THE ZETTA.NET BLOG

Cloud Backup & Disaster Recovery
News and Info

Archive for the ‘Disaster Recovery’ Category

June 23, 2014

What the Code Spaces Disaster Means (and Doesn't Mean) for Your Cloud Backups

Laura is Zetta.net's Content Marketing Manager. She writes, edits, designs and drinks too much coffee.

DataDestructionBy now you’ve probably read about the sad fate of Codespaces.com. To recap, someone hacked Code Spaces’s Amazon Web Services account and demanded a ransom; when Code Spaces did not cooperate, the attacker deleted the majority of their (and their customers’) data, their backups, their offsite backups and their machine configurations, forcing Code Spaces to permanently close down. This is the ultimate nightmare of malicious intrusions, and our thoughts are with Code Spaces employees and customers.

This incident has also raised a lot of questions about cloud security, and we’ve seen some inquiries from people understandably concerned about the safety of their backups in the cloud. But “cloud” isn’t a monolithic term – there’s plenty of variety in how a cloud service might be built and managed. So, we’d like to take this opportunity to explain how our setup differs from what Code Spaces had, and how we protect our customers from similar attacks.

The Ownership Question

A major difference between Zetta.net and how Code Spaces was set up is in ownership of infrastructure. Code Spaces built their service on Amazon’s cloud. This might have offered initial capital savings, but it also ceded pretty much all control over how their system was set up.

We own our cloud, its logical infrastructure and the computers that run it, so we control all facets of how it operates. The safety of our customers’ data is very important to us and we pride ourselves on our high security standards. We use SSL encryption in flight and AES encryption at rest, with a unique encryption key for each customer. Our service is audited according to the SSAE 16 standard, and we’re compliant with strict regulations like HIPAA and ITAR.

But external security might not have mattered for Code Spaces – as of right now, it’s believed the attack against them was probably carried out with compromised credentials. What‘s stopping someone from stealing a Zetta.net user’s credentials and mounting a similar attack?

Partners, Not Landlords

Using Amazon Web Services is a bit like renting a physical office space – you get the keys from the landlord (in this case Amazon), and the rest is up to you. This is perfect for some use cases, but backups aren’t really one of them. In this case, the way Code Spaces set up their system allowed the intruder to essentially waltz in and burn the whole thing down from their AWS control panel.

As a professional backup service, Zetta.net is more of a partner than a landlord. It’s our business to ensure that your backups are secure and ready for recovery if you should ever need them. For that reason, we have checks in place that prevent the wholesale deletion of data in our care.

Crucially, we don’t have a single point of failure. Part of our service is to take regular snapshots of a customer’s data for disaster recovery purposes. Unlike primary data, snapshots can’t be deleted by the end user – only by Zetta.net support personnel. This helps us protect our customers from malicious impersonators or rogue employees – even if an attacker were to illegally access a customer’s account and delete their primary data, those snapshots would still exist safely in our servers, out of reach. Additionally, our use of data replication technology means that even if a snapshot were deleted, it would still be recoverable from the replication.

Introducing 2-Factor Authentication

Our system protects our customers from losing their data if an unauthorized user accesses their account – but it’s even better if the unauthorized access just doesn’t occur. To that end, we’re proud to announce that Zetta.net will begin offering 2-factor authentication for all our customers this summer. This feature has been in the works for some time, but we’ve moved up the release announcement in light of the Code Spaces disaster.

If you aren’t familiar with it, 2-factor authentication helps protect your account by requiring two pieces of information in order to log in. The first is your password, which you would enter as you normally do. The second is a random number code sent to your phone, either by text or via an app. Even if a hacker steals your password in a phishing attack, they wouldn’t have the code from your phone and thus couldn’t log into your account. 2-factor authentication can greatly reduce the risk of account hijackings, and we urge all customers to use this feature as soon as it’s released.

There’s a lot to learn from the shocking attack on Code Spaces, but the biggest lesson might be that just because a service is “cloud” doesn’t mean it’s bulletproof. It’s important to remember that all clouds are NOT created equal. Like physical systems, clouds can be configured in ways that makes them more or less vulnerable to attack, and it’s important to do your diligence when selecting a cloud service. Hackers are going to keep getting more sophisticated in their attacks. The good guys have to keep up.

