facebookpixel

A Silver Lining of Innovation

Archive

It is been a long time coming. Two full days of sessions with our valued customers and those interested in our solutions. We’re excited to be hosting VirtualQ I Protect & Archive , a virtual event featuring live keynotes, educational sessions, and technology demonstrations, from June 9-10, 2020. Over the course of two days, we will present on the latest data protection and business continuity developments, as well as host virtual sessions featuring subject-matter experts and technology partners, including Veeam and WekaIO and we hope you can join us!

During this time, you can plan to learn about protecting and preserving your most critical data including:

  • Preparing for a future where 80% of data is unstructured
  • Best practices for backing up and managing immense amounts of data
  • Machine learning at scale (with WekaIO)
  • The role of object storage within Enterprise IT
  • Tactics to protect data from ransomware and cyber threats
  • The latest innovations to come from Quantum’s partnership with Veeam

With all these relevant topics, even during a pandemic like the one we are living through right now, data keeps growing. And there is no better way to face the future where 80% of data is unstructured than preparing for it. Though we stopped going to the office, we have not stopped creating data and, even more so, now that we are working remotely, these end points are creating data at immense speeds and in more ways than one. What is the silver lining in all this? It is driving our engineers to create new technology and enhancing our solutions to perform and deliver on our customer’s needs. The more we are pressed, the more innovation is squeezed out to improve our solutions and services. We are excited to share the latest with you during these sessions.

So, what is Quantum doing to help you? We are innovating. We are adding advanced features that will enable you to securely protect and archive your data cost-effectively whether you chose disk, tape, or object storage. We are driving with performance. Have you checked out the latest performance numbers on our flagship DXi backup appliance? We are also integrating tightly with our technology partners such as WekaIO and Veeam to meet or exceed your service level agreements (SLA’s). The discussion around object store is always an interesting one as organizations are still learning to navigate the murky waters of the cloud, given some of those hidden fees, security hazards, and how it is really meant to be used so that it doesn’t break the bank. Finally, we will discuss the latest ransomware tactics leveraged by criminals and why they are after your backup infrastructure. This and much more, and we hope you can join us.

Register Now. You can register for our virtual sessions at VirtualQ I Protect & Archive .

To view our Partner blog, click here

Business Continuity for the New Normal in IT Environments

CMMA Blog

With a remote workforce, endpoints will generate a lot of data and more IP will be leaving your premises.  Intellectual Property (IP), Financial Data, and Personnel Data are important data sets to be secured. What do you do? Clearly, it’s an open-ended question, but I want to lean in on this topic in the context of implementing security and protecting your data for continued operations in the midst of a crisis with nearly 100% remote workforce as we adjust to a rapidly evolving new normal for managing IT environments.

Maybe your IT organization is like Quantum’s in that you had a head start and prepared to weather this storm because you had previously established a business strategy that allowed your employees to work remotely as part of your normal business operations. If you did not have a head start, it’s understandable and you are now in a reactive mode. Nobody was ready for such a crisis nonetheless, preparedness is key. To deploy a remote workforce that is cost-effective, secure, reliable, and resilient, it takes time to develop and rollout as you prioritize hardware or software requirements within your infrastructure. Here are a few key insights from our own Quantum IT.

Enterprise Applications in the Cloud

At Quantum, every employee is issued a portable computer – either a Windows-based laptop or a MacBook, depending on the needs of the user. We also employ SaaS solutions like Microsoft 365. This provides us collaboration tools like Microsoft Teams and Exchange Online as well as business productivity tools either online or installed on the laptop. In addition, other of our Enterprise applications are SaaS based, meaning they are accessible from anywhere over the internet. Example:  CRM (SalesForce.com). Leveraging the public cloud in this scenario is a good cost-effective solution that enables a remote workforce effective and efficiently.

Protection – Encryption

You’ve heard the saying: “Safety First.” In the digital era the profile of this statement has never been more important than today. It begins with a secured foundation at the server level (normally at the core). If your foundation is weak the rest of your endpoints will probably resemble the same weak structure. Do not take the shortcut, when possible leverage solutions such as:

Data encryption at rest and in transit. In transit, web data should always be sent via https. Also look at the various encryption models: Client-side, Server-side with service-managed keys, Server-side with Customer-managed keys. Also consider using a Key Vault to securely store keys.

Client-side encryption

Client-side encryption is performed outside of Azure. It includes:

  • Data encrypted by an application that is running in the customer’s datacenter or by a service application.
  • Data that is already encrypted when it is received by Azure.

With client-side encryption, cloud service providers do not have access to the encryption keys and cannot decrypt this data. You maintain complete control of the keys.

