Staying resilient in the face of disaster is crucial for any organization today. In this episode, we dive deep into crafting robust disaster recovery plans that help you outmaneuver outages.
We discuss critical groundwork like taking inventory across environments and analyzing risk to determine what to prioritize recovering when the worst happens. Whether it's ransomware, natural disasters, or other threats taking systems down, smart preparation makes all the difference.
Key highlights include:
The right disaster recovery means being able to get back to business rapidly. By learning from unfortunate events others have endured, you can architect resilience that lets you bounce back better no matter the scenario.
Speaker:
W. Curtis Preston: How's your Dr.
Speaker:
Plan looking this week, we get into the nitty gritty of crafting a Dr.
Speaker:
plan.
Speaker:
We'll let you in on key lessons from frontline, recoveries
Speaker:
gone wrong and done right.
Speaker:
To make sure that you design for resilience.
Speaker:
You may have heard us say before that ransomware has made Dr.
Speaker:
No longer an option.
Speaker:
At one point, you might've been able to get away with thinking that a
Speaker:
disaster might not happen to you.
Speaker:
But a cyber attack.
Speaker:
It's not a matter of if, but when, so let's help you get ready.
Speaker:
We want you to be able to design a Dr.
Speaker:
Plan that can withstand a cyber attack or any other type of disaster.
Speaker:
That's because on this podcast, we like to turn backup system admins
Speaker:
and to cyber recovery heroes.
Speaker:
This is the backup wrap-up.
Speaker:
Welcome to the show.
Speaker:
I'm your host, w Curtis Preston, and I have with me a guy who I think is gonna
Speaker:
be super excited about the new Tesla.
Speaker:
What, what, what do they call it?
Speaker:
The holiday update Prasanna,
Prasanna Malaiyandi:
I think it's called, yeah, the holiday update.
Prasanna Malaiyandi:
W. Curtis Preston: because you're all about the autopilot.
Prasanna Malaiyandi:
Yeah.
Prasanna Malaiyandi:
So I couldn't care less when the updates rollout because as you
Prasanna Malaiyandi:
well know, I don't really use the features on my car, unlike you,
Prasanna Malaiyandi:
W. Curtis Preston: You're a bit of a Luddite when it comes to, uh, uh, this
Prasanna Malaiyandi:
incredibly advanced piece of technology that you have available to you.
Prasanna Malaiyandi:
Yeah, I just don't, I, I've built software before.
Prasanna Malaiyandi:
I don't trust engineers all that much, so you have to, pardon me if I don't
Prasanna Malaiyandi:
trust, say the car driving itself.
Prasanna Malaiyandi:
W. Curtis Preston: So, so boring me.
Prasanna Malaiyandi:
I got the new update and, uh, within minutes I was literally out
Prasanna Malaiyandi:
there testing the new features.
Prasanna Malaiyandi:
Of course you were.
Prasanna Malaiyandi:
W. Curtis Preston: uh.
Prasanna Malaiyandi:
Yeah.
Prasanna Malaiyandi:
Uh, both the good and the kind of annoying new updates.
Prasanna Malaiyandi:
We don't want to get into that.
Prasanna Malaiyandi:
Um, we wanna just jump right into, I wanna jump right into
Prasanna Malaiyandi:
saying that something else stinks.
Prasanna Malaiyandi:
Uh, and that is apparently based on the, the reviews that we're
Prasanna Malaiyandi:
getting this new, we, we talked previously about the new Windows 11.
Prasanna Malaiyandi:
Backup tool.
Prasanna Malaiyandi:
Apparently, I, I looked at three or four different articles and
Prasanna Malaiyandi:
they all kind of trashed it.
Prasanna Malaiyandi:
Um, the, the, the biggest thing I, I'd say the two biggest things that were,
Prasanna Malaiyandi:
you know, that they dinged it for.
Prasanna Malaiyandi:
One is it only knows how to backup to OneDrive.
Prasanna Malaiyandi:
Uh, that's number one.
