Top Ten Reasons for Using Online Server Backup and Recovery
Dear Data-Diligent Reader,
Backing up your vital company information is critical to a company's survival, no matter what size of your company.
Recent studies show that 93% of businesses that lose data due to a disaster go out of business within two years. Increasingly, businesses are turning to disk-based online server data backup and recovery solutions as the most cost effective fit for their requirements. Here are the top ten reasons why businesses are selecting online backup and recovery.
REASON #1: COMPREHENSIVE AND RELIABLE DATA PROTECTION
If lightning strikes your building at 5:10 p.m., you need to ensure you can restore that day’s data. Unfortunately, if you rely on a nightly backup process, complete restoration of that data will be impossible.
Online backup and recovery solutions solve this problem by automatically transmitting changes in files and databases across the Internet to a secure, off-site facility for more continuous backup. In the event of a disruption or disaster, you can restore data from a point in time just moments before the interruption.
REASON #2: AUTOMATIC AND SECURE OFF-SITE ELECTRONIC VAULTING
You think you’re doing everything right. You back up your data on a regular basis. You ensure your backup equipment and configurations are up-to-date and working properly. You test your restores. Yet, when a sprinkler pipe bursts in your building and spills water over your servers and backup media, you lose all of your critical data in one night.
Disk-based online backup and recovery uses your current Internet connection to automatically transfer data off-site. Your backup data is immediately off-premises in just minutes after it’s been updated.
REASON #3: BETTER CONTROL OVER RESTORING DATA
If you experience a site disaster and need to immediately get your data up and running at a different location, traditional backup and recovery methods can require more time and effort than is feasible for businesses with limited technical staff.
With online backup and recovery solutions, when you need to recover from a site disaster — or wish to restore data to a different location for any reason — all authorized users have to do is log on to a Web interface, click on the files they want to restore and specify the location.
REASON #4: IMPROVED SECURITY FOR ALL SENSITIVE DATA
Your corporate server manages large amounts of sensitive data — customer records, employee records, intellectual property, and more. These are vital information assets you never want to expose to external parties. With online backup and recovery, stored at a highly secure, off-site location, your data remains safe.
REASON #5: A COMPLETE DATA PROTECTION SOLUTION
Data protection is not a single activity or one-time event. It’s a multi-step, complex workflow of interconnected processes that extend far beyond simple on-site backup.
Disk-based online backup and recovery is a low-overhead solution that addresses each step in the data protection workflow — while actually reducing the time, workload and cost associated with them.
REASON #6: IMMEDIATE DATA RESTORATION
Businesses run in real time and rely on electronic data: anything from payroll and customer files, to email and other important documents. When disaster strikes, you don’t have the luxury of waiting hours upon hours to restore your data.
Since online backup and recovery services immediately move data off-site by backing it up to disk over the Internet, you not only have the security of data that’s residing at least 50 miles away, you can also restore that data effortlessly.
REASON #7: ENHANCED ABILITY TO DEMONSTRATE COMPLIANCE
Today, most industries are adopting their own ever-changing regulations governing off-site data protection and retention periods.
Online backup and recovery enables you to automatically get your data off-site to a secure facility — a requirement for many industries. As privacy and records-retention regulations take effect, online backup offers protection traditional on-site methods never can, because data is always secured — in transmission, storage and access.
REASON #8: FREEDOM FROM ROUTINE BACKUP AND RESTORE TASKS
The unpleasant reality is that many traditional backup and recovery methods are time-consuming and tedious.
“Set-it-and-leave-it”online backup and recovery solutions reliably and automatically offload these functions, freeing staff for work that has a more direct impact on your competitive advantage, productivity and profitability.
REASON #9: INCREASED COMPETITIVE ADVANTAGE
More than 37% of small and medium-sized businesses have already deployed disk-based backup solutions —and nearly another one-third are considering it now.
Online backup and recovery gives you an edge by fully protecting your data and enabling you to immediately recover it when disaster strikes — or when you wish to restore data to a different location for any reason.
REASON #10: GREATER RELIABILITY IN RECOVERING ALL DATA
Online backup and recovery maximizes what matters most to businesses — reliable recovery of all their data when they need it — by combining more reliable disk media with the use of an existing Internet connection to securely move backed up data to a safe, remote off-site location.
We would love to hear your thoughts. Please comment below!
Bob Chaput wrote this blog. Bob is president of Data Mountain LLC, a data security, online data backup and recovery, disaster recovery and data protection services firm. bob.chaput@datamountain.com (800) 704-3394. Follow Bob on Twitter: twitter.com/BobChaput
March and April Data Protection Webinars - Open to Registration
Dear Data-Diligent Readers,
With all the "renewed" interest in HIPAA Security Rule compliance, driven by The HITECH Act, we have designed several new webinars to help Covered Entities (CEs) and Business Associates (BAs) restart their compliance efforts.
