Fred Dunayer: Welcome to the SCORE Small Business Success Podcast, Been There, Done That! To get free mentoring services, as well as to see the wide-variety of resources available for small business, visit our website at www.score.org or call 1-800-634-0245, and now here’s your host Dennis Zink.
Dennis Zink: Episode number 6: Computer Loss Prevention, Data Backup and Retrieval. Fred Dunayer joins me in our studio today as co-host, SCORE mentor, and our audio engineer. Good afternoon, Fred.
Fred Dunayer: Good afternoon.
Dennis Zink: Our guest today is David Spire with United Systems in Bradenton (FL). David, welcome to Been There, Done that!
David Spire: Thank you.
Dennis Zink: David Spire is the President and CEO of United Systems. David has spent more than 15 years in areas of sales and marketing, finance and operational efficiency. A recipient of the Gulf Coast Business Review, 40 Under 40 Award, David holds several Microsoft Certifications, including Small Business Specialist, Corporate Licensing Specialist, and Education Licensing Specialist.
He was also a Master Certified SonicWALL Sale Specialist. David was named to the 2013 SMB 150 Listing of the Top Worldwide SMB IT Channel Influencers. In addition, United Systems was also listed in the Tampa Bay Business List of the Top 25 Largest Managed IT Service Providers.
David graduated from Florida State University, go Noles (FSU Seminoles), with a Bachelor of Science in Studio Art and he’s currently pursuing a Masters of Business Administration from Webster University.
David, would you begin by providing our listeners with some background information on what your business does?
David Spire: You bet, Dennis. We serve as Small-Medium Size Business IT Specialists. In most cases, we are the in-house IT department for these businesses. Organizations that don’t have a budget large enough or need large enough to have on-staff IT, we are that department. We also do supplemental services for larger organization, usually in certain specialties; security and things like that.
Dennis Zink: Great. One of the biggest problems that a company can confront is failing to adequately backup their data. They tend to suffer a loss that is difficult to come back from. What can companies do to protect themselves?
David Spire: For a starter, I would say a plan. A plan is a great place to start. We do plans for some other pieces of our business but it seems like this is an often overlooked area. It’s just one of those things that until a situation happens, a catastrophe happens, there’s not much thought given to it. Having that plan and having realistic expectations, we call them recovery time objectives. What it should look like, who should do, what, when to get the systems back online is really a key component.
Dennis Zink: What kind of disasters have you actually seen over the years?
David Spire: Being we’re on the west coast of Florida, everybody is worried about the storm, the hurricane. I always joke around with clients and I say that, “That’s the least of my concern. We see the idiot in the yellow rain slicker out there telling us, “Hey, it’s coming; run.” Right? Most frequently, the ones that we warn our clients against is fire, theft, flood and malicious intent by former disgruntled employees. Those are the four most frequent areas that we’ll see problems occur and it’s usually an offset of one of those four that create the problems as it relates the data loss.
Dennis Zink: I had an employee that as she was leaving she was deleting information and I said, “What are you doing?”
David Spire: All right, exactly.
Dennis Zink: You surely never know. David, what are you seeing out in the business environment today that relates to business continuity and recovery time objectives? What do you mean by recovery time objectives? If you can explain that.
David Spire: Thanks, Dennis. With backups, if we go back about five years in backups, the main thing clients were worried about is just: Do we have the information? Are we able to get back up and running?
As technology has kind of evolved over the last I’ll call it half a decade, it seems like with the cloud, business is going paperless. There’s more and more of a demand for this electronic information and its got to be real-time. If we take those systems away, the business ceases to function.
Think of medical with electronic medical records. If the doctor can’t get to those records, they can’t see. There’s no more paper charts to pull. We’ve already converted over from that.
As we sit down with clients and we try to develop these plans the question usually is, “How fast can I be up and running?” Or they’ll say something like, “This downtime isn’t an option.” Having a predefined set of expectations of how quickly we can get systems back up and online and setting the plan around that in advance is really the key. It could be anywhere from zero downtime, which would require complete redundant hot site of information, so all the systems and hardware and software have to be replicated somewhere else. Anywhere down to a day; eight hours. There’s a price tag associated with both of those. We’ve got to find that balance between cost and benefit and make sure that they mesh up.
Fred Dunayer: That’s interesting. I experienced just last night, Tivo’s servers were down. I went out to their community forum and the vitriol that was being expressed by their customers, who couldn’t schedule a new season pass or couldn’t set up something to record, was immense.
