Category Archives: Data Security

Do You Really Need an Antivirus Software Today?

There was a time when viruses and malware were a major threat, even for an average desktop or laptop user. This was the time of Windows XP, which didn’t have an AV program of its own (later Windows OS came with built-in AV programs, such as, Windows Defender in Windows 7 and 8), and the operating system itself wasn’t exactly robust and secure enough to ward off the unwanted programs.

Times have changed now. Not only there is a considerable decline in major virus and malware floating around, but the operating systems, too have evolved greatly to tackle this problem. Brian Dye from Symantec (a leading provider of security products) himself declared in 2014 that antivirus was dead. This surprised, and even shocked a number of people, even though Dye was referring to the declining sales of AV products.

The reason why sales of AV programs have declined is because the majority of businesses have moved beyond traditional software protection. They now invest in comprehensive AV systems rather than standalone products and focus on adaptive approaches instead. Of course, another reason is that most computer users are unaware of the benefits that paid AV programs offered, and are content with their free versions.

Today, a huge percentage of computer users don’t use AV programs anymore. But what about businesses? Do they need an AV program? Perhaps not.

How Microsoft Affected the AV Market

For a long time, AV companies such as Norton and Avast made tons of money selling their security products. Everyone was afraid of viruses, which was why they would buy an AV program the first time they bought a new system. However, when Microsoft released Windows 7, which had many features, but mainly the built-in security program Windows Defender, it gave the commercial security companies a run for their money. After all, it was a great product, and did a terrific job, for free! Who would want to pay for another AV product, when this one came pre-installed, and cost nothing?

After the release of Windows 7, a lot of AV companies started rolling out free versions or trial versions of their products to increase sales, but the damage was already done.

Malware Bringing Ransomware

While virus attacks have declined, it won’t be correct to say that computer systems don’t have any security risks. Yes, trojans and malicious programs are rare these days, but these have been replaced by other forms of programs, mainly the adware and ransomware. These programs don’t directly harm the system, but increase the system’s overhead, and pose the risks of fraudulent activities (ransomware).

What’s the Solution?

You can absolutely protect your computer system from harmful programs without shelling out money. The first thing you must do is make sure that Windows Defender and Firewall are both enabled. These two will protect the system from the majority of the attacks. Secondly, install a basic version of a malware protection software, or AV software, just to be sure.

The suggestions above are for desktops and laptops. They can’t protect your server, which is why you need a good online backup solution. Even if you have an expensive AV program, it is best to invest in a decent cloud backup solution. This is because no AV solution is foolproof, and you wouldn’t want your important documents and files to be compromised. Before you make your final decision to pick a cloud backup and data storage company, make sure they are offering additional services, such as: data mobility, data security, disaster recovery, virtualization, business continuity, and more.

 

Influencing the Quality of Services by Focusing on Service Level Agreements 

Service Level Agreements (SLAs) are enterprise life lines on the Internet. CIOs cannot plead ignorance of the clauses. First, the SLA is often written in plain English, and second, the SLA represents the “consensus” reached between the contracting parties. A focus on the SLA is an imperative; a necessity. So, what does one look for in an SLA?

This paper purports to help readers focus on SLAs for Cloud services and understand the what, why and how of it.

 

Table of Contents

  1. Introduction
  2. Definition of Services
  3. Performance Measurements
  4. Problem Management
  5. Customer Duties – Roles and Responsibilities
  6. Warranties and Remedies
  7. Disaster Recovery and Business Continuity
  8. Security
  9. Termination of Agreement
  10. Conclusion
  1. Introduction

CIOs can not plead ignorance of the clauses in the SLA if enterprise data suddenly vanishes into cyberspace! SLAs are often set out in plain English and a focus on the SLA is an imperative; a necessity for the survival of the organization in this digital age. A focus on the SLA, an understanding of the provisions and sections of the document is a must.

Service level agreements are formal, legally binding documents that are drawn up by the contracting parties. They formally set out the level of service that will be provided by the contractor under the terms of the contract. All Cloud services providers include SLAs that detail the level of service that will be provided for the duration of the contract.

A service level agreement is an “agreement”. It signifies consensus between the contracting parties. It assumes that there is a common understanding about services, guarantees and warranties, responsibilities and priorities. It defines levels of serviceability, availability, operation, performance or other attributes of the service, including billing. It details where and when a customer can expect “minimum” service and how it can be measured or what the target value is.