In March and April, our Complimentary live webinar offerings are listed below with direct links to see the overview and learning objectives of each webinar:
Bob Chaput wrote this blog. Bob is president of Data Mountain LLC, a data security, disaster recovery and data protection services firm. Data Mountain specializes in helping Covered Entities and Business Associates assure they are compliant with the Contingency Plan Standard of the HIPAA Security Law and The HITECH Act.
bob.chaput@datamountain.com (800) 704-3394. Follow Bob on Twitter: twitter.com/BobChaput
Data Mountain March 2010 Data Protection eNewsletter Published
Dear Data-Diligent Reader,
Our March 2010 Data Protection eNewsletter has been published.
Link to our March 2010 eNewsletter to learn more ... data protection and security updates, alerts and tips of importance to everyone striving to protect their valuable business, client and patient data.
This month, read about and link to the US Department of Health and Human Services' "Wall of Shame" -- its Data Breach Notification web page.
Please enjoy these links to industry articles and white papers that we've researched and assembled for you. I'm confident you'll find a nugget or two among them!
We would love to hear your thoughts. Please comment below!
Bob Chaput wrote this blog. Bob is president of Data Mountain LLC, a data security, online data backup and recovery, disaster recovery and data protection services firm. bob.chaput@datamountain.com (800) 704-3394. Follow Bob on Twitter: twitter.com/BobChaput
Our Focus is the HIPAA Security Rule and The HITECH Act ...since big changes take effect this month amidst a perfect storm that's brewing in healthcare in general and in the provider world, in particular, becuase:
There's a near-frantic EMR adoption pace
The Federal Government’s redoubled efforts to rigorously enforce the HIPAA Security Rule
There are new Federal and state level enforcement and penalty “teeth” delivered via The HITECH Act
There are general and growing national concerns over the protection of personal information
There's a huge gap in appropriate skills to get the EMR/EHR implementation job done well
The lack of skills in and understanding of information security and data protection is scary
The above are all combined with historical behavior of ignoring the HIPAA Security Final
… as if, with national healthcare reform, there weren’t enough clouds on the horizon!
The "black hats" continue to out-maneuver the "white hats" - viruses, worms, attacks, etc.
How reliable and secure is the Connected® Online Data Backup and Recovery service?
Dear Data-Diligent Readers,
Here’s a question I recently received about our online data backup and recovery service for PCs, MACs and laptops, Connected®…
How reliable and secure is the Connected® Online Data Backup and Recovery service?
Data Mountain and our supplier, Iron Mountain Digital, take data protection very seriously, and have gone to great lengths to protect data from all credible threats. Data Mountain specializes in off-site data protection and storage of PC data. Our online data backup solutions are the most used and most secure in the world.
The Connected solution provides the highest levels of digital security available. Data is encrypted at the desktop, using government-level, 128-bit, Advanced Encryption Standard (AES). All desktop and laptop data is kept encrypted both during transmission and in storage.
With our subscription service, the data is stored in one of Iron Mountain’s National Underground Site (NUS) facilities, which provide unsurpassed Data Center security. The facility is located 180 – 220 feet below ground with Level 4 security rating through 145 developed acres at the facility. The data center where your backups are stored are fully mirrored and redundant for further security. Our average uptime over the past five years is better than 99.99%.
On the user side, our Agent software provides feedback to users if backup policies are not working and files have not been successfully backed up. Users can then run an unscheduled backup to ensure that all their data is protected.
During the whole evaluation process and ongoing, the Data Mountain and Iron Mountain Digital support team is monitoring the entire process for you.
Bob Chaput wrote this blog. Bob is president of Data Mountain LLC, a data security, online data backup and recovery, disaster recovery and data protection services firm. bob.chaput@datamountain.com (800) 704-3394. Follow Bob on Twitter: twitter.com/BobChaput
Does the Security Rule cover all patient health information?
Dear HIPAA-HITECH Informed Readers,
Here’s a question from our HIPAA-HITECH FAQs Series…
Q7. Does the Security Rule cover all patient health information?
There is an exception. PHI transmitted by FAX or telephone is not covered by the HIPAA Security Rule, although this information is covered by the HIPAA Privacy Rule.
