The Capital One data breach that compromised the personal information of more than 100 million people in the US and 6 million in Canada may have been preventable had the credit card issuer taken more care in configuring the firewall used to protect the system from intrusions.

According to the FBI, Paige Thompson was allegedly able to break into data stored in the cloud, or remote servers maintained by their third-party provider Amazon, because the firewall was not configured properly to the specifications of the server. That enabled her to access folders of data in Capital One’s storage space. It is still unknown if while she worked at Amazon, she left an opening to penetrate the system or if she knew the configurations enough to enable her to breach the system.

Although they do not believe she used any of the information fraudulently, the issue of security misconfigurations remains top of mind for those utilizing cloud-based services and the relationship between IT and third-party providers.

Provider Security Breaches

It’s hard to tell how well cloud providers are protecting your data. Reading the terms of service will let you know if a company might intentionally use or disclose your data, but it won’t reveal sloppy internal security and a failure to follow security best practices.

Unfortunately, if your organization’s data is compromised, you could be held responsible, even if the provider is at fault. Businesses are required to safeguard sensitive personal information, particularly information governed by compliance regimes such as HIPAA, PCI or GDPR. Even if your cloud provider claims to be “HIPAA compliant,” that doesn’t necessarily protect you or make you compliant.

Lack of Data Encryption

Part of what made it so easy for Thompson to access the information was that the data was not encrypted. Encrypted data storage provides an extra layer of security for your information. If a hacker gains access through an alternate means like in the Capital One case where she claimed to use a special command to extract files in a Capital One directory stored on Amazon’s servers, they won’t be able to read it.

Encrypted cloud storage doesn’t come standard with most SaaS business software such as Dropbox, Office 365 and Google Apps (now known as G Suite). Many services encrypt data in transit — the information flowing between your computer and the cloud service — which is a great start. However, this protection is usually based on SSL/TLS encryption, which is vulnerable to attacks.

The cloud has changed IT security forever. You can’t just wall in your data with firewalls when your data is scattered all over the planet. You need a combination of layered security for your primary, secondary and archival data including strong encryption. Those layers will also include protections from both external and internal intrusions or malicious actors.

Storagepipe Can Help

At Storagepipe, we’re working hard to make cloud solutions even more secure. Our Veeam-based backup and recovery and DR services include local and offsite backup as well as encryption in transit and at rest to protect data. Encryption of data using enterprise-grade 256 bit AES ensures privacy and also protects data from exposure. We have also introduced Insider Protection for cloud recycling bin capability to protect against accidental or malicious deletion of backups and archives.

Combining these protections with our add air-gapped data archival services provides additional layers of protection for both short term and long term protection and compliance. Our DR as a Service (DRaaS) offerings protect mission critical systems and data from downtime and ransomware attacks with full system replication and failover.

Whether systems and data are in the cloud or on-premise, it does not change the fundamental needs to protect information and ensure availability for your business.

Be Safe in the Cloud with Storagepipe

The last thing you need during a hurricane is worrying about whether you’ll permanently lose your data or have downtime that your business simply cannot afford. Early preparation is the best way to minimize the impact of this season’s hurricanes and ensure business continuity.  Here are the four best practices to consider as you plan for data protection and availability during the upcoming hurricane season:

1. Have a documented IT disaster recovery plan

What will need to happen during or after a disaster for a business to resume operations quickly and effectively? Clearly outlining the action steps that must be taken before a disaster (planning stage), during as well as after a hurricane are critical for effective and efficient data disaster recovery.

Your IT disaster recovery plan should include: list of stakeholders’ roles and contact information, IT asset inventory, backup and restoration plan, as well as your internal communication plan in case of a disaster.  Make sure that your plan is understood and embraced by all key players so there are no surprises during a disaster.

2. Keep off-site, cloud backup of your data

From cost-savings to scalability, there are many benefits of cloud storage. Data stored on the cloud can be accessed instantly, which is critical for reducing downtime and recovering data after a disaster.

Businesses can mitigate the risk of losing their data due to a hurricane or another natural disaster by keeping it off-site and away from their local geography. They can also use cloud services as backups that can be tapped to get the business back online as quickly as possible.

For the best solution and support, consider partnering with a seasoned Backup as a Service (BaaS) provider with redundant infrastructure so you can receive dependable data security, data protection and 24/7 support even when your service is down locally.

