EVault Blog

EVault Survey: Mobile Devices Rule the Roost, but Data is in Security Limbo

May 16th, 2012

This is it! The final post about our survey results that unearthed a wealth of information about the data protection habits of SMB IT managers. In the first post we gave an overview of the findings and in last week’s post we looked at the frighteningly casual attitudes many IT managers have towards disaster recovery.

This week we’re going to focus on an issue that’s relevant for businesses of all types and sizes: mobile device security. Given our on-the-go workforce the results might surprise you…

Part 3: Mobile Devices Need Protecting Too

More and more employees are working on mobile devices – smartphones, laptops, tablets – at work, at home and everything in between. Mobile devices have become the accessories for work; they go with people on business trips, into meetings, coffee shops, soccer games, which means sensitive and important company data has also become remote in nature. And just like company data that lives on desktops at the office, it must be properly backed up and secured outside of the four corners of the office as well.

Unfortunately, our survey found that too many businesses are leaving these devices unprotected without any type of data insurance. We found that an overwhelming majority, 95 percent, of US IT managers surveyed said company data resides on mobile devices of their employees. But the alarming finding was that a whopping 40 percent of those have NO plan to protect mobile data. Larger organizations (1,000+ employees) are even more likely to lack a plan than smaller ones.

If we needed yet another reason to protect our mobile platforms, the fact is that laptops and mobile phones are stolen or lost at a much higher rate than on-premise computers and servers. If you think about, who really wants a desktop these days. The world is mobile!

According to a study done by the Ponemon Institute, 329 organizations collectively lost over 86,000 laptops in 2010. That’s an astounding number, especially considering the monetary value associated with a lost or stolen laptop is not just the hardware but more important what’s lives inside. The same study estimated the average cost of a lost laptop at about $49,000. There aren’t too many laptops out there that retail for that much money – which means the estimated cost of data loss, while difficult to quantify, is in the tens of thousands.

What our EVault study shows is that far too many companies overlook the vital security of endpoint devices. We’ve become such a mobile workforce that we’ve become complacent with the protection that must go hand-in-hand with these new workplace liberties. The good news is that there is plenty of data protection solutions available to organizations, including our own EVault Endpoint Protection, that are focused on protecting and securing mobile devices. Failing to protect just one of those mediums can spell trouble for a business and severely jeopardized data security and business continuity.

Final Thoughts: Data Insurance

Switching gears a bit and looking at the survey broadly, it got me thinking about what SMBs value and where they allocate resources, which in some cases can be limited. I’m guessing if we were to ask the people surveyed whether the company had liability insurance the majority would likely say yes. So it begs the question, why aren’t we insuring the most important business asset: data! Data is the lifeblood of every organization and must be properly insured. Today,  the options are flexible, affordable, and secure, which means that no one should be without the peace of mind knowing their company information is safe and sound.

We hope you enjoyed our three-part series about the realities of data security among SMBs. We’re going to be writing more on our blog, so please check back soon for more relevant and interesting tidbits!

Posted by Dave Hallmen

Share

Tags: , , , , , , ,
Posted in Recovery Best Practices | No Comments »

EVault Survey: Is your Business Disaster Ready?

May 8th, 2012

Last week we looked at some of the key findings from an independent survey we commissioned around data protection habits of SMBs. In this second piece, we’ll dive a bit deeper to focus on what we learned about disaster recovery (DR), and provide some tips on ways that organizations can remedy any shortcomings that they might have.

Part 2: Disaster Recovery

Last year, Forrester’s report, State Of Enterprise Disaster Recovery Preparedness (Q1 2011), revealed some alarming news: “Companies are not only consolidating their backup sites, they’re also decreasing the distance between them.” Our survey found a similar trend: while 95 percent of US SMBs have some type of DR plan in place, a mere 44 percent had remote, cloud-based DR capabilities.

What does this mean? As Forrester notes, “This is a red flag for companies whose DR sites are close enough that they could be affected by the same disaster.” It’s absolutely imperative to have a disaster recovery plan that protects your company’s systems and data off-site in the cloud and/or at a remote location.

Why? Imagine your business is on the Eastern seaboard and a massive hurricane floods your building, bringing down all your servers. Or imagine the communities in Oklahoma, Kansas and Iowa that saw a slate of tornadoes rip through in April. If your systems and data were backed up to a site only 10 miles away, it likely was also affected by that same hurricane or tornado. By protecting systems and data in the cloud and/or at an off-site, remote location at least 100 miles away, your ability to recover and effectively safeguard your company’s important information assets increases in the event of a disaster.