Bob Chaput wrote this blog. Bob is president of Data Mountain LLC, a data security, disaster recovery and data protection services firm. Data Mountain specializes in helping Covered Entities and Business Associates assure they are compliant with the Contingency Plan Standard of the HIPAA Security Law and The HITECH Act.
bob.chaput@datamountain.com (800) 704-3394. Follow Bob on Twitter: twitter.com/BobChaput
Case Study: CPA firm - Ensuring Business Continuity with Online Backup and Recovery
Dear Data-Diligent Reader,
The Problem. Small businesses know that they need to protect their data. But many companies just don’t put a plan in place because it’s too much of a chore. Or they do protect their data, but the method they use just isn’t adequate for the amount of data and their type of business.
Companies have traditionally backed up their data each night to tape or disk media. But tape and external disk methods are labor-intensive, and frequently doesn’t work correctly. Not only that, but in a disaster, businesses usually aren’t satisfied with recovering only data from the night before. Data protection methods that work on a more frequently scheduled or a continuous basis have traditionally been too expensive for small businesses. That is, until now, with online backup and recovery.
Today, we’re going to take a look at one small business, McCeney & Martin Certified Public Accountants, based in Franklin, Tenn., and how the company has greatly simplified its data protection process through online backup and recovery.
For McCeney & Martin, migrating to online backup and recovery wasn’t only a matter of finding a better way to protect its data – but it was to provide an “insurance policy” to keep its business running in the event of a disaster.
The company used to back up its data to tape each night, but it soon realized that its business was extremely vulnerable to data loss. McCeney & Martin’s staff never verified that the backups were being done correctly, and the company never got its tapes offsite. If a fire or flood hit the building, all of its electronic data would be gone.
As with most CPAs, McCeney & Martin increasingly creates much of its data electronically. Tax returns, along with client account data are stored on a central server. If this information is transferred to hard copy, it is often not done so until days or weeks later, when it can be taken offsite for permanent storage.
The Solution. Because this electronic data is the heart of McCeney & Martin’s business, protecting it is critical. When McCeney & Martin realized that it needed a more robust form of data protection, it investigated several options and ultimately selected an online backup and recovery service.
Online backup and recovery automatically backs up all of McCeney & Martin’s server data on a continuous basis via the Internet. The data is then stored in a secure offsite facility, where it is made available for immediate recovery in the event of a disaster, such as a server crash, virus, human error, fire or flood. The service also comes with a 100 percent guarantee that its customers will always be able to restore their data.
The Result. Online backup and recovery requires no effort on McCeney & Martin’s part and provides the company with a much higher level of protection. With tape backup, the company had to manually perform the backup operation each night. However, online backup and recovery works automatically in the background – and on a continuous basis – meaning that McCeney & Martin’s data is always backed up and recoverable.
When McCeney & Martin needs to restore data, one of its employees can access the server directory via a Web interface. The employee then just needs to click on the file or set of files to restore, and the documents are retrieved in minutes. Previously, it could take the company more than an hour to find a file to restore from tape.
Most importantly, though, online backup and recovery provides McCeney & Martin with a peace of mind. With the service, the company can be sure that its data is always backed up and kept secure offsite. This means even if the company was to suffer a hardware failure or physical disaster, it would still be able to carry on with all of its customer data intact.
Small businesses no longer need to worry about the hassles of data protection. With online backup and recovery, there is now an easy and affordable way for small businesses to ensure they can get their data back when they need it.
We would love to hear your thoughts. Please comment below!
Bob Chaput wrote this blog. Bob is president of Data Mountain LLC, a data security, online data backup and recovery, disaster recovery and data protection services firm. bob.chaput@datamountain.com (800) 704-3394. Follow Bob on Twitter: twitter.com/BobChaput
Does LiveVault require me to buy any software or hardware?
Dear Data-Diligent Readers,
Here’s a question I recently received about our online data backup and recovery service for servers, LiveVault®…
Does LiveVault require me to buy any software or hardware?
LiveVault does not require you to purchase or maintain any additional hardware at your facility. Additionally, the only software required to run the service is the LiveVault agent software, which is included in the cost of the service. The agent includes no third party separately licensed software. There is, at the same time, an optional onsite appliance called the Turbo Restore Appliance which can be deployed to help meet more stringent Recovery Time Objectives (RTOs).
LiveVault’s propriety technology is award-winning and patent protected.
Bob Chaput wrote this blog. Bob is president of Data Mountain LLC, a data security, disaster recovery and data protection services firm. bob.chaput@datamountain.com (800) 704-3394. Follow Bob on Twitter: twitter.com/BobChaput
What does HIPAA mean by “EPHI” and “electronic media?”
Dear HIPAA-HITECH Informed Readers,
Here’s a question from our HIPAA-HITECH FAQs Series…
Q6. What does HIPAA mean by “EPHI” and “electronic media?”