For a good size company to have customer-facing systems and those customers not be able to use those systems can … I would think in certain situations literally cause a company to cease to exist.
David Spire: The statistics are staggering as far as … If a significant amount of data loss, how quickly these businesses go out. Even when they come back online, the damage is substantial. It’s a key component to any business, really, is the data backup and make sure you have a good plan and place if something happens to it.
Dennis Zink: Over the years, in my experience, I’ve seen situations where staff members they switch out tapes, rotate hard drives for backups. In your opinion, what’s a good plan and what’s not a good plan?
David Spire: The term I use is trust but verify. We want it automated. We don’t want to rely on humans to have to do anything but if we lean too much on just the systems alone, then that can be problematic as well because they do fail. Hardware and software created by humans run by humans.
We want it to be consistent.
We don’t want to have to rely Betty up front, swapping out the hard drives. It’s just not an efficient way to do things anymore. People get sick. People take vacations. They think that somethings happening behind the scenes and it’s not. We want to automate as much as the process, but have a piece in place that also allows that we can check it to make sure it’s doing what it’s supposed to be doing.
Fred Dunayer: One thing that relates, that maybe we’re going to cover it later and I apologize if I’m jumping ahead, but I’ve had experience restoring systems and it seems like a huge percentage of the time the restoration doesn’t work. Can you talk a little bit about how to … or if you practice data recovery and how a small business should do that? Obviously everybody is afraid they’re going to damage something in the recovery process; bringing something back that they shouldn’t have and that sort of thing. Do you have sort of a protocol for testing your backups and testing recoveries?
David Spire: That’s a good question, Fred. We suggest that every business have a plan in place that once every 30 days we would test restores. I would say that this is the most overlooked area of a disaster recovery plan, period. Hands down, when we go into businesses, we’ll meet with the decision makers and I’ll ask question, when was the last time they tested their backups, and I’ll get blank stares.
I get one of three things, blank stares or we just had a failure that’s why we are calling and it’s not working, right? Or, Jim is supposed to do that. Going back to … deferring to the higher power and whoever Jim might be in their organization. Once every 30 days, and the analogy I always use with clients is, if I’m up on a trapeze and I see that net there, I want to know that there’s not so much slack that I’m going to still hit the concrete. Just because the backups are running, it gives people a false sense of reality that those things are A-Okay.
More times than we’d like to admit, there is some sort of corruption that something needs to be reset. It’s not capturing all the information the way that it’s supposed to. Having that recovery plan in place and knowing that we’re verifying that the backups are good, so back to trusting, we’re verifying. We’re trusting that it’s running. We can see the data on the drive but do we know that it’s all good? We don’t want to wait till it’s show time to know that we need it. You get one shot at it.
Fred Dunayer: There’s nothing like going to restore and finding out that you don’t have a disc to boot from or some silly little thing that means you have to take 15 steps back to accomplish that simple restore.
David Spire: Exactly.
Dennis Zink: I like that Reagan-esque ‘trust but verify’. I’ll remember that one. What are you seeing today as it relates to frequency of backups? Are people doing it once a day, once a week? What schedule should it look like?
David Spire: Really, Dennis, it goes down to a business conversation. With today’s systems, we’ve already established the fact that, now more than ever, business are run on technology, they’re running on data.
The term that I use with this is, it depends on how highly transactional things are going. I’ll give you two different scenarios. If we’re talking about a server that information is written to a few times throughout the day, then once a day is more than sufficient. We don’t recommend any less than once a day. If we’re talking about a large, take a hospital for instance. We’ve got several providers. People put in information to it constantly. We wouldn’t want to recreate any more than once every 15 minutes. For our clients, it spans 15 minutes to once a day, and it all depends on how much information is going in there. How frequently and the pain threshold of recreating that period of time.
Fred Dunayer: Do you ever consider a continuous real-time backup?
David Spire: There are some solutions out there that do that. They can be a little problematic in just the way that they capture the information. Usually there’s a trade off.
What we found is, the 15-minute window, trying to reverse it 15 minutes is usually okay in something like that as it relates to the other benefits that come with it. The software, and we’ll talk a little bit about that later, really drives what features and benefits are associated with that.
Fred Dunayer: It’s interesting because a lot of the time what you’re trying to recover from is a mistake that someone may have made with their data, and if the backup is too frequent and too all encompassing, you just wiped out the ability to recover that mistake.