Prasanna Malaiyandi:
And number two.
Prasanna Malaiyandi:
There's just this assumption that you're living 100% in the Microsoft
Prasanna Malaiyandi:
App store world and that if you're, so, you can select, for example, you
Prasanna Malaiyandi:
can select specific apps to back up, but you can only select apps that are
Prasanna Malaiyandi:
in the app store and not all apps.
Prasanna Malaiyandi:
In the App store.
Prasanna Malaiyandi:
Uh, and that'll probably actually go down soon.
Prasanna Malaiyandi:
There's, there's all these app store, uh, lawsuits that are happening right now.
Prasanna Malaiyandi:
Google lost a big one.
Prasanna Malaiyandi:
Apple won a big one.
Prasanna Malaiyandi:
So, you know, at some point, I, I think that the app stores
Prasanna Malaiyandi:
that we know it today are not.
Prasanna Malaiyandi:
You know, sort of that, that stranglehold that they have that's gonna go away.
Prasanna Malaiyandi:
So it seems weird that Microsoft is building a tool that
Prasanna Malaiyandi:
Prasanna Malaiyandi: But, but I don't know.
Prasanna Malaiyandi:
So my mom recently got a new Android phone and I was in charge because
Prasanna Malaiyandi:
I'm tech support for her of migrating from her old phone to a new phone.
Prasanna Malaiyandi:
I have to say, even on Android, they don't do a great job of my, so I.
Prasanna Malaiyandi:
They will reinstall the apps from your app store, which makes sense.
Prasanna Malaiyandi:
But even recovering your data, unless you've done certain things beforehand,
Prasanna Malaiyandi:
it's not actually able to recover the application to the state it was in before.
Prasanna Malaiyandi:
An example is WhatsApp, unless you explicitly tell WhatsApp to back up and
Prasanna Malaiyandi:
it uploads to your Google Drive and then it's able to restore on the new phone or
Prasanna Malaiyandi:
recover, I should say, on the new phone.
Prasanna Malaiyandi:
You don't actually get your WhatsApp messages to come across.
Prasanna Malaiyandi:
W. Curtis Preston: Yeah.
Prasanna Malaiyandi:
That's weird.
Prasanna Malaiyandi:
Um,
Prasanna Malaiyandi:
Prasanna Malaiyandi: Same thing with Apple,
Prasanna Malaiyandi:
W. Curtis Preston: saying that.
Prasanna Malaiyandi:
Are you saying that, that everybody stinks with, with, uh, but that's a, that's a,
Prasanna Malaiyandi:
that is the fault of the app developer.
Prasanna Malaiyandi:
Right?
Prasanna Malaiyandi:
Uh, that's, that's sort of, they both have that weird world where the apps
Prasanna Malaiyandi:
live in their own world and the apps, you can't back up the apps in the same way.
Prasanna Malaiyandi:
Yeah, but I think that's the same thing that
Prasanna Malaiyandi:
you run into with this Windows PC or Windows backup, right?
Prasanna Malaiyandi:
It's apps sort of live in their own world, and therefore you can't expect the
Prasanna Malaiyandi:
state of it to come completely back up when you try to restore to another pc.
Prasanna Malaiyandi:
Same argument.
Prasanna Malaiyandi:
W. Curtis Preston: sure.
Prasanna Malaiyandi:
Yeah.
Prasanna Malaiyandi:
Same argument.
Prasanna Malaiyandi:
Yeah.
Prasanna Malaiyandi:
Yeah, sure.
Prasanna Malaiyandi:
I, I, I guess, I think the criticism was not that it didn't handle the
Prasanna Malaiyandi:
app store apps well, it's that there are apps that are not in the app
Prasanna Malaiyandi:
store, especially on a more mature.
Prasanna Malaiyandi:
Box like Windows or Mac versus like the, the iPhone,
Prasanna Malaiyandi:
that's true.
Prasanna Malaiyandi:
W. Curtis Preston