In general, patient health information that has been converted to, stored in, or transmitted by electronic media is deemed to be “EPHI” and as such is to be controlled and protected under the HIPAA Privacy and Security Rules.
“Electronic media” is defined as:
• Any electronic storage media including memory in computers (hard drives)
• Any removable or transportable digital memory medium (magnetic tapes or disk, optical disk, or memory card)
• Transmission media used to exchange information electronically (Internet, leased lines, dial-up, intranets, and private networks)
Bob Chaput wrote this blog. Bob is president of Data Mountain LLC, a data security, disaster recovery and data protection services firm. Data Mountain specializes in helping Covered Entities and Business Associates assure they are compliant with the Contingency Plan Standard of the HIPAA Security Law and The HITECH Act.
bob.chaput@datamountain.com (800) 704-3394. Follow Bob on Twitter: twitter.com/BobChaput
As a healthcare executive, business owner and a service provider, few things irritate me more than ill-informed vendors running around making assertions about regulatory or legal requirements that are simply not true and/or making assertions about their products and services being [fill-in-the-blank] law or regulation-compliant when in fact there's not a circumstance that allows such a condition.
Many of these crazy assertions are reappearing around the HIPAA Security Final Rule and what is serving as its "after-burners", The HITECH ACT. To be clear, there is no such thing as a HIPAA-compliant data center or a HIPAA-compliant server or a HIPAA-compliant data backup product or an EMR software product or a HIPAA-compliant online data backup and recovery service. Only organizations become HIPAA-compliant through comprehensive processes. These organizations include Covered Entities (CEs) and Business Associates (BAs). BAs now fully subject to all aspects of the HIPAA Security Final Rule and The HITECH Act "teeth" put into the HIPAA Security Final Rule.
This article sets the record straight on a very specific aspect of the HIPAA Security Final Rule - the Data Backup and Disaster Recovery Specifications within the Contingency Plan Standard. We separate myth from reality about what exactly is required of whom by what dates in order to comply with these Specifications.
Please link to this page, enter your contact information to access to this informative article and for a free consultation about how we can help you to stay HIPAA-HITECH compliant. Read More...
Bob Chaput wrote this blog. Bob is president of Data Mountain LLC, a data security, online data backup and recovery, disaster recovery and data protection services firm. bob.chaput@datamountain.com (800) 704-3394. Follow Bob on Twitter: twitter.com/BobChaput
Why consider an outsourced PC data backup and recovery service instead of an in-house solution?
Dear Data-Diligent Readers,
Here’s a question I recently received about our online data backup and recovery service for PCs, MACs and laptops, Connected®…
Why consider an outsourced PC data backup and recovery service instead of an in-house solution?
In today’s business environment, more and more key executives, knowledge workers, and sales teams travel with their mobile PCs containing valuable data – where the PC is often the only repository for this data. If you are relying on PC users to run their own backups, how confident are you that this happens daily? Weekly? Monthly? Ever? Moreover, with 12,000 laptops stolen or lost each week in the US alone, what chance is there that business confidentail information falls into the wrong hands, with no way to recover it. Equally, if not more serious, increasingly more stringent regulations around data breach notifications make it mandatory to be able to recover lost laptop data simply to be able to report what was exactly was on the lost machine.
In order to recover from any disaster, even as small as an accidental file deletion, you need a reliable and automated backup process that also provides fast access to the backed-up data. The Data Mountain Connected® solution, powered by Iron Mountain Digital, can offer you just that: instant access to backed-up data when it is needed – anytime, from anywhere – through our secure web portal.
Implementing an in-house solution for user data backup means managing hardware and software, increasing server storage requirements, and adding yet another item to your daily IT activities - which is why it often doesn’t get done. But can you risk losing days or weeks of user data? Can you leave vital company data vulnerable to loss due to theft, crashes, viruses, hackers, and user error?
Data Mountain and Iron Mountain have integrated 50+ years of best practices and technology experience in our service offerings. Our solution provides the most comprehensive protection for your critical data – consistent, reliable, off-site, secure, and off-line. It ensures that you can recover data quickly – reducing the burden on your IT staff and making users more productive by reducing downtime. We’ve made it our business to ensure your data is protected.
Consider an outsourced solution! During the whole evaluation process and ongoing, the Data Mountain and Iron Mountain Digital support team is monitoring the entire process for you.
Bob Chaput wrote this blog. Bob is president of Data Mountain LLC, a data security, online data backup and recovery, disaster recovery and data protection services firm. bob.chaput@datamountain.com (800) 704-3394. Follow Bob on Twitter: twitter.com/BobChaput
What is the difference between the HIPAA Privacy Rule and the HIPAA Security Rule?
