures necessary to protect data in any state. This can also be part of a larger hybrid cloud strategy.

On-Premises Backup Infrastructure and Cloud Backup Services

Initial backups and local data redundancy can be stored on physical storage devices such as hard disk drives (HDDs) or solid-state drives (SSDs). Long-term archival and offsite disaster recovery can be aided with the use of scalable cloud storage options.

Cloud services should be able to meet your goals for security, scalability, and compliance. If you think your needs may change in the next few years, analyze how easy it would be to migrate data from one provider to another.

Data Replication and Synchronization

For hybrid cloud backups to work effectively, data needs to move efficiently and quickly between on-premises and cloud environments. Replication tools can create copies of onsite data in the cloud for secondary off-site backup purposes. Synchronization keeps each copy current between environments, so if the backup needs to be used, little to no data is lost.

Centralized Backup Orchestration and Management

To make orchestration easier, backups should be managed by a centralized platform. The platform should allow your organization to schedule backups, generate reports, and monitor data replication efforts. This can help streamline the backup process and reduce errors that can make disaster recovery efforts more difficult.

Security Measures and Compliance Considerations

To safeguard critical data in hybrid cloud backups, data needs to be encrypted at rest and in transit. Other robust security measures businesses should implement include multi-factor authentication and access controls. Data backup policies should also comply with relevant policies such as HIPAA, GDPR, and PCI DSS depending on the level of data sensitivity, location of the business, and industry.

Six Best Practices When Implementing Hybrid Cloud Backups

Establishing a strong hybrid cloud backup strategy with the aforementioned components is the first step in implementation. From there, apply the following best practices to ensure your backups are achieving your business objectives.

1.) Establish RTOs and RPOs

An RPO identifies how much data a business can lose before it significantly impacts their processes or revenue. An RTO describes how much time a business can stand to use to restore critical business systems and processes.

Some organizations can afford to lose a day’s worth of data or more, whereas others would experience major disruptions in business processes if they lost more than a few minutes of data. The same goes for recovery time. Some businesses can go days before getting back to business as usual. Others need to be back up and running in minutes.

Your company’s RTO and RPO will depend on the sensitivity of your data and how much you rely on the workloads to conduct critical business processes. The RTO will dictate the backups’ recovery speed, while the RPO will also determine backup frequency to minimize data loss.

2.) Develop Backup and Recovery Policies

Creating a comprehensive policy around data backup and recovery can help reinforce your approach across your organization. A strong policy should include:

• Backup schedules: What’s the frequency that should be used for data backups?
• Retention periods: How long should data be saved?
• Disaster recovery procedures: Who is responsible for which steps, and what needs to happen in order to restore business processes?
• Testing and validation: How will you ensure your backups are working properly?

3.) Determine Your Data Security and Protection Requirements

Who needs access to which types of data? What other security protocols need to be enacted to protect data?

The sensitivity of your data and regulatory requirements will determine the security measures that need to be used to protect data. This can include encryption standards, access controls, and data transfer protocols.

4.) Evaluate Cloud Backup Providers

Before choosing a cloud backup provider, you should evaluate a few options.

You’ll want to evaluate based on the following questions:

• How well can the cloud provider accommodate future growth? How flexible and scalable is the infrastructure?
• Does the provider offer clear and detailed Service Level Agreements (SLAs) that guarantee data availability and recovery times?
• Which security features are available from the cloud provider, and which need to be implemented by the customer?
• What management and monitoring tools and capabilities are offered?
• What does the pricing model look like? Are there cost savings available for predictable workloads?
• How do people rate customer support? What is their reputation like?

5.) Assess Potential Integration Challenges

Depending on how old your on-premises infrastructure is, you may experience integration challenges with your chosen cloud backup solution. During and after the cloud provider selection process, you’ll need to think about how compatible the systems are, what data transfer requirements look like, and whether you’ll need additional software or other integrations to make syncing and transfer smooth.

6.) Outline Testing and Validation Schedule

Once everything is set up, it’s time to test. A regular testing schedule should confirm that hybrid cloud backups are ready during backup and data recovery scenarios.

Plan how often you want to simulate disasters and the types of scenarios you want to test. This will depend on where your data centers are located, how much redundancy you have, and the level of your data’s sensitivity that you’re trying to protect and restore.

By testing regularly, you can quickly identify deficiencies in your plan and implement additional safeguards before a real disaster.

Exploring Hybrid Cloud Backup Options

Choosing the right hybrid cloud backup solution will come down to how well you understand your specific priorities and needs. If you’re not sure where to start, TierPoint is here to serve as a partner to help you navigate your options. We have deep expertise in designing and implementing hybrid cloud and disaster recovery solutions that work with your existing infrastructure and meet your data storage and compliance needs.

TierPoint is also vendor-neutral and well-versed in integrations, allowing you to achieve greater flexibility when you ultimately select a cloud vendor. Learn more about our hybrid cloud consulting and schedule time to talk to a member of our team. In the meantime, check out this infographic to discover the 13 essential steps to creating an effective disaster recovery plan.

This is the idea behind a single point of failure (SPoF) – these are thin areas of the net that are prone to break easily at the first sign of strain. Reducing SPoF can strengthen your systems and build resilience, but where are they and how can you resolve them?

What is a Single Point of Failure?

A single point of failure refers to the vulnerability of a particular element in a system. When there is a single point of failure, the breakdown of that element will lead to the failure of the rest of the system. In the book Tubes, by Andrew Blum, he references the geography of the internet, and starts by talking about a common cause of single point of failure: how a squirrel nibbling on wires could take down internet access to his own house. This example relates to your processes, components, and systems that have these single points of failure and can completely incapacitate your business.

Types of Single Points of Failure

Some of the most common single points of failure when it comes to technology and data centers are hardware failures, software failures, power outages, network connectivity, and human error.

When businesses don’t have redundancies in hardware, backups to handle power outages or data breaches, additional network switches, or fail safes in place if a team member deletes critical files, your business may be severely impeded or prevented from operating due to a single point of failure.

What Can Cause a Single Point of Failure?

Both internal and external issues can contribute to single points of failure (SPoF), such as design flaws, implementation issues, and outside disruptions and breaches. Systems with design flaws may lack redundancy in key components, including servers, backup systems, and internet connections. Highly intricate systems can also obscure SPoF, making them harder to untangle and remedy quickly.

Even when businesses have redundant components, misconfigured redundancies will do nothing to solve a SPoF. Accidental damage to hardware or missing important configuration steps in software can make these redundancies useless. Finally, external factors can be the biggest threat to existing single points of failure. Natural disasters, cyberattacks, fires, construction work, and power outages can damage equipment and take down critical components. These outside forces often test more than one type of redundancy at the same time.

How to Identify Single Points of Failure

Before you can address a single point of failure, you need to identify where they’re showing up in your business. You can do this by conducting either a failure mode and effect analysis (FMEA) or a systems analysis.

Failure Mode and Effect Analysis (FMEA)

A failure mode looks at how something can fail in a system – what are the ways this particular element could break down? For example, a wire could lose connection, a bulb could break, a fan could stop spinning, and hardware could overheat. A failure mode and effect analysis (FMEA) takes stock of all components in a system, lists all potential failure modes of these components, anticipates the effects of failure, assigns a risk level to each type of failure, and outlines mitigation strategies to decrease the potential risk from occurring and/or the impact it could have on the business.

Systems Analysis

A systems analysis, while similar, tends to take a wider-lens approach to the system to see weaknesses and blocks in flow that could spell greater system breakdown if stressed or impacted. Compiling information for a systems analysis can include taking note of past failures and their root causes, simulating different scenarios and the failures they might bring, and creating a chart of the system’s current workflow to visualize bottlenecks.

What is the Impact of SPoF on Business?

A single point of failure can have a cascading effect on an organization. One small malfunction can easily disrupt entire systems or processes. Depending on the SPoF, businesses may experience irreversible data loss, productivity standstills, customer dissatisfaction, and even permanent reputational damage. Disruption and impediments can remain long after the threat stemming from the SPoF has subsided. The recent United Healthcare / Change Healthcare hack is currently being attributed to a single point of failure – a vulnerability in billing and payment operations used by the organizations. This comes after urging from the International Underwriting Association (IUA) to understand and solve single points of failure in digital supply chains last October. Key connection points between different vendors and services can cause extensive damage, as we’ve seen from the UHC / Change hack.

Techniques to Avoid Single Points of Failure

To build resilient systems, businesses should employ one or all of the following techniques to avoid single points of failure.

Redundancy and Failover Mechanisms

Redundancy is at the core of solving all SPoF vulnerabilities. All critical components of your systems should be accompanied by backups. This goes for hardware, software, data, power supplies, cooling systems, and cables. Your systems should also have failover mechanisms that automatically switch to alternative components if the primary ones fail.

Resilience in System Design and Operations

You can build resilience through simplification and reliability. By simplifying your system design, you reduce the dependencies and hidden points of failure. Reliable components with proven track records can reduce the need for backup components. Build in robust error handling that provides a safety net that captures errors and provides helpful language around what exactly is going wrong.

