Many businesses and organizations had the assurance that their backup and disaster recovery (BDR) solutions were running in the background, protecting their data, especially when their technology solutions provider (TSP) administered them.
Then, the pandemic hit.
Organizations suddenly had remote workforces, and leaders may have lost some confidence in their BDR solutions’ capabilities, wondering, “Will we be able to access all of our data, and is it safe?”
XaaS Journal asked two experts in the BDR industry, Chris Crellin, Senior Director of Product Management for Barracuda, and Ben Nowacky, SVP of Product at Axcient, to weigh in on BDR in the era of social distancing. Heed their timely advice on what businesses and organizations should do to protect their data and the most important lessons learned about BDR from the pandemic.
What’s the Best Way to Back Up Data Generated by a Remote Workforce?
BDR solutions must be flexible enough to address changes to locations where data is generated and stored.
Nowacky explains, “In an office environment, it’s easier to corral data, as everyone is in a controlled environment. However, when people go remote, they face connectivity, file-sharing and collaboration workflows that don’t exist when you are co-located with your co-workers. The shift in business continuity is now from centralized devices in a server room to highly distributed workstations on various network connections.”
He says some organizations took the path of least resistance by setting up remote desktops and VPN connections. However, as stay-at-home orders extended, companies realized a remote-first posture could be a better fit. “MSPs are now faced with transitioning to a more sustainable model. This is changing the focus from backing up shared infrastructure to backing up endpoints through file sync and share solutions as well as cloud-based endpoint backup solutions,” Nowacky says.
Crellin adds that although MSPs should always know where their clients’ workstations and data are located and their recovery point objectives (RPOs) and recovery time objectives (RTOs), it’s critical when disaster strikes that you’re using a flexible solution.
“Connectivity to the corporate network will likely be off and on, depending on the employees’ schedule, type of workload, and internet connection quality. For example, suppose employees are using their laptops or home computers. In that case, there can often be bandwidth issues due to the internet connection quality, or in some cases, VPNs can throttle bandwidth, further slowing down or preventing backup to the cloud,” he explains.
“A flexible BDR solution that can back up data either locally or in the cloud, whether or not an employee is connected to the corporate network, is critical,” Crellin says.
BDR and Ransomware Protection
While organizations are dealing with suddenly adapting to remote work, it’s crucial that they still make cybersecurity a priority. Hackers used the pandemic to launch ransomware attacks on businesses that didn’t maintain the same level of cybersecurity with work-from-home policies as they did for their businesses.
Nowacky says, “BDR is an essential piece of the security matrix and is a strong last-line defense to ensure you never have to pay ransom to get your data back.”
Crellin says, “It’s important to note that BDR must be in place at all locations where the data lives — locally and in the cloud. In the current work-from-home scenarios, the presence of threats from ransomware means that local backup has become even more important than ever. This is another reason businesses must have scenarios to support both cloud BDR and local BDR.”
Lessons Learned
Remote work has tested backup and disaster recovery strategies, revealing weaknesses and providing insights into more effective ways to protect and manage data.
“We’ve learned from COVID-19 that disaster can come in many forms, and the work environment can change at a moment’s notice. BDR must be able to respond to these changes quickly,” Crellin says. “A BDR solution and strategy that runs slowly can inhibit a business. This is an area where MSPs can add great value by working with their customers to ensure that the systems and processes are in place to support seamless BDR that can be deployed quickly and effectively to enable data protection and security in remote work scenarios.”
“Even if you’re not dealing with the fallout from a global pandemic, businesses should always be prepared for change,” Crellin comments. “Perhaps you are a retailer evolving from brick-and-mortar to a web-based business or a small business migrating from on-premises to the cloud. Any of these changes can impact BDR strategies. In addition, other major events – wars, famine, weather changes and natural disasters, or an attack on the electric grid – can bring abrupt changes in how we work. Life is unpredictable, and having a robust BDR solution is key to quickly mitigating these changes’ impact on the security of data, infrastructure and applications.”
Nowacky believes COVID-19 has caused a fundamental shift in the marketplace. “Companies and MSPs need to focus on supporting remote-first businesses and ensuring data can be backed up and recovered in highly distributed environments. He says that the new normal will be largely decentralized with management and oversight into a distributed workforce,” he says.
He adds, “In times of crisis, it’s imperative to double-check BDR plans. A second crisis like a fire or theft can be the tipping point for a challenged company to go out of business.”
“Now is the time to inventory, test, check and consolidate. Evaluate your infrastructure to ensure things are configured – and running properly when they do. Run DR tests of your backed-up data, consolidate your architecture for simplicity and cost savings, and evaluate your retention policies,” says Nowacky. “There are opportunities to work with your vendors to save cost and develop a strong, solid BDR infrastructure.”
Also, Nowacky points out that many SMBs will rethink their strategies. “The fact that a company could work more remotely or hire remote workers is a revelation to many companies. However, supporting hardware replacements and IT helpdesks has been challenging.”
“They’ll engage with their trusted advisors to either enhance or develop and deploy a new cybersecurity and disaster recovery strategy,” he says. 