Dear HIPAA-HITECH Informed Readers,
Here’s a question from our HIPAA-HITECH FAQs Series…
Q5. What is the difference between the HIPAA Privacy Rule and the HIPAA Security Rule?
The Security and Privacy Rules are distinct rules, but they are inextricably linked. The privacy of information depends in large part upon existence of security measures. The HIPAA Security Rule defines the standards that CEs must implement to provide basic safeguards to protect EPHI. The Privacy Rule sets the standards spelling out how CEs should control EPHI.
In general, the Privacy Rule covers protected health information (PHI) in all forms while the Security Rule only covers PHI in electronic form.
The HITECH Act makes significant changes to all provisions of HIPAA of which the Privacy Rule and Security Rule are a part.
Bob Chaput wrote this blog. Bob is president of Data Mountain LLC, a data security, disaster recovery and data protection services firm. Data Mountain specializes in helping Covered Entities and Business Associates assure they are compliant with the Contingency Plan Standard of the HIPAA Security Law and The HITECH Act.
bob.chaput@datamountain.com (800) 704-3394. Follow Bob on Twitter: twitter.com/BobChaput
How Outsourcing to Cloud Can Improve Data Protection for SMBs
Dear Data-Diligent Reader,
As a small business owner, you know the importance of protecting your data. If anything were to happen to your company server, from fire or flood to server crash or virus, and your data disappeared, you would likely be out of business.
The Problem
Fact is, most small businesses don’t protect their data in the way they want to, mostly due to cost and time restrictions. What most small businesses don’t realize is that they can have it all – continuous data protection, fast restores and zero management – by outsourcing the backup and recovery process to the cloud... online data protection services also known as online data backup and recovery services.
Following are four reasons why all small businesses should seriously consider outsourcing their data backup and recovery process:
Backup is a taxing chore. This process is time-consuming, since the person responsible for backup has to initiate the process, switch out tapes or disk media and arrange for offsite transport. Outsourcing this function will free up resources and let employees focus on more important tasks.
There are multiple points of error in the backup process. With all the steps involved in the tape backup process, it’s easy to see there are many failure points. Outsourcing removes these points of error and lets an expert do the job.
Your electronic data is critical to business operations. Everything from financial transactions to customer records to correspondence is stored electronically. Most small businesses that do backup only have time to manually backup their data once a day at most. Outsourcing allows for continuous or nearly continuous backup so that all critical data is always protected.
Outsourcing is cost-effective. With tape- or disk-based backup, you need to buy tape asnd disk drives drives, enough tapes or disks for an adequate rotation, as well as pay storage costs (and possibly an offsite service to get the tapes off the premises). Not to mention labor costs and the costs of upgrades on a frequent basis as the technology matures. With outsourcing, users only need to pay a predictable monthly fee and the technology is always up-to-date since the service provider is maintaining it.
The Solution
Outsourcing has a long history in other business areas where the task is too time-consuming. Consider this: nearly every business outsources its payroll operations. Why? Because payroll is a taxing chore that is essential to get right but which adds no strategic value to company operations. That’s why most businesses believe it is best to outsource the payroll task to experts who remove the burden and do it right every time.
The same applies to data backup and recovery. Data protection is also a taxing chore, with many steps and huge potential for error. It is also a critical task that must be done right, essential to keeping your business in business. That’s why it makes sense for a company to outsource backup and recovery to experts who can remove the burden and do it right every time.
We would love to hear your thoughts. Please comment below!
Bob Chaput wrote this blog. Bob is president of Data Mountain LLC, a data security, online data backup and recovery, disaster recovery and data protection services firm. bob.chaput@datamountain.com (800) 704-3394. Follow Bob on Twitter: twitter.com/BobChaput
We are often asked, "How do I go about selecting an online data backup and recovery service?"
Our Data Mountain White Paper answers that question and this accompanying Buyer’s Guide Checklist is designed to assist you even more. Over the years, we have assisted many customers in creating their evaluation criteria and making informed decisions about data protection solutions. Unfortunately, in this market, unlike in the insurance marketplace, we do not have an A.M. Best, a Moody, a Standard and Poor or a Wiess Research publishing financial strength ratings on industry players. Nor do we have widely published customer service ratings by a J.D. Powers & Associates in this industry.
To help our customers navigate through a market where there are new players almost every week and horrific stories of lost data almost by the weak vendors every month, we have gathered these evaluation criteria/questions in the form of a checklist of critical questions to ask. Our current checklist list follows: One can "clip the waves" and focus on seven (7) high-level questions OR take a "deep dive" and use more comprehensive fifty-two (52) questions as a guideline for determining which solution is best for your business.
