November 2018

Do you have Backup and Recovery for Your Mobile?

A man uses his phone while working on his laptop.

Laptops, tablets, smartphones and any other mobile devices make everything possible from reading the news to working online while traveling. Thanks to smartphone technology, it has become easy for business people to work on the go, keep up to date with business affairs and access sensitive data no matter their location.

Although highly beneficial for most businesses, this technology also opens up a business to new risks and threats that are unique to mobile devices.

The Danger of Going Mobile

Here are a few of the risks and threats that can affect your business when you use mobile devices:

  • Your mobile device is easy to pick up and go, which is the main reason it is so convenient. However, this feature also allows criminals to simple steal your device and collect the data.
  • As these devices are out and about with you, they can suffer physical and water damage.
  • They are more likely to be forgotten on public transport or in a public bathroom.
  • When you are working out of the office on your mobile devices, you are not protected by your company’s corporate security or IT help.

The Importance of Backup and Recovery for Your Mobile

There are many ways in which your mobile device can become a risk, and it is important for your business to recognize the threat and act before a disaster strikes. It is just as easier, perhaps easier, to target a mobile device, than an office computer as criminals know that most businesses do not protect their mobile devices.

Therefore, it’s critical for your business to have a mobile backup and recovery solution to protect mobile devices from cyber attacks, as well as restore data quickly from anywhere in the world to avoid business downtown and the distribution of sensitive data.

Learn more about backup and recovery solutions by contacting ActiveImage today! We will make sure the risk of a mobile device does not outweigh its convenience.

Do you have Backup and Recovery for Your Mobile? Read More »

4 Things to Avoid in Data Recovery

Knowing what not to do when creating and implementing your data recovery plan is just as important as knowing how to put together and maintain a correct and reliable procedure. Here is what to avoid when working with data recovery:

 

What to Avoid in Data Recovery

 

1. Don’t Underestimate Your Infrastructure

Many organizations have files, databases, and application data in both physical and virtual servers. Therefore, a data recovery procedure that involves a backup every few days is not sufficient, as IT infrastructure is complex. A fundamental understanding of your IT inventory is necessary to ensure each differing level of infrastructure has adequate backup procedures and recovery objectives.

2. Don’t Choose Backup over Recovery

Data recovery is as important, or even more important than your backup as it does not matter how many copies you have if you can not restore the data. Therefore, as much value and effort should be placed in data recovery as in the companies backup procedures.

Additionally, a good backup plan is integral to protecting a company against security threats but companies can only fully survive a ransomware attack when they are able to successfully recover their data from their backups. Therefore, your data recovery should never be undervalued.

3. Don’t Skip Out on Testing

As stated above, a data recovery and backup strategy is only as useful as your ability to restore that data. Therefore, it is important to ensure your strategy works by testing your backups on a regular basis. Your organisation needs to commit to a plan that allows you to evaluate your level of preparedness under different simulated disaster scenarios.

4. Don’t Fall Behind the Times

Avoid using technology that is seen as outdated, unreliable and slow. Your organisation must evolve as technology changes. Regularly ensure your data recovery strategy is up to date with current trends to maintain your protection against threats.

4 Things to Avoid in Data Recovery Read More »

2018’s Most Common Cyber Attacks

With the year drawing to a close and the holidays fast approaching, we take time to look back at the cyber attacks that dominated the world of cyber crime in 2018. By understanding the main tactics used by cyber criminals this year, we can predict and become more prepared for next year’s threats.

 

5 Most Common Cyber Attacks in 2018


Ransomware


These attacks have always been popular, as encrypting data and holding it for ransom is a profitable attack. In 2018, with the increasing popularity of cloud services, criminals turned their attention to ransoming data on the cloud. Most of these attacks have been successful for the perpetrators, as users of cloud services assume they have a certain level of security and do not take extra precautions, such as a data backup that is locally stored.


Cryptojacking


Cryptojacking rose in popularity when the prices of cryptocurrencies drastically increased. Although we are no longer at that ‘all-time high’, prices could skyrocket again. Cryptojacking’s popularity may rise and fall continuously for the next few years, but it is here to stay because it is a low-risk crime. For criminals, there is a lot of money to be made and the crimes normally go undetected.

 

Socially Engineered Malware

 

Criminals have come to understand most people would not open a file sent by a stranger, but they are likely to open a file/attachment from a friend or family member they trust. The user is tricked into opening a file or software that collects private data without detection. New attacks include websites that inject code into the browser to collect data.


