MadTECH Computers
Managed I.C.T Services Queensland

3210 Backups

3210 Backups

Three copies of data
Store the copies on two types of media
Keep one copy of data offsite
Zero errors

 
 

MadTECH Computers is proactive with client’s backup jobs.  We have always taken them very seriously, but now even more so.

We are concerned that there will be an increase of attacks on SMB (Small to Medium Business) and Enterprise Level data, websites, and email accounts.  There are ransomware attacks growing in popularity, where data is held ransom until you pay the hackers a fee of $1000 + for them to release it back to you.

This could be disastrous if it means downtime for your company, or if client details/ data are removed from your system.

Protecting Your Data

Our strategy is this.  We talk to the business owner or IT Manager and discuss your data needs.  We find out critical files and folders, size of backup set, location and general layout of your data on the computers and servers.  We ask what are the most important devices your business relies on, and the effect a disaster would have on your business and its turnover.

Once we have this information, we can design a backup policy, and it generally looks like this:  We would do two backups, an offsite and an onsite backup.  The onsite backup would be either a custom robocopy script where we include the folders and files to be backed up, and the schedule set so it backs up every night.  It would output the backup results to a .TXT file.  This way, in the morning, we can check the .TXT file and it tells us that the backup ran successfully, and how many differential files and folders were backed up.  We also test the backups here too, so we have a test backup folder set inside the critical folder structure.  In the morning, when we check the backup report or TXT file, we can also go inside the TEST folder, and check the latest TEST backup file (yesterday’s date naming convention).  If the TEST file is there and readable, we can be assured the critical folder structure has been backed up and tested.

For servers, the onsite process is different.  As the data is normally more critical than personal data found on a personal computer, our policy is to use Shadowprotect Backup software installed on the server.  This is the most reliable and professional server backup software and we have used it to complete, monitor and test 1000’s of server backup sets over the years.  Once we have the backup set as instructed by the stakeholder, we configure the Shadowprotect for: backup set, the destination drive, backup type, the schedule, the retention policy, the reporting settings, reporting conditions and finally testing.  These are detailed below:

backup set.png

Testing

We can test agent (email settings from with Shadowprotect to make sure the email function works properly. Also we can test the program can connect to the destination, so we know that the backup will work ok. After that, the best testing is done by humans.

Test scenario:
Imagine the critical database required by a firm’s accounting software has been corrupted, due to hardware failure.  MTC helpdesk receives a phone call, or we receive an email notification from our backup software.

 As this is a critical issue, we would drive to the client site immediately.  Once we get there, the business owner meets us with the accountant and they frantically tell us that no one can access the invoices, factory floor orders, customer records or supplier payment remittances.

Due to our disaster recovery planning, we know that there is a device already setup and configured for SQL (database software). After going to the server room, we can hear a loud beeping noise.  There are orange lights displayed on server rack, and it won’t turn on.  We check the diagnostic code, and the motherboard on the server has failed.  Due to our recommendations, the server is still in current lifecycle, and covered by a three-year onsite warranty.  Dell informs us their part will be shipped from Sydney that day, and a technician will be onsite 8am the next day to install.

However, the business will experience profit loss, customer and staff dissatisfaction if this isn’t rectified immediately.

We go to the backup machine that already has MS SQL configured for this setup.  We download the latest backup from the external hard drive backup, and import it into the SQL Manager Application.  The business owner checks the latest records to make sure the database is correct.  The backups were set to hourly, and from checking, the owner can tell all of the data is correct and accounted for.  We then go to each client machine and configure the custom software shortcut so it now points to the new machines database.  Upon testing, everyone is working again with very little downtime.

This was a real world occurrence that MadTECH experienced and goes to show the importance of backups. They are a key service that MTC and the client have to constantly work on to make sure it BACKUPS ARE CONSTANTLY TESTED.