Bob Chaput wrote this blog. Bob is president of Data Mountain LLC, a data security, online data backup and recovery, disaster recovery and data protection services firm. bob.chaput@datamountain.com (800) 704-3394. Follow Bob on Twitter: twitter.com/BobChaput
What software does Data Mountain’s LiveVault service use?
Dear Data-Diligent Readers,
Here’s a question I recently received about our online data backup and recovery service for servers, LiveVault®…
What software does Data Mountain’s LiveVault service use?
The LiveVault service is based on LiveVault’s own backup technology. This proprietary technology allows LiveVault to lead the online server backup and recovery market. Unique to LiveVault’s software is the ability to protect data continuously, as well as the ability for LiveVault’s expert management team to provide exceptional 24x7 pro-active support. LiveVault’s technology also runs the “back-end” of the service, providing historic versioning of data, as well as redundancy in key areas. In addition to the core LiveVault technology, LiveVault’s operations group uses best of breed third party hardware and software tools and systems to provide the high levels of support our customers expect. The only software a customer needs to install is the LiveVault agent software that resides on each protected server.
LiveVault’s propriety technology is award-winning and patent protected.
During the whole evaluation process and ongoing, the Data Mountain and Iron Mountain Digital support team is monitoring the entire process for you.
Learn More About Data Mountain's LiveVault® OnlineData Backup and Recovery Service Today!
Bob Chaput wrote this blog. Bob is president of Data Mountain LLC, a data security, disaster recovery and data protection services firm. bob.chaput@datamountain.com (800) 704-3394. Follow Bob on Twitter: twitter.com/BobChaput
Eight (8) Deadly Sins Small Businesses Commit in Backup and Recovery
Dear Data-Diligent Reader,
Your business data is more visible, vulnerable and valuable than ever. Online data backup and recovery are not just for big enterprises. The argument can be made that when a small business loses its Internet connection or its server for a few hours, it suffers greatly.
In fact, research shows that 50% of companies that lose their data in a disaster never reopen for business and 90% are out of business within two years.
In our experience, there are "Eight Deadly Sins Small Businesses Commit in Backup and Recovery." (So far! We keep discovering more and we'll keep you posted.)
Sin #1: No Backup Plan
Too often, backup is not perceived as a strategic, value-added activity for small businesses. As a result, there is no formal plan and critical data is left at risk. Every CE and BA, regardless of size, needs a data protection strategy to ensure business continuity.
Sin #2: Backup is Not Taken Offsite
To minimize cost, CEs and BAs routinely overlook getting data securely off-site. In some of the “best cases”, we hear of tapes or USB drives or “thumb drives” stored in office drawers, purses or the back seat of a car!
Sin #3: Bad Backup Plan
Many CEs and BAs only back up their data nightly or on a weekly basis. Some don’t even back up the correct data. This leaves a large “window of vulnerability” during which critical data can be lost. Is it sufficient for your business to recover from yesterday’s backup if you’re server crashes at 5pm today?
Sin #4: Over Reliance on Disk Media or Tape Media
Up to seventy (70) percent or recoveries from of tape- or disk-based backups fail. Additionally, most CEs and BAs do not have the IT resources to consistently and reliably handle tape or disk management and off-site storage.
Sin #5: Our Office Manager Can Do It
Forgiveness time! There are simply too many moving parts in tape or disk backup schemes and it’s too much for mere mortals to do. When was the last time your tape or disk backup log was checked?
Sin #6: No Regular Testing of Backup and Recovery
Backup is useless if your recovery fails. Testing tape-based recovery can be time-consuming, and most companies rarely do it. When was the last time you completed a successful restore of your data from a tape or disk media?
Sin #7: Believing “It Won't Happen To Me”
Data loss events are inevitable. Critical data loss can result from a variety of causes including human error, computer virus, hardware or software system failure, power disruption, fire or natural disaster. There are two kinds of businesses: those that have had a major data loss event and those that will.
Sin #8: Backup Data / Media is Not Encrypted
Good news – Bad news. Too often we see tape- or disk-based backup media taken offsite (good news) as part of a data protection plan. Unfortunately, if that media is lost or stolen, it will likely be a direct violation of the HIPAA Security Law and a growing number of state privacy laws.
Despite these challenges, small businesses need to commit to protecting their data. It could be a matter of business life or death!
To learn more about our online Server and PC backup solutions, powered by Iron Mountain Digital, please contact us or visit http://www.DataMountain.com.
We would love to hear your thoughts. Please comment below!
Bob Chaput wrote this blog. Bob is president of Data Mountain LLC, a data security, online data backup and recovery, disaster recovery and data protection services firm. bob.chaput@datamountain.com (800) 704-3394. Follow Bob on Twitter: twitter.com/BobChaput
Q4. What are the objectives of the HIPAA Privacy and Security Rules?