These programs are responsible for hundreds of millions of successful hacks each year. A good quality malware prevention program is the first step to protecting yourself from these attacks, however, the end user also needs to be educated so they can recognize these attacks, when they appear.


Social Media Threats


Since we spend so much time on our Facebook, Twitter, and LinkedIn accounts, it can be easy to overlook the threats on these services. The attacks take advantage of the connections we have to other people on these platforms. An attack can start with a friend request that shares a link or asks you to download something. These are all strategies to trick you into giving up information.

These attacks are also used to embarrass companies, as hackers take over a companies social media and post inappropriate content that is damaging to the company’s brand.


Artificial Intelligence Weaponization


These attacks are the modern version of spearfishing. Criminals use the same machine learning and neural networks used to predict cyber attacks, to trick users. They are able to use this technology to find out information on their target from social networks, company websites, and other sites to tailor make messages that are so convincing, they can even get past the tools used to detect them.

 

What To Expect in 2019


As technology and our computing behaviors keeps changing, as will cyber attacks continue to change and evolve. The increasing use of mobile devices attached to cloud services means we need to expect more of the above attacks on our phones, tablets, and even smartwatches.

For peace of mind, make sure you are up to date on the best data backup and recovery software. Contact ActiveImage today for more information on how to protect your business.

2018’s Most Common Cyber Attacks Read More »

Have You Been Hacked?

Sometimes technology doesn’t always work the way it used to and it could be starting to show its age, and signalling that it is time for a replacement. However, some signs that makes it look like your machine is malfunctioning can also be a sign that you have been hacked.

Here are 6 things you should look out for that tells you your system is under attack:

Speed

When your computer begins to lag or run particularly slow, even if you are working offline, it is most likely because malware and other malicious software are running in the background of your device.

Data Usage

If you suddenly notice your data usage is much higher than normal, it is possibly because of a virus running behind the scenes, which is causing your device to visit sites and click ads without you knowing.

Control

If your cursor is jumping all over the screen and does not respond to your movements or clicks, then a hacker is infiltrating your device. Your keyboard can also be affected in that it may not respond to typing.

Updates

Malware will prevent you from updating your antivirus software or even your operating system.

Passwords

When you type a password you know off the back of your hand several times, taking extra care with the spelling, and it still doesn’t work, it is a good indication that a hacker has changed your password to prevent you from gaining access to your account. You can double check this theory by checking your mail box for any emails in your sent box that you didn’t actually send.

Power

Your device will normally notify you when it is about to shutdown or restart. Therefore, if your device restarts without any prior notice, you’ve likely been breached.

 

In these moments, for peace of mind it is best to have an effective backup and recovery plan in place in case your device suffers a cyberattack.

Have You Been Hacked? Read More »

Deduplication: pros, cons, what to look for and what to expect from it.

 

We will not try to get down to the molecular level. The main intention of this article is to shed some light on deduplication-relevant pros and cons and to broaden view of this topic.

In computing, the simplest and the most effective definition (by Wikipedia) of Data Deduplication goes as “a specialized data compression technique for eliminating duplicate copies of repeating data”.

So, if you poke around the Internet long enough – you see various examples and analogies which would try to help us to understand what’s going on.

One of the examples would compare a book library with a concise deduplicated collection made out of it.

In this deduplicated collection each word would be stored only once with a lot of references made to all places where in the books this word is actually placed.

Another example would compare a house with a set of elements from which this house is built.

In the deduplicated set we would only need x1 instance of each element (brick, hinge, door nub, roof-tile, window’s frame etc.) with a precise list of references where each element goes to (blueprint of the house).

In both above cases we deal with two main portions of deduplicated data –

  1. the main collection of unique items (“one of each”) and
  2. some sort of a list which has all references recorded, i.e. what element of data belongs to what spot in the data set itself (“index” of some kind).

In real life it would also be cool if a size of the index turned to be relatively small compared to a size of unique items collection and a size of the source data.

So, in the book library example, if we changed our design and decided to store only a unique letter in our “unique items collection” – then we would get only the alphabet stored there. But the index list would grow as big as the book library itself.

Not quite practical. The main reason why Deduplication exists is to reduce a storage space consumed.

In binary-based computing, the same problem would be if we decide to store only 1 and 0 into our unique items collection. A size of corresponding index will be times bigger than a size of a source data.