Recovery Procedures

When you’re in recovery mode, there should be no question about the order of operations. Create clear, well-documented procedures and regularly test your process to ensure you can recover in the time you want (RTO) and without unacceptable data loss (RPO).

Geographic Diversity and Data Centers

If your business can’t go down during a natural disaster, such as an earthquake, hurricane or fire, geographic diversity is a necessity. Ensure your business has a backup environment in a geographically distinct area to decrease the risks associated with larger areas of impact.

Monitoring and Alerting

Oftentimes, you can turn the tide on small issues before they balloon into bigger failures. Implement monitoring and alerting systems to flag problems before they escalate into company-wide disruptions.

Automation and Orchestration

Automated alert systems can flag problems for IT teams, who can jump into action and apply any manual changes. Failover, provisioning, and recovery tasks can all be automated to reduce the time it takes to implement them, as well as the likelihood of human error.

Regular System Audits and Risk Assessments

An initial risk assessment is important, because it helps you plan for threats paired with potential vulnerabilities. However, the risk landscape will change with evolving threats and the nature of your systems. Regularly perform system audits and risk assessments to confirm that your redundancy measures are still preventing SPoF.

Disaster Recovery Planning and Testing

While geographic diversity is one part of disaster recovery planning, there are other things businesses should do to instill confidence in their ability to restore critical systems after an outage. A disaster recovery plan should outline which parts of the system need to be recovered first, who needs to be notified post-disaster, and which steps should happen automatically versus manually. At the very least, businesses should be testing their disaster recovery plans once per year.

Developing a Multi-Pronged Approach to Mitigating Single Points of Failure

Mitigating single points of failure may seem like a simple fix at first – just build redundancies! However, redundancies can take so many different forms in a business, and they won’t work properly without regular monitoring and testing.

Creating and abiding by a multi-pronged approach is a great way to mitigate SPoF, ensure high availability, and build more confidence in your systems. If you’re just getting started with business continuity plans and you’re looking for outside guidance, learn more about TierPoint’s Business Continuity Consulting services, and read our eBook to discover how to master your disaster recovery strategy.

FAQs

By air-gapping backups, businesses can protect their data in a distinct way, physically or virtually isolating their data from any online access. We’ll cover what air-gapped backups are, what sets them apart from other methods, why they’re important for resilience, and what to consider before implementing them in your IT security plan.

What are Air-Gapped Backups?

Air-gapped backups create distance between critical data on your computers and the internet. When your data is air-gapped, the separation makes it unable to be accessed by cybercriminals and malware which typically use online channels. By air-gapping devices, businesses can create an additional layer of security and greatly improve their likelihood of making it through a data breach or other disaster.

Why are They Important for Security and Resilience?

When businesses create a virtual layer between devices and the internet, this separation allows air-gapped data to operate in isolation from threats that pose a risk to data security. In 2023, 82% of data breaches originated from data stored in the cloud, either public, private, or hybrid. By creating air-gapped backups, businesses can improve their data protection approach and become more resilient.

How Do They Work?

Air-gapped backups work by using a separate storage system to be either virtually or physically separate from the main environment. Based on how frequently your data updates, and how critical it is to have extremely current data in a backup environment, your business will choose how often data will be transferred and updated in the backup environment. Traditionally, this looked like backing up data on tapes and storing them offline. Even when air-gapped data is stored in the cloud, the network the data is stored on would be offline, making this method distinct from other backup solutions.

Types of Air-Gapping Backup Methods

There are three types of air-gapping backup methods businesses may employ: physical, logical, and cloud. 

Physical

Physical air-gapping is a traditional method for backing up data in a physically isolated environment. The method involves moving the data and isolating backup storage from any physical connection that would allow it to be accessed by outside actors. Physical air-gapping can include removable storage devices, such as external hard drives and tapes, or specialized hardware backup devices that generally come with built-in network isolation features. Backup devices like these can usually automate backup processes to cut down on the manual effort businesses may need to take on with tapes or hard drives.

Logical

A less labor-intensive method businesses can try is employing logical air gaps. Instead of creating a physically distinct environment, logical air gaps rely on software and network segmentation to separate the storage from the network. Even if storage devices are physically connected to a network, this method can put up a virtual barrier that blocks access from the internet.

Cloud

Cloud air gaps are similar to logical air gaps, with some organizational differences. Logical air gaps can exist within the business infrastructure, for example, while cloud air gaps live on a infrastructure that is ultimately controlled by cloud providers.

While IT teams may be able to implement immutable functionality, such as object locking and isolated network segments within the cloud, the environment is ultimately dependent on the practices of the cloud provider.

Businesses should understand the level of security and isolation cloud providers offer before deciding whether this is an appropriate method for their needs.

What Common Ransomware Threats Target Data Backups?

Data backups are a prime target for cybercriminals. Ransomware attacks can involve backups in a few different ways, including backup encryption, backup software vulnerabilities, and credential theft.

Ransomware attacks are not limited to the encryption of primary data. Cybercriminals may also seek out connected backup drives and encrypt them as well. If bad actors can get into your backups, that leaves your business unable to restore your data from a secondary site.

Credential theft involves stealing login credentials, which could be logins for the production environment, backups, or any other door criminals may be able to unlock. Stolen credentials are one of the top two initial attack vectors used by criminals.

Known vulnerabilities in software are especially dangerous in the days before they are discovered and patched by companies. Ransomware attackers can use these known vulnerabilities to gain access to your systems, including your backups. Maintaining a regular patching system is one way to keep these risks low, but if there is any network access to backups, attackers may get in.

How Do Air-Gapped Backups Provide Ransomware Protection?

Critical data is not just valuable to your organization, it’s also an attractive target for cybercriminals. Ransomware will encrypt your high-value data, and if it infiltrates your backups, you’ll be left without a clean backup copy that you can use to restore your systems. Air-gapped backups provide ransomware protection through encryption, hashing, network isolation, offline storage, verification, and maintenance of data integrity. Some of these features can help with prevention, whereas others will lend a hand with ransomware remediation.

Encryption and Hashing

Air-gapped systems already offer a significant level of protection for businesses due to their offline nature. Encryption and hashing increase these security benefits, making the data unable to be deciphered even if hackers end up gaining access. Hashing algorithms bolster data integrity by ensuring that backups haven’t been accessed or altered during the transfer process, so your data can be more secure at rest and in transit.

Network Isolation from Cyber Threats

It’s worth reemphasizing that one of the biggest strengths of air-gapped backups is the disconnection from the network offered by this approach. By making your backups out of reach, hackers are not able to encrypt, let alone access, your critical systems.

Offline Storage

Offline storage offers a highly reliable recovery point for businesses after they experience a ransomware attack. When backups are stored offline, they’re out of reach of malware and encryption tools that can spread through a network.

Data Integrity and Availability

Air-gapped backups make restoration more efficient and reliable by improving data integrity and availability. Because air-gapped environments have robust access controls, or are even physically isolated from the rest of your data, accidental tampering and deletion are highly unlikely. When it’s time to restore data from your air-gapped backups, availability is predictable and reliable, whether it’s stored in the cloud or on physical equipment. This allows you to get back to your daily processes quickly

Verification and Monitoring

Organizations can detect potential ransomware attacks on backup data stored in air-gapped environments by implementing anomaly detection and monitoring access logs. Even when environments are physically isolated, suspicious activity can occur, so maintaining monitoring and detection tools is critical to enhancing your overall cybersecurity resilience within and outside of air-gapped environments.

Access Management

Just like monitoring and verification tools can make your backups that much more secure, access controls are an essential part of boosting the security of your air-gapped systems. Provide authorization only to team members who need to manage the backups regularly and require multi-factor authentication for access. Add one-off authentication when necessary to keep ongoing access points low.

Things to Consider Before Using Air-Gapping Backups in a Recovery Plan

While improved data protection can sound like a great reason to go all-in on air-gapped backups, adding this approach to your business continuity planning shouldn’t be initiated until you consider the following factors.

Data Accessibility

Because of how isolated air-gapped backups can be, they’re also less accessible compared to traditional online backups. If you’re looking for a backup method that offers easy access for regular tasks, or you need to perform a quick restoration of a file or folder, air-gapped backups are not the best fit for these purposes. Pair the type of data you’re looking to back up with the approach that will offer the right level of accessibility.

Physical vs. Logical vs. Cloud Air-Gapping

Physical, logical, and cloud air-gapping methods each have their pros and cons. While physical air gaps can offer substantial isolation, they require more effort to access and restore. Cloud air gaps can be the most convenient, but the isolation isn’t as strong compared to logical and physical methods. Understanding the benefits and drawbacks of each will allow you to choose a method that will work for your needs and security posture.

Backup Frequency and Retention

Backups go from useful to worthless if there’s too much time between saves. Frequent backups allow for a more recent recovery point, meaning you’ve lost less of your recently saved data. However, this also requires more storage and management to configure and run. Use your recovery point objectives and recovery time objectives to determine your frequency and retention periods.

Backup Testing and Monitoring

Setting up air-gapped backups is only one part of the process. You need to regularly test your backups to ensure that they will successfully restore your data in the event of a ransomware attack or other breach. Make sure that testing and monitoring are part of your regular tasks.