Offsite Backups:

So onsite backups are obviously important.  Offsite is even more important.  What is happening is ransomware hackers are taking control of servers and personal computers to steal data, encrypt it, and then contact you and demand payment before handing you the keys to unencrypt your data.  The whole problem is; people are paying the ransom.  Now that there is a proven income from ransomware, more criminals will get involved and it will get more popular.

I know of a Medical Treatment Centre on the Gold Coast where this happened recently: http://www.abc.net.au/news/2012-12-10/hackers-target-gold-coast-medical-centre/4418676

The data on the Medical centres server was encrypted by hackers who demanded payment and they couldn’t access customer records.  They had to shut the centre, cancelling appointments.  They didn’t pay the ransom, and had no offsite backups.  They had onsite backups, and these were corrupted.  I have talked to a customer from that centre, and his family’s medical records were lost.  The centre offered no real explanation, apart from saying that there were no longer records available for his family to prior to the ransomware attack.

We have also had one client who had the ransomware attack and their whole data set on the server was encrypted by the Crypto locker virus.  This was a new client and I had not worked with them much yet.  Their IT Manager did have an onsite backup set that was unencrypted and he was able to recover using that.

For this reason, we will require notification from every client on who will be responsible for each backup.  Will you, the client be responsible for your own backups, or will MadTECH.  Once we know, we can meet each new client that requires it and we can design a policy and implement it.  And test it, and monitor it.  And Test it, daily.  Only this way we can certain that we have taken all necessary steps to protect your company, your client’s records, and both of our livelihoods.

Our Offsite Backup Setup:

The way offsite backups work is you purchase space on a server that is hosted in the cloud.  Your account size is usually 10GB-up to 1 Terabyte.  You get an account name and password, and install the backup software on your computer.

Once opening the software program, you enter your account name and password.  You then configure what files and folders you want setup.  You set the schedule (what time you want the backup to run).  When it’s time, the backup commences.  Now the backup program gets your data, and encrypts it.  This scrambles the data so when it is sent over the internet to the cloud server, if there is a man in the middle attack, they can’t read your data.  Then it gets to your account on the cloud server.  Now a cloud server is a server that exists in a data centre.  A data centre is a building that has hundreds of servers inside.  There are generators that provide backup power supply for the massive power requirements of the servers, air conditioning, access control systems, fire alarm systems, and CCTV.  Being inside a data centre is a great thing for a technician, as there is a loud roar of millions of fans running, walking on false floors covering hundreds of kilometres of professional cabling, and walking past secure cages of some the Australia’s most valuable and important servers including Westpac, Suncorp, and ANZ.  The great thing about leasing space off cloud servers is you get the wonderful hardware, and security without a large capital expense, but instead a low monthly fee.

Our cloud servers we use are in Australia, Asia, Ireland and the US.  We have documented proof that we are providing are legally ramified and secure destination for your business data and any sensitive client data it may contain.  See the notes at the bottom of this page for details on the data security as it pertains to the backup storage.

We have tested the following backup companies: Iperius, Carbonite, DropBox, Google Drive, One Drive, BackBlaze, CrashPlan, MozyHome, and SpiderOak.  What I found was with some of the better hosts, like Google Drive, they didn’t offer local backup programs, so you have to purchase a third party backup program.  Which is fine, as you can get a really good program like Shadowprotect, but then the testing fails when the program goes to write the data to the destination (e.g. Google Drive).  And this means no reporting either, so you get no emailed reports each morning about successful backups the night before, which is one of the most important features.

My testing was: Create an account, and configure the backup set.  Run the first backup set overnight.  With cloud backups, the data is encrypted to prevent any man in the middle attacks.  This is where someone or something captures your data whilst in transit to the cloud server.  Encryption help prevents this so if the data is captured it is ineligible.