A few contracts may even contain clauses detailing penalties for failure to meet minimum expected levels of service. To get the right level of service, customers must examine the different sections of the service level agreement in detail.

At a minimum, a typical Cloud service level agreement includes the following sections:

  • Definition of services
  • Performance Measurements
  • Problem Management
  • Customer Duties
  • Warranties
  • Disaster Recovery and Business Continuity
  • Termination of Agreement
  1. Definition of Services

Cloud Service SLAs, like all utility service SLAs are output based. By this, we mean that the level of service that will be provided to the customer is defined in measurable terms. The service provider demonstrates value to the customer by expounding how knowledge, capability, and ingenuity are innovatively organized to deliver the requisite output or service to the customer. This emphasis on the delivery mechanism shifts the risk to the service provider.

The definition of services under the SLA may vary according to the type of service, the type of organization and the needs of the organization. A corporate level SLA may provide generic services to all parts of the enterprise. Multi-level SLAs may split services so that the service provider can cater to the specific service needs of different parts of the organization. Customer level SLAs may provision for services relevant to a particular industry. Service level SLAs may cover specific service requirements of specific service groups.

SLAs may offer layered services. The service provider may define the basic package(s), that will be made available at different prices. Customers can select from a list of “add-ons” (at pre-defined costs) or other specific features that they would like to include in their package. For instance, the basic package may offer the customer 2 GB of space for storage. The customer may choose to “add-on” additional storage by signing up for 20GB of space. The service user may also opt for an email system for the entire organization in addition to the other services being offered as part of the regular package.

All terminology proposed to be used in the SLA are also set out and explained in this section of the document.

  1. Performance Measures

That which is not monitored is not done. SLAs are drawn up to ensure that Cloud service delivery performance can be measured and the customer has the ability to monitor the performance of the service provider on the basis of a pre-defined set of standards and norms. The service provider also commits to a minimum level of service under this section of the SLA and has the opportunity to define the standards and norms that are to be used to evaluate the performance of the service delivery. For instance, “latency” is a term that describes the time taken for data to be recovered to the client machine from the storage server in the Cloud. “Uptime” is a measure that helps both the customer and the service provider understand whether the services are being delivered as promised. Uptime is usually expressed in 9s. As a client, one needs to think thoroughly on the level of uptime. Uptime can be incorporated with much accuracy by determining the number of 9s in the SLA. For example, the table below shows the co-relation between the number of 9s a client might target and the duration of downtime, which may vary from 5 minutes to over 36 days in a given year.

If your availability target is a mere 90%, there will be 36.5 days of downtime in a year (i.e. 10% of 365 days). If, however, your availability target is 99.999% (dubbed as five nines), then you will only have about 5 minutes of downtime in the entire year!

Availability Target Downtime Per Year (Approx.)
90 percent 36.5 days
99 percent 3.65 days
99.9 percent 8.8 hours
99.99 percent 52.6 minutes
99.999 percent 5.3 minutes

Table: Comparison of Downtime Vs Availability Target, using “one to five nines”

  1. Problem Management

This section of the SLA focuses attention on problem-handling systems integrated into the service. The purpose is to minimize the impact of events, incidents, and problems on the customer’s business. For instance, the Cloud vendor may provision for alerts to be generated whenever a backup or recovery fails or unauthorized entities attempt to access the data. The SLA may detail error handling procedures and set out escalation protocols for handling unexpected problems. Time frames for the resolution may be specified. Stipulations may include activation of audit trails and maintenance of logs and records for all types of incidents that may cause failures in delivery of service.

  1. Customer Duties – Roles and Responsibilities

The SLA is not a one-way street. The Cloud vendor has some expectations from customers. The service will work effectively only if the organization collaborates regularly with the vendor for technical and support contract issues. The organization must clearly indicate and designate the license administrator. The administrator is responsible for receiving and administrating the software product licenses, updates and upgrades and payment of all bills due or assigning rights and permissions to other users, who are authorized to access the online storage account. Though they may appoint secondary administrators in multi-level contracts, all secondary administrators must report to the primary administrator, who must remain a single point of contact for the Cloud vendor.

  1. Warranties and Remedies

The Cloud vendor provides the user details of any warranties and remedies under this section of the SLA. This is perhaps one of the most important sections for the customer. The warranties may cover service quality, indemnities, third party claims, remedies for breaches, exclusions and force majeure.

