Q&A Series – Why having a data backup strategy is critical – Scott McGregor

Scott’s passion lies in technology and education. As Hybrid IT Consultant and a key member of the Somerville team, Scott’s focus is on designing, implementing and managing robust backup strategies for a diverse range of organisations and educational institutions. In his time at Somerville, Scott has developed a reputation for excellence in all areas of private, public and hybrid cloud-based IT solutions.

Q: Scott, thanks for your time. Can you give us a brief run-through of your background at Somerville and what your role entails?

Scott: I’ve been with Somerville since 2007, when I started as a systems engineer before moving into a solutions architect position. Recently, I’ve taken on the role of Hybrid IT Consultant, where my focus is on helping customers understand how backup-as-a-service (BaaS)  is critical to them protecting their school or business and that it doesn’t need to be a resource hungry task

Backup tends to be a time-consuming burden that internal IT teams would rather not deal with, but it is so important for any organsiation to have the right back-up strategy. Above all, the outcome of having complete and secure backups is that our customers can be confident their data is safe should a disaster or breach occur. So our BaaS offering fits well with most of the organisations we work with.

Q: What’s the most important element to a backup strategy?

Scott: Regardless of the organisation, a good backup strategy requires a strategic plan around your data, and consideration of how and where your data will be stored. In particular, following the 3-2-1 rule is key to a solid backup strategy and functions for all data types across any type of environment:

  1. Keep at least three versions of any critical piece of data.
  2. Store your data versions on separate pieces of media.
  3. Keep at least one backup copy offsite.

With those three safeguards in place, data will be protected in the event of corruption, loss or a breach. If you’re not running the 3-2-1 backup and there’s a fire or theft, your data will go the same way as everything else onsite. Likewise, if there’s a problem with the hardware, you’re likely to lose your data without the 3-2-1 rule. Having an offsite copy protects you from hardware and disaster failures.

Q: What are the common mistakes that organisations make with their backup strategies?

Scott: A lot of organisations back up everything as opposed to critical data sets, which makes the process unnecessarily burdensome and time-consuming. If you don’t have good visibility over your data, you can’t build a backup strategy that’s designed to protect the most important data sets. Similarly, if the security and backup approach isn’t correct – storing backup data with primary data, for example – then data may not be adequately protected.

Q: If an organisation wanted to implement a BaaS solution, what would the process look like?

Scott: Typically when we work with organisations to implement BaaS, we start by doing an audit of the environment as it stands and map out the workloads and data sets. From there, we put together a proposal about how it should be mapped out, and then how it will be implemented, recovery times, where the data will sit, etc.

We can also provide backup solutions that aren’t wrapped in an “aaS” (as-a-service) model. For example, we can have components of the solution that are standalone, and pricing doesn’t always have to be on a consumption-based model. However, one advantage to being on the Somerville Gateway is that we don’t have to move as much data, so it tends to be more cost-effective and less time intensive.

Ultimately though, our goal is to provide a solution that’s tailored specifically to the organisation and their unique needs.

Contact Scott today to discuss your back-up challenges and how you can implement a best-fit strategy or to discuss any of your Hybrid IT enquiries.

Q&A Series – Infrastructure in a nutshell: Issues, solutions & trends – Aden Axen

Aden has been an integral part of the Somerville technical services team since 2015. As a hard-working, innovative and driven Infrastructure Manager, Aden helps define, implement and maintain scalable and flexible infrastructure solutions for organisations in a wide range of sectors. Aden goes above and beyond for his customers, doing whatever it takes to get the job done successfully. He is the specialist you can rely on for highly technical projects or in a crisis situation where keeping calm and navigating solutions for highly complex problems are critical. Aden has a wealth of experience in all areas of IaaS, data centre management and cloud/hybrid IT solutions and holds technical certifications with the major global IT vendors such as Veeam, HPE, VMware and Sophos.

Q: Aden, can you start by giving us a brief overview of your professional background and what you do at Somerville?

Aden: Prior to joining Somerville, I spent many years working in the automotive industry with a focus on back-end stock control and software management. Today, I’m part of the core infrastructure team at Somerville that manages the infrastructure underpinning our customers. That includes everything from day-to-day firmware updates and application upgrades to cloud hosting services, data centre management and delivery of the Somerville Gateway. As part of a market-leading team that encapsulates the full suite of IT services under one roof, no two days are exactly the same!