So to complete the testing, we started the backups overnight so the encrypted data could be sent to the cloud servers.  After about four weeks of testing, there was only one product that reliably sent all the data to the backup server and it was Infrascale Online backups.  With the other products, they would report the backup was complete, and we would check the data at the other end and there would entire folders and files missing, and this is after several reported successful backups!

With the testing of our chosen and recommended supplier, Infrascale, we have found with close monitoring and testing, the backups work time and time again.

Our recommended backup product : Infrascale:

Infrascale is the three time PCMag Editors choice of Backup product of the year.

They have been proven to work, with clients calling us for recovery of files and folders, and us able to recover them, this has really helped a lot.  With unlimited versioning too, even if you want a copy of a file from June last year, we can recover that version, even if you have overwritten it several times with different versions.  As long as the requested data is in the instructed data set, your data is always able to be recovered.

That is the key to successful data protection.  Regular meetings between MTC and you the client, where you instruct us what out of your company’s data is critical and needs backing up.  We include this in your specific backup policy, and then backup and test daily, hourly, or even LiveProtect, where your data is scanned continuously, and as soon as a change is detected, the file is sent to the cloud backup for safe keeping.

Last of all, we provide backup policy documentation to the client.  This details all of the particulars of the backups, including types of backups done, what is backed up, backup destination, schedule, retention policy, and who is responsible for what stages.

Review from PC Mag May 2016

http://au.pcmag.com/sos-online-backup-home-edition-50/2652/review/sos-online-backup-home-edition-50

Intuitive, simple interface. Fastest online backup service in our tests. All files and file versions archived, never deleted. Facebook backup. Mobile apps. Can back up external and network drives. Share files via link. Search backup set. Local backup app included.

SOS Online Backup, the undisputed speed leader among online backup services, offers top-notch security, and never removes previous file versions.

Notes and references for technical aspects of the backups:

The Infrascale (Corporate attorneys were able to confirm that Infrascale are indeed compliant with the Australian Privacy Act. Here is the following link which sets forth the 13 principles of this act.

http://www.oaic.gov.au/privacy/privacy-resources/privacy-guides/app-quick-reference-tool

Frequently asked questions regarding the backups:

“Does the service provider comply with the Australian Privacy Principles in the Commonwealth Privacy Act?”
Yes

“How does the service provider inform users of changes to their Terms and Conditions?”
Via Email

"Who maintains data ownership?”
For public cloud customers, in our datacentre in Melbourne

"Where will the data be stored?"
FOR PUBLIC CLOUD CUSTOMERS, THE DATA IS STORED IN MELBOURNE.

"How is the security of the data maintained?"
Encryption technology uses strong user-specific keys
Regular backups can be scheduled and performed.
Access is restricted by individual user passwords.
Device approval controls are also available.

”What procedures will be followed in the case of potential security breaches?”
Report the breach and notify responsible personnel and stakeholders.
Investigate the validity of the breach; collect evidence of the incident and determine scope of exposure.
Assess risk factor:
Low risk: connect to the deployment and perform maintenance to prevent data loss.
High risk: disconnect the deployment and perform forensic analysis offline.
Send notification of detection and resolution (if applicable) to appropriate internal and/or external parties, as well as responsible departments.

"How is the data segregated from other customers?”
There is logical but not physical separation

"Who will have access to the data ‐ including system administrators and staff of the provider?"
Infrascale has no access to the data; only those who possess the passwords can access and this arrangement is made between partner/reseller and downstream customer.

"Is the service provider owned or controlled by a foreign company?"
Although it started in Australia, Infrascale is now a United States based company.

"What are the ongoing service levels, back up, restore and support capabilities?"
This is covered in the contract and SLA agreed upon at time of sale.

"Does the provider agree not use or disclose personal information except for the limited purpose of storing and managing the data?"
Yes

"What procedures exists to destroy or retrieve personal information, in compliance with the Privacy Act, when it is no longer needed or when the contract comes to an end?"
We purge accounts and any data within them is pushed to our shredder queue and deleted after 11 days.