Any way you think about it – the Deduplication design deals with a standard set of challenges:

  1. What size of data block to consider as potential “unique block”?
  2. What size of index will we get and will it be acceptable?
  3. What reduction in size of the data itself will it give us?
  4. What resources will be needed for this data transformation?

In conjunction with “Backup and Recovery” topic, Deduplication is demanded for the same purpose: reduction of storage consumption.

However, this is not the only requirement, and perhaps not the most important one. The requirement #1 in this case is:

  1. How quickly can we retrieve the stored data or any portions of it, what resources do we need for that?

…because the only sane purpose of producing and storing backups is ability to use the stored data when it’s needed, where it’s needed and, in a form, which is needed.

Naturally, on a way of retrieving data from deduplicated collection we need to reconstruct it back to its original form, re-instantiating all references with the corresponding blocks of data. This process is often called “rehydration”.

How quickly? Depends on our design.

Deduplication is classified in many different categories:

  • Software-based vs. hardware-based – “who is responsible for executing deduplication algorithm?”. Hardware deduplication is done by the hardware itself. In other words, any smart algorithms which need to be in place to crunch incoming data need to exist on the hardware level, embedded into hardware components. This would require a significant work around designing the components and a corresponding firmware. Any further enhancements and optimization would be done via releasing firmware updates and/or hardware components.

Hardware deduplication is not uncommon these days, works well… until you run out of space and hit the specs limits of that particular hardware piece, for example storage controller limits in handling specific disk types or capacity. It tends to be priced higher too.

  • Source-side vs. target-side (destination) vs. both – where exactly deduplication algorithm is executed – on the protected machine, on the backup-data receiving side, on both.

This will affect the corresponding side’s resources (CPU, memory, network bandwidth).  This might also cause storage consumption spikes occasionally (with target-side deduplication, when backup data has already arrived but had not been processed yet).

Target-side deduplication had been around for quite a while and up until recent times had been considered as “industry standard”. Why? Due to the most of pure-source-side algorithms being inefficient or overly resource-consuming.

Don’t be surprised to read the typical target-side machine’s specs: yes, this machine has to be Godzilla of computing, capable of not only crunching large amounts of data but perhaps tons of bricks, steel rails and pipes and who knows what else…

A mixed approach – source and target side deduplication combined – had been observed to prevail in recent years. This by itself indicated the main intention with a time to get rid of a heavily-specked receiving backend.

Finally, within last couple of years we see pure-source-side algorithms capable of doing it effectively which lets us think the future is bright ?

  • Global vs. single-source – how many protected machines participate in forming a unique blocks collection.

This will affect a reported ratio number – reduction in storage size consumption. Global deduplication sounds the way to go, many people enjoy it for a while…until the first corruption occurs. Then many of them have been forced to recreate the entire global repository from scratch.

Just because the corrupted block of data had been associated with hundreds of protected machines. Oops!!! “when good Global goes bad”.

Even if everything works as expected – it might not be too easy to retrieve the data in timely manner, especially when the system is busy with accepting and accommodating several incoming streams of backups. And it often happens when you need this data now, immediately, for Disaster Recovery.

Many vendors offer some smarts to replicate the data from one site to another. If data resides in deduplicated repository – it will be rehydrated at the first step, then compared with the destination, then the changes will be calculated and sent over. The same massive resource consumption is expected.

Single-source on the other hand is portable, easily retrieved. The dataset can be copied/pasted to an external media and sent over to a site where a compromised machine is in need of DR. The smarts required: to be able to use left and right mouse buttons.

Replication between sites is easy too with single-source – the same data gets replicated as the one collected from the last backup. No transformation, no calculation, no overhead.

  • Content-agnostic vs. content-aware – this assumes an absence or existence of some intimate knowledge of certain file formats (MS Exchange, SQL, Oracle, Lotus Notes, etc.) by the software which performs deduplication. Such knowledge might increase storage savings but also decreases reliability of recovery process, just another smart component to rely on to rehydrate the data.
  • Inline vs. post-process – just a variation of the question “when does deduplication happen?”. Inline deduplication is designed to handle data before it’s sent to a destination. By doing so the process decreases amount of data being sent, also decreasing resource consumption by the receiving end. If the algorithm is implemented well – the source machine’s resources will not be consumed excessively. Post-process concept is often prerogative of old-fashioned “industry-standard” approach, also can be seeing with hardware-based deduplication. Here the data is sent to the destination as-is, compressed in the best-case scenario. Then the receiving side starts its magic. This approach may impact network bandwidth, requires more storage available on the receiving side, requires uncompromised specs of the hardware to sustain a “data-crunching feast”.