Server-Side Encryption

The three server-side encryption models offer different key management characteristics, which you can choose according to your requirements:

  • Service-managed keys: Provides a combination of control and convenience with low overhead.
  • Customer-managed keys: Gives you control over the keys, including Bring Your Own Keys (BYOK) support, or allows you to generate new ones.
  • Service-managed keys in customer-controlled hardware: Enables you to manage keys in your proprietary repository, outside of Microsoft control. This characteristic is called Host Your Own Key (HYOK). However, configuration is complex, and most Azure services do not support this model.

Cybersecurity

 IDC research shows that 93% of organizations have been attacked within the past three years (source: https://dl.acronis.com/u/rc/WP_IDC_Acronis_Cyber_Protection_EN-US_200403.pdf ). It is time to tighten up the integration of data protection, disaster recovery, and data security operations within the cybersecurity strategy and think about backups as part of your cybersecurity approach. Threats from ransomware and other malware are prevalent and there are plenty more threats engineered with AI capabilities to infiltrate your datacenter. Whatever cyber-security software or backup method you choose, (Flash, SSDs, HDD, Tape) or environment (physical, virtual, multi-cloud) or, the goal is to integrate what used to be silos and build a resilient IT operation.

Availability & Resiliency

Because of an enterprise’s global reach, systems and application need to be ready and available 24/7. Backup applications need to be efficient and predictable across multiple platforms. Any threat such as natural, man-made or cyber is disruptive to an IT environment; a resilient system is key to recover quickly and efficiently to withstand unforeseen events and ensure data is secure and available at any moment in time. Employ a backup method that enables the replication to a DR site or cloud provider by employing on-prem, cloud or a hybrid approach to backup. Our current global situation has reset many priorities and all these topics are now top of mind.

VDI

As the threat to businesses continues, a large majority of organizations have turned to VDI to rapidly deploy virtual desktop infrastructures and release a mobile workforce that can be as productive as if they were in the office. Virtual desktop infrastructure (VDI) is defined as the hosting of desktop environments on a central server. In other words, it’s like having a structured office available on-demand allowing you the ability to access virtual data and applications and you are really just shifting the compute cost from the endpoint to the data center (if on premises) or the cloud. To us, this is a very cost-effective solution that helps keep the data centralized and off endpoints which are more susceptible to data loss. One of the cool things about VDI, is break/fix becomes a lot easier because you can quickly “spin up” a new desktop for a user if their current desktop becomes corrupt. Also makes things like patch management and OS updates easier as it is all centrally managed i.e. lower administrative overhead.

Flexibility

An important part of the equation is flexibility. Whatever strategy you chose that meets your organization’s business goals or in this case, an effective and secured remote workforce for business continuity (BC), your solution should be flexible to adjust as needed to meet the demands of current and future national or global events that can affect your datacenter. This current global crisis is a good example of how quickly organization learned if the were ahead of behind the curve. Technology by itself cannot meet the need alone, it needs a strategy built upon it to mitigate risks associated with ‘crisis’ type events and or simple business continuity.

Data Protection

It has never been more important to back up data on the regular. With Ransomware getting more sophisticated, we need to adapt and build IT environments to expect (and withstand) an attack – there are some strains out there that as far as we know, there are no decryption tools available so you must have alternative methods to recover your data. Let’s remember that criminals are no longer using mass campaigns, instead they are going for remote access – remote desktop protocol was the most used entry vector.

In our new normal, we hope our insight provides some guidance to building, securing and protecting your data, your remote workforce, your network and helps you build solid business continuity plans… no matter what disaster comes your way. Check out our QonQ business continuity webinar here .

To view our Partner blog, click here

Keeping Your Data Protected During Chaotic Times

CMMA Blog

The world events of the past weeks have given us a clear view of what not having a plan looks like. We are learning that current infrastructures cannot support a pandemic the likes of what we’re currently living through and we’re managing it in crisis mode. Learning this lesson came at a great cost, but it is challenging us to rethink our preparedness. As I sit here on a stay indoor order from our local leadership and doing my due diligence to protect myself and others, I can’t help but draw parallels (being in the technology space) from these life-altering events to digital cyber-criminal events that are occurring right now as I write this. In my last blog, I wrote about the importance of testing your IT network and pointed out some strategies to use to ensure you are well prepared should ransomware or other cyber-attacks infiltrate your datacenter and cause irreparable damage. In this blog, I want to discuss – no, stress once again the importance of testing your backup strategies and business continuity plans.