David Spire: Correct. If not set up properly, you’re absolutely correct.
Dennis Zink: Let’s talk about retention rates, and what’s a good policy for how long we should keep backups?
David Spire: Dovetailing into what Fred just said, back 5 years ago, that’s a pretty nice window to look at. We used to do those backups once a day, and on average in a business scenario you had somebody trading out hard drives to take a copy off-site, so we have that situation going on.
The backups would usually have 2 drives and you do maybe Tuesday, Thursday and a Monday, Wednesday, Friday. Usually the retention rate would be about a week. Tonight would override last Wednesday, tomorrow would override last Thursday.
The challenge with that is you’ve got a one week window to realize that you need some information back. In a recovery situation, fire/theft/flood, well, I just need yesterday. That’s not always real world. Real world is, hey I accidentally deleted this file. I use it once a quarter to submit sales tax reports or something like that. I don’t touch it until 3 months from now and then I realize it’s gone. I don’t know. I doubt it was deleted in the last 7 days, and if it wasn’t then I’m out of luck.
In today’s environment, we practice what we call a base image in incrementals. We backup the systems starting when we start and then every backup after that is the only incremental changes or what we call the delta. The nice part about doing a scenario like that is we can roll back, all the way back to the first backup. As time lags on, there is some collapsing. Say we do an hourly backups, that’s going to give us 12 incrementals; well, 24 in a day, right? We have 24 incrementals, we don’t want to keep all 24 of those forever just because it would take so much space. The dailys, we collapsed down to weeklys. The weeklys, we collapsed down to monthlys.
The further out you get from it, you can’t pinpoint that hour as easily, but again there’s a cost to off-siting all that information, if you choose to off-site. Or even on-site, where the backups can become bloated.
We can still get back to the day or the week or the month and so, it gives us some option to recover from.
Dennis Zink: It makes great sense. Speaking with business owners today, uptime is of critical importance. In the event of a disaster were to happen, what should be a reasonable expectation as it relates to restoring from a good backup?
David Spire: What we see today is 4 to 8 hours, and it’s kind of a qualified answer because it depends on how the systems are set up. A typical small business has 1 or 2 servers, a half day to a day is completely reasonable depending on how they invested. Going back to that plan we started with, if the information is already sitting on-site on an appliance or server that’s set up ready to go, then it could be as little as an hour, 20 minutes. It all depends. It depends on how much information has to be moved back and forth. We always look at the balance, I think we might have mentioned this, but if we haven’t, we look at the balance between cost and availability.
It’s really an insurance policy. The higher your premiums, the lower your deductible. The lower your premiums, the higher deductible. If we want to have a smaller cost on the front end to implement a plan like this, then we might have a little higher cost as it relates to downtime as we try and get things back online.
Any reasonable solution today should have you backup and going within the day, because we’re losing business revenue. We want to make sure that you’re making money.
Dennis Zink: Let’s talk for minute about you see things on TV, Carbonite, and Mozy and other off-site backups. Off-site backups are very popular these days. What’s your professional opinion about moving to an off-site backup versus the traditional on-site backup?
David Spire: Cloud is very hot right now. Cloud is this big nebulus term that really nobody understands but everyone wants to take part in it. It’s very trendy. Off-site backup is critical to a business, because of the fact that you just don’t know.
The great example that I have is I was meeting with a client the other day and I pulled in that parking lot and the building across the street, all the walls were up, there was no roof. It had been destroyed by fire. I was like, “What the heck what happened over there?” Lightning hit the air-conditioner, air-conditioner caught on fire, burnt the building down in the middle of the night. On a Tuesday, they worked out of that building. On a Wednesday morning, there was no building to work out of.
Scenarios like that, the best on-site backup plan in the world does you no good. They were able to move, literally, to the building across the street, we can order new computers. We can order new chairs and take care of all that, but we need all those patient’s file, all that information, to be able to be retrievable and so that’s why off-site is such a critical component.
The downside to off-site, as it relates to backups, we don’t want to do off-site only. The reason why is again recovery time objective. If we take all that information and we put it off-site, an off-site only data center, Mozy, Carbonite, that really doesn’t matter who it is. Or even to a private cloud as we call them, getting that information back, can take an immense amount of time, can take weeks literally because we’re dealing with bandwidth limitation. The speed of which the information traverses the Internet.