Integration

What do your existing ransomware recovery processes look like? Your air-gapped backups should be able to integrate well with your existing systems so you can securely transfer data to and from this new environment. If this will require some work to coordinate, consider the time and resources it will take when developing your strategy and budget.

Costs

Any new method you add to protect your data will cost additional money for hardware, software, and perhaps even offsite storage if you choose to incorporate physical media. Consider these costs in your overall IT budget to determine what level of support you can maintain.

Building a Resilient Shield Against Ransomware

Every tactic you add to your data protection strategy will make your shield against threats like ransomware more and more resilient. TierPoint’s approach to ransomware includes air-gapped backup solutions, vulnerability management, security consulting, and other business continuity and data security measures. Learn more about ransomware’s impact on businesses and what you can do to improve your security posture by reading our eBook.

Learn more about our Disaster Recovery as a Service (DRaaS) and other solutions that can mitigate ransomware’s effects. Download our infographic to learn 13 steps to creating an effective disaster recovery plan.

FAQs

Data Availability vs Data Durability vs Data Resiliency: What’s the Difference?

Data availability, data durability, and data resiliency are closely linked but have distinct meanings.

The accessibility of data is defined by its availability and measured by uptime, which is the percentage the data is available to users. For example, if a data center boasts 99.99% availability, it means that it’s only down for 52.6 minutes per year or less. Higher data availability is more important for sensitive data and critical workloads.

Data durability is all about how much data persists during an interruption or failure. Backup and recovery plans can improve data durability and protect it from software errors, hardware failures, natural disasters, cyberattacks, and human errors.

Availability and durability are contained in data resiliency, but the concept goes one step further and is focused on a system’s ability to handle failures and recover from them. A comprehensive approach prioritizes data accessibility and redundancy, and includes disaster recovery planning and necessary security measures to protect data from potential attacks or unauthorized access.

In short, data availability ensures that you can access your data when needed, durability maintains its existence during a disruption, and resiliency provides safeguards that allow systems to withstand and recover from disasters and other failures.

Why is Data Availability So Important?

Data availability is important for every business, but the level of availability needed will be determined by your processes and operations. For example, an online retail business could lose significant revenue if its site goes down during a sale. Financial businesses that may have users visiting at all hours of the day could tarnish their reputation if their services go out for too long. Healthcare organizations that experience an outage may be disconnected from critical patient information they need during a sudden, life-threatening moment.

The Uptime Institute estimates that two-thirds of all data center outages cost businesses more than $100,000. While these occurrences have become less common in recent years, the average cost has gone up.

For these reasons and more, data availability is vital for business continuity, data analysis, compliance, operations, and trust.

Business Continuity

Organizations that have strong business continuity can maintain essential operations during unexpected events. Business continuity is linked with data availability, durability, and resiliency. Any dips in data availability impact business continuity, and with that, productivity, revenue, and trust.

Big Data Analysis

Businesses that rely on real-time datasets may have difficulty making quick decisions if access to their information is disrupted in some way. Some or all of this data may be stored in data lakes or data warehouses and may need different levels of structuring or refining to be useful.

Delaying decision-making and limiting the ability to make informed insights can mean organizations miss out on key patterns and trends, miss opportunities to personalize customer experiences or fail to have the information necessary to optimize product development or marketing campaigns.

Compliance

Many companies are legally required to keep certain records and have data available for financial audits and other regulatory measures. If datasets are inaccessible during an audit, businesses can face financial or legal penalties and suffer damage to their reputation.

Data Management and Operations

Readily available data can help businesses manage their inventory, keep track of their supply chain, and monitor employee performance. When data is inaccessible, routine operations can stutter or halt. Plus, the lack of visibility on an important area of the business can prevent further operational optimization.

Customer Satisfaction and Trust

When customers can’t access their data, they can get irritated quickly, especially because being unable to access their data may hinder them from accomplishing necessary tasks. If a customer calls and needs information about their account, for example, and the representative on the phone can’t access it for them, it can severely impact customer satisfaction and trust in the company.

Challenges That Can Influence Data Availability

Challenges to data availability can come in from all sides, from technology, humans, and new regulatory requirements.

Technology-Related

Sometimes, technology doesn’t work the way we expect. Issues with data quality, storage failures, network crashes, and host server failures can all impact data availability, for brief moments or long periods. Redundant components can reduce the impact of most technology-related failures. Stringent cybersecurity measures can likewise improve data availability in the face of security and data breaches, such as ransomware attacks.

Human-Related

Even highly skilled and well-trained workers can make mistakes, and the variables can get even broader when users have a greater impact on data availability. Human error and failures in management processes are behind a “growing proportion of outages.”

Without backups, users may accidentally delete or modify data that can’t be recovered. Some data availability problems may come from skill gaps, while others may be a total fluke.

Regulatory and Compliance-Related

Even if data availability meets a business’ internal standards, certain regulations may be even more stringent. For example, GDPR (General Data Protection Regulation) and CCPA (California Consumer Privacy Act) measures can place restrictions on data storage and access that require more careful management to ensure compliance.

Certain industries, such as healthcare, face unique compliance standards like HIPAA (Health Insurance Portability and Accountability Act), which requires specific controls around data security and access.

How to Ensure Good Data Availability?

Data availability is intertwined with redundancy, security, data architecture, and cloud computing. Leveraging the right tools, skills, and infrastructure can help businesses improve data availability.

Focus on Data Redundancy

Data center tiers come with certain levels of uptime and data availability, and much of that is determined by the types of redundancies that are implemented. For example, Tier 2 data centers tend to have some redundant and backup components and have expected uptimes of 99.741% (or about 22 hours of downtime, maximum, per year). Tier 4 data centers will have redundancies for every component and will only experience about 26.3 minutes of downtime max per year (99.995%).

By focusing on data center redundancy, your business can work on implementing backup and replication strategies that result in multiple copies of data in geographically strategic locations. You can also add redundant hardware components, such as storage devices and servers, to ensure functionality even if one part fails.

Implement Robust Security, Backup, and Recovery Solutions

As previously mentioned, backups also greatly improve data availability and uptime. By regularly backing up data, either on-premises or in the cloud, businesses can safeguard against unauthorized infiltrations, such as ransomware attacks.

Firewalls, access controls, and encryption can all slow down or stop bad actors. Businesses can also protect their data by implementing disaster recovery plans and procedures to outline key actions to take after a disruption.

When redundancies are implemented, automatic failover mechanisms can seamlessly switch over to backup systems during outages. It’s also important to create backups that don’t result in fragmented data, which can cause other data availability problems.

Utilize High-Availability Architectures

High-availability architectures are designed to minimize downtime and maintain data accessibility. Some elements of high-availability architecture include implementing load-balancing strategies or clustering servers to increase access to resources.

Embrace Hybrid Cloud Strategies

Cloud computing offers scalability, disaster recovery, and redundancy measures that all enhance data availability. Businesses that aren’t ready to take the full leap to the cloud can employ a hybrid cloud infrastructure – a combination of on-premises and cloud frameworks.

Leverage Tools

Tools can also help maximize data availability. Automated monitoring and alerts can help inform your business of dips in availability. Data synchronization and replication tools can help you protect your workloads. Cloud storage solutions, powered by Microsoft Azure or Amazon Web Services (AWS), offer robust scalability and data availability features as well.

Partner with a Reliable Data Center Provider

Managing your data center infrastructure can impose a huge burden on your team’s time. By partnering with a reliable data center provider, businesses can gain access to redundant components, a secure facility, and expertise in data maintenance.

Maintain Data Availability and Reduce Data Disruption with TierPoint

Data is essential to the operations of any organization, and maximizing availability is paramount. Whether you’re looking to maintain business continuity, leverage big data analysis, comply with financial and legal requirements, manage your day-to-day operations, or secure customer satisfaction and trust, you can’t afford to be caught off-guard by data accessibility roadblocks.

Are you ready to safeguard your data against technology failures, human errors, and compliance issues? Do you want to implement best practices that ensure data redundancy, robust security, and high availability?

Learn more about TierPoint’s cutting-edge disaster recovery and backup solutions for your cloud environment that offer high availability and data redundancy. Our experts can help you minimize downtime, maximize trust, and keep your business running smoothly, no matter what challenges you may encounter. In the meantime, check out our infographic to discover 13 elements that should be included in every resilient DR plan.

Once a ransomware attack occurs, the clock starts on recovery. If your business doesn’t have a ransomware recovery plan, the fallout can be costly, resulting in a loss of revenue, productivity, and even trust in your organization. We’ll talk about the significance of ransomware recovery to your business and the essential components that should be included within your recovery plan.

What is a Ransomware Recovery Plan? 

A ransomware recovery plan is a framework that empowers businesses to regain control and restore business continuity, ideally, without succumbing to ransom demands from cybercriminals. It is best done long before a threat arises and should include any and all steps get your business back to normal after an attack. When creating a ransomware recovery plan it should outline all systems and data critical to your business, define a process for backing up your data, determine how ransomware will be found and removed, detail a plan for restoring systems and data, and dictate a communication plan that can be used to inform all key contacts about what to do during and after a ransomware attack.