  1. Disaster Recovery and Business Continuity

Recovery is the raison d’etre for online Cloud backup and storage. The Cloud vendor describes in this section, the disaster management protocols that have been put in place by the company to safeguard against disaster.

The disaster recovery and business continuity guarantees may broadly include:

  • Provisioning of geographically dispersed servers for safeguarding against natural disasters such as Tsunamis, earthquakes or tornados
  • Continuous data replication or data mirroring to ensure high availability of information at all times
  • Seamless failover systems
  • Simultaneous creation of local copies of data using the Cloud vendor’s proprietary application even as data is being streamed to the online server over the Internet
  • Provisioning for bare-metal restores to any part of the world
  • Provisioning for data security with impregnable cryptographic modules, both during transmission and storage
  1. Security

This section of the SLA elaborates upon the security systems that the Cloud vendor promises to use. Any certifications obtained by the company for its cryptographic module or the type of encryption that is used (bank grade/military grade) is generally specified here. The encryption protocol may be used only for data in transition and not in storage or for both. If the vendor permits the customization of the encryption key, the fact will find a mention here with suitable warnings that the loss of the key could well mean the loss of data as the vendor does not retain copies of the customized keys.

Further, the vendor urges the customer to ensure that the user management systems provided is exploited to ensure that only authenticated and authorized personnel has access to data and enterprise policies are being adequately implemented through the interface settings.

  1. Termination of the Agreement

The last section naturally talks of when and how the contract can be terminated. The rights and responsibilities of the vendor and the customer are generally detailed in this section. Termination can occur at the end of the initial term, for convenience, and/or for a cause. However, whatever the type of termination, the vendor must undertake to delete all customer information from all primary and secondary servers in which the data has been stored. Some vendors even specify what they will do with the information that is stored by them in their archives and disaster recovery sites. Wherever interoperability of services is possible, the vendor may agree to transfer all customer data and applications to the new Cloud service provider.

  1. Conclusion

It must be reiterated that the SLA is a binding legal document. Both parties to the contract can enforce it and hence, it must be drawn up after both parties are satisfied that they have clarity on promises and expectations. Imperfect understanding on any side can lead to confusion, dissatisfaction and probable loss of business. Therefore, both parties must negotiate the different clauses before signing on the dotted lines and committing themselves to the contract.

In some cases, despite your due diligence, SLAs might not be met; and you won’t discover this until the unexpected happens and disaster strikes. Therefore, it is highly advisable that you understand and get comfortable with the SLA and that you anticipate disasters and plan accordingly. Sometimes, disasters are not fully understood; and administrators might define them vaguely. For instance, disasters that are defined as small instances may have just as big of an impact as the larger, less likely ones.

 

Should you Trust your Data to the Cloud?

For those who are extremely nervous about entrusting their valuable mission-critical data to strangers over the Internet, Backup Technology Limited (BTL) Cloud Backup is a very reliable option! You can trust your data to BTL professionals without a qualm. BTL has years of experience and a proven track record in data security. The client testimonials and partner stories say it all. If you are still not convinced, here is how BTL works on data security for you.

Your data is secured against access in three ways:

  1. Data is encrypted once at the point of transmission and again at the point of storage. This double encryption makes unauthorised access difficult and even fruitless.
  2. BTL uses superior technology to ensure that your data is backed up quickly and efficiently, and optimally.
  3. Your data is made highly available by replication/mirroring for disaster recovery.

Encryption:

BTL protects data by deploying a 256 bit cryptographic, powered by Asigra, an industry leading cloud backup technology.

The 256 bit cryptographic feature is installed when the BTL software agent is installed on server or computer you want to backup. The installation process prompts the user to input several character strings. The string is then, converted into a 256 bit encryption key and is made available only to the user. It is never transmitted over the Internet and is not stored on the servers of the company. Users are expected to secure this key against deletion and access by unauthorised personnel. Since the data is stored in an encrypted format on the server, the availability of the key is an imperative. Loss of the key implies loss of access to data stored on the servers.

BTL software kick starts when you begin to transmit information over the Internet for secure, encrypted storage on BTL servers. The agent software installed on your computer communicates with the BTL server, using SSL (Secure Socket Layer) technology that deploys its own encryption protocol. This results in a double encryption of the data you finally store. This technology is similar to the technology that is used by banking companies to secure bank accounts of their customers.