3. Get a DR failover site in a different geography

One way a business can resume its operations quickly is by failover or switching to a redundant or standby system when it experiences an outage locally due to a hurricane or another disaster. The failover site must be situated away from your local region to ensure that it won’t be impacted by the same disaster, and ideally should be in-land, i.e. away from the coasts and other disaster-prone areas.

Disaster Recovery as a Service (DRaaS) providers like Storagepipe have years of expertise maintaining state-of-the-art redundant data centers, as well as hot site and warm site recovery solutions that are backed by 24/7 support to help businesses replicate their systems, restore their IT operations and get back on track after a disaster.

Download our DRaaS Buyer’s Guide to know the top 10 considerations for selecting the right DRaaS partner for your organization.

4. Test and re-test proactively

Testing your backup and recovery plan is the most effective way to ensure that your data, applications and IT systems will be properly restored after a hurricane, and within your desired RTOs. Testing should be conducted regularly, and especially after an application or server goes through a major update to ensure there won’t be any hiccups when a disaster strikes.

Let Storagepipe Help

Having a backup and recovery plan in place is essential for ensuring business continuity during a hurricane or any other disaster.  Storagepipe has over fifteen years of experience providing customers with piece of mind that your data is safe and secure – no matter your location. Storagepipe’s affordable Disaster Recovery as a Service leverages cloud-based resources and off-site storage to match your business’ unique needs. Don’t let a disaster disrupt your business operations. Let Storagepipe help you get back online in minutes.

VeeamON, VeeamON, VeeamON. It is currently the talk of the town… or at least around our office. VeeamON is the premier conference for cloud data management with networking, training and insights from many of the world’s leading IT experts and visionaries. In other words, it’s not an event to be missed. As the VeeamON team rightly asks, “the benefits of attending VeeamON are so numerous the question is, why wouldn’t you attend?”

We agree! Our team at Storagepipe has a lot of reasons for why they do not like to miss VeeamON.

Here are the top six things we are looking forward to the most at VeeamON 2019:

1. Getting the inside scoop from the Veeam wizards about upcoming products, releases and best practices to avoid unnecessary downtime.

2. Networking with the best minds in the IT world to get fresh ideas and stay abreast of emerging cloud trends and technologies.

3. Meeting our amazing customers to thank them for trusting us and finding new ways to enhance their Storagepipe experience.

4. Connecting with other like-minded Veeam partners who bring you differentiated managed data protection services. Did you know Storagepipe was the first – and is currently one of the very few – Veeam Platinum Cloud Service Providers in Canada? Our expertise in data protection, comprehensive service portfolio and highly responsive customer support are just some of the reasons why customers love us. Learn more.

5. Enhancing our IT team’s skills with VMCE training so we can continue to offer you the best-of-the-best in-house technical support for our Veeam-based Backup as a Service (BAAS) and Disaster Recovery as a Service (DRaaS) solutions.

6. Getting social at the epic VeeamON oceanfront pool party with Flo Rida!

What are you most looking forward to at VeeamON?

Connect with us at VeeamON

Are you attending? We’d love to meet you. Click on the button below to book a meeting with one of our solution specialists at VeeamON.

From serious security breaches affecting billions of users to hurricanes, fires and unpredictable weather spreading across the North American coasts, disasters – both man-made and natural – have hit the business world hard in 2018 continue to do so in 2019.

While your business might not be affected on such a large scale, any sort of outage can cause IT administrators and CIOs to lie awake at night wondering if they are well protected. Unfortunately, many businesses fail to develop a comprehensive disaster recovery plan, leaving themselves vulnerable to the worst-case scenarios when a disaster strikes.

Why Do I Need a Disaster Recovery Plan?

In our digital world, disasters that affect our data and applications are inevitable. Whether it’s a deleted file, a ransomware attack, or a large-scale natural disaster, there are constant threats to IT infrastructure and to the businesses that depends on them. But you can minimize the impact of an outage by developing business continuity processes and a disaster recovery plan.

You can’t afford downtime

The reality is that your business cannot afford downtime. The news is filled with headlines of multiple natural disasters and an increase in man-made disasters, from hardware or software failure, malicious ransomware or careless users and accidents.