Courtenay Troxel

February 19, 2014

Cloud DR: A Sure Path to Higher Recurring Revenue

Courtenay is a Channel Marketing Strategist at Zetta.net.

more_customersWith business continuity and disaster recovery (DR) a hot button for organizations today, 2014 could be a banner year for manged service providers (MSPs) that align with the right cloud backup and DR provider.

Gartner predicts that at least 30 percent of organizations will change backup vendors this year due to frustration around cost, complexity, and capability. In addition, while more than 90% of the top MSPs offer managed backup services as part of their lineup, most of the offerings are well suited to on-premise data management, not the off-site protection critical for business continuity and disaster recovery, according to MSPMentor.

Both data points lead to the same conclusion—that there’s ample opportunity for a managed service provider to widen their customer base and better serve existing clients by tapping into a high-performance DR solution that’s cost effective and easy to implement.

Despite high customer demand, many MSPs have yet to add DR to their services menu because of the perceived notion that profit margins are thin and there are concerns about having to make a significant investment that could offset a healthy revenue stream.

Yet with the right cloud DR solution, that need not be the case. MSPs can potentially boost monthly recurring revenue (MRR) while expanding their customer base simply by addressing the gap in their services portfolio with a high-performance DR solution that’s optimized for the cloud without the cost of a hardware appliance. With no back-end investment in costly hardware, MSPs can get to market quickly with premium-priced services that will expand their revenue base and keep customers satisfied in one fell swoop.

Unlocking Higher MRR

Zetta.net’s cloud DR solution is poised unlock2to help MSPs unlock a higher MRR stream with no investment in costly appliances. For example, Zetta.net partners combined enjoyed 1900% customer data growth in 2013.

WAN-optimized to deliver enterprise-grade data transfer speeds, Zetta.net allows MSPs to offer clients a backup and DR solution that can recover up to 5TB in 24 hours.

With plug-ins for SQL, Exchange, System State, NetApp, VMware, and Hyper-V, Zetta.net can be deployed as a DR resource to meet the range of customer needs. The platform is also compliant with the backup and DR requirements specified by numerous regulations, including HIPAA (Health Insurance Portability and Accountability Act) governing the health care sector to FINRA (Financial Industry Regulatory Authority) in the financial market, as well as ITAR (International Traffic in Arms Regulations), among others.

With Zetta.net’s verified backup and 24/7 customer support, MSPs can deliver a DR solution that will earn customers’ trust while opening up higher revenue stream without significant upfront investment. In any book, that’s called a win-win. Find out how partnering with Zetta.net helps grow your managed service provider business.

Courtenay Troxel

December 31, 2013

To Be Or Not To Be With Cloud Backup in 2014

Courtenay is a Channel Marketing Strategist at Zetta.net.

tobeornot

2013 was a big year for cloud backup, although there were definitely some bumps in the road along the way.

The cloud increasingly garnered traction with small- and mid-sized businesses hungry for ways to quick-start mission-critical services without incurring huge investments in IT and hardware infrastructure and without paying for capabilities they would never use.

Cloud backup solutions, in particular, were especially in favor as Managed Service Providers (MSPs) rushed to add them to their solution suites, affording customers a solution that meets their technical and budgetary requirements while also providing MSPs with a path to additional revenue streams.

Yet all wasn’t completely rosy on cloud-backup front. MSPs had to contend with a service offering that did not keep pace with explosive data growth and support the optimal performance needed as we headed into 2014.

With that in mind, here are the top seven cloud backup non-predications that we firmly believe must not carry over into next year in order for MSPs to accelerate their course to higher margins, reduced customer churn, and increasing profitability.

7. Backup appliappliance_hoarder_V2ance hoarding is on the rise: This disorder affects those who feel the need to buy appliances when it’s not necessary, even in the cloud.