Q: In terms of infrastructure, what are the major issues and trends for customers you work with?

Aden: Many customers are grappling with whether to rely solely on the cloud, maintain in-house infrastructure or a mix of the two (hybrid). The answer is that really depends on the structure and size of the organisation. For example, a hybrid approach typically doesn’t work in small environments, or when there’s a consideration around security compliance, such as in the hospital or defence sectors.

As the need for innovation becomes ever more important, we’re also seeing more customers handing over their day-to-day tasks – think data management, backup and so on – to external partners who can take care of the “mundane”, leaving the business to focus on growth.

Additionally, in line with the shift towards collaborative, digitally-led work environments, many organisations are moving away from on-premise mail and communication platforms and migrating to cloud-based solutions like Office 365 with in-built collaboration tools like Microsoft Teams and SharePoint Online.

At Somerville, we partner with organisations to implement an infrastructure solution that’s tailored to their specific needs, whether that be a hybrid model, cloud, housing infrastructure in Somerville’s data centre or an entirely different approach. By building out a tailored solution we ensure that what we’re providing is genuinely fit for purpose.

Q: Can you give us an example of what a tailored infrastructure solution looks like?

Aden: We recently worked with a dealership of around 200 people who had been transacting on different servers in different states with users bouncing from site to site. As you can imagine, that raised a number of concerns around operational efficiency and security. What we did in that instance was streamline all critical data in a centralised data centre and added a top-layer governance platform on top of the server that can be accessed by all users regardless of their location.

We also often work with organisations that have been running their infrastructure on-premise and want to move some of it off-premises with the rest in the data centre. If that’s the case, we look at clustering the connection between the two services to keep latency levels low to deliver a better user experience. Ultimately though, the solution depends on the customer’s requirements.

Q: How can IT managers and CIOs build a business case for moving to an IaaS model?

Aden: One of the biggest concerns for decision-makers at any organisation is expense. What’s great about the infrastructure-as-a-service (IaaS) approach is that it moves away from the traditional CapEx model to an OpEx model. This  allows organisations to maintain predictable, consistent costs, for example a monthly fee, rather than having to make a major upfront investment in infrastructure that may not be adequate in just a couple of years’ time. In other words, making the shift to IaaS doesn’t just mean having a more resilient, secure infrastructure solution that supports better business practices; it’s also more flexible and cost-effective in the long run.

Q: What infrastructure trends do you see growing in the next 12-24 months?

Aden: Aside from a more widespread adoption of IaaS, we’re going to see the use of data centres, both public and private, grow immensely. We have a division of experts at Somerville dedicated to centralising critical data in the Somerville data centre, and we’re rolling out resilient and secure infrastructure solutions to a growing number of organisations.

Talk to Aden about your infrastructure challenges and special projects. For more information on our professional services, please click here.

Data loss is costly – is your Office365 environment secure?

Microsoft Office 365 adoption is more widespread than ever – and it’s easy to see why. It provides a streamlined and cost-effective range of cloud Office services with the added benefit of regularly updated features in desktop Office 2016.

However, if your organisation is running Office 365, it’s important to be aware of Microsoft’s data backup and recovery policy. While Microsoft does protect your data for 30 days, backup and recovery is not a key focus, and there’s no guarantee that lost data will be able to be restored. Ultimately, your organisation is responsible for keeping your data safe in the cloud, so it’s paramount that you have a concrete backup and data protection policy in place.

Why data protection matters

Operating with poor data management policies can be a disaster waiting to happen. There are a number of serious negative consequences that stem from poor data management:

  • Business closure: Reports indicate close to 70% of businesses that suffer a major breach close their doors within 12 months.
  • Lost revenue: IBM reports the global average cost of a data breach is close to $3.86 million.
  • Compromised employee information: This is particularly important to note for those organisations in the education sector, which are subject to the Notifiable Data Breaches mandate.
  • Compromised customer data: A breach of this nature can severely impact the reputation of an organisation.

Loss of intellectual property: This can impact your ability to acquire new customers and give competitors an advantage.

As you can see, the consequences of a data loss are extensive, and it goes without saying that any administrator you talk to will preach the importance of a secure, concrete data protection policy.

