Make Way – I’m A Professional!

I was having a conversation with a Certified Public Accountant yesterday.  I was there at his office for a different purpose but invariably the conversation turned, as it often does, to technology.  The subject of our conversation quickly became his small office network, systems and his data backup in particular.

This Accountant has a cloud backup in place.  He’s a truly small business – only he and his wife using two computers and a printer.  There’s a program that runs in the background on his computer and it regularly sends updates to the backup provider’s storage cloud for safe keeping, in case of disaster.  “Have you ever read the terms of your service agreement?” I ask.  We launch the backup software for a quick look.

In plain English the terms of use means he has agreed, once delivered to their storage, his data become property of the storage provider.  This is done presumably to protect the provider from legal liability in the event the user’s data is somehow lost due to Acts of God, corruption during transmission, no good to begin with and the like – you really cannot hold a backup provider responsible for that.  Okay, that makes sense.  The chance of an Act of God occurring is pretty slim.  Presumably the provider has redundant systems so that’s pretty safe.  Do they also have employees that never make mistakes?

Leaving that issue aside I asked the CPA whether he was comfortable having his business critical information, customer lists, customer social security numbers, tax returns and other items available for inspection on the cloud provider’s server whenever they want?  What about the nefarious “hacker”?  How do you know the providers systems aren’t already compromised?  Of course he admitted he really didn’t but he pointed out that his backup is encrypted so he’s fairly certain no one else can decrypt and view it.  Good point.

I asked him where the decryption keys for his ‘cloud’ backup were being kept?  He looked at me for a moment and then said, “Um … you know, I really don’t know, I guess they’re on this computer somewhere.”  He was not sure.  I asked him if he had a common “pass phrase” he uses when asked for one.  He really didn’t remember, point taken though.

I’ve written about the “Feel Good Backup” in the past.  The “Feel Good Backup” happens when a key business decision maker is not positive whether their company’s data is being backed up but they’re certain enough to feel comfortable that they’re doing what they need to.  The “Feel Good Backup” is a pitfall.

Your company technology is a only a tool but your company data is the gold you are mining!  Many hours each week are spent toiling in front of your technology, gathering information and providing services to your customers.  After a while it’s easy to see where the vehicle becomes the focus instead of the payload.

A common mistake and here’s why

Truck drivers worry about tires, fuel and maintaining repair of their truck because it’s the tool they use to earn a living carrying around someone else’s gold.  That gold is insured against loss and it usually doesn’t actually belong to the truck driver.  In the case of the Certified Public Accountant however, the gold is his data!  There is no insurance other than the backup he puts in place!  Forget about the computers, switches, servers, printers and employees – insure your gold!  As I’m sure most people are aware by now anyone can be replaced – “anyone” meaning any one person.  Backup your data.

So where exactly is the accountant going wrong?  Let’s review:

  • His only backup does not belong to him
  • It could disappear tomorrow and no one is responsible
  • He can retrieve but cannot read his data without a copy of the encryption key
    • He doesn’t know where the encryption key is being kept
    • His key is most likely on the computer itself – after a fire where is the computer?
  • He has no trusted surrogate

I’m glad he and I spoke because it really got him thinking.  He’s not in a panic, which is good, but he’s exploring his options and realizing that with a few small changes he can have better peace of mind and a real actual verifiable backup strategy in place.  He realizes that I’m just the messenger and he’s thankful I brought these shortcomings to light.

Mission accomplished.

 

 

 

This entry was posted in Hardware and tagged , , , , . Bookmark the permalink.

2 Responses to Make Way – I’m A Professional!

  1. Chris Williams says:

    Nice article Frank. Another thing I would certainly add is the importance of daily monitoring of the backup when it runs, including biannual disaster recovery tests. Most small businesses in South West Florida don’t have the time or energy to devote to monitoring backups and network security and thus the duty passes to us, the professionals, to monitor and manage their assets for them. While some amateurs setup backups with a ‘fire and forget’ method where they set it up and leave the small business on their own to check and maintain it, professional Managed Service Providers like PenguinComputel offer the customers ongoing services where we take care of the responsibility for you and swiftly remedy any problems with your backup as well as ensuring that your data does not outgrow your backup solution. Whether you backup to a NAS, tape drive, Carbonite, Jungle Disk, or another solution, you should reach out to your trusted solution partner for information about a managed service plan that includes monitoring your backups. If you’re a small business and you’re reading this, you don’t have someone monitoring and you can’t recall if your most recent backup succeeded, call your solutions provider and ask them about monitoring as soon as possible.

  2. Ed Gray says:

    For really important files I like the 3-2-1 backup rule:

    The 3-2-1 Rule
    The simplest way to remember how to back up your images safely is to use the 3-2-1 rule.

    Keeping 3 copies of any important file (a primary and two backups).
    Have the files on 2 different media types (such as hard drive and optical media), to protect against different types of hazards.*
    1 copy should be stored offsite (or at least offline).
    *While 3-2-1 storage is the ideal arrangement, it’s not always possible. A second media type, for instance, is impractical for many people in the ingestion or working file stage. In these cases, many people make do with hard-drive-only copies of their data. Best practices, however, still require 3 copies and some physical separation between the copies.

    For backing up data, I really like using FreeNAS. It is an open source solution using FreeBSD and ZFS, an incredible file system. For instance I have a small server with 5 hard drives running RAIDZ. Any two disk could die and I still would not loose any data. I also take snapshots of data every hour for 24 hours, every day for a week and every week for a month and then every month for a year. ZFS is smart enough to only store the changes in those snapshots. You can also easily replicate backups with ZFS and an identical backup in a remote location. Learn more at freenas.org.

Leave a Reply

Your email address will not be published. Required fields are marked *