Our survey also found that larger organizations (1,000+ employees) are more likely than smaller businesses to have a remote DR plan in place. This makes sense considering larger companies generally have more IT resources than those of smaller businesses. The irony here is that those smaller organizations are also the companies that can’t afford to be down very long.

If the last few years have taught us anything, it’s that the cloud is becoming more and more affordable and reliable. While some SMBs still believe that a move to the cloud is cost-prohibitive, in reality, there is a wide range of solutions available that are not only within budget, but can prevent financially devastating data loss.

Now, shifting gears to some more promising news. Of the businesses we surveyed that didn’t have a remote, cloud-based DR plan, three-fourths said they are considering making it a reality in 2012. It’s clear there are huge opportunities to help businesses better understand that the security, reliability and economic concerns have been alleviated by years of technological advances. We’ve been at the forefront of these advances and continue to pioneer ways to deliver better service and solutions to our customers.

We hope we’ve piqued your interest because the third and final part of our series next week will be even more shocking! We’ll share what we learned about how businesses are protecting mobile devices.

Posted by Dave Hallmen

Share

Tags: , , , ,
Posted in Cloud Connected, Recovery Best Practices | No Comments »

EVault Survey: Data Protection Is Costlier Than We Thought

May 3rd, 2012

At EVault, we hear many horror stories about data loss due to a wide range of causes, including natural disasters, power outages and plain old insufficient protection of company data. So to better understand the scope and scale of the  prevalence and cost of data loss, we went to the IT experts on the front lines to learn more about what they are seeing and experiencing. What our survey found was pretty eye opening.

We want to share the insights that we gleaned and hopefully prevent more unnecessary data loss. Since our survey brought to light so many gems of insight, today’s post is just the first of a three-part series.

Let’s dive right in to the details.

Part 1: An Overview

As we culled through the data, there were three major threads that emerged: data loss, disaster protection and mobile security.

Data Loss

According to the survey, lost data is costing SMBs nearly a half a billion dollars annually. That number might not seem all that large, but when you think about it, most small and medium-sized businesses don’t have $400 million in revenue in a single year. As we dug deeper, we found that over 20 percent of IT organizations that manage 2-7 TB of data have lost data at least once in the past year, with over half of those folks loosing data 2-3 times in the past year.

This problem of rampant data loss (and the substantial cost that’s associated) can be easily solved. Unfortunately, IT needs tend to be lower on the priority list, especially at a SMB. Hopefully this news – while not good – will be a wake up call, especially for businesses that 1) rely on their data to meet business goals and 2) have a fixed budget where any type of loss impedes operational sustainability.

Data Protection Planning

The letters ‘D’ and ‘R’ are familiar to those of us in the IT world, but our survey showed that too many SMB IT managers aren’t familiar enough with disaster recovery (DR), especially when it comes to utilizing the cloud. Our survey found that 95 percent of U.S. IT managers have some type of DR plan in place, but a mere 44 percent have remote, cloud-based DR capabilities. Of those that don’t have a remote Cloud service, ¾ say they are considering making cloud-based DR a reality in 2012. As we know, all businesses – no matter the size – need a remote and cloud-based DR strategy so as a pioneer in Recovery as a Service market, it’s great seeing organizations starting to understand the value of remote DR capabilities.

Protecting Mobile Devices

Across the board, business operates on a mobile, social and global playing field. SMB employees work on-the-go, utilizing laptops, smartphones and tablets for business purposes. This means that there’s an increasing amount of company data on mobile devices –  in fact, 95 percent of U.S. companies have data on mobile devices, according to our survey. Of those companies, 40 percent have no plans to protect mobile data, with larger organizations (<1,000 employees) more likely to lack a plan than smaller ones.

Clearly, too many businesses are neglecting endpoint security and putting company data at risk of getting into the wrong hands. Laptops and mobile phones are stolen or lost at a much higher rate than on-premise devices, but the data on them is just as significant and vast. With an increasingly mobile workforce, we encourage companies to start making endpoint protection a 2012-2013 IT priority.

While I touched on some of the broader takeaways today, next week I’ll dive a bit deeper into the disaster recovery realm. Hope you enjoyed; come back for more!

