Backups are critical for every client because they affect their ability to do business.
They protect against human errors, hardware failure, virus attacks, power failure, and natural disasters. When done correctly, they save time and money. This month, we spoke with MSPs about what they look for in a backup solution and what their go-to solutions are.
Chris Hegg, founder of Phoenix Technology Consulting
Chris Hegg, founder of Phoenix Technology Consulting gained a rich background in security while serving in the Navy, doing security control assessments for the National Security Agency, and teaching certification for ethical hacking. Today, he serves clients in the health care industry throughout Texas and is the lead investigator for the state of Texas in major ransomware cases.
Matt Auld, vice president of Cloud Services for Peak Uptime
Matt Auld, vice president of Cloud Services for Peak UpTime, has managed backups for 25-plus years at the enterprise level for Fortune 100 companies and for small-business clients. Operating since 1984, Peak has a wealth of knowledge about backups. Peak offers cloud-managed services including disaster recovery, platform as a service (PaaS), and desktop as a service (DaaS). They work with clients in the U.S. and five additional countries.
What’s Important In A Backup Solution?
To ensure clients and the MSP are protected, with only minimal disruption should an incident occur, several boxes must be checked when choosing a backup solution, including:
The Versatility Of On-Premise And Off-Premise Storage
“We’re looking for flexibility and ease of immediate restoration for on-site, but also the capability for off-site,” Hegg said. “And we want to make sure our data is segmented from the attack vector.”
Ability To Offload To Multiple Locations
Peak has six data centers where they store data, and they keep copies of backups at more than one of those locations.
Quick And Easy To Manage Restoral
You must have the ability to do a quick turnaround, especially in the event of hardware failures. During the 2021 winter storm in Texas when supply chains were shot, Hegg had a client lose power, which fried one of their hard drives. “We need to make sure our solution has the bandwidth to offload that amount of data, or the organization you’re working with can store it all on a hard drive and ship that hard drive to put it in the cloud,” Hegg explained.
“During the Texas storm, we couldn’t even receive something from Amazon for five days. But we were able to get a hard drive on-site and get them back online before midday, which meant minimal downtime for the client. You must know the entity supporting you has the functionality, ease of use, ease of accessing it, and ease of restoral.”
Capability To Support Short-Term And Long- Term Retention
“Short-term retention is a minimum of 90 days,” Auld said. “We keep up to 120 months as long-term retention. The length of time we keep data is primarily driven by the business owners. For example, their legal department may want to keep it for lawsuits or to be able to go back to emails for 10 years.”
No Limitations On The Type Of Data You’re Backing Up
Many backup solutions cannot back up certain types of databases. “We need the flexibility to back up data even though it may be unique and not well-used throughout the U.S. or globally,” Auld said.
Capabilities For Discovering Ransomware
“We must have a method for capturing malicious activity with ransomware, and we must have A+ support from our partner vendors,” Auld said. “Because although we rarely need help, if we do need help, we need somebody on the other end of that phone who can help us solve the problem.”
The Ability To Test
“We need to have the ability to automatically, within the software, spin the backups up, run the applications’ functionality, turn them on or turn them off, and then delete the test,” Auld said.
How Often Should You Verify Backups?
Both of our experts verify backups daily. An automated process reports successes and immediately reports failure. In addition, Auld recommends randomly running an automated process that restores files to ensure they are protected and accessible. For disaster recovery clients, Peak clients open a ticket to test their backup.
How Do You Protect Your Backups From Being Compromised By Cybercriminals?
It’s key to have an alert system that looks for ransomware behavior inside the backup. All backup must be stored on systems with a completely segregated authentication and security route so a compromised account does not have any access to the backup data storage.
“One of the problems I frequently run into in ransomware cases is that they don’t deploy their backup solution correctly,” Chris Hegg said. “Attackers get into their system, mount the backup drives to the server, then all their backups get encrypted, too. We use Unitrends because it is a stand-alone system. There are no direct network connections. There are no map drives to it. An agent runs independently through an encrypted channel back to the appliance, keeping that attack vector separate and segmented from potential cybercriminals.”
How Do You Back Up SaaS Applications?
Hegg leverages Spanning Backup for Microsoft 365 and uses Graphus for the security side. “We keep seven restore points of the data locally, and we keep 90 or more days worth of retention at multiple locationsvin separate regions so we have lots of locations we can restore from,” Auld said. “That’s kind of a minimum restriction for SaaSv(software as a service) management because we don’t know when that file is corrupted. Was it corrupted yesterday or was it corrupted 30 days ago or longer?”
Which Backup Solutions Are Preferred By MSPs And Why?
Both Phoenix Technology and Peak use Unitrends as their primary backup solution. Peak also uses Veeam. “We partnered with Unitrends 12 years ago, and they continue to be a great partner of ours,” Auld said. “The other solution we use is Veeam. Both check off all our requirements. In using these solutions for the last five years, we’ve been able to recover for our clients 100% of the time.”
Because Hegg supports a lot of cities, he uses Unitrends Recovery Max series. “We want that business continuity and to be able to recover immediately virtually on the appliance,” he said. Hegg likes the scalability, the security, and the accessibility of Unitrends. “Our data is always increasing. Unitrends allows us to continually add on as needed,” he said. “And not having to directly mount the drive to the network is a huge security benefit. With the ease of it, the user interface, and the cloud monitoring, I could be anywhere in the world and pull it up,which gives us the ability to recover, allowing people to return to work in no time at all.”
A key objective for backing up data that’s been around since the ‘90s is still true today. “It’s the 3-2-1 backup rule,” Auld said. “You must have a primary backup and two copies of data, you need to save your backups to different types of media, and you need to keep at least one of the files off-site.”
As organizations live and die by their data today, backups are your saving grace. “We have insurance on our house, our car, our life, so you must have insurance on your data,” Hegg said.
“That’s where a backup solution plays that role for you. You can buy cyber insurance, but that doesn’t get your data back. Backups are your last safety net from a security perspective, from a hardware failure perspective, from everything. If you have that data, you can operate another day.”