This proactive approach not only protects critical data but also avoids the financial and reputational risks associated with ransom payments. Keep in mind that while paying the ransom may seem like the quickest solution, it’s a gamble with no guarantee of complete data recovery and further vulnerabilities down the line. So, the most empowering and ultimately cost-effective strategy lies in a robust ransomware recovery plan.

Why a Ransomware Recovery Plan is Essential

You may think that creating a ransomware recovery plan is excessive. Maybe you think your organization is small and will fly under the radar of bad actors. This is where most businesses go wrong. While the median size of companies that have been attacked by ransomware is increasing, according to Coveware, two-thirds of companies that are victims of ransomware have fewer than 1,000 employees, with 30% of companies having under 100 employees; and per a recent Business Impact Report, 73% of small business owners in the US reported a cyberattack in 2022. Regardless of your size, having a recovery plan for ransomware is essential.

How a Ransomware Recovery Plan Works?

Incident Response (IR) Plan

There should be no question about what your business will do next after discovering an attack. An incident response (IR) plan should include short-term and long-term actions you will take in response to an attack and reduce the likelihood of future attacks. Develop a plan of action, including immediate containment, to respond to an attack.

Make sure the IR plan answers the following questions:

• What steps will you take to collect the necessary data to understand the source, nature, and scope of the ransomware attack?
• How will you communicate the incident to internal and external stakeholders?
• What are you legally required to do after a ransomware attack to stay compliant?
• How will you keep business functions moving forward, and what will you need to do to restart or shift other functions?
• How will you decide what improvements need to be made to your security measures to keep these attacks from happening in the future?

After containment, the plan should also include steps for communications, analysis, and mitigation. Consider including answers to the following questions:

• Who needs to be informed about an attack?
• What needs to be audited?
• How can the negative impacts of the attack cause the least amount of fallout possible? 

Identifying and Isolating the Incident

With an IR plan, you need to understand the source of the ransomware attack and the full scope of the situation before disconnecting anything or taking any kind of drastic action. How did cybercriminals infiltrate? What machines are infected? Once the attack has been properly categorized, your organization can move on to disconnecting any systems that have been impacted to limit the harm done.

Disaster Recovery Plan

The end goal of any incident is to return to normal operations as quickly as possible. Determine your strategy to restore capabilities and services that were impacted by the attack. To ensure everything will work as planned, test your disaster recovery plan frequently and modify as you go, making improvements based on lessons learned.

Back-Up

A good ransomware recovery plan will ideally have at least two backups in place, and one ready to go quickly if an incident happens. Some organizations may choose to have two systems running at the same time for virtually instantaneous failover. Others may require additional steps to fill in where the primary environment left off. The bottom line is to keep data backups isolated to remain safe during an attack, and make them incrementally so that you don’t lose any data that hasn’t been backed up since the last session.

Data Recovery Software and Decryption

Even if something doesn’t go to plan, or if you’ve missed something in the ransomware recovery process, you may be able to restore some data to a set recovery point using other system tools native to a particular operating system, for example. However, this isn’t a good method to rely on, as ransomware may also impact the effectiveness of a tool like Windows System Restore.

Some software and decryption tools may also be able to restore data or undo the damage done by encryption. Not all versions of ransomware respond to these methods, either, so it’s good to include more than one method in your recovery plan to restore your workloads.

Boost Your Security

Make sure your ransomware recovery plan includes best practices for keeping security measures strong, organization-wide. This may include enacting two-factor authentication, requiring regular password changes, centralizing logging across your systems, and educating employees through cybersecurity training – more on that in the next section.

5 Steps to a Ransomware Recovery Plan Template

As you can see, ransomware recovery, incident response, and disaster recovery plans all share similar traits. However, when you’re thinking particularly about ransomware recovery, remember these steps.

Train a Ransomware Disaster Response Team

Your employees are your first line of defense against ransomware. The more they are able to identify potential ransomware attacks before they strike, the more likely it is they will be able to prevent these attacks. Each member of the disaster response team should have a clear defined role, the most common employee training will involve spotting phishing emails and maintaining password hygiene. Other employees may need to be trained on specific tools that identify software vulnerabilities and other potential side and back doors for cybercriminals.

Focus on Remediation and Prevention

Even if you have every cybersecurity tool in the world at your disposal to prevent attacks, you can still fall prey to ransomware. Prevention and remediation work best in combination. Immutable storage and disaster recovery are two remediating measures that can help you get your environments back to normal even if you don’t get your encrypted data back. You’ll also want to encrypt your data, so even if it’s intercepted, it’s less likely to be read by the attackers looking for a ransom.

Keep Data Resilience a Priority

The resiliency of your data is determined by how quickly you can return to usual operations after an attack. For some businesses, there may be some leeway on how resilient your data needs to be. Maybe there are some workloads you can do without for a day or two. For others, even a few minutes of downtime can harm the business. Resilience is all about prioritizing backup and recovery, as well as regularly testing these measures to make sure they work without a hitch in a critical moment.

Understand Your Critical Data

It may be that some applications and data are more valuable to you than others, and more essential for keeping your business moving. Understanding this, and prioritizing these workloads during an emergency, will help you develop a hierarchical action plan for ransomware recovery. For example, if you store your data in different tiers, you can put workloads that are less critical in less expensive tiers and focus more on recovering higher tiers when a ransomware attack strikes.

Create a Disaster Recovery Plan

One major part of your ransomware recovery plan will be drafting and regularly testing a disaster recovery plan. Figure out how often you need to back up your data and how it needs to be protected. You may want to follow the 3-2-1 system, for example: Having at least 3 copies of your data, 2 forms of storage media, and 1 version saved offsite in an isolated configuration. You’ll also want to figure out how often you need to back up your data. For some organizations, this may look like backing up every minute, whereas others can go a day or longer without a regular backup.

Testing this plan is a step that can’t be missed. When you test, you can verify that your recovery point objectives and recovery time objectives will be met in an actual ransomware attack, and it can help you find weak spots that may need to be revised to work properly after an attack.

Best Practices for Ransomware Attack Recovery

When a business experiences a ransomware attack, recovery comes down to the following five key steps: Preparation, prevention, detection, assessment, and recovery.

Preparation

Businesses should prepare for ransomware attacks by thinking that it’s not a matter of if, but a matter of when. With that, preparation well before a threat is on the horizon is the first and most essential step to recovering from a ransomware attack.

Essential components within preparation should include modernizing your infrastructure with a Zero Trust approach and completeing a thorough cybersecurity assessment to identify any threats and weaknesses.

Prevention

When you’re in the frame of mind that a ransomware attack will happen to you, the focus shifts to preventative measures, such as ensuring the latest OS is installed and patches have been updated. Third-party tools can identify ransomware attacks before they are able to do damage by noticing anomalies in user activity, finding attempts to access systems, flagging potential phishing emails, and so on.

Detection

These prevention tools can detect where a data breach has occurred, or where a ransomware attack has started to take hold. Robust monitoring and response capabilities efficiently gather, analyze, and respond to potential threats. For example, AI tools can be used to continuously monitor the environment and automatically send out alerts when an abnormality is first detected so efforts can be taken to quickly address and remove any threats.

Assessment     

Identify and document any threats, risks, and weaknesses. Decide ahead of time what pieces of your system are critical to your business. What data and applications need to be recovered first, and how long can you go without them working? Determine your recovery point objective (RPO) and recovery time objective (RTO), and note differences in these times based on your priorities.

Recovery

Once you are sure that the ransomware has been contained and will not infect any new data, it’s time to put a recovery plan into action. If you have failback to another system, the plan will include steps to recover workloads and bring the main site to its normal operation.

Prevent and Isolate your Data from Ransomware Attacks with TierPoint

Ransomware attacks can strike without warning, which is what makes prevention so important. Prevention and remediation, working in tandem, can significantly limit your exposure to attacks and keep your business rolling. Learn more about TierPoint’s Disaster Recovery as a Service (DRaaS) and other solutions that can mitigate ransomware’s effects. Need help building your DR plan? Download our infographic to learn 13 steps that should be included within every resilient DR plan.

FAQs

Unfortunately, disasters happen. Cyberattacks have held the top spot for the most common and most impactful causes of business outages across organizations for the fourth straight year, according to Veeam’s 2024 Data Protection Trends Report. These results can be catastrophic for organizations that don’t have the proper plans in place. One of the most critical duties of any IT leader is to understand and prepare for business interruptions by developing strategies, plans, and procedures to keep the business afloat if (and when) a disaster takes place.

What is Business Continuity?

Business continuity is a proactive approach to ensure a company’s critical functions can continue to operate during a natural disaster, crisis, or other disruption. These plans involve identifying potential risks, like wildfires, floods, cyber-attacks, or even supply chain issues, and developing procedures that can help mitigate risks and maintain business-as-usual operations.

Business continuity planning is an essential puzzle piece in risk management and allows organizations to adapt, and even thrive while navigating unexpected events.