High Availability

BTL ensures that customer data is stored securely for high availability and disaster recovery. They monitor the data centres 24/7 with advanced bio-metrically controlled access. Backup generators and redundant Internet connections are used to ensure that customers are never locked out of the server storage if the encryption key, user name and password are available with them. Files in storage are constantly reviewed for ease of restoration, maintenance of user logs, and optimisation of versioning controls.

Software Features

BTL’s technology backs up data, differentially or incrementally at the block level after the first full backup. Users can configure the software to apply to specific data sets as per company policy or on the basis of the importance of the data. This enables users to backup more files during an available backup window and optimise on storage space. Users can also set BTL Cloud Backup and Recovery solution to backup a number of versions of files for compliance and archiving regulations.

Whether you run a big corporation or a small business or you are an IT service providers, BTL offers a secure cloud based data backup solution, combined with a robust partner program, the efficiencies of full web-based account management, and an industry leading technical support team. Visit: www.backup-technology.com

Why BTL’s Cloud Backup Outperforms the Competition?

People in search of great cloud services are always asking the same questions and expecting to find new answers! There are no new questions. There are only new answers. Let us look at some of the common questions that are asked:

  • How does this new technology advantage me?
  • How is it different from the current technology I use?
  • Where will my data reside?
  • Will my data be secure?
  • How will I have control over my data?
  • What kind of tools will I have for managing my data?

Backup Technology Limited (BTL) has not been asked anything significantly different or new. But, it has a lot of new answers to tough questions that are frequently asked. BTL has created a cloud platform that addresses the most recalcitrant problems of customers and resolves them to their satisfaction! This speaks volumes on how BTL has been taking its mission seriously!

The cloud computing infrastructure proposed by BTL Cloud Backup is exciting. BTL is committed to the task it has undertaken. It has partnered with leading technology vendors to provide customer friendly solutions. The integration and interoperability of the product further delivers a combined solution to frequently encountered customer problems and provides a high level of data protection solutions. The methods of deployment, the virtualisation options, simplification of provisioning, application services, increased availability, reduced environmental impact, and business continuity are some, not all, of the compelling reasons for adopting this great technology from BTL.

BTL’s Cloud Backup is an affordable option. It delivers a number of financial advantages to its users. It brings, in its wake, cost advantages and flexibilities that are rarely enjoyed with other IT innovations. Customers signing up for the platform can replace CAPEX with OPEX as the infrastructure is rented not owned. This results in reduced hardware investment and maintenance costs, reduced capacity needs, reduced technology risks, increased productivity, and improved user experience. Furthermore, BTL’s innovative approach to IT supports green computing and accommodates the globalisation aspirations of enterprises.

BTL’s Cloud Backup is easy to deploy. The software almost configures itself and wizard screens guide the user over the humps and bumps of installing and commissioning the software and initiating the backup. Administrators can create, edit, run backup sets, restore and delete files or view user-activity logs from a central management console anywhere, anytime, using a web-browser-based interface that merely requires input parameters for authentication and authorisation. The easy to use dashboard comes with robust features and functionalities, smart defaults for effective and efficient management of your data. The data itself resides in an encrypted format on secure physical or virtual servers that are systematically and dynamically replicated/mirrored for high availability and disaster recovery.

BTL offers multi-level support to users of their cloud platform. Customer satisfaction is very important for BTL and it has shown its eagerness to help its customers by deploying dedicated service personnel.

Customers, who want to know more about how the service works or how they can optimise on the cloud storage platform, can take advantage of the elaborate knowledge base BTL has developed. Trial versions of the software can be downloaded and tested free of charge for a period of 30 days before any buying decisions need to be made!

BTL utilises 256-bit AES security and multiple data centres located on two continents to ensure data protection and availability. BTL offers IT service providers a secure data solution combined with a robust partner program, the efficiencies of full web-based account management, and an industry leading technical support team. Visit www.backup-technology.com

 

Tips to Follow Before Transferring Data to the Cloud – Part II

In Part I of our series, we did list some tips to follow before transferring data to the cloud. Below, in Part II, we will further discuss additional points:

5 – Move First and then Renovate

It is critical to test the migration first and then make a thorough plan. Cloud users are capable of controlling the economies of scale of the cloud, reduce capital spending and save time through selecting cloud just like an application design centre, instead of re-architecting the existing applications and to make it suitable for the cloud. Therefore, it is recommended to refine and improve cloud applications after developing the necessary basic constituents of the cloud.