Posted by Dave Hallmen

Share

Tags: , , , , ,
Posted in Cloud Connected, Recovery Best Practices | No Comments »

Getting Serious about Safeguarding Small Business Data

April 12th, 2012

Many of our customers are small-medium businesses (SMBs) who lack the resources of larger companies when it comes to IT functions. As a result, many of them outsource their backup and recovery operations. While there are a number of reputable vendors out there, your data is your company’s lifeblood and steps to properly secure it should never be taken lightly.

Dave Hallmen, our VP of worldwide sales and marketing, recently wrote an article for CRN outlining 10 steps SMBs should take to make sure their data is secured properly. In case you missed it, here’s a quick recap of the most important takeaways:

Protect Mobile Devices

Despite an increasingly mobile workforce, companies are still failing to adequately protect the critical company data that lives on mobile devices (here’s a study conducted by the Ponemon Institute). Smart phones, tablets and laptops need to be protected just like on-site devices, so SMBs should select a single vendor whose coverage extends to mobile technologies.

Disaster-Proof Your Data

With a slew of recent hurricanes, earthquakes and floods, businesses have become more aware of their data’s vulnerability to natural disasters. To protect your data against the unexpected, back up to a remote, off-site data center.

Make Sure Your Data is Recoverable

Though SMBs manage a lot of important information that needs to be recovered 24/7, they often take a simplified approach to backup and recovery. Avoid all recovery issues by making sure your backup approach is failsafe and reliable.

Ensure Your Backups are Secure and Compliant

Understand regulations like SSAE 16, SOX, GLBA, HIPPA. They’re important and choosing a vendor who conforms to them is critical.

Pick a Reputable Vendor

Take the same approach to your vendor selection process as you would for buying a car. Talk to vendors and ask to speak to some of their customers. Talk to fellow IT managers and ask for recommendations. If you have no idea where to start, the Internet is flooded with great third-party resources that provide solid recommendations and guidance, like CRN and ESG.

Share

Tags: , , , , , , , , , ,
Posted in Recovery Best Practices | No Comments »

Cybersecurity: Staying out of harm’s way

April 5th, 2012

Security professionals aren’t always a doom and gloom lot. However when it comes to protecting corporate assets, it really helps to be one and prepare for the worst while hoping for the best. It’s with this mindset that I viewed a recent blog post in CIO Report at WSJ.com. Once you move beyond the sensationalist headline,  it’s easy to see why cybersecurity is such a hot issue, especially since:

  1. Almost all Cyber Threat forecasters agree that 2012 is currently seeing a 10 to 100-fold increase in new attacks by BOT-NETS and APTs (Advanced Persistent Threats).
  2. Prominent hacker consortiums like ANONYMOUS are openly touting their attacks on high-profile types (US Government and Financial Systems).
  3. The new attacks are for GAIN. The DoS (Denial of Service) hacks are  the noise covering up the tracks to the real threat which comes from the APTs that root an internal system and steal critical material. The response teams are tied up dealing with the DoS or DDoS (Distributed Denial of Service) on external services, while the APT pulls the data out from the victim.

So what can an organization do in the face of all these security threats? The best way to navigate this hostile environment is to still follow the best practices of Detection, Response, Resilience, and aggressive Monitoring. Defense in DEPTH is an absolute requirement to survive.

Also know that all organizations will experience an incident at one time or another. It’s the ones that regularly test their defenses and keep reliable BACKUPS out of harm’s way that will survive the onslaught. Also make sure testing and audits are both internal and external, and ensure your business partners are doing the same.

Proper planning and preparation will go a long way to prevent security threats from derailing your business….

Posted by Felix Santos

Share

Tags: ,
Posted in Recovery Best Practices | No Comments »

4 Hour Cloud Disaster Recovery Service – Guaranteed!

March 26th, 2012

Very exciting news today as our RaaS industry-pioneering EVault Cloud Disaster Recovery Service (CDR) ­ is now available with a 4 Hour  Service Level Agreement (SLA) that is guaranteed*. EVault CDR, previously known as EVault Remote Disaster Recovery (RDR), is a cloud-based, managed service designed to help customers quickly recover their organization’s critical systems (and data) after a site outage or disaster, and gain remote access to those systems in a secure, virtual environment in the EVault cloud.