What to Include in a Business Continuity Plan

A business continuity plan (BCP) should address the overall protection and response to disasters. It typically includes measures to protect critical data and infrastructure (including IT systems, processes, people, and facilities), maintain communication with stakeholders and authorities, and resume normal business operations as quickly as possible. Some elements to consider incorporating into your BCP include:

1. A Critical Function and Business Impact Analysis: Write down and analyze the critical functions needed for your business to continue operating. Estimate how your business will be impacted if any mission-critical functions or infrastructure goes down.
2. A Threat Assessment: Develop a list of all potential risks that could threaten your business and result in severe disruptions. Categorize threat levels by examining risk tolerances and risk appetite so you can better understand which fall outside of the acceptable range.
3. A Strategy List: Create a detailed list of the strategies and mitigation activities you can launch that will protect your mission-critical functions from the potential threats that were previously identified and analyzed. This should also include a plan for continuing operations in an alternate workspace if the primary location is impacted by an unplanned disruption.
4. Important Contacts and Communication Guidelines: Document key points of contact (as well as assign a second-in-command if the primary person is unavailable) who will handle disruptive events and ensure all employees have access to their information. Additionally, set guidelines around how employees can communicate with internal staff, external suppliers, partners, government authorities, customers, and any other stakeholders if systems go down during an event.
5. Scheduled Testing and Documentation: Regularly test different types of scenarios to ensure your strategies work and you’re able to maintain (or quickly bring back) core business functions. Carefully document each test and analyze it against key metrics and indicators to see if there’s a need for any adjustments.

What is Disaster Recovery?

While business continuity focuses on mitigating risks and keeping organizations running during a disaster, think of disaster recovery as a major pillar that revolves around:

• Maintaining data resiliency and safely recovering data after a disruptive event
• Minimizing downtime and data loss
• Restoring critical IT infrastructure and business operations as quickly as possible after a disaster strikes

What to Include in a Disaster Recovery Plan

When building out a Disaster Recovery plan, it’s important to create and follow a specific checklist to ensure you take an organized, detailed approach to protect and restore your organization’s important functions. Some of the components you should include within your DR plan include:

• A list of mission-critical data and systems that need to be prioritized during recovery
• An outline of backup and recovery procedures
• Plans for redundancy in infrastructure and data systems to minimize downtime during disruptions
• If Disaster Recovery will be in the cloud vs. on-premises
• What third-party services, like Disaster Recovery as a Service (DRaaS) or Backup as a Service (BaaS) should be included to strengthen data recovery and protection efforts
• Incident response and management actions
• Crisis communication guidelines
• Disaster recovery testing to ensure it meets RPO and RTO objectives

Keep in mind that these are just a few elements to include. For a more detailed list, read through TierPoint’s Disaster Recovery plan checklist here.

4 Key Differences Between Business Continuity vs Disaster Recovery

When comparing business continuity vs disaster recovery, there are some key distinctions between the two.

What an organization decides to prioritize or focus on will depend on the nature of the business and what is likely to minimize disruption and support key processes. For example, businesses that rely heavily on technology may want to prioritize disaster recovery planning, but business continuity planning may be more important for companies that depend on supply chain management.

Scope and Focus

BCP is a broader approach that encompasses the entire organization and focuses on ensuring the organization can continue to deliver products and services in the face of any disruption or disaster. Disaster Recovery, on the other hand, is more narrowly focused on recovering and restoring IT systems, data and infrastructure after a disaster, ensuring the organization can get back to running normally. Business continuity planning is well-suited for ensuring the continuity of the supply chain, especially when businesses are reliant on specific suppliers or require timely deliveries, with and without specific disasters and disruptions.

Timing

One of the main differences between Business Continuity and Disaster Recovery is timing – when is the plan activated? BC focuses on maintaining a functional level of operations before and during an event and, ideally, immediately after. DR outlines how to respond immediately after the disaster has occurred and what needs to be done to resume business-as-usual operations.

Goals

Ultimately, each process has different goals. The goal of Business Continuity planning is to outline how to limit downtime while DR plans focus on restoring IT systems and infrastructure as safely and successfully as possible to shorten downtime, stop insufficient system functions, and minimize data loss.

Process

BCP is a continuous process that involves running risk assessments, creating business impact analysis, and developing mitigation strategies to lessen downtime while DR focuses on preparing how to recover IT systems and infrastructure after a disaster has taken place.

Business Continuity vs Disaster Recovery: Does Your Organization Need Both?

In short: Yes.

Typically, DR is a subset of BC. It’s not highly important, but crucial for organizations to have both BC and DR plans in place. While they have different focuses and goals, they complement each other and are both critical for ensuring that you can confidently respond to and recover from a disaster or disruption.

Business continuity addresses the “during” state of a disruption, while disaster recovery takes care of the “after.” During a crisis, BC plans can keep vital operations moving, whereas DR works to quickly recover data and infrastructure after a crisis has ended. Broader disruptions, including supply chain issues and power outages, can be covered by a BC plan, whereas a DR plan is more focused on catastrophic events, such as cyberattacks and fires.

Having both business continuity and disaster recovery plans in place offer a more holistic approach to maximizing uptime and minimizing the impact of any and all downtime. DR plans can also be more specific, but they do often employ BC strategies in their approach, including data backups.

Combining BC and DR plans can ensure peace of mind and a sense of stability during stressful events and sets necessary safeguards against critical data loss and major interruptions.

7 Risks of Not Having a Business Continuity or Disaster Recovery Plan

There are many risks associated with not having a comprehensive BC and/or DR plan in place, such as:

Increased Threats to Business Operations

Not outlining and understanding how threats and risks can affect your business can be detrimental, and a lack of preparedness can cause doors to permanently close. Risk assessment and mitigation is fundamental to both BC and DR planning. The process involves identifying threats, analyzing the potential likelihood of a risk occurring and its expected impact, and prioritizing based on these factors. By knowing what might pose a risk to a business, you can apply preventative measures that may reduce the need for more advanced BC and DR measures down the road.

Loss of Revenue

Disruptions in business operations can lead to a loss of revenue, which can be particularly damaging for small businesses. A significant loss in revenue doesn’t just result in a downturn in numbers, it can also cause leadership to have to make some difficult decisions around employee offerings, staffing, service offerings, and pricing.

Damage to Brand Reputation and Loss of Competitive Advantage

An organization’s failure to respond quickly and effectively to, and during, disastrous events can hurt its reputation with customers, stakeholders, and even internal employees. Also, businesses without proper plans in place may lose their competitive advantage to competitors who boast a better level of preparedness.

Legal and Regulatory Penalties

Most companies are required by law to follow certain business continuity, compliance and regulatory guidelines. A failure to comply with legal or regulatory requirements related to BC and DR can result in fines or legal action.

Increased Recovery Time

Without a DR plan in place, an organization may take longer to recover from an interruption, which can further impact revenue and productivity. Additionally, without a BC plan, it’s difficult for IT leaders to prioritize critical functions that need to continue running in some capacity during an interruption in operations.

Increased Costs

According to IBM’s Cost of a Data Breach Report, the global average cost of a data breach in 2023 was USD 4.45 million, a 15% increase over 3 years.

While the initial cost of creating and maintaining a business continuity or disaster recovery plan might seem like an unnecessary expense, the lack of one can lead to a hidden financial storm when disaster strikes. Responding to an interruption without a plan in place can result in increased costs for:

• Repairs
• Recovery
• Remediation efforts

Data Loss

Not having a backup plan for critical data can result in permanent loss of data, which can have serious consequences for the organization. Data loss can cause things like:

• Damaged brand trust and reputation
• Loss of revenue
• Decreased productivity, especially if data must be re-created
• Legal issues
• And more

Be Proactive in Your Business Continuity and Disaster Recovery

BC and DR are crucial for any organization to survive and thrive in the face of unexpected events. By proactively identifying potential risks, developing comprehensive plans, and regularly testing and updating BC and DR plans, you can decrease downtime, protect your brand reputation, and safeguard your bottom line.

Disasters can strike at any moment and with the right preparation and DRaaS in place, you can be ready to face them head-on. Don’t wait until it’s too late – start planning today by downloading TierPoint’s Ultimate Guide to Running Your Business Through Uncertainty and Disruption to ensure the future success of your business.

What is Offsite Disaster Recovery?

Offsite disaster recovery is paramount for maintaining business continuity should the production environment become compromised. DR acts as a safeguard for critical data by serving as an external site for data backup and replication. This dedicated site is separate from the main production environment or an on-premises data center, providing geographic diversity and improved data security.

Why is Offsite Disaster Recovery Important?

Any kind of disaster recovery is important to have, but offsite disaster recovery can protect businesses from some of the most costly and damaging disruptions. According to Uptime Institute, even though outages are becoming less common, they’re also more expensive than they were in the past. Two-thirds of all outages now cost more than $100,000. And it’s not just the outage that causes costly fallout – it’s the aftermath of lost productivity, lost business, and polluted trust as well.

What Are the Three Types of Recovery Sites?

There are three types of recovery sites available to businesses: cold sites, warm sites, and hot sites. Deciding which to go with will have a lot to do with budgets, critical system components, and the amount of downtime an organization can withstand: what needs to be restored and when? What is your recovery time objective (RTO) for returning a service to normal operations after disruption? What is your recovery point objective (RPO) around how much data loss is acceptable from the point of an outage to the time of recovery?

In general, many organizations are hybrid and select the type of recovery site based on criticality and, specifically RTO, of the application.

Keep in mind, the definitions for each type of recovery site have changed over time and the following is reflective of the current definitions.