6. Enterprises don’t really care about meeting their backup windows—consumer-grade cloud backup is good enough.

5. HIPAA is no big deal because disregarding it only means penalties and fines.

4. Businesses are just saying NO to speed and performance because it’s okay to wait weeks to restore data.

3. Complexity rules! Having to log into multiple servers across all clients’ various locations keeps you close to their heart.

2. Time doesn’t equal money—It’s a boatload of fun taking hours to install backup agents, create the jobs, and do multiple reboots just to get backups started.

1. Symantec BackupExec.cloud resurrects as Norton.cloud to test your patience, yet again!

Cloud Backup Must Evolve

In all seriousness, here are five trends that will showcase why cloud backup offerings will need to mature in 2014:

5. Cloud backup support for transferring larger data sets needs to be faster as customer demands for data availability increase.

4. Enterprise-grade cloud backups will ditch appliances to reduce complexity and eliminate initial costs for MSPs.

3. The race racefor customer loyalty goes from 0-60  mph in 3 seconds as MSPs focus efforts on reducing churn with the right cloud offering–backup leads the charge.

2. Backup reliability will increase with the wide adoption of cloud backup services.

1. 2014 will be the year of Disaster Recovery as a service as the need to instantly restore data becomes mainstream.

So get ready. 2014 promises to be the year cloud backup grows up. To learn how Zetta.net is helping to change the rules around cloud backup, check us out at www.zetta.net/partners.

 

Courtenay Troxel

November 19, 2013

Best Practices for Building a Disaster Recovery Plan

Courtenay is a Channel Marketing Strategist at Zetta.net.

 
The presentation above and post below were originally developed by Rich Webster, Zetta’s Director of Operations, who has 20+ years of exerience protecting enterprise IT envrionments at such companies as Netscape, eBay, and Shutterfly.
 
IT disasters happen every day, in every company. With the right preparation, no one ever hears about them. Without it, these disasters can make the evening news. The key to any DR effort is realizing that disasters in the IT business will happen and if the IT staff has done its due diligence, users will not know that anything was wrong.
 
IT Disasters come in a multitude of flavors. This can be defined as anything from the loss of network connectivity to the loss of a data center. The simplest components are often the culprits: Datacenters don’t normally go down, power supplies do. Network providers don’t normally go down, NIC cards do. Fortify yourself against the small issues and you will have protected yourself against 90% of issues that may impact your customer base.

Disaster Recovery Plan Step 1: Business Impact Analysis

 
The first step is to define what your company can not live without, otherwise known as a Business Impact Analysis (BIA). This step of the DR process will involve the leaders of your company as they are the ones that will define what applications the company must keep up and running in order for the company to do business, the “mission critical applications.”
 
Once the mission critical applications have been identified, you must then agree upon what is acceptable downtime or the recovery time objective (RTO). The difference between zero downtime and fifteen minutes of downtime is significant from a cost perspective.

Disaster Recovery Plan Step 2: Risk Assesment

 
Once your mission critical applications have been identified and your RTO has been defined you can then begin to architect your disaster recovery strategy. Begin looking at your infrastructure from two vantage points:
 
1. The infrastructure that you control.
2. The infrastructure that you don’t control.
 
In regard to the infrastructure that you control, look for single points of failure. This, by far, is the number one cause of disruption to your customers. Have your IT team map out the underlying infrastructure and identify the single points of failure. As an old boss used to tell me, in the IT business, “two equals one and one equals none.” If you have a single network card in a server and it goes down, you have none. If you have your data stored in one location and it goes down, you have none. If you only have one network provider and it goes down, you have none.
 
In regard to the infrastructure you don’t control, begin looking at your external partnerships. Since you cannot control their infrastructure, you will need to find ways to mitigate issues should they encounter problems. For example, store your primary copy of data in your data center, but put the secondary copy into the cloud. Talk with different network providers and bring a second link into your data center.

Disaster Recovery Plan Step 3: Risk Management

 
Once you’ve defined the risks, it’s time to take action to mitigate them. Add a second network card into your systems. Buy servers with dual power supplies. Have dual power feeds brought into your rack and then plug in your systems into different power sources. Set up mission critical servers in an active passive configuration. Build your environment in such a way that you can deal with the most common failure scenarios.