Guided by a team of EVault DR experts, who help customers extend their IT resources, and implement, plan, test and execute the entire disaster recovery process 24/7/365, the new 4-Hour RTO option takes disaster recovery to the next level, providing mid-market customers with an affordable hot cloud site for fast, guaranteed recovery in 4 hours or less. The EVault CDR 4-hour service is particularly beneficial for businesses in heavily regulated industries, such as health care, financial services, and legal services, that cannot tolerate outages of critical systems for very long in the event of a site outage or disaster.

The new EVault CDR option complements our existing 24-, and 48-hour RTO packages and further extends our industry leadership and portfolio of cloud-connected backup and recovery offerings. For more information about EVault CDR and today’s announcement, go here for the press release.

Posted by Shawn Swanson

* The guarantee is set forth in the EVault CDR Service Level Agreement, and includes service credits and the right to terminate if the guarantee is not met.

Share

Tags: , , , , , , , , , , , , , ,
Posted in Cloud Connected, Recovery Best Practices | No Comments »

Sioux Falls School District Gets an A+ on Data Protection By Switching to EVault

March 13th, 2012

No one likes driving more than they need to, especially in the midst of a freezing South Dakota winter. But that’s just what the IT staff of the Sioux Falls School District, the state’s largest K-12 district, was doing. To manage the district’s backup and recovery operations, the staff was logging unnecessary miles traveling between individual schools to change out tape cartridges or to fix and replace tape drives. With a network of 100 servers backing up 12TB of data across 12,000 computers, and with tape libraries located in every school building, the school’s IT staff needed a more efficient system that was faster and easier to manage.

“Those tape libraries took a lot of hard work to manage,” said David Carson, network manager at Sioux Falls School District. “If the staff member who usually changed the tapes got sick, we had to send someone else to do it, and then that staff member couldn’t get his usual work done.”

Carson and his team realized something had to be done to make the school district’s backup and recovery process smoother. They decided to swap out their old tape backup with our all-in-one EVault Plug-n-Protect backup and recovery appliance.

The results have been fantastic: EVault’s fast, predictable, centralized restores have saved the Sioux Falls School District over 10 hours per week, freeing up valuable IT time for more strategic work.

At EVault, we’ve always advocated that businesses should simplify and coalesce their backup and recovery processes as much as possible. IT departments at small and medium sized organizations, like the Sioux Falls School District, are often spread thin trying to manage complex and multi-faceted backup and recovery processes across various locations and servers. Disk-based, centralized, all-in-one backup systems, are a great way to solve the challenge that the Sioux Falls School District faced with a single solution.

To learn more about the Sioux Falls School District’s implementation of EVault, go here for the press release or read the case study here.

Share

Tags: , , , , ,
Posted in Recovery Best Practices | No Comments »

Capacity-Based Licensing For Backup & Recovery Appliances

March 5th, 2012

EVault has released a new licensing option for its award-winning EVault Plug-n-Protect backup and recovery appliances: capacity-based licensing. A capacity-based pricing model gives customers the option to license an appliance based upon the amount of data being protected, while getting unlimited access to EVault Agents and Plug-ins, eliminating the need to pay for agent licenses every time a server is added to the data protection deployment.

The EVault Plug-n-Protect Capacity Edition further builds upon our all-in-one appliance by adding the following key features:

  1. Capacity license: purchase the appliance that matches the size of the protected data set
  2. Expansion packs: as customer data grows, the appliance can do the same with easy packages for software and storage expansion
  3. Option to license EVault System Restore as a capacity package. Customers can protect their systems as well with this bare metal recovery feature, which enables quick recovery after a catastrophic failure.

For more information, read the “Eight Questions to Ask When Considering an All-in-One Data Protection Appliance” whitepaper.

Share

Tags: , , , , ,
Posted in Recovery Best Practices | No Comments »

Case Closed: Wyoming Court System Moves to EVault for First-Class Data Protection

February 2nd, 2012

At EVault, we have customers from myriad verticals and business sectors, ranging from law firms, credit unions, to entire school districts, just to name a few. After all, every company has a keen interest in storing and protecting their data. One unique vertical that has extremely complex and sensitive data requiring the most reliable and secure protection out there are local, state and federal court systems.