Cold Sites

The “temperature” associated with each recovery site is indicative of how ready the environment is for system restoration and recovery after a disaster. A cold site is the most rudimentary setup and requires more time to become fully functional because the systems need to be:

• Loaded
• Configured
• Brought online

While it may have cost advantages due to lower operational expenses, more work will be required to recover servers and equipment which means there may be a longer amount of downtime during the transition from the primary site to the recovery site.

Hot Sites

Hot sites have all elements of the production site mirrored and running in conjunction with the main environment. This means that when an outage occurs, a replication tool like Zerto kicks in, allowing failover to the hot site to happen quickly with minimal business interruption. This level of preparedness typically comes at a higher cost due to the ongoing operational expenses, but it offers the fastest recovery time to meet RTO requirements. Of course, not all businesses need the level of redundancy and uptime provided by a hot site, so budgets and essential business requirements should be considered alongside the benefits.

Warm Sites

Warm sites serve as an in-between option: it strikes a balance between the readiness of a hot site and the cost-effectiveness of a cold site.

In a warm site, essential infrastructure such as servers, networking equipment, and backup systems are pre-configured and available. While it lacks the real-time synchronization of a hot site, it allows for a faster recovery than a cold site because certain components are already in place. However, it’s important to note that while the servers are onsite at the DR location, production data is not installed and ready to access. With that, warm sites are typically used for non-critical applications with longer RTO.

What Kinds of Offsite Disaster Recovery are Available?

Whether you need a safety net or real-time coverage, offsite disaster recovery options can lend a hand. Two of the main offsite options available include data backups and replication. Data backups provide more of a snapshot of the data, whereas replication offers continuous data updates and typically achieves a lower RPO and RTO.

Configuring Offsite Backup

Offsite backups can be configured in one of three ways: full backups, incremental backups, or differential backups.

• Full backups capture what the system looks like at a specific point in time
• Incremental backups can gather what’s changed since the last major backup, either full or incremental
• Differential backups reflect the changes made since the last full backup

Configuring an offsite backup can offer several granular data recovery options. If certain files or folders are more important for your critical operations, for example, you can specify backup for these folders without worrying about replication of your entire environment. Organizations can set backup schedules at frequencies that make sense for the nature of the data being saved.

After configuration, backups should be tested to make sure they are accessible and working when needed. It’s also important to remember that recovery time can be longer for backups, especially if a lot of data is involved.

Configuring Offsite Data Replication

Offsite data replication can mean recovery with minimal data loss. However, this level of coverage also means more sophisticated configuration is necessary. If a primary system fails, the offsite replica is available to take over with the potential of zero downtime, depending on the replication method.

Businesses may choose to implement synchronous replication, where changes are copied in real-time, or asynchronous replication, which may come with the chance of data loss. The recovery process for data replication is much simpler, but the configuration can be more time-consuming and expensive than having backups.

Benefits of Offsite Disaster Recovery

Many short- and long-term global risks, as outlined by the World Economic Forum, can impact data centers and business workloads. Natural disasters, extreme weather events, and widespread cybercrime are all listed as some of the most severe risks in the next two years. Offsite disaster recovery can offer protection from these risks, as well as provide many other benefits.

Restore Data and Workloads

Restoration is the primary benefit of offsite disaster recovery. In the unfortunate event of a disaster impacting the primary production environment, having an offsite recovery solution ensures the ability to swiftly restore critical data and workloads. This process is instrumental in minimizing downtime and facilitating business continuity.

Portions of your data or your entire environment could be restored, depending on the type of recovery you choose.

Protection From Natural Disasters

Even when you choose a data center in an area less prone to natural disasters, the unexpected can happen. Floods, earthquakes, tornadoes, and fires can take data centers out for brief periods or long stretches of time. Having offsite data stored in a geographically distinct place can help lessen the blow from a natural disaster.

Improved Backup Security

A strong offsite backup solution will have immutability plus encryption at rest and in transit, which will reduce the risk of data falling victim to:

• Cyberattacks
• Physical damage
• Simple human error

Lower Probability of Data Loss

Even if a business chose to perform weekly backups, a regularly scheduled backup will lower the probability of data loss over manual backups. The frequency of backups (or opting for full replication) will greatly reduce the likelihood that organizational data will be lost.

Improved Business Continuity

While some data may be able to be lost without much disruption to the business, other workloads are likely essential or mandatory for operations. Understanding those vital workloads, and ensuring they are backed up or replicated adequately, can improve business continuity by boosting reliability and minimizing downtime.

Redundancy and Data Protection

Sometimes, it’s nice knowing that you have backups or replication in your back pocket. Offsite recovery gives businesses data protection that works as a fail-safe, allowing your to resume normal processes more quickly.

Protection Against Cyber Threats

Even with multiple safeguards in place, no organization is 100% safe from cyber threats. The best way to protect your data is by approaching potential cyberattacks as a “when,” not an “if,” and having both proactive and reactive measures lined up. Cybercriminals count on organizations to not be prepared. By having a backup or completely mirrored site available to respond to attacks, you can protect your most important data and greatly reduce the impact of cyber threats.

Compliance Requirements

Some organizations are beholden to regulatory standards that require backups or redundancies that can be best served with offsite disaster recovery solutions. Being compliant can also help businesses gain approval for cyber insurance, lowering their risk even more.

Geographic Diversity

To boost the benefit of an offsite backup or replication option, it’s a good idea to choose a second site that’s both in a geographically diverse location and using a different power grid from the primary production site. This way, your workloads are less likely to be impacted by the same natural disaster.

Scalability

Unlike on-premises workloads, offsite disaster recovery solutions are typically cloud-based, offering more scalability for businesses to meet their recovery and storage needs.

Examples of Successful Off-Site DR Implementations

Simon Roofing

A 123-year-old roofing company definitely knows a thing or two about staying power. When they realized their previous disaster recovery solution wasn’t meeting their expectations, the company moved to Managed Zerto and a disaster recovery environment in Nashville through TierPoint. This move allowed them to have a failback location in a geographically distinct location away from their primary site.

Dental Associates

Dental Associates needed a solution that was HIPAA-compliant, but still placed a priority on latency and performance. Disaster Recovery as a Service, powered by Zerto and hosted by TierPoint, helped the client protect sensitive patient data from ransomware, cybersecurity vulnerabilities, and data breaches.

ChildCare Education Institute

With offsite systems, integration is also paramount. CCEI was looking for a system that could meet internal and client requirements for data transfer, redundancy, security, and uptime. TierPoint provided a Windows-compatible SQL server agent that was able to be used for backup and recovery purposes, should the production environment fail.

Designing and Implementing an Offsite Disaster Recovery Plan

To ensure businesses are adequately protected in both natural and human-made disasters and disruptions, the design and implementation of an offsite disaster recovery plan should include all of the factors mentioned above, such as RPO, RTO, critical workloads, budgets, tolerable downtime, and more. However, even with key stakeholders involved in the planning process, it can be hard to decide between options, or know with certainty whether what you’re thinking about will offer the right amount of protection or be overkill.

Bringing in a disaster recovery specialist, like the team at TierPoint, can help fine-tune your DR plan, optimizing resources without sacrificing performance. Learn more about our disaster recovery services and how a comprehensive business analysis can help determine the best plan of action for your business.

Ready to build a comprehensive offsite recovery plan? Download our infographic to discover 13 key items to help you get started.

FAQs

What is a Data Center Disaster Recovery Plan?

When a disaster hits, a data center disaster recovery plan (DRP) lays out the necessary steps to recover data and get business operations back to normal. The plan can include information on critical data and systems, identification of potential threats and how to handle them, preventative measures to avoid disasters, and action plans for when the unexpected happens.

Why Do You Need Data Center Disaster Recovery?

Without a plan for data center disaster recovery, you leave your organization at risk of unnecessary downtime, irretrievable data, or even decreased trust in your business.

A well-designed data center disaster recovery plan can keep downtime to a minimum, protect your data, and improve business continuity. Plus, depending on regulatory requirements, it may be mandatory for your business to create a DRP.

How Far Apart Should Data Centers Be for Disaster Recovery?

One part of your disaster recovery planning may involve determining the ideal geographical locations for your data centers. If you are able to spread out your workloads to reside in more than one data center, you can have a location for “failback” – allowing your systems to switch over to the backup data center if the primary site goes down from a natural disaster or other incident.

For disaster recovery, you’d want your data centers to be far enough away that a natural disaster or major outage is not likely to affect both facilities simultaneously. There is no hard or fast rule for this, but a good guideline is to make sure the centers are at least 100 miles apart.

Ensure Uptime with a Data Center Disaster Recovery Plan

A data center DR plan can improve uptime in a few ways. Generally, a plan will include the protocol for multiple backups – perhaps a primary data center and a secondary site, or a plan for both on-premises and off-premises backups.

Preparing for data center disaster recovery also means gaining a better understanding of the risks that may negatively impact uptime, for example, for some enterprise organizations could see a total loss of  $5 million per hour in unexpected downtime. This may also include planning a switch to an alternative site, figuring out how to remedy damaged equipment, and assigning roles to address those risks.