With shrinking IT budgets, the idea of spending money on the “what if” scenario isn’t always top of mind. However, what is harder, is putting a figure against the intangible costs of downtime. Ask yourself: “What would be your customers’ perception of you if they can’t reach your website?” With stiff competition in the market, any sort of downtime will cost you customers.

Backups are not a DR Plan

After a disaster, you can reinstall applications, get new hardware, and even run your internet line. But if you can’t access all of your business data, your business simply cannot operate.

Local backups can be targeted by malicious software, like ransomware that takes over your backup applications, database backup files, and locks them all down. If you are cyber attacked, how many thousands of dollars would your company pay to the cyber criminals to get your data back without going out of business?

Keep it in the Cloud

There are many reasons why businesses don’t have a DR plan. It can be a lack of manpower, skills, space or budget. However, the cloud provides agile, scalable, highly performing, highly adaptable and cost-effective solutions.

Disaster Recovery: What to Expect in 2019

Experts agree that the risk of cyber-attacks and natural disaster events will continue to increase in 2019 and into 2020. These risks spread to encompass SMBs, municipalities, community agencies, and enterprise organizations. Give yourself and your business leaders peace of mind by working with data and system protection experts to develop a strategic backup and disaster recovery plan for your business.

Planning for disaster recovery is essential for businesses to be proactive; not reactive. Putting a plan together can mitigate even the worst disasters, ensuring business continuity and success for years to come.

Storagepipe can Help! 

The business costs of a data breach for business owners can be catastrophic but forewarned is forearmed. Our clients rest easy knowing that they have the tools in place to protect their business and clients from data disasters.

Learn more about what’s involved in planning a disaster recovery and business continuity strategy for your organization here.

Office 365 has many great features but full data backup is not one of them.

Switching to Office 365 is a smart business decision for organizations looking to enhance business agility, strengthen team communication and collaboration, and decrease the time and money spent on on-premise IT systems. However, you cannot harness the full benefits of Office 365, including Exchange Online, SharePoint Online and OneDrive without investing in a good Office 365 backup service.

Many IT professionals incorrectly assume that Microsoft will have a full copy of their data in the event of data loss, but the reality is that Microsoft’s policies do not guarantee complete and speedy restore of lost data. In cases where Microsoft may be able to retrieve the data, the process is still slow and cumbersome.

By investing in a comprehensive Office 365 backup solution, businesses can:

1. Mitigate the impact of human error

Mistakes like email, file and user account deletions happen all too frequently and account for significant productivity loss. An Office 365 backup solution lets IT administrators easily retrieve purged files, saving businesses valuable time and money.

2. Maintain access to data beyond basic retention policies

Office 365’s retention policy includes a brief retention period, typically ranging from 30 to 180 days. Quite frequently, data such as historical reports and emails, are needed much later to solve business problems, serve customers and/or to comply with audits.

3. Adhere to audit and compliance requirements

GDPR, PIPEDA, HIPPA and other regulations require businesses to maintain intact records for multiple years. Data backup and archiving solutions can help businesses remain compliant. Businesses remain protected from risks of legal action, potential public backlash and financial penalties that are associated with incomplete records.

4. Stay protected from cyber threats

Ransomware incidents have been front and center these days and show no signs of slowing down. By maintaining offsite/cloud backup of all their data, businesses can take the power away from cybercriminals and face cyber threats head on.

5. Get peace of mind knowing your data isn’t going anywhere

Ask yourself, how long can your business successfully operate without its data? A good Office 365 backup solution eliminates that what-if scenario by providing full data protection and complete peace of mind.

Learn More

Learn more about the reasons why Office 365 data back up is critical for businesses, and how businesses can best backup and protect their Office 365 data in our free whitepaper. Download Why Smart Business Leaders Are Investing in Office 365 Backup.

Cyber security threats and attacks are always evolving. Viruses, worms, trojan horses, spyware, adware and scareware have all been around for a long time. One type of malware, however, has been grabbing headlines and creating headaches for users and IT professionals alike: ransomware.

What is Ransomware?

Ransomware is a form of malicious software — malware — which encrypts documents on a PC, server or even across a network. Victims can often only regain access to their encrypted files and systems by paying a ransom, typically in bitcoin, to the criminals behind the ransomware.