Training & Preparedness

With a lot of the workforce working remotely, it is crucial that employees are trained to be alert to activity that targets regular users like you and me – watch out for those coronavirus emails that are being used as bait by phishers! There are sites that are using COVID-19 and Coronavirus as a lure to make victims ‘click the link’. Paul Chichester, Director of Operations at the NCSC, said: “We know that cybercriminals are opportunistic and will look to exploit people’s fears, and this has undoubtedly been the case with the Coronavirus outbreak.

Time and time again we’ve heard that cyber-attacks come in different forms such as data breaches, ransomware, phishing campaigns, and even some advanced hacking attacks. Investing in an excellent cybersecurity software plus employee training will play a major role in averting a disaster. Persistent criminals will take advantage of the opportunity to infiltrate your network via the various forms of cyber-attacks so let’s learn from previous incidents causing millions of dollars in damage (see previous blog – link) and avoid the same fate as best we can. Just last week, a report on the NCSC site stated that a global network of bots was brought down and dismantled. These criminals are believed to have infected more than nine million computers worldwide. https://www.ncsc.gov.uk/report/weekly-threat-report-13th-march-2020

The right mix of technology

Let’s start by asking the right questions. First, asses your cyber risk. Check out the NCSC website for guidance https://www.ncsc.gov.uk/collection/risk-management-collection/essential-topics . Is your organization prepared to weather a cyber-attack? Is your network not only protected but resilient and able to predictably recover stolen, encrypted or lost data? What are the RPO/RTO’s that need to be met, and can they be met with your current data protection technology? If your network backup copies are compromised, do you have a copy offline and air-gapped? These and many more questions need to be asked to ensure that whatever data protection solution you choose, test your Business Continuity (BC) and Disaster Recovery (DR) to understand efficiency resiliency and predictability so you have the peace of mind that your data is protected.

The experts, highly recommended that you apply the time-tested best practice rule of 3-2-1-1 rule to be safe. Have both disk and tape to ensure a reliable copy is available when you need it. Whether you use cloud or hardware on-prem, be it fast performance technology to quickly process your hot data to cold storage technologies for long-term storage – the most cost-effective way to tier-off your data as it shifts in value is to leverage the different technologies that are available.  Here is an example from Quantum with DXi and object storage for enterprise backup where cost-effectiveness, scalability, and management of unstructured data is of extreme importance.

drblog1

All these technologies combined will help you meet your RPO/RTO’s but in addition, should you need to call on your backup copy for any reason and your copy on spinning disk is compromised, your insurance will be the copy that is offline and air-gapped.

If we knew when disaster will strike, everyone would prepare. The reality is we never know. Test and practice your response to a cyber-attack. Whether you are small or large organizations, testing your resiliency is critical. Create practice scenarios in a safe environment where you can test your network and backup strategies, there are plenty of online help tools available if you’re organization does not have IT, professionals, to handle this type of exercise. Be prepared to handle a crisis scenario. If you’re in the public sector and funds are tight, leverage organizations like NCSC with their exercise in a box tool to practice your response https://www.ncsc.gov.uk/information/exercise-in-a-box .

These times call on us to provide you, the IT professional with
all the tools and necessary information to help you make the best decision for
your organization. Crisis or no crisis preparedness is key!

To view our Partner blog, click here

World Backup Day

CMMA Blog

Today is World Backup Day and we are celebrating and gently reminding IT organizations across the world, backup your data! Though we celebrate it once a year, it does not mean we backup data once a year. Let’s consider 3 reasons why backing up to protect your data is crucial to your organization: 

The Rising Tide of Data 

Managing data is becoming a challenge for many IT organizations. The continued rising volumes of data is putting pressure on backup strategies that were once effective. IT leaders need to find the latest, fastest, most cost-effective forms of backup solutions that can make sizeable backups manageable and easy to implement. IDC projects that there will be 79.4ZB of data created by connected IoT devices by 2025, growing from 13.6ZB. Unstructured content related to entertainment (creation, production, distribution and consumer consumption) continues to be the largest category of data.” This volume of data presents many challenges so backup methodologies and strategies need to be revisited often. Finding the right backup tools and methodology are an essential piece to finding the right recipe for your organization as is preparing your infrastructure for the vast amount of data that is being generated. 

Back Up Regularly to Avoid Disaster 

Why do you need to backup anyway? Because you never know. Infrastructure hardware will fail. Malware, such as ransomware will strike, and humans will make errors. There is no question IT Managers must be prepared for those moments when disaster strikes a blow when you least expect. Backing up your data regularly will ensure you can protect and recover data quickly and effectively. In addition, they should be done intelligently to address the hyper-growth and the requirement for hyper-availability. Part of finding the right solution requires an analysis to help determine the value of data to efficiently manage greater volumes that applications are generating. It is a necessity not a luxury to future-proof your infrastructure.  This exercise helps organizations acquire the correct tier of technology to not only manage but restore within the specified SLAs of the organization. 