Dear HIPAA-HITECH Informed Readers,
Here’s a question from our HIPAA-HITECH FAQs Series…
Q4. What are the objectives of the HIPAA Privacy and Security Rules?
The objectives of these rules are to:
• Ensure confidentiality, integrity, and availability of all EPHI that a CE or BA creates, receives, maintains, or transmits
• Protect against any reasonably anticipated threats or hazards to the security or integrity of such EPHI
• Protect against any reasonably anticipated losses or disclosures of EPHI
Bob Chaput wrote this blog. Bob is president of Data Mountain LLC, a data security, disaster recovery and data protection services firm. Data Mountain specializes in helping Covered Entities and Business Associates assure they are compliant with the Contingency Plan Standard of the HIPAA Security Law and The HITECH Act.
bob.chaput@datamountain.com (800) 704-3394. Follow Bob on Twitter: twitter.com/BobChaput
Imagine your worst nightmare... A server overheats, starting a fire that consumes your computer room before the sprinkler system kicks in and aids in the disaster prevention process. You’ve lost facilities, hardware, network and data. Now what?
There are four primary non-human assets needed to effectively operate an information system – facilities, hardware, network and data. In the unfortunate event of a disaster, hardware and networks can be replaced, and facilities can be moved to a new location. In fact, with the exception of data, virtually every company asset can be replaced. It can even be insured with a property and casualty policy. Therefore, your top priority should be to protect the asset that’s most at risk, cannot be insured and hardest to replace: your data.
Businesses need to strike a balance between the level of business risk they can tolerate and the cost of perfect security. Initially, all businesses would say they can’t afford to lose any data and they can’t tolerate any downtime. But protection on that scale is probably cost-prohibitive and overzealous. It’s unlikely that all applications are equally mission-critical and all systems are equally vital. That’s where metrics like RTO and RPO enter the discussion.
International Data Corporation research determined that 98 percent of all companies are adversely affected by unscheduled downtime. This speaks directly to the need for Recovery Time Objectives (RTO) to guide your firm when any disruption occurs. Proven and tested RTO metrics will give you confidence in how quickly you can recover critical systems and be back in business serving customers.
In addition, Gartner Group research found that 93 percent of organizations that have experienced a significant data loss are out of business within five years. This research confirms the need for Recovery Point Objectives (RPO); once your firm’s systems are back online after a disaster, your RPO standards help you keep data loss to a minimum.
Business continuity plans start by determining the RTO and RPO for a particular firm’s applications. The relative importance of RTO and RPO is different for every organization. After determining your organization’s RTO and RPO, it’s time to make sure you’ve got a backup and recovery solution that supports them. Businesses should look for a solution that incorporates the following four components:
Requirement #1: Continuous Backup
Only half of U.S. businesses perform data backup, and surveys find these businesses do not always do an adequate job. Because some organizations have limited or no IT staff, they perform bulk server backup sporadically, use traditional tape or external disk media for backup and typically perform the task after business has closed for the day. That means to restore data, companies can only expect to recover from the previous night. How can you eliminate this window of vulnerability? Ask your provider for continuous backup that allows data to be captured as it is changed – essentially in real-time.
Requirement #2: Automatic Off-site Storage
Even if your business is rigorous about backup, are you equally rigorous about ensuring that the tape or disk is safely stored offsite? Perhaps you do invest in scheduling the time to backup, physically remove tapes or disks and arrange for pickups by a third party to transport your tapes or disks to a remote vault. But more likely your company does not currently make these investments. Look for a service that provides safe and accessible data-vaulting, and transmits the data via the Internet, so physical damage to tapes or theft of tapes is avoided entirely and the data is immediately available for system recovery.
Requirement #3: Immediate Recovery
Recovery is the process of restoring operations and specifically, data, after an outage or disaster. It’s an obvious point, but often overlooked: being able to immediately recover data is critical to ensuring business continuity. Online services provide a means of recovering data immediately from any Web interface. Look for a service that offers this level of convenience and control.
Requirement #4: The Assurance You Can Recover
Backup and recovery software vendors will have RTO and RPO ranges within their service level agreements, but none will provide an absolute guarantee because there are too many elements outside of their control, like tape or disk quality or the ability of the internal IT staff. Online backup and recovery services, however, are able to provide very high levels of assurance because the entire process is managed by experts at the service provider, and the technical components of the service are fully automated. When evaluating any backup and recovery solution provider, make sure to ask about its recovery track record, rather than just the backup, of data.