Clients might say, “Hey, that’s no a big deal, we’ve got a huge pipe.” Yeah, but the guy on the other end might not open his end up to give it back as fast as you want it. There was a law firm in town that called us recently and unfortunately we get these calls usually after the fact; “our server died. What can you do to help?” “We can help next time, but there’s not so much we can do this time,” because the lack of decisions weren’t or hadn’t been made, the decision hadn’t been made to do it right. Literally 3 weeks it took them to get the information back.
Fred Dunayer: Yeah, I can imagine. I’ve got a friend who does computers systems for medical practices. They now digitize all their x-rays. You can imagine the data quantity that they have for these and I can see how it can take that long to get things back. I suppose … you lead me to another area, which is specialized equipment. If you have a physical loss, your building is gone, and you have a medical practice or something else that has specialized IT equipment, yes, you can go over to Best Buy and pickup some PCs, but you might not be able to pick up that specialty scanner, maybe a specialty storage device, something along those lines. Do you see your clients being willing to buy duplicate equipment to keep off-site in the case of some sort of a disaster along those lines?
David Spire: Fred, most cases we don’t see them purchasing additional equipment. What we do see them doing is partnering with other competitors, really, in the marketplace, especially dentists. Dentists are really big about swapping offices. They might have one out west, someone else has an office out east but they want to balance a patient load, they actually share environments where the information is particular to their business but an opertory is an opertory, right? Machine that takes x-rays is a machine that takes x-rays. In some cases they’ve shared environments where they’re not open every day of the week and they can supplement in that way.
The capital expense to have hot spares like that is pretty daunting, and in most cases organizations aren’t willing to make that kind of investment, but they’re will on some of the lesser equipment. Some of the core infrastructure stuff, especially from an IT perspective, to have the availability and the uptime.
Dennis Zink: How do they bill for Carbonite and Mozy? What’s the methodology they use? Is it data used? Is it time backing up, or is it the space they occupy with their backups?
David Spire: In most cases, it’s the space used, and so they’ll do an aggregate billing. Everybody is a little bit different especially in the business environment. Mozy and Carbonite are trying to break-in to the business environment. We’ll talk a little bit about software later, but their softwares really aren’t developed to backup the backbone of the business network, they’re great for home computers, laptops, things like that. In most cases, it’s all based on aggregate space usage.
Dennis Zink: There are so many software vendors competing today for attention. Are all backup softwares created equally? Do we need to pay attention to different features and needs?
David Spire: Yeah, absolutely. That’s a great question, Dennis. The backup software that drives these is really the critical component of what happens. There’s a lot of different features that we want to be able to leverage in the case of a need, because every needs is a little bit different, from one file being lost or corrupt to a whole system being lost or corrupt.
The changes that have taken place over the last few years have been pretty revolutionary as it would relate to the softwares and the ability to resurrect systems that are down or dead. Making that selection on the front end is one of the most important decisions you can make as it goes back to that plan that we talked about in the very beginning. Talking about, not to pick on them because they’ve got great products, but a Carbonite or Mozy, those aren’t really developed to backup, say, an exchange server which powers a businesses’ email.
They’ll do great on a file or folder piece. Trying to recover an exchange server is not happening on one of those, even after it takes 3 weeks to get all that information back right. Making sure that the business need and the tools we use to back it up, Dennis and I, we’ve talked about you don’t use a hammer to drive a screw. Same sort of scenario, you want to make sure you have the right tool for the job to be able to leverage it when you do need it.
Dennis Zink: Because technology is constantly evolving, David, how do I know that my backup software allows for restoring to dissimilar hardware? Should, let’s say, my server die and all our business data is suddenly inaccessible.
David Spire: It’s one of the most frustrating parts of our industry is you know your equipment is outdated when you receive it because it moves that quick right. Just in the time that they make it to ship it to you or the time you drive home from the store with it and get home, they’ve already released a newer model.
One of the challenges as it would relate to the recovery that we’re talking about is trying to get that information to work on a different system. The only thing that we can be guaranteed of is that we can’t replace it with the same exact server that you had in place before.
Again, making the right decision as it would relate to that software, the industry term that we use is ‘dissimilar hardware’. We need to be able to recover it to dissimilar hardware and it’s all on how it’s captured on the front end. On the back end, it’s too late. If you need it and you don’t have that feature, it’s not like you can go and pay for it now and there’s some switch that we can flip.