Ransomware 

Highlighting ransomware is important because of its prevalence in cyberspace. Threats and attacks are getting more aggressive and those ransomware-focused threat actors are using creative means to break into systems and deploy ransomware for the threat actor’s payday (Source: TechCrunch). There is a rule as old as time that has been proven true time and time again:

Keep 3 copies of your data, using 2 different storage media types (object, flash, HDD, tape) 1 offsite (physically separate from the building such as DR site), and 1 offline (completely disconnected from your network).

Keeping a clearly defined data copy offline and air-gapped to protect against malware attack will enable you to retrieve that data and get back up to speed faster and back to business sooner in the case where your network-connected copies are compromised. 

Conclusion 

World Backup Day is not about backing up just one day of the year. Let today serve as an awareness day to remind enterprises and SMB’s that protecting data by backing it up regularly will prevent disasters that can come in any form. Restoring data from a backup copy will allow businesses to resume operations effectively. There is value in protecting your data. What is the value? In many cases, unquantified. Preserve and protecting your data, whether for the three factors mentioned or to simply provide the continuity of business operations. Learn more about our Enterprise Backup and Archive solutions .

To view our Partner blog, click here

Ransomware’s Latest Hits

CMMA Blog

Ransomware remained at the top of the charts last year, as one of the most cunning and vicious forms of data theft. Ransomware attacks take place every 14 seconds and have increased by 700% since 2016. The loss of access to production data cost companies around $11 billion in financial, productivity, and downtime losses in 2019. Sifting through the latest ransomware news, I find it alarming that some organizations still do not see ransomware protection as a number one priority to protect their IT infrastructure. With the continued attacks on unsuspecting companies, the crafty criminals are getting away with a huge paycheck and with your data.

Public, Education, and Healthcare Organizations
are Likely Targets

According to recent data, public organizations and the healthcare industry are the most likely targets that could be hit the hardest this year. Many public and healthcare organizations may not have the budget to invest in the latest cyber-security software available in the market today nor do they have the systems in place to perform upgrades as needed, thereby leaving their systems vulnerable to attackers. Understandably so, it is seen as a weakness and one to be exploited where healthcare facilities can’t provide critical services to their patients. A published article by Tech Target quotes Caleb Barlow, president and CEO at healthcare cybersecurity firm, CynergisTek, in Austin, Texas. He states, “The most common attack on healthcare has involved data theft, but that’s starting to change. Today, hackers are using ransomware attacks more frequently, which have a destructive, “kinetic impact” to them. That means, you didn’t steal the data; you locked it up, destroyed it, or changed it,” Barlow said. “When those things happen, you can’t see patients.”

Ransomware is a destructive force and medical organization need to brace themselves in 2020 because these attacks will spread wider and with more frequency. This reminds me of the Campbell County Health 2019 attack, which was one of the worst recent hits because it put lives at risk. (Source: Campbell-county-memorial-hospital-ransomware attack ).

Latest string of Companies Crippled
by Ransomware

  • March 2, 2020 (Reuters) – Currency service provider Travelex on Monday estimated a 25 million pounds ($31.9 million) hit to first-quarter underlying core earnings due to the ransomware attack in late December and said it has restored all its customer-facing systems. (Source: UK Reuters/ransomware attack ). Travelex services remained offline for more than two weeks following the attack, leaving some customers cashless during the busiest travel season.
  • Among small and medium-sized businesses, in the last 12 months, twenty-two percent of organizations had to cease business operations immediately because of ransomware; Eighty-one percent of businesses have experienced a cyberattack; Sixty-six percent have suffered a data breach and thirty-five percent were victims of ransomware (Source: https://www.malwarebytes.com/ransomware/ ).
  • Legal services giant, Epiq Global, has been hit by a ransomware attack. A source with knowledge of the incident said the ransomware hit the organization’s entire fleet of computers across its 80 global offices.
  • And just recently, Visser, a parts manufacturer for Tesla and SpaceX, was hit by a more advanced, data exfiltrating ransomware. A portion of the files stolen from the company were published by the ransomware group. (Source: https://techcrunch.com/2020/03/02/epiq-global-ransomware/ ).
  • How about the Ransomware attack against the New Orleans city government earlier this year, which cost the city $7 million dollars.
  • Albany County in New York was hit by three cyberattacks in the span of three weeks in late 2019, including a Christmas day attack on the Albany County Airport Authority (ACAA) that resulted in an undisclosed ransomware payment by the ACAA. (Source: Times Union https://www.timesunion.com/business/article/Ransomware-attack-cripples-airport-authority-s-14963401.php ).