A ransomware infection often starts with someone clicking on what looks like an innocent attachment, and it can be a headache for companies of all sizes if vital files and documents (think spreadsheets and invoices) are suddenly encrypted and inaccessible.

What do the numbers say?

  • Ransomware attacks rose 350% worldwide from 2016 to 2017 (Dimension Data, 2018)
  • 48% of IT consultants reported an increase in ransomware-related support inquiries from customers across 22 different industries during 2016-2017(Intermedia, 2017)
  • 25% of cyber insurance claims in 2017 were related to ransomware (AIG, 2018)
  • Total losses due to WannaCry ransomware forecasted to reach $4 billion (Cyence, 2017)
  • 72% of businesses hit by ransomware lost access to data for at least two days; 32% lost access for five days or more (Intermedia, 2017)

How can you protect yourself from Ransomware?

Ransomware can find its way even around today’s sophisticated malware protection. The best approach to security is multi-layered and requires vigilance from both IT professionals and their end users.

  • Always keep backups. Data can’t be recovered if it isn’t backed up. Have a strategy in place that covers every user, device and file.
  • Lock down administrative rights. Don’t give users administration rights, even on their own machines, unless it’s absolutely necessary.
  • Stay up to date. Keep systems and apps current with the latest patches to avoid exploits that rely on outdated code.
  • Keep every endpoint protected. Gateway protection can’t help when users insert a rogue USB stick. Make sure every endpoint has complete, current security.
  • If an email looks suspicious, it probably is. Teach users to trash emails that look like spam. Better yet, show them how to inspect email headers if they’re unsure of the sender.
  • Don’t open attachments. Unless your users are absolutely, positively sure that they recognize both the sender and the file, it’s better to leave attachments alone. If they do open attachments, they should never enable macros or executables. Suggest other ways to share documents that require authentication and have built-in virus scanning.

Veeam Insider Protection

At Storagepipe, our primary focus is protecting businesses’ data from any cyber threat or environment. Recently, cyber criminals have been becoming more sophisticated and learning to target backups as well as primary systems. Being in the business of offering total data protection, it was clear something had to be created to avoid such threats. As a Veeam Platinum Cloud Provider, Storagepipe can now provide an additional new solution to keep your data safe.

With the release of Backup & Replication 9.5 Update 3, Veeam introduced the concept of a Recycle Bin for customers sending offsite cloud backups using Veeam Cloud Connect. Coined Insider Protection, the solution enables a deleted backup protection option. This adds a new level of data security for cloud-based backups in the case of a malicious user gaining access to your backups or in the case of accidental deletion by an administrator.

Secure your cloud backup with Veeam and Storagepipe

Ransomware is not going away anytime soon. It is an evolving attack scheme that cybercriminals are pouncing on to gain a quick buck. For IT administrators, ensuring the lines of defense are strong against cyber threats and accidental deletions are key to creating a solid business continuity plan. Learn how you can improve your threat management with Veeam’s Insider Protection by contacting us now.

TORONTO, ON – February 26, 2019 – Storagepipe Solutions Inc., the leading Canadian company in backup and disaster recovery services, is pleased to announce its acquisition of GridWay Computing Corporation, Ottawa’s top IT Managed Services Provider (MSP) for small and medium businesses and organizations.

“I am very excited to welcome the GridWay team to the Storagepipe family,” said Steven Rodin, President and CEO of Storagepipe. “Adding to Storagepipe’s offerings, GridWay’s extensive cloud computing and managed services expertise will further expand our cloud services across North America and Europe.”

GridWay will remain an independent and wholly owned subsidiary of Storagepipe. It will continue to focus on delivering exceptional managed IT solutions, Infrastructure as a Service (IaaS), backup and recovery, Office 365, colocation through their state-of-the-art data centre, and other managed cloud services to the greater National Capital Region.

“The future is bright for both GridWay and Storagepipe. With our combined expertise and infrastructure, we will be able to deliver significant value to our clients,” continued Rodin. “I am also very happy to announce that the founders of GridWay, Greg Lean and Chris Kramer, will continue to lead GridWay and the managed services team.”

“Joining the Storagepipe family is a win for both GridWay and our customers,” said Greg Lean, Managing Director of GridWay. “We will remain independent and continue to deliver our high quality and customer focused managed services. With additional resources, we now have more opportunity to innovate with our solutions and grow our footprint within the Ottawa market. We are also excited to support and accelerate Storagepipe’s international expansion.”