Summary
Establishing business continuity metrics such as RTO and RPO is critical in business continuity planning. Devoting attention to RTO and RPO is the only way to guarantee your organization will still be able to operate in the event of a disaster. After all, when it comes to disaster recovery planning, do you want your business up and running quickly, but operating with data that’s a week or even a day old?
To learn more about our online Server and PC backup solutions, powered by Iron Mountain Digital, please contact us or visit http://www.DataMountain.com.
We would love to hear your thoughts. Please comment below!
Bob Chaput wrote this blog. Bob is president of Data Mountain LLC, a data security, online data backup and recovery, disaster recovery and data protection services firm. bob.chaput@datamountain.com (800) 704-3394. Follow Bob on Twitter: twitter.com/BobChaput
Since the 90s, personal data stored on the servers, desktops, and laptops of organizations has been under attack by unauthorized parties intent on identity theft and misuse. We all know from personal experience that the need for protection of confidential consumer/health information has always been recognized. However, an uneven response to the threat has resulted in breaches of increasing size and frequency. Something had to be done.
Public outcry eventually compelled Federal and State legislators to adopt regulations to protect privacy. But loosely written laws intended to motivate organizations to secure personal data, such as the Health Insurance Portability and Accountability Act (HIPAA), failed to stem the rising tide of breach incidents due to a lack of specificity and enforcement.
In response, new and increasingly more stringent laws with greater specificity and enforcement provisions covering stored personal information (data at rest) have been enacted at both the Federal and State level. Multiple industries, from healthcare to financial services to retail, are directly impacted by one or more of these statutes. To help you better understand the new categories of law, visit our web site and download this valuable brief today!
Bob Chaput wrote this blog. Bob is president of Data Mountain LLC, a data security, online data backup and recovery, disaster recovery and data protection services firm. bob.chaput@datamountain.com (800) 704-3394. Follow Bob on Twitter: twitter.com/BobChaput
Here’s a question I recently received about our online data backup and recovery service for PCs, MACs and laptops, Connected®…
How reliable and secure is the Connected® Online Data Backup and Recovery service?
Data Mountain and our supplier, Iron Mountain Digital, take data protection very seriously, and have gone to great lengths to protect data from all credible threats. Data Mountain specializes in off-site data protection and storage of PC data. Our online data backup solutions are the most used and most secure in the world.
The Connected solution provides the highest levels of digital security available. Data is encrypted at the desktop, using government-level, 128-bit, Advanced Encryption Standard (AES). All desktop and laptop data is kept encrypted both during transmission and in storage.
With our subscription service, the data is stored in one of Iron Mountain’s National Underground Site (NUS) facilities, which provide unsurpassed Data Center security. The facility is located 180 – 220 feet below ground with Level 4 security rating through 145 developed acres at the facility. The data center where your backups are stored are fully mirrored and redundant for further security. Our average uptime over the past five years is better than 99.99%.
On the user side, our Agent software provides feedback to users if backup policies are not working and files have not been successfully backed up. Users can then run an unscheduled backup to ensure that all their data is protected.
Consider an outsourced solution! During the whole evaluation process and ongoing, the Data Mountain and Iron Mountain Digital support team is monitoring the entire process for you.
Learn More About Data Mountain's Connected® Online Data Backup and Recovery Service Today!
Bob Chaput wrote this blog. Bob is president of Data Mountain LLC, a data security, disaster recovery and data protection services firm. bob.chaput@datamountain.com (800) 704-3394. Follow Bob on Twitter: twitter.com/BobChaput
A Business Associate is a person or entity who provides certain functions, activities, or services for or to a covered entity, involving the use and/or disclosure of PHI. A Business Associate is not a member of the health care provider, health plan, or other covered entity's workforce. A health care provider, health plan, or other covered entity can also be a business associate to another covered entity. Examples of business associates are:
• A third party administrator that assists a health plan with claims processing
• A CPA firm whose accounting services to a health care provider involve access to protected health information
• An IT service provider who may view unencrypted protected health information
• An attorney whose legal services to a health plan involve access to protected health information
• A consultant that performs utilization reviews for a hospital
• A health care clearinghouse that translates a claim from a non-standard format into a standard transaction on behalf of a health care provider and forwards the processed transaction to a payer
• An independent medical transcriptionist that provides transcription services to a physician.
• A pharmacy benefits manager that manages a health plan’s pharmacist network.
Bob Chaput wrote this blog. Bob is president of Data Mountain LLC, a data security, disaster recovery and data protection services firm. Data Mountain specializes in helping Covered Entities and Business Associates assure they are compliant with the Contingency Plan Standard of the HIPAA Security Law and The HITECH Act.
bob.chaput@datamountain.com (800) 704-3394. Follow Bob on Twitter: twitter.com/BobChaput