Important to know: Ransomware is getting craftier

While some reports say ransomware
is going down and others say it’s going up, the bottom line is to understand
that the illegal activity will attempt to hit your datacenter, and the only
unknown in this equation is when? The answer is you never know, but there is
ninety-nine percent chance that your organization will be targeted,
unfortunately.

It’s important to protect your IT
environment by becoming aware and by applying old but true principles of data
protection (DP) and business continuity (BC) as follows:

  • Prevention and recovery should
    both be an important part of your DP and BC strategy.
  • Upgrading legacy backup
    infrastructures is top of the list, so it doesn’t become an easy target.
  • Next, is having your backups
    current and up to date, so you can recover the most recent instances of your
    data.
  • Whether you choose to back-up on
    disk or keeping an air-gapped copy on tape, the latter of which is iron clad
    protection from ransomware because it’s air-gapped, physical barrier, you will
    ensure recoverability.
  • Backup copies should not only be
    recoverable, but they should be predictably recovered. In other words, test,
    test, test the integrity of your backup recovery system and verify it. And
    speaking of predictability, the NCSC (UK National Cyber Security Centre) has
    updated its guidance and is suggesting greater emphasis is needed on that
    offline copy.

In conclusion, the most sensible approach to protecting your data should be prevent, detect, and respond, but also protecting your backup with the 3-2-1-1 rule : 3 copies of your data, 2 different media types, 1 offline and 1 offsite.

Visit our Ransomware Protection Solutions page for the latest information on our Ransomware Protection packs, our deduplication back-up appliances, and tape solutions with LTO-8 technology .

To view our Partner blog, click here

Is STaaS Right for You?

Archive Storage

For companies that increasingly view storage as a vital utility, rather than as a capability that they want to cultivate and staff, Storage-as-a-Service (STaaS ) is becoming an increasingly attractive option. With the advent of cloud computing, IT departments started getting comfortable with software-as-a-service, infrastructure-as-a-service, and platform-as-a-service. With Amazon S3, storage-as-a-service entered the mainstream. STaaS is essentially a cloud-like storage resource, implemented as an on-premises service providing immediacy, scalability, and pay-per-use flexibility, minus the security and performance variability issues that keep enterprise users up at night.

STaaS offers some compelling benefits . End users turning
to STaaS are drawn by the ability to reduce operational and administrative
costs, eliminate unplanned capital expenditures and major upgrades, improve
control and security with on-prem infrastructure, and achieve greater
performance with less downtime.

IT departments making their first steps into the realm of
StaaS often begin with a daunting list of questions to address as they begin to
sort through basic questions of what kind of storage they require.  How much do they value security, service, and
support? How do they manage and control their environments? What is the true
value of an SLA?

Surveying the Enterprise IT Community about STaaS

John Webster, senior analyst with Evaluator Group, decided
it was time to take the temperature of the end-user community considering STaaS.
Webster surveyed 249 enterprise IT end users and conducted extensive interviews
to understand the evolving attitudes toward STaaS.

The results are
revealing. Some of the interviewees spoke glowingly of the benefits they have
seen. One noted, “Switching over to STaaS has allowed us to lifecycle our aging
storage fleet without the large CAPEX layout that would be required if we were
to purchase the storage infrastructure. We will also be getting a significant
performance uplift from the new storage hardware.”

Not surprisingly, compatibility,
security, and support are all top concerns for end users as follows:

  • 73% of those surveyed required compatibility
    with their existing IT environment. Customers
    want a STaaS vendor to be the single, consolidated source for support and
    maintenance.
  • 65% of respondents
    indicated that they want the STaaS vender to be the single source of support
    and maintenance even if the infrastructure is sourced from different suppliers.

In the area of management and control of a STaaS
environment, just 22% of survey respondents want the vendor to manage every
aspect of their STaaS environment. 11% prefer to do it all themselves. Most
want something in between.

“What I could allow the vendor to
manage and control depends on what they own. There are a lot of moving pieces
in an IT environment,” the CIO of a manufacturing firm noted. “The storage
vendor could tweak something, which causes problems upstream and we’re left
trying to figure out what changed. One of the things I hate is when vendors say
it’s not their problem or they didn’t do that. They would have to be
accountable and we would have to know what they are doing.”

Download STaas eBook

Webster’s eBook, “Storage-as-a-Service Comes of Age – A Study of
Enterprise User Perceptions and Requirements,” is now available to download for
anyone eager to learn more.

To view our Partner blog, click here