Since its inception in 2001, Storagepipe has been expanding rapidly to serve customers with an industry leading portfolio of Backup as a Service (BaaS), Disaster Recovery as a Service (DRaaS), private cloud solutions, archiving and networking services. Storagepipe was also the first Veeam Platinum Cloud Service Provider in Canada and is a recognized leader in Veeam Cloud Connect and DRaaS services. “At Storagepipe we care deeply about protecting our clients’ data and delivering the best technology and user experience possible,” emphasized Rodin. “The acquisition of GridWay will enhance our leadership position by providing a full suite of managed cloud services to our clients.”

About Storagepipe Solutions Inc.

Storagepipe is a trusted global provider of secure and comprehensive cloud and data protection services. Since 2001, Storagepipe has delivered highly flexible and responsive multi-industry solutions to seamlessly protect virtualized, cloud and physical systems. Today, Storagepipe provides this broad range of robust cloud services from a scalable multi-tenant infrastructure to customers and partners throughout North America and Europe. To learn more about the Storagepipe experience, visit

About GridWay Computing Corporation

For over 15 years, GridWay has been offering cloud computing and managed services to hundreds of clients in the greater National Capital Region. In addition to our state-of-the-art data centre located at our headquarters in Kanata, we offer a wide range of managed IT cloud services, Infrastructure as a Service (IaaS), Office 365, colocation, hosted virtual servers and other managed cloud IT services including our very popular Total Protection Program. For more information, visit

For more information:

Steven Rodin, CEO
Storagepipe Solutions Inc.

We know your data is important to you. And you'd go the extra mile to retrieve it if it was to get lost. But do you know what that extra mile, or many miles, might look like? And if you’d even be successful in the end?

Unintentional, and unfortunately also intentional, data loss happens everyday and can cost businesses a fortune – sometimes even causing a company to go bankrupt!

Don't let this happen to you.

You can protect yourself and your company by not only ensuring that your data is securely stored, but by going that extra mile to get your data automatically backed up.

Storagepipe's robust portfolio of Backup as a Service (BaaS), Disaster Recovery as a Service (DRaaS),  Cloud & Hosting, and Archiving & Compliance solutions offers small and medium sized businesses complete protection and utmost peace of mind.

So when a catastrophe strikes, whether it's sprinklers going off in the office unexpectedly, a ransomware attack, a natural disaster, or an accidental file deletion, you can be sure that your data will be recoverable and your business will continue as normal.

That’s what we call giving your data the love and care it deserves.

Contact us today to learn more.

Many Canadian businesses are reeling from Mother Nature’s latest curveball. This year we’ve seen severe wind storms and heavy flooding in several parts of the country. It’s clear, Canada’s weather patterns are evolving and severe weather is occurring more frequently. In fact, The Insurance Bureau of Canada reported a record $4.9 billion in insured damage from natural disasters in 2016 – shattering the 2013 record of $3.2 billion.   

Your organization’s character is tested in times of crisis. But after business returns to “as usual” organizations are faced with asking critical questions about their business operations. Questions like: 

  • Do you have a business continuity plan?
  • How long can you function competitively?
  • If you are forced to slow down production, how much revenue will you lose?  
  • Will your clients remain loyal or be forced to work with someone else?  

At Storagepipe, we understand the anxiety and stress that comes with losing your data to a natural disaster. Our services provide you with piece of mind that your data is safe and secure – no matter your location. Storagepipe’s affordable Disaster Recovery as a Service leverages cloud-based resources and off-site storage to match your business’ unique needs. Don’t let a disaster disrupt your business operations. We can help you get back online in minutes.  

Contact us today to learn about how you can experience the Storagepipe difference.  

On November 1, 2018 the Government of Canada implemented significant changes to the Personal Information Protection and Electronic Documents Act (PIPEDA). Much like the new regulations released by European Union General Data Protection Regulation (“GDPR”) in early 2018, the government is putting the power back in the hands of the individuals whose personal data is being collected and stored. Non-compliance of PIPEDA can result in fines of up to $100,000 per violation. If your organization has not already done so, it is time to consider your obligations and create a plan to comply. 


