In backup we trust

Wed, 10/21/2015 - 05:00

He’s back, part two of Ian Trumps exclusive TotallyMSP series

 

Ever since reading the recent story about In backup we trust - Ian TrumpCelestial Navigation being re-introduced to the US Naval Academy, I’ve found myself musing about “backup” systems. Make no mistake, as an MSP or IT Service Provider you perform the cyber equivalent of moving several thousands of tons of ship through the Panama Canal safely – without crashing and sinking. This sort of thinking is my main motivation for this post: we can’t afford to fail at backup.

I’m not talking about fail over, spanning tree enabled switching and routing or high-availability clusters – these systems are not usually found in small and medium-sized businesses. Instead, I’m going to discuss RAID on SATA/SAS+SSD and File/Image Backup – the key take away here is that RAID is not Backup.

RAID is a data storage technology that combines multiple physical disk drive components into a single “disk” for the purposes of data redundancy, performance improvement, or both. The most common RAID configurations found in SMB are RAID 1 and RAID 5 (10). Properly configured RAID can provide business continuity when there has been a physical failure of a drive. However, this feature should never to be mistaken for having a backup. The phrase “We have RAID, we don’t need a backup” should never, ever be uttered.

SATA/SAS drives are physical magnetic media, and in the event of certain types of disk failure In backup we trustmay provide forensic recovery capability. SSD drives are high-speed electronic “flash” memory, which although blindingly fast, have minimal (if any) forensic recovery capability. An SSD RAID 1 or RAID 5(10) array will perform amazingly for VM applications or database applications.

However, just because you have a RAID 1 or 5 (10) array does not eliminate the threat of physical damage or electronic corruption. This can come from anything from user error and power surges, to vibration and heat. Disks drives – physical or flash – can and will fail for a variety of reasons and it’s important to understand the implication for the data on those drive.

I believe in backup, lots of backup – on premise and cloud. I also believe that “loosing a customer’s data is an extinction level event for an MSP or IT service provider” – and also quite possibly for that business who trusted you to back them up. This is what makes the story around Hillary Clinton’s email server so interesting and a great topic of conversation in IT circles.

Leaving aside the politics of this particular situation, I keep asking myself what self-respecting IT service provider or MSP does not have a “backup” of something as vitally important as a customer’s email server? As the story unfolds here, the IT provider did, and was, using a popular on-premise and cloud-based backup. A recent letter by that provider to channel partners indicated they have now been engaged (with the permission of all parties) to help in the retrieval of a backup copy of the server.

Something has gone dreadfully wrong here, and this situation should be seen as a cautionary tail for all those who provide IT services. How long would it take you to restore the data from a (Microsoft Exchange Server) for your customer? Do you have a backup of the backup? Do you have a backup of any encryption keys that may be required to access this data? Do you store backup data safely so it can’t be altered or destroyed by accident? There are so many questions to ask around this high-profile situation, which you should also be asking yourself… even if your clients aren’t at the same level as Hillary Clinton.

As an MSP or IT service provider you need to be certain that you are being professional when it comes to customer backup. You hold the fate of the business and perhaps even personal lives in your hands. Anything that impacts customer data should be the highest priority and a solid backup of that data should be mandatory (and if you’re not sure what backup solution to provide check out this blog to help you make that decision). After all, you are being paid to do that, and any failure can end the customer relationship when the data is needed and you don’t have a copy.