What’s Missing in Your Microsoft O365 Security and Data Protection?

Categories

You’ve embraced remote working – are you still secure?

The trend towards remote working has been growing for several decades, but recently due to world events, many businesses have had to adopt supporting technologies and processes quickly and under pressure. The remote working trend has also dovetailed with the move to the cloud and software-as-a-service applications like Office 365. Cloud services are a great help in implementing remote working and in helping teams to collaborate even when not working in the same location. Cloud-enabled services and applications are often misunderstood, however, when it comes to security measures. Along with their SaaS services, businesses also need to consider using cloud-based security and disaster recovery services in parallel from a trusted DRaaS provider.

SaaS and Cloud providers like Microsoft, Salesforce, Google and others promise to secure the infrastructure that hosts the cloud application. But these SaaS providers are not responsible for covering all of the possible data and security issues that can arise, so customer support for backup, replication, and recovery services needs to be considered.

While the cloud provider takes care of the infrastructure, data and access remain the customer’s responsibility. The access risks compound as workers increasingly work remotely and communicate through email, which is the number one vector for malware.

Secure access to the cloud for remote workers today is usually ensured by either using an SDP or split-tunnel VPN. In either case, the security of remote access relies on user authentication. It is important not to make the mistake of relying on the employees to set up and manage their passwords. Individuals are notorious for setting easy-to-remember but also easy-to-guess passwords. Set up strict corporate password policies and enforce them. Also enforce regular intervals for employees to update their passwords.

Even with these stricter password policies in place, businesses would also be wise to employ multi-factor authentication (MFA). There are a number of ways for bad actors to manipulate or trick your employees into unintentionally revealing their passwords making it a good idea to have a second authentication method as a further roadblock. Traditionally, MFA was done using tokens, but it has become much simpler today to use the employee’s smartphone to send a code that they then enter into the SaaS login credential screen. There are a number of good choices for MFA available such as Google Authenticator, or options recommended by Microsoft. Need help determining which MFA solution is the best fit for you? Ask our Microsoft 365 experts today!

Even MFA access through SDP or a VPN will not always guarantee security for your most precious data; internal employees can also act maliciously. Therefore, it is a good idea to design your internal data access policies to ensure that each end user only has access to the applications and data that they need to do their jobs.

Segmenting your data collections is another good policy to adopt for additional Cybersecurity and data protection. Having all your eggs in one basket is never a good idea. Using various software-defined networking techniques such as SDPs or SD-WAN, you can literally define the connection between the user’s device and a specific server. They can be completely restricted to this network slice. Finally, think carefully about which workers get remote access; not everyone needs it all the time.

One main vector for security breaches is via email “spear phishing” attacks, which attempt to induce people to reveal personal information, such as passwords and credit card numbers by posing as reputable companies.

Phishing is a common technique for extracting passwords from employees with some IT professionals reporting 1000+ phishing attempts hitting their email inboxes a month. Other malicious email campaigns include sending attachments with embedded trojan code, or links pointing to compromised websites that auto-download malware onto users’ systems.

All employees are at risk of making a split-second poor decision and exposing their computer to these attacks. Threat actors are adept at choosing topics that people are eager to learn more about, often playing off trending fears and anxieties to lessen people’s natural caution and common sense. As a sign of the times, many organizations are reporting increased email phishing and Business Email Compromise (BEC) attacks since the beginning of the COVID-19 pandemic, with many messages claiming to offer breaking news or free tests. Once the pandemic has finally abated, threat actors will move on to the next anxiety-provoking topic.

While Microsoft and other email SaaS providers often try to help to filter unwanted senders’ messages by verifying the IP address to guard against phishing, oftentimes their off-the-shelf attempts lack comprehensive protections and may lag behind in updating against the latest threats. IT professionals should look to enhance their email security by looking for Managed Anti-Spam and Anti-Virus solutions that offer services for scanning both inbound and outbound emails to eliminate spam and known attacks, and Managed IT Services for analytical reporting, Cybersecurity and on-demand expertise from a trusted DRaaS provider.