The Wyoming Judicial Court System came to us with a problem we see all too often – an antiquated backup system that required far too much time to manage and could easily result in the loss of data, especially as their needs continue to grow.  So the court system said goodbye to its old remote backup systems and adopted EVault backup and recovery services to protect its vital courtroom information. Since its implementation, the court system has seen backup times reduced by over 80 percent with a drastic increase in its data protection statewide.

The Wyoming court system has 120 virtual and physical servers across the state and admitted its old solution was too complex and costly to meet its demanding needs. “Using EVault Software and EVault System Restore the court system has dropped its nightly backup window from a whopping four-to-six hours down to just 45 minutes,” said network manager Sergio Gonzales.

While private businesses tend to adopt cloud-connected backup and recovery services more quickly, it’s a positive sign that more government institutions are making the shift to more technologically secure and practical backup and recovery systems. We are excited to work with the Wyoming courts to make sure that their data protection needs are met, and that the judicial business of Wyoming can continue come snow or shine!  In the coming weeks, we’ll have more news about another partnership with a public institution – an entire school district.

To learn more about the Wyoming Judicial Court System’s implementation of EVault, go here for the press release or read the case study.

Share

Tags: , , ,
Posted in Recovery Best Practices | No Comments »

What You Need to Know About the Cloud Security Alliance

December 19th, 2011

There’s been a lot of talk recently around security within the cloud. Last month we wrote about cloud compliance, and what you need to know when moving your organization to the cloud. One topic we didn’t touch on was some of the standards agencies, which are tasked with setting standards and best practices for cloud computing. Chief amongst these agencies is the Cloud Security Alliance. Below, we discuss the alliance, what it does, what it’s done thus far and why you should care.

What is the Cloud Security Alliance (CSA)?
The CSA is an open alliance within the private sector aimed at establishing new IT controls and best practices for cloud computing. It is a not-for-profit organization led by corporations like eBay, security groups including PGP and RSA, financial associations including AMEX and Citibank and industry leaders and designed to provide education on the uses of cloud computing.

How and why was it formed?
After discussing the need for secure cloud computing at the 2008 ISSA CISO Forum, key industry leaders formed the CSA in December 2008. Their goals were to promote the use of best practices for providing security assurance within cloud computing and to create a common body of knowledge that is well-understood and documented.

What has it done so far?
The CSA has focused on detailing the critical areas of cloud computing, such as the development and maintenance of cloud computing services as an open alliance between cloud providers, cloud consumers, and financial groups (including organizations such as the ISSA from security, ISACA for the audit community, and for members such as eBay, AMEX, and Citibank). As a result of industry leaders and scores of volunteers researching, authoring, editing, and reviewing information, they published their first white paper in 2009. Since its inception, the CSA has served as an important resource in helping consumers understand what they should expect from their cloud providers.

Certification Program
The CSA has developed the Certificate of Cloud Knowledge (CCSK), a certification program designed to guide companies through the process of understanding how cloud computing actually works, and what the security features are. Via intense training courses offered all over the world, the certification program allows security, IT and other professionals to demonstrate thorough cloud security knowledge based on the CSA’s Security Guidance for Critical Areas of Focus in Cloud Computing

Why do we care?
Designed to provide a consistent way of developing cloud security competency, the CCSK is positioned to become the industry certification standard as more and more companies adopt it as a means for following cloud security best practices. As we touched upon in our previous blog post, security is the No. 1 stumbling block in moving to the cloud because enterprises may be hesitant to trust third parties with sensitive data. With a CSA certification that offers comprehensive guidelines and security best practices, professionals can present customers with an official document that verifies their expertise in cloud security, allowing more businesses to move into the cloud with confidence. Ultimately, a CCSK certification can help build trust between IT professionals and their customers.

At EVault, we understand the apprehensions customers face in switching to cloud computing. Security is often cited as the main concern and CCSK can help provide a comprehensive understanding of cloud security issues and a foundation of knowledge in best practices. Professionals who go through CCSK training make a smart decision – increased knowledge of best practices will lead to more confidence in moving to the cloud and more trust and communication in relationships with their service providers.

Where can I get more information on the CSA and its certification program?
More information can be found on their website, and their forums are an excellent resource for getting questions answered and obtaining detailed information from experts. Authored by CSA founding members, the book Cloud Security and Privacy: An Enterprise Perspective on Risks and Compliance is a great print resource for those considering adopting cloud computing and seeking to learn more about the cloud.

Share

Tags: , ,
Posted in Cloud Connected | No Comments »

« Older Entries