Enter the 3-2-1 backup rule

Backup is one key consideration that can mitigate the risk of data loss and its potential negative consequences. Irrespective of the hypervisor you’re utilising, there’s a simple, foolproof concept that any organisation can implement to protect your valued data: the 3-2-1 backup rule. Coined by photographer Peter Krogh, the 3-2-1 rule is as simple in practice as its name suggests, functioning for all data types across any type of environment:

3 – Keep at least three versions of any critical piece of data.
2 – Store your data versions on separate pieces of media.
1 – Keep at least one backup copy offsite.

The 3-2-1 rule can be implemented in a multitude of ways across any organisation via software procurement or Backup-as-a-Service models that automate the process for you. However, although having a backup strategy for your Office 365 data is great for your overall protection policy, it’s not enough to simply have it running. To properly solidify your policy, there are three ongoing exercises you can ingrain in your team to consolidate your data.

1. Validate your Office 365 data on a regular basis

It’s not enough to trust the process – if you don’t test your backups, how do you know that they’re working? Develop a routine timeframe for completing a challenge restore which is guided by your specified data recovery requirements, and then report on its success. How regularly you elect to do this will depend on your resources and requirements.

2. Complete a data classification exercise for backups

Classify data so you know exactly what you’re backing up and make sure you don’t waste unnecessary space in your storage media. It’s usually not necessary to back up everything – just the data you can’t afford to lose.

3. Review your data backup strategy against your organisation’s policies

Compare your data backup strategy against your organisations data backup and protection policies to ensure you’re meeting the necessary requirements on an ongoing basis. It’s important to do this regularly – similar to ratifying – because policies can change quickly and frequently.

Are Microsoft backups good enough?

While Microsoft provides options like the Recoverable Items Folder that can hold items for up to 30 days (14 days is the default) and Litigation Hold etc., this is not ideal if you want to have all your mailboxes backed up. Even if Office 365 had a backup method built in, it would break the 3-2-1 rule because the backups would be in their primary location in the cloud, rather than in your control where you can physically locate them. There needs to be a shared responsibility with data backups to the cloud – too often we see that organisations are not aware of where their data is physically stored, and what is actually backed up.

So, what are your options if you want to implement an independent backup and data protection policy for Office 365 but aren’t sure if you’ve got the resources to handle it?

With Backup-as-a-Service (BaaS), the responsibility of protecting your organisation’s data is taken care of by a managed service provider, leaving you to focus on innovation and growth.

The Run-Grow-Transform model outlined by Gartner provides a great example of how beneficial outsourcing data management and protection can be to your organisation:

  • Run indicates how much of your IT resources are focused on the everyday functionality of your organisation. It won’t increase revenue per se, but it will maintain essential operations and efficiency.
  • Grow represents how much of your IT resources allow you to enhance your systems in support of organisational growth. Essentially, having your backup taken care of allows your IT team to focus their energy on other projects and priorities that deliver differentiation and extend existing capabilities.
  • Transform represents how much of your IT resources allow your organisation to drive new business capabilities. Whether it be entering new markets, creating a new value-proposition or addressing customer segments, running BaaS for your Office 365 data will present opportunities for you to transform certain areas of your organisation.

Somerville is a leading provider of IT solutions for schools in Australia, and a trusted partner for many leading organisations, including Australian Automotive Group and NGS Superannuation.

Our team has developed a reputation for delivering reliable, fit-for-purpose solutions underpinned by world-leading vendor technology. When it comes to data protection, Somerville is proud to partner with Veeam to ensure our customers’ data is available 24/7 and ready to be recovered should disaster strike.

If Office 365 is a key tool in your organisation’s arsenal, get in touch with Somerville today and let us take care of your backup and data protection policy – so you can focus on growing your business. 

For more information on BaaS please click here.

Notifiable Data Breaches: What is Private Information and Why Should You Care?

When new legislation is introduced that relates to IT security, it is always worth paying attention. Such is the case with Australia’s new Notifiable Data Breaches (NDB) scheme, introduced recently. Few Australian businesses are untouched by the new scheme, but despite media hype, there is no need to panic. A little time spent now can prevent a bigger headache and loss of reputation later, so it is worth understanding what the legislation means to you.

Continue reading

Keep It Hidden, Keep It Safe

There is no doubt that IT security has, and will continue to have, an ever-increasing number of challenges to face.  However, like in the physical world, security measures are generally regarded as an inconvenience by those they are designed to protect.  So how do you keep the organisation safe in the modern world without being cast as the corporate villain?

Continue reading