In the "before time" - way back before my MSP days - I learned the absolute requirement to have one piece in place before anything else. And even today, 30+ years later, it's still true. That piece: Testing backups.
If you're not testing backups,
You are not doing your job!
Nothing is ever more important than testing backups. Why? Because backups fail. And if you test backups, you know at least three things:
1. You have a backup system
2. The backup is working
3. You know how to get data from the backup to live usage (database, storage, etc.)
And here's where people get it wrong: They set it and forget it.
You can set it, but you can never forget it.In my last "real job," we had a hard drive fail on an HP-3000 mini (some folks would call it a mainframe). The backup was on tape, and the restore took nine hours. There was a bit of data loss, but it was less than one day's worth of data entry.
As I recall, the company lost just over $20 million in that incident (which lasted roughly ten hours in total). But the system worked as well as it could at the time. It was a bad day for me, and a bad week for the folks in the customer service department. But the business was back in business when everyone showed up for work at 8:00 AM.
Everyone learned: 1) We have a backup that works; and 2) the corporate overlords suddenly had a budget to improve the backup, if it could shorten the downtime if there's another incident like this.
Things fail. Your backup will fail. On average, a daily full backup will be "less than perfect" about once per month - no matter what system you have. Three times per month is quite normal for the best systems available today. Stuff happens. Updates. Hardware. Human error. Software. Electrical problems. Configuration changes. Unknown. Stuff happens. Wrong media. Bad media. etc.
If you don't believe those numbers, you are not checking your backups often enough. Period.
Having an imperfect backup happens. That's why you can never set it and forget it.
Here are two facts you should take with you on your sales calls:
- If you have a good, working backup, you can avoid data loss from any crypto virus, human error, or anything in between. (This obviously does not include phishing attacks, but it does cover a lot of other stupidity.)
- It IS possible to have such a backup in a small business. The larger a business grows, the less likely it is to have a good, working backup.
What does this mean to the business owner? It means that you can secure their business more reliably than the large businesses they read about in the news. Large businesses cannot even keep track of all the devices on their networks. Some think they can. Some are quite adamant about it. But they cannot.
The larger a business is, the more complicated, sophisticated, and less successful their backup is. This seems intuitively wrong, but it's true. Complexity changes the nature of backups.
And that's why, conversely, small networks CAN be completely documented and can be backed up reliably. And best of all, small networks can be backed up reliably at a reasonable price.
Backup is the Center of Your Security
Your "big picture" of you security is made up of a lot of puzzle pieces. But one piece is always at the center, and it's more important that all the others put together. Your backup is, ultimately, the only guarantee you have that you can get a client back into business when catastrophe strikes. The event might be ransomware. But it might also be a hazmat spill, a fire, a failed storage array, sabotage, or many other things.
Similarly, the backup might be a BDR. Or it might be disc-to-disc-to-cloud strategy. It might even be tape. Google, Microsoft, and Amazon (among many others) still use tape for archiving, which provides their ultimate air-gapped backup.
If you do nothing else in your managed service business, you should test every backup at every client at least once per month. "Test" does not mean to look at a monitor. It does not mean to read a report or count the green lights on a dashboard. Testing a backup means mounting the media (BDR, disc, or whatever) and restoring data from all key components (email, databases, file store, etc.).
This is literally the single most important thing you do. If you cannot restore a client's systems after a catastrophe, you are not a managed IT company. Clients may be more worried about their internet speed, the transaction costs, viruses, or even whether the monitors are bright enough. But on the after the "stuff" hits the fan, they should be able to rely on you to get them back in business. And if you can't do that, you have failed the most important thing you should be doing for that client.
Sadly, almost no MSPs that I talk to even attempt to verify backups once per month. This is a major failing of our industry. Lots of companies are paying lots of money to turn over their technology management and trust that it's being taken care. But if you're not taking care of the single most important thing, then you are not giving them what they are paying for.
The Never-Changing Statistic:
Fifty percent of all prospects do not have a working backup, whether they know it or not. This was true thirty years ago, and it's true today.
If you make examining the backup part of your sales strategy, you'll see this immediately. The saddest part is, there were no MSPs thirty years ago. Now, almost all prospects have someone who calls themselves an MSP. And yet, fifty percent of the clients they serve do not have a working backup.
What's your standard operating procedure for testing backups?
:-)
No comments:
Post a Comment
Feedback Welcome
Please note, however, that spam will be deleted, as will abusive posts.
Disagreements welcome!