Building an Effective Data Center Disaster Recovery Strategy

An effective data center disaster recovery strategy needs to consider which business operations are most critical, how much downtime a business can withstand, and how much data can be lost without significant consequences. These can be defined using a business impact analysis and identifying the recovery time objectives (RTO) and recovery point objectives (RPO).

Business Impact Analysis

In a business impact analysis, an organization identifies the systems and data that are critical to business operations and need to be protected during a disaster. This can help prioritize redundancies and data resiliency, determine what resources need to be used to protect workloads and assign responsibilities in a disaster based on the impact on the business.

Recovery Time Objective (RTO)

The goal for the amount of time it takes to restore systems after they are disrupted is conveyed as an RTO. This is the maximum amount of time a business can go without its critical systems and data. Some businesses can survive without their systems for longer than others. For example, retail businesses and smaller businesses can normally go a bit longer with downtime compared to financial institutions or busy e-commerce businesses.

Recovery Point Objective (RPO)

Some businesses can afford to lose a day’s worth of data, while others can’t sacrifice more than a few minutes. An RPO is a goal measured by the maximum amount of data an organization can stand to lose. This may be expressed in minutes, hours, or days depending on the type of data and the nature of the business.

Data Center Disaster Recovery Testing

If and when a disaster strikes, you want to be sure that your recovery plans are operational. DR testing can help you identify gaps in your planning, train the disaster recovery team on what to do in a real scenario, and ensure everything is up-to-date. Full-scale testing should be done at least once a year.

How to Choose a Data Center with Disaster Recovery in Mind

Choosing a data center that prioritizes disaster recovery and business continuity within their SLAs will help you be better prepared for whatever’s down the road. TierPoint’s 40 interconnected data centers provide easy redundancy through the duplication of critical components and geographically diverse facilities. Our security experts can help you form a data center DR plan, as well as provide 24/7/365 support for your systems.

Need help building a comprehensive recovery plan? Download our infographic to discover the 13 key items that lead to resilient DR plans.

What is Cloud Resiliency?

In simple terms, cloud resiliency is all about handling outages or disasters and returning operations to normal as efficiently as possible. Whether a business is faced with a natural disaster, hardware failure, human error, software issues, or cloud provider issues, cybercrime, a resilient system is one that keeps downtime and data loss minimal and helps meet restoration goals.

Why is Cloud Resiliency Important?

Cloud resiliency is important for multiple reasons. Most importantly, a resilient cloud environment will allow your business to get back to normal quickly. The speed at which data is recovered, and the amount of data that is lost between disruption and recovery, will have a ripple effect on the rest of the business, impacting everything from revenue and reputation to employee productivity and confidence in the organization. Keeping downtime low and data recovery high is critical.

Customers also have high expectations for accessibility and availability from businesses, which ties directly to cloud data resiliency. If a website or service is unavailable, even if it’s only for a brief period, certain customers may never return to that particular business.

Resiliency is also important from a regulatory standpoint. Some industries or types of business have requirements for uptime, availability, data retention, and data security. If they fail to meet these standards, there can be fines or other consequences associated with non-compliance.

How Do You Balance Speed and Data Security with Cloud Resiliency?

Speed and data security are two pieces that need to be in balance when talking about cloud resiliency. A secure cloud environment should retain as much data as is reasonable, but this needs to be done with enough speed so the business doesn’t suffer additional consequences from downtime.

For example, if a data center experienced an outage and the business got switched to the failover site in another city, businesses should consider speed and security in these ways:

• How fast does the switch occur? Does it take less than a minute, or does it take hours or days?
• How much data has been lost since the system went down and switched over? A few minutes or hours of data? Days?

Security goals need to be determined within the context of recovery point objectives (RPO) and recovery time objectives (RTO). A recovery point objective is a goal for how much data loss is acceptable during a disaster. If your business can afford to lose a few hours of data without experiencing a significant loss of revenue or productivity, your RPO might be 4 hours. For other businesses, this number could be much higher or lower. Some businesses can’t go more than 10 minutes before they desperately need their systems to be recovered, meaning their RTO might be 10 minutes. These objectives will depend on your industry and the nature of your data, but speed and security need to be considered together for this reason.

Resiliency and Cloud Availability

Another related topic to resiliency is cloud availability, which is expressed as a percentage of the amount of time an application is made available to an end-user. Most major cloud providers offer certain availability and uptime promises – for example, Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP) all have a 99.9% availability service level agreement (SLA) for their services.

Choosing a cloud provider with high availability is one way to improve cloud resiliency.

Security in the Cloud vs. On-Premises

A big part of cloud resiliency is security in the cloud, which may be a new area for some businesses that are used to security controls in on-premises environments. In the past, organizations may have felt more secure with their sensitive data on-premises, but leading cloud providers often have more experience with security and stronger standards than most businesses.

When working with cloud security, organizations do need to be mindful of regulatory standards and ensure that cloud providers are meeting requirements for more stringent workloads, but they can often implement security measures that help maintain compliance and ensure businesses are protected from emerging threats.

Unless a business has precise requirements for security, or has a dedicated team with cybersecurity expertise, working with a cloud provider and other third-party security experts can improve resiliency compared to managing on-premises security. Organizations may also choose to adopt a private cloud environment for some workloads, offering increased security with the benefits of cloud architecture.

What Does Cloud Resiliency Entail?

Because the goal of cloud resiliency is to keep downtime and data loss to a minimum, the components of cloud resiliency should all contribute to that ultimate goal:

• Recovery: How resilient a cloud system is will depend on its ability to recover from disruption. Businesses should have recovery point objectives (RPO) and recovery time objectives (RTO) – how much data can the organization afford to lose, and how much time can pass before systems return to normal?
• Redundancy: Redundancy can be local to the site and an offsite location. Typically, if the main site goes down, resiliency means that there is a backup available elsewhere. Resilient cloud systems have a failover site in a geographically distinct location that will switch on when the primary site experiences downtime.
• Monitoring: Some potential disruptions can be discovered before they cause widespread issues. Resiliency is dependent on monitoring.
• Auto-Scaling: Businesses that experience fluctuations in demand also need a cloud system that can automatically scale as needed. If the demand is greater than the available resources, systems can go down, leaving customers, vendors, or employees without access.

Cloud Resiliency Best Practices

When trying to achieve cloud resiliency, businesses should follow these best practices:

Conduct Disaster Recovery and Business Continuity Planning

Recovering from a disaster is just one part of a bigger objective around business continuity – keeping your business operational through all business disruptions. Creating plans for disaster recovery and business continuity can help you identify potential roadblocks and outline the necessary steps and essential responsibilities for recovering and maintaining your systems.

Design with Resiliency in Mind

Part of disaster recovery and business continuity planning is designing your cloud environment with resiliency at the forefront. Your cloud environment should minimize disruptions, but not at the expense of scalability or performance. The design process should also consider utilizing Backup as a Service (BaaS) and Disaster Recovery as a Service (DRaaS) solutions, as well as cloud security solutions that protect data from incoming threats such as ransomware, malware, and data breaches.

Monitor the Cloud Environment

Cloud providers and third-party companies have cloud monitoring tools that can be used to keep an eye on performance and security in one cloud environment or across a hybrid or multicloud system. The more your organization is able to see, the better equipped you will be to defend against vulnerabilities and threats.

Form a Strong Defense

Preventative measures can build resiliency, such as regularly patching software bugs, implementing strong password and authentication methods and policies, and working with a reputable cloud provider that has a strong record of uptime and resiliency. Employees should also serve as a line of defense for the organization. Regularly train employees on cloud security matters, such as identifying phishing emails, reporting activity that is out of the norm, and using multi-factor authentication.

Test Regularly

You don’t want to be caught off-guard when you’re in the middle of a disaster. Test your recovery plans beforehand to ensure everything is working as expected. Performing a basic test, at least annually, can help bring you peace of mind that you’re covered.

Achieving Cloud Resiliency with a Managed Cloud Provider

Building business resiliency takes time and a unique set of skills. Even if you have some in-house expertise, working with a managed cloud provider can help you achieve robust resiliency, allowing you to shift your focus back to other business matters more quickly. TierPoint offers DRaaS, cloud services that maximize uptime and performance, business continuity services, and more to help you become more resilient.

Ready to master your resiliency and disaster recovery strategy? Download our planning and testing guide today to get started.

FAQs

What is a Vulnerability Management Framework?

A vulnerability management framework, also known as a vulnerability management strategy, is all about how you assess and protect against risks or vulnerabilities in your environment. Even though every network is vulnerable to attack, not every network shares the same vulnerabilities.

Deployed systems, processes, applications, industry, and organizational culture are all parts of your unique IT security risk profile. This is why understanding the vulnerability management framework and how it applies to your business is so crucial.

Organizations need to identify all risks both internal and external that can adversely affect the organization with a strategy to manage and mitigate those identified risks.

Four Stages of Vulnerability Management Framework

The vulnerability management framework includes four key stages – identification, evaluation, treatment, and remediation.

Identification via Testing

Understanding your risks starts with an in-depth Security Assessment leveraging vulnerability scanning and penetration testing to find risks and weaknesses in your existing security approach.