While it is critical to stay on top of the latest security threats and trends, it is also the case that malicious actors are constantly innovating new attack strategies. Barely a week goes by that some new kind of threat is launched and discovered. From denial of service to trojan horses and ransomware, you can never rule out the possibility that your business will be the next headline victim and cautionary tale.

How does a DRaaS Provider enhance Microsoft 365 data protection and cybersecurity?

That is one of the most important, but not the only, reason to have a comprehensive backup and rapid disaster recovery service. Another reason is that employees unintentionally delete data all the time. In fact, they are the most common source of data loss. Even IT professionals can make configuration mistakes that can open data to being hacked or even lost. So, a comprehensive backup and disaster recovery option is essential for restoring your data.

This is where cloud services expand their usefulness from a means to collaborate efficiently, to storing and protecting your critical and everyday business data. Disaster Recovery as a Service (DRaaS) has become increasingly important in an era of escalating natural disasters, cyber-attacks targeting critical public institutions and businesses, and sophisticated social engineering campaigns bombarding your business day and night.

The good news is, as the importance of DRaaS has risen, the affordability has too. Many savvy organizations are leveraging the flexibility and rapid responsiveness inherent in cloud-enabled backup and recovery. After all, one of the many reasons that you adopted a cloud model was to get away from the capital costs and ongoing operating expenses associated with running and maintaining your own internal data infrastructure. Now that there are a range of cost-effective disaster recovery services available, businesses are finding that DRaaS makes good common sense.

In addition to helping you to recover from a disaster, an experienced DRaaS provider can also proactively help you to prevent data disasters from occurring in the first place, and enable your business to work securely no matter where your end users are located. As a third-party specializing in helping businesses to recover from various disasters, they are best placed to anticipate what your business might face in the future. They can help you to design your security approach, as well as prioritize your data resources, segmenting them and working with you to create a plan for ensuring that the most critical data is restored as quickly as possible to keep you up and running.

The possibility of remote working and cloud-based services have been a godsend for many businesses, allowing them to remain operational in these difficult times. It is unlikely that the workplace will return to what it was and remote work is probably the new normal or highly significant for many businesses going forward. Your DRaaS provider can make sure that you do it securely and ensure that you can also recover gracefully if anything does go wrong.

Want to know more?

Storagepipe to the Rescue

Your Backup and Disaster Recovery Heroes

Storagepipe is a trusted global DRaaS provider of comprehensive Cloud, Data Protection and Cybersecurity services and can help to provide guidance as you work through your SMB or enterprise DR planning process.

Since 2001, Storagepipe has provided these robust and secure Managed Cloud and Disaster Recovery solutions from a scalable multi-tenant infrastructure, supported by our first-class in-house technical team. Storagepipe delivers highly flexible and responsive solutions with outstanding value and service, using state-of-the-art technology to offer ultimate protection and peace of mind. Storagepipe is an accredited Microsoft Office Level 1 backup and DRaaS provider.

We are driven to be your trusted partner and to ensure that we deliver a Storagepipe Experience that meets your business requirements with the reliability, scalability and support that your business demands.

Contact us today to discover your options around partnering with us to provide your customers with data loss prevention solutions and rapid ransomware recovery with services such as Cloud to Cloud Backup for Microsoft 365email archiving, and Storagepipe DR services. Regardless of internal user error, ransomware attacks, or when a health disaster strikes, ensure your business continuity by meeting your operational demands while protecting and recovering your most valuable asset – your data.

Questions? Ask Our Experts!

Find Your DRaaS Partner and Make Disaster Recovery a Strategic Part of Your Service Portfolio

Categories

You may already be managing backup services for some of your clients, but haven’t yet expanded to offering a complete disaster recovery service. Or you simply haven’t added Managed Backup or Disaster Recovery (DR) to your service portfolio at all. Either way, there are good reasons to consider offering your customers DR, not just as a source of recurring revenue, but also as a sticky service that can create a more trusted advisor relationship that leads to new business. It has become easier to add DR to your portfolio with the advent of Disaster Recovery as a Service (DRaaS), especially when working closely with a DRaaS partner.

DRaaS is a perfect example of an on-demand cloud service that is always-on and scales with your client’s needs. For you and your customers, there is the added benefit that you don’t need to keep a second data center for redundant servers and communications services. An additional perk for you is that DR brings in new customers, such as SMBs, that will find it easier to start small and scale as they grow.