The way that the information is backed up and the way that it is captured, so instead of backing up files and folders, the entire operating system’s backed up. All the drivers go along with it, all the specialty softwares that are already preloaded. We get it soup to nuts, and we do what’s called a block level backup. I don’t want to get too technical but we’re not even looking at it at the software level, we’re looking at literally on the disc. We’re backeing up the ones and zeroes and in doing so, it allows us to take that information and move it to a completely different piece of equipment. That’s completely dissimilar, could be different, makes, models; you can go to a Dell from an HP, with the right software in place you can still recover on that virtualized environment and get your system backup and go make money again.
Fred Dunayer: That’s interesting. I had a … I use a package called Kronos that offers a … if you pay extra it offers the feature to restore to dissimilar hardware and that’s pretty critical. You’re absolutely right. Everything changes so quickly, and that driver that worked fine on Windows XP won’t work on Windows 7 or something along those lines or Windows 8.1 and all of a sudden the fundamentals underneath your software don’t work anymore. You do need features like that to be able to recover quickly.
Dennis Zink: David, did you want comment about software? You mentioned earlier that we’d get to that.
David Spire: That’s really what it is. Kronos is a great example of a product that’s very, very solid. They’re an our industry leader as it would relate to business class backup. We tend to like one that’s called Shadow Protect, it’s made by Storage Craft. The two of them are just neck and neck; it’s kind of Ford and Chevy as it would relate to backup softwares, but they’re made for the business environment. They’re made for those hardware and software applications that allow that, when the time comes, that you need the information it’s going to be there.
Free software just doesn’t do it. There’s a reason why it’s free, and it’s just not going to give you the leverage that you need to recover that information when the time comes.
Fred Dunayer: David, if there was one or two things that you would want our listeners to come away from this discussion at the front of their minds, what would it be?
David Spire: Fred, I have to say the first thing, this would be on my wish list if I could wave a magic wand, would be to have that plan in place. I know that in some cases it’s not realistic. We’re all very, very busy. We’re all strapped for time and it’s just one of those things that it might be on the whiteboard, it might be on the radar, but it’s hard to make time for it.
An actionable item that I would say to make sure that’s happening every day is have somebody that’s responsible, without a shadow of a doubt, that’s in-charge of managing your data backup within your organization because in far too many cases … I’ll give you a really good example, if we have a minute here.
We had a call from a dentist in town one day, and she was in absolute panic of a wreck because her information was gone. As we started dialoguing with her; she wasn’t a client at that time, she just called us off of our website. Come to find out the dentist thought the office manager was doing the backups. The office manager thought the dentist was doing the backups. Their software provider called and said, “We need to reset the database in order to make this update.” Both of them gave him permission, very confident that the backups were in place. They wiped the database and all the information was gone.
Dennis Zink: Oh my goodness.
David Spire: The only way to get that back, and it’s risky, is to spend literally tens of thousands of dollars in a data recovery lab, white glove kind of scenario, dustless room to try and get it back. They both had the confidence in each other, but it was really human error that caused that and a lack of communication.
Getting back to having somebody in charge of it that knows that it’s happening and testing them, is just of utmost critical nature that I would say and suggest people do.
Dennis Zink: Talk about a cavity.
David, thank you for enlightening us today about computer data loss prevention, backup and retrieval. For more information, how can our listeners contact you?
David Spire: Absolutely, they can get us at our office, by phone at 941-721-6423941-721-6423, or they can learn more about us on our website. That address is www.unitedsystemsinc.com
Fred Dunayer: Can people email you directly?
David Spire: Yeah, sure. They can email me directly as well. You can reach me at email@example.com
Dennis Zink: Great. Well, thank you again. If you would like to be interviewed for a future business podcast, please contact me directly by email, providing your topic of interest and a brief bio. Send it to Dennis Zink, emailing me at firstname.lastname@example.org. Thank you. That’s C-E-N-T-R-E of influence @gmail.com
Fred Dunayer: Thank you.
You’ve been listening to the SCORE Small Business Success Podcast, Been There, Done That! The opinions of the hosts and guests are theirs and do not necessarily reflect those of SCORE. If you would like to hear more podcasts, get a free mentor, view a transcript of this podcast, or would like more information about the services we provide, you can call SCORE at 800-634-0245 or visit our website at www.score.org.
Again, that’s 800-634-0245 or visit the website at www.score.org.