A vulnerability scan is performed using a specialized software application that inventories all of the systems on your network and looks for vulnerabilities that can be exploited by hackers.

It’s essential to run scans periodically as known threats change rapidly. Advanced vulnerability threat scanning applications incorporate threat feed analysis from major OS developers, regulatory agencies, and other sources, sometimes updating scanning algorithms as frequently as twice per day. 

Some key industry regulations require scans to be run at specified intervals – not necessarily twice a day, but there are standards. For example, PCI DSS requires a vulnerability scan every 90 days. As a best practice, TierPoint runs scans against our infrastructure every 30 days, unless the announcement of a critical vulnerability triggers an ad hoc scan of either a specific component or the entire network.

Evaluation and Testing

While a vulnerability scan can help you identify how to protect your systems, it doesn’t actually protect them. Critical flaws need to be identified and prioritized next – this can be done through evaluation and penetration testing.

The vulnerability scans TierPoint conducts give us a baseline for how well our clients are secured against known threats. We then take the results of the scan and highlight all the critical flaws, i.e., those that are easily exploited by hackers, including those that aren’t highly skilled. There’s a good reason for this. By the time a critical flaw shows up, there’s probably a threat analysis posted on the dark web, with step-by-step instructions showing non-skilled hackers how they can exploit a known vulnerability to gain access to their targeted victim’s systems.

After we run a routine vulnerability scan, we pick the top ten vulnerable components and run a penetration test. Using available tools, we try to exploit our infrastructure to see how vulnerable we are to critical threats.

By helping us identify which components are most open to being hacked, vulnerability scans allow us to focus our efforts when dealing with a large infrastructure like TierPoint’s.

From there, you can take action with patch management.

Treatment (Patching)

Hardware, operating systems, and applications are all components that need periodic patching regardless of which vendor created them. Patches are often written to improve the functionality, security, usability, or performance of a program or operating system. A vulnerability scan and follow-up penetration test can help you identify patches that need to be applied immediately.

Traditionally, many IT leaders have been somewhat wary of applying patches as soon as they are released because their neck is on the line if an application becomes unusable. Vendors can’t possibly test their patches against every commercial application before they release them. It wouldn’t even be worth attempting as the same application can have different vulnerabilities based on how it is configured. So, these IT leaders wait, hoping someone else will uncover any issues before they apply the patch.

When a manufacturer releases a patch, they usually give pretty explicit details on the vulnerabilities being addressed. IT leaders can use this information to assess any potential issues before applying the patch. Unfortunately, hackers will also use this information to identify which vulnerabilities to exploit.

Remediation

Patch management can solve many problems, but it may not be able to address all issues that arise. If your production environment needs to be configured in a certain way for an application to run, you may not be able to fix a vulnerability. However, you can still lessen the threat by creating a perimeter of security around your network using a variety of threat detection and remediation tools.

Remediation may include tools such as web application firewalls (WAFs), next-gen firewalls, and log management tools. It would also include best practices in areas such as password management, especially of edge devices, and credentials management.

What to Include in Your Vulnerability Management Framework Policies and Procedures

A plan is only worth something if it’s carried out. A vulnerability management program requires solid policies and procedures to ensure nothing gets missed amidst the other distractions of daily operations.

Vulnerability Management Policy

First, an organization should design a vulnerability management policy that outlines how each of the above pieces of the framework will be carried out. This policy should detail:

• How often vulnerability scans will be conducted
• How vulnerabilities will be prioritized
• How patch management will run
• How changes in vulnerabilities and patches will be documented and reported
• What remediation measures should be considered for each vulnerability

The policy should also include language on how often it will be reviewed and potentially revised as vulnerability management evolves in the organization.

Risk Assessment Procedure

Similar to vulnerability assessment, there should also be a procedure for assessing risks. Vulnerabilities are generally seen as internal processes and weaknesses that can be exploited by bad actors, whereas risks are associated with outside risks. How you determine which outside events will affect your business will be part of your risk assessment procedure.

Patch Management Procedure

How will you decide to patch your systems – how often, what steps will your security team follow, and so on? For most components, TierPoint maintains a 30-day rolling patching window. This means that we don’t patch everything at once, but we do apply patches at least every 30 days. How you conduct your patching schedule and order of operations should be included in your procedures.

Incident Response Procedure

When a security incident occurs, what will your organization do to respond and restore business services and processes to normal? Hopefully, vulnerability scanning, penetration testing, and patch management will mitigate most incidents from happening in the first place, but if something manages to get through, you need to have a plan that decreases the scope of damage and works to eliminate the cause of the problem. This may include who needs to be looped in during an incident, what teams need to be informed, what automated or manual processes need to happen, and so on.

Vulnerability Management Framework Deployment Techniques

Deploying a vulnerability management framework successfully depends on employing the proper techniques for vulnerability scanning, patch management, penetration testing, and intrusion detection and prevention.

Selecting Vulnerability Scanning and Assessment Tools

When choosing vulnerability scanning and assessment tools, you’ll want to consider what assets you need to scan (servers, mobile devices, web applications, workstations), how big and complex your organization is, and how much detail you need regarding your current security posture. You’ll also want to weigh this against the cost of certain tools and your desired budget.

It’s also generally a good practice to use more than one vulnerability assessment tool to improve the chances that you’ve discovered all potential weaknesses.

Automated Patch Management and Deployment

The more you can automate systems, the more likely they are to be performed. An automated system can be created to scan all devices in the environment, determining which patches are missing in the apps, software, and devices being used. This can help keep everything up-to-date and reduce the likelihood of recent vulnerabilities causing trouble.

Penetration Testing

Penetration tests are non-destructive tests that validate what the vulnerability scans are telling us. A penetration test goes all the way into the infrastructure to the point where it could run the exploit, but it doesn’t. In essence, it simply provides direction that says, for example, these ports are open, this is a known vulnerability for these ports, and these are the tools that hackers might use to exploit these open ports.

While this seems simple, this direction is incredibly helpful. There are over 65,000 ports that could be opened or closed. Some applications require specific ports to be open, so keeping them all shut isn’t a viable option. When you install a piece of software, you may not even know it’s opening a specific port. In short, a vulnerability scan can tell you where to focus your efforts, and penetration testing tells you how much effort to put into closing a vulnerability.

Intrusion Detection and Prevention (IDPS)

An intrusion detection and prevention system (IDPS) can be used for many things, not just vulnerability management. It can also help identify malware, DDoS attacks, unauthorized access, and other intrusions. Scanning with an IDPS can help uncover threats that the system knows about and the organization may not.

Vulnerability Management Framework Challenges

Some challenges can get in the way of implementing a vulnerability management framework, both on an organizational level and on a technical level.

Organizational Challenges

Limitations in staffing, budgeting, or time can make it difficult to implement a comprehensive vulnerability management framework. There may also be resistance from the inside from key stakeholders who are resistant to change.

Technical Challenges

Pulling off a vulnerability management strategy can be time-consuming and complex. Even if your staff has the time, they may lack the technical expertise or specific skillset to implement the framework. Visibility may also be an issue. If the organization doesn’t have visibility on their IT assets with their current technology, they may not be able to identify and prioritize remediation efforts.

3 Tips When Implementing a Vulnerability Management Framework

Your effectiveness at managing vulnerabilities will only be as strong as your policies, procedures, and actual practices. Here are three things to keep in mind when implementing a vulnerability management framework:

Conduct Comprehensive Scans

Hackers watch vulnerabilities closely. They are aware that a small portion of businesses actually pay attention to them. Vulnerability announcements not only help businesses protect themselves. They also tell hackers exactly what they should try to exploit. Because of this, comprehensive scans are vital.

Scans for a single machine can take an hour and are usually performed in response to a known exploit. We usually run scans for our entire infrastructure over a long weekend. The scan doesn’t affect network performance, but if we start on Friday evening, the scan is usually complete by Sunday morning or Sunday afternoon at the latest. This lets us generate reports first thing Monday morning and get them out to the groups that are in charge of those systems.

Continually Assess Vulnerabilities

As previously mentioned, vulnerability assessments should be a continuous process. Set aside time every 30 days as a best practice for regular assessments, and more if your industry or systems are particularly susceptible to vulnerabilities.

Address Your IT Team’s Weaknesses

IT teams of any size will have knowledge and skill gaps. Most teams feel under-resourced due to daily demands on their time. Identifying what your team has time to do, and what they’re the best at doing, will help you understand where you might need outside assistance.

Get Expert Help Identifying Vulnerabilities with a Managed Security Provider

If you don’t know where your network vulnerabilities are and which ones are most critical, it’s difficult to focus your vulnerability remediation efforts where they can do the most good.

As a managed security provider, TierPoint helps businesses address their biggest cloud and IT security concerns with our secure, reliable, connected IT infrastructure solutions and a nationwide network of 40 data centers. We provide security consulting support to assess, develop and manage a cybersecurity roadmap to minimize risk and implement improvements based on best practices.

As the volume of cybercrime continues to grow, it’s important for organizations to do everything they can to address threats and resolve vulnerabiltiies in order to protect their data and systems. Download our cloud security whitepaper to discover:

• Cloud security threat drivers
• Top threats to cloud security
• The best defenses to protect business from top threats
• And more