With the new regulations released by European Union General Data Protection Regulation (“GDPR”), the Government sought to harmonize the Canadian rules with the new GDPR data breach notification rules. Although PIPEDA has long held adequate personal information privacy protection, the Government took additional measures as it is considered this important for Canada-EU trade.  

Mandatory record-keeping for all breaches 

Much like the GDPR rules, Section 10.3 of PIPEDA requires organizations to keep and maintain a record of every breach involving personal information under their control. Organizations are also required to provide a report to the Commissioner with the requested records within a timely manner. Based on the report provided, the Commissioner may publish the information if it is in public interest and/or launch an investigation or audit based on the information in the breach file.  

The record-keeping requirement is an important compliance consideration and has the potential to create costs and risks for organizations. For example, there may be additional litigation claims in relation to breaches (including breaches that did not result in notifications to individuals), if the organization does not fully comply or report breaches.   

Record-keeping Requirements  

Organizations must maintain a record of every breach of security safeguards for a minimum of 24 months after the day the organization determines that the breach has occurred. The record keeping requirement is applicable to all breaches, not only those that give rise to a real risk of significant harm.  

In section 6.2 breach records must contain “any information that enables the Commissioner to verify compliance with [the breach notification and reporting provisions]” – meaning the Commissioner must be able to validate whether the organization notified and reported breaches as required by PIPEDA in each case. The regulation does not give organizations specific rules on how the records are archived but they must be able to provide the appropriate information on request.  

Data Breach Reports  

PIPEDA’s data breach obligation requires organizations to assess a number of factors in determining whether any breach of security safeguards have been compromised. It’s up to the organizations to consider the sensitivity of the information involved, the probability that the information will be misused and the potential for “bodily harm, humiliation, damage to reputation or relationships, loss of employment, business or professional opportunities, financial loss, identity theft, negative effects on a credit record and damage to or loss of property” when assessing risks. 

Data Breach Reports to the Commissioner 

If the Commissioner has requested a report, the regulation lays out what your organizations needs to provide to comply. The report must be made in writing and sent by any secure means of communication. The requirements are as follows:  

  • The circumstances of the breach and the cause. 

  • The date or period of time when the breach occurred. If the time is not known, the approximate period must be provided.  
  • The compromised personal information and extent of the breach.  
  • The number of individuals affected by the breach. If the number is unknown, the approximate number must be provided.  
  • Clearly laid out steps that the organization has taken to reduce risk or mitigate harm to individuals that could result from the breach. 
  • What steps the organization has taken to notify affected individuals? 

  • The name and contact information of a person in the organizations who will answer the Commissioner’s questions about the breach.   

Data Breach Reports to the Individual  

In section 3 and section 5 of the regulation, organizations must notify the individual who has had their personal data compromised. Unlike the GDPR, PIPEDA provides a lot of flexibility for organizations to decide based on the type of breach to indirectly or direct notify the individual.  

Indirect Notifications   

Indirect notification must be given “by public communication or similar measure that could reasonably be expected to reach the affected individuals.” In section 5, the regulation provides guidance on when should organizations utilize the indirect notification:  

  • Giving of direct notification would be likely to cause further harm to the affected individual. 
  • Direct notification would be likely to cause undue hardship for the organization. 
  • The organization does not have contact information for the affected individual. 

Direct Notifications   

Section 3 details that the notifications to individuals include sufficient information to allow the individuals to understand the significance to them of the breach, and to take steps, if possible, to reduce the risk of harm. PIPEDA requires the same requirements of the Commissioner’s report be provided to the individual. 

The components of a PIPEDA Compliance strategy:         

  • Ensure record-keeping for all breaches are archived for up to 24 months  
  • Create a cybersecurity strategy for the storage of sensitive data 
  • Managing the development of an Emergency Response Plan 
  • Ensure legal compliance is up to date with GDPR and PIPEDA 

  • Identify and assign a data privacy controller in your organization  
  • Request third-party service providers access to the breach file  
  • A privacy toolkit is available here for organizations to live up to its PIPEDA responsibilities.  

Storagepipe can help!  

With the implementation of GDPR and the PIPEDA changes to personal data – organizations must take control of how they obtain and protect personal data. With Storagepipe, we ensure your data is secure so you can get back to business. If you need help with keeping your data safe or creating a PIPEDA compliance strategy – contact us today.