Disaster Recovery Plan Step 4: Testing

 
The last step is to test your failure scenarios under controlled circumstances. It is better to uncover a shortcoming in your infrastructure during a planned test than to uncover it during a real time emergency. In a controlled test, if you uncover that one of your network cards is not working properly, you can abort the test, buy and install a new card and the run the test again. If you uncover this during a real emergency, it will take me time to purchase and install the new card, thus missing your RTO. As I mentioned at the outset, this will allow you to withstand 90% of the common issues that bring down your site.
 

Free To Download Disaster Recovery Plan Templates:

 
TechTarget: Top five free disaster recovery plan templates
 
IBM: Disaster recovery plan template
 
Michigan State University: Step by Step Guide for Disaster Recovery Planning
 
Texas A&M University: Step by Step Guide for Disaster Recovery Planning
 
Zetta.net’s cloud backup & DR solution enables backup and recovery of up to 5TB in 24 hours so organizations can continue operating even after large scale data disaster events. Learn more about Zetta’s technology or see how much it would cost in your environment.

Courtenay Troxel

October 24, 2013

5 Epic Saves and the Disaster Recovery Heroes Behind Them

Courtenay is a Channel Marketing Strategist at Zetta.net.

Here are 5 epic saves, that without a disaster recovery hero in the right place at the right time, would have turned out very badly indeed.

5. SysAdmin George’s Data Disaster Recovery

 
George is still in his pajamas when the disasters start raining down on him. First, he gets an alarming text from the office, “Server died. WTF.” This 3-word message actually tells an experienced SysAdmin like a George quite a lot. He knows there’s a problem with a production server at work (since a user noticed the issue), that the person who sent him the message has no idea how to solve it (WTF), and that he needs to get to the office ASAP (as usual).
 
Why he’s a disaster recovery hero: Instantly recovering the files his team needs using Zetta’s enterprise-grade cloud backup and disaster recovery solution makes George into a hero. His next step is to find the guy that that deleted all data from the file server by running the “rm -rf *” command in the first place.

4. Fireman Cory Kalanick Saves a Kitten From a Burning House

 
This video shows Fresno, CA firefighter Cory Kalanick recovering a tiny unconscious kitten from a burning house, and resuscitating it with a child’s oxygen mask and water from his truck.
 
Why he’s a disaster recovery hero: The care and attention that Kalanick puts into saving this tiny pet is the classic definition of a hero, “a person who is admired for outstanding noble qualities.”

3. The Matrix: When Neo Stops Bullets With His Hand

 
In The Matrix, when Neo first masters the ability to control the matrix and moves beyond dodging bullets to stopping them with a wave of his hand (really, his mind) he finally assumes the mantle of “the one,” with the power to save humanity from an eternity of enslavement by machines.
 
Why he’s a disaster recovery hero: In universe where The Matrix takes place, the initial disaster of machine dominance has already taken place, but without Neo stepping-up to challenge their rule, there could be no recovery.

2. Boston Red Sox in the 2004 ALCS

 
The Boston Red Sox victory in the 2004 American League Championship Series has been called, “The greatest comeback in the history of the game,” by legendary broadcaster Jon Miller. Down 3 games to none against the Yankees, the Red Sox won the series 4-3 before going on to sweep the St. Louis Cardinals in the World Series.
 
Why they’re disaster recovery heroes: From winning game 4 after being down 4-3 in the 9th inning to Curt Schilling’s bloody sock, this was a full team effort – running as much on determination as skill – to deliver the first World Series championship to New England in 86 years.

1. Superman Saves Lois Lane

 
As the ultimate hero archetype, Superman is famous across decades and across media as the guy who makes epic saves. Of course, having almost unlimited strength and being able to fly is a bit of an advantage, but Superman’s dedication to coming in at just the right moment to save Lois, and often the world deserves recognition.
 
Why he’s a disaster recovery hero: He’s Superman, the ne plus ultra of heroes.
 
Know another epic save or disaster recovery? Comment away!



Privacy & Terms | Site Map
© 2014 Zetta, Inc. All rights reserved.