The last few words are to cover what to expect in sense of reduction of storage consumption.

  1. The deduplication ratio greatly depends on a source data type:
DATA TYPE MAX Expected Ratio
Unified virtual environment, core VM’s system 40:1
File & print server(s) 30:1
MS Exchange, SAP HANA 20:1
Oracle RMAN 14:1
CAD/Video/Medical 10:1
Lotus Notes 9:1
TSM 4:1
SQL/Oracle transaction logs 1.5:1
Encrypted data (any) 1:1

 

  1. Dissimilar data types (mix between any of the above listed types) pointed to the same Global pool will not increase but rather decrease the ratio.
  2. Deduplication ratio after a single backup will resemble the one achieved with a plain compression. The longer backups have been pointed to the same deduplicated collection – the better the ratio becomes. The ratio even with a single source increases dramatically already with the second backup. Hence deduplication shines with a long-term retention policy.
  3. Pay attention to how the ratio is conveyed to you. “10:1” can be described as “90% of savings”. Both are accurate, which one is more appealing?

Conclusion:

10 years from now someone will find this article and will laugh and laugh and laugh…

Because 10 years from now we will probably use much more efficient storage media, something like… I don’t know, maybe some graphene-based, or some other kind of carbon-based, like coal or something…

And who knows, maybe the history will repeat itself and the next generations and civilizations after ours will find large deposits of coal under ground … and will heat their dwellings with it …

I wonder what was stored on a coal which we burn today? Perhaps nothing important, some deduplicated data with “zillions to1” ratio ?

Quiz (if you read the above material):

  • Can Noah’s life-hack with his Ark be considered as deduplication? Why?
  • What deduplication ratio The Initial Singularity had? Where the heck did they hide the index?

Deduplication: pros, cons, what to look for and what to expect from it. Read More »

ActiveImage in SCADA environment

Scada BDR

SCADA (Supervisory Control And Data Acquisition) Systems control the automation in many industries such as Power, Water, Manufacturing, Energy, Mass Transit and more. SCADA systems are computer based, and so even the best system will fail at some point for reasons such as:

  • Hardware Failures (disk failure, power surges, aged equipment, etc).
  • Software Failures (viruses, operating system errors etc).
  • Accidental System Changes.
  • Network Failures
  • Acts of God (fire, flooding, earthquake)

Depending upon the process being controlled, the cost of SCADA system downtime can be astronomical. Rebuilding a SCADA system from scratch, including the operating system, applications, databases and other customized settings is not satisfactory. It is absolutely critical to have a Disaster Recovery plan for all SCADA systems.

Imaging based backup and recovery solutions have proven to be particularly effective for protecting SCADA environments.

ActiveImage Protector takes regular images of the various SCADA computers and stores them in the cloud or on backup disks. An image is a “photo” of every bit of data on the computer’s hard drives which can then be used to precisely restore the computer back to the time when the image was taken.

The images created by ActiveImage Protector are also “Bare Metal Compatible”. Bare metal restoring will restore the actual state of the machine prior to a failure. This means the operating system, applications, databases and other customized settings are all restored to function exactly as they were at the time the backup image was taken. Bare Metal compatibility also means that all this information can be faithfully restored to different computer hardware, such as a spare server or a spare PC.

This “bare metal restore” process also becomes very useful when you want to retire older SCADA system hardware  and move the application to newer hardware.

ActiveImage Protector also lets SCADA users take advantage of Server Virtualisation technology. Virtual servers (and the hosts on which they are running) can be backed up and recovered just as with physical servers.

Virtual ‘standby’ servers may also be created in a Microsoft Hyper-V or VMWare environment. These standby servers can be started within a few minutes; providing business continuity at no additional cost.

ActiveImage caters for the strict security requirements of SCADA environments with military grade encryption and offline activation.

Offline activation permits administrators to manage all aspects of backup and recovery without ever requiring an internet connection. For larger environments, ActiveImage provides the ability for customers to install their own Licensing Server.

So, in summary, if you have SCADA Systems in your workplace, or have customers with SCADA systems – imaging based backup and recovery solutions such as ActiveImage provide a reliable, flexible and simple means of minimizing downtime.

ActiveImage in SCADA environment Read More »

Scroll to Top