DRaaS offers three other main benefits to your customers:

  1. Immediate recovery from any kind of disaster with system failover to a secondary infrastructure within minutes.
  2. Depending on needs and resources, customers get the flexibility to customize the scope of recovery from all types of disasters, from malware and ransomware to hurricanes and wildfires.
  3. DRaaS offers seamless redundancy and no single point of failure to keep data securely protected in the cloud and away from the primary site.

Working closely with a customer to plan for recovery from a disaster that could jeopardize their business, requires that you get a clear understanding of their key operations and those parts of the business that are mission-essential. This disaster recovery planning approach is more strategic and collaborative between provider and customer than with a managed backup service, and requires you and the customer to predefine playbooks for exactly how to respond to different disaster scenarios. This is your opportunity to take your relationship with your customer to a new level. If you are able to add value and insights, you can earn their trust and develop a longer-term relationship with greater revenue potential.

Working on the disaster plan will involve taking the customer through a thorough risk assessment to identify vulnerabilities in their infrastructure. You may ask, which components are the most important and how do they impact their critical business functions? You will need to calculate both the financial and non-financial costs. Besides loss of revenue, there is the potential loss of opportunity; for instance, companies that recover faster, gain a competitive advantage.

The goal of all this analysis is to develop with the customer what they believe is their realistic recovery time objectives (RTO). In other words, how long can their infrastructure afford to be down? This is often a compromise between what they view as ideal and what they can afford. Similarly, you will also set the recovery point objectives (RPO), which define what level of data must be recovered and at what time-based increment or schedule, which should follow directly out of the analysis of critical business functions.

Qualities and Benefits of a Reliable DRaaS Partner

Having a technology partner that is focused on providing disaster recovery can be helpful during this process. A good DRaaS partner will have extensive experience in helping companies recover from many different kinds of disasters. This experience can be leveraged in formulating a sound disaster plan. And should the time come that a disaster does occur, it’s good to have team members onboard who routinely handle disaster situations and are able to meet the challenge with a measured and effective response that only comes with experience.

Your DRaaS partner will be particularly useful in the setting and defining of RTO and RPO objectives. These objectives set the parameters for the SLA you agree to and defines your relationship and your obligations going forward. This includes identifying the cost-effective services and configurations that are recommended for your customer to meet their RTO and RPO, including full or partial failover, and hot site or warm site replication. It is critical to get it right at the beginning, and this is where the extensive experience of a DRaaS partner can be drawn upon to ensure that the defined service achieves the customer’s objectives as well as your own.

Finally, your ultimate objective in defining a DR plan for your customer is to identify where they are most vulnerable and to help them to address those weaknesses to prevent disasters altogether. Again, you will have to move the needle on your relationship to go beyond reacting to their needs to anticipating them, and as a result positively shape the way they operate their business.

This is why DRaaS is much more than an additional revenue stream or a sticky service, although it is both these things. It is above all an opportunity to move you from being regarded as just a service provider to being a trusted strategic long-term partner for their business.

Storagepipe to the Rescue

Your Backup and Disaster Recovery Heroes

Storagepipe is a trusted global provider of comprehensive cloud, data protection and security services and can help to provide guidance as you work through your SMB or enterprise DR planning process.

Since 2001, Storagepipe has provided these robust and secure Managed Cloud and Disaster Recovery Services from a scalable multi-tenant infrastructure, supported by our first-class in-house technical team. Storagepipe delivers highly flexible and responsive solutions with outstanding value and service, using state-of-the-art technology to offer ultimate protection and peace of mind.

We are driven to be your trusted partner and to ensure that we deliver a Storagepipe Experience that meets your business requirements with the reliability, scalability and support that your business demands.

Contact us today to discover your options around partnering with us to provide your customers with data loss prevention solutions and rapid ransomware recovery with services such as DRaaS Veeam managed appliance for VMWare and HyperVDRaaS physical server replication, and other Storagepipe DR services. Ensure your business continuity by meeting your operational demands while protecting and recovering your most valuable asset – your data.

Questions? Ask Our Experts!