6 – Crunch the Numbers to Understand Costs

The primary reason to transfer data to the cloud is to save money. It is quite simple to get costs of infrastructure by calculating the used money on vendor support, servers and licenses. However, it is challenging to get an estimate of time spent by the most expensive members of the team. How much time does it take to carry on the legacy systems, solving problems, deleting HR records manually, double entering payroll information, troubleshooting and fixing the application errors on various desktops, and restoring data from backups? If a company has a clear sense of all these types of associated costs, then it is possible to make an assessment of SaaS and hosted solutions; and as a result, the path to the cloud will be very clear.

7 – Security Should be Considered

Security is a huge concern while considering a move to the cloud. In order to stay compliant, you need to look into industry standards. Use third-party sources, such as the Cloud Security Alliance Consensus Assessments Initiative Questionnaire [1] to guide you through the process of understanding potential security pitfalls.

In addition, you need to select cloud storage services that are certified by standards, such as FIPS-140. These solutions offer multiple layers of security and are impossible to hack. Choose a service provider that is well known and respected in the industry, that enforces audit policies on apps and all data stored in its cloud.

8 – Secure your Management Console

The cloud computing console is the life-line of your entire data centre. This means, the management console must always be protected at all times, or else it could be hacked for ransom, as in the case of Code Spaces, which was forced to close after the hackers deleted all of its data when the ransom was not paid.

Finding the Balance Between Value and Cost of Data Protection

The need to align value to cost of data protection is not new. What is new is the pressure for data protection in cost effective ways. The emergence of cloud computing is largely responsible for increasing pressures and redefining ways in which data can be protected.

IT administrators in charge of Information governance strategies in the cloud must:

  • Streamline processes;
  • Reduce costs and risks;
  • Leverage information effectively, and;
  • Evolve effective information delivery protocols.

IT Administrators migrating data to cloud storage servers, begin by assessing the available backup and archiving infrastructures in use and match it with policies and processes to arrive at an understanding of what needs to be done. They prepare a recovery service catalogue that aligns business needs to backup and archive solutions. This leads to the creation of high level architectures for the environment and development of business cases for illustrating current and projected costs, estimated savings and firm recommendations to the management for investing in cloud based backup infrastructures.

Therefore, cloud solution architectures that align value to cost of data protection, are considered to be critical to business processes and decisions that impact organisation growth, risk and profitability. Information optimised cloud backup and storage solutions are built around concepts of appropriate infrastructure, data management and data delivery. Tiered storage and information centric data storage solutions and services that pan across heterogeneous environments are desired for driving down costs and aligning value of data to protection of data. In short, the cloud platform is viewed as a means for storage managers to logically transmit data to secure storage tiers for matching information attributes, establishing enterprise wide business continuity and managing data stores from a central location with user-friendly application interfaces.

Businesses need to take care of their information assets in cost effective ways. Forward-looking organisations take this stewardship seriously and ensure quality, compliance and information protection in the cloud. The cost of data protection is rightly aligned with data protection as they appreciate that data breaches are expensive in terms of reputation, brand image, customer satisfaction and litigation under the different regulations that govern the enterprise. They leverage the best practises of the cloud to meet industry standards and data security objectives. They create value based information governance objectives that clarifies individual roles and responsibilities and provides necessary guidelines for effective management of information in the cloud across the enterprise.

Backup Technology Limited is proud to provide a value-cost balanced cloud backup services to small and large enterprises globally. Why not give our services a try? Contact BTL for more details — www.Backup-Technology.com

Our Customers

  • ATOS
  • Age UK
  • Alliance Pharma
  • Liverpool Football Club
  • CSC
  • Centrica
  • Citizens Advice
  • City of London
  • Fujitsu
  • Government Offices
  • HCL
  • LK Bennett
  • Lambretta Clothing
  • Leicester City
  • Lloyds Register
  • Logica
  • Meadowvale
  • National Farmers Union
  • Network Rail
  • PKR

Sales question? Need support? Start a chat session with one of our experts!

For support, call the 24-hour hotline:

UK: 0800 999 3600
US: 800-220-7013

Or, if you've been given a screen sharing code:

Existing customer?

Click below to login to our secure enterprise Portal and view the real-time status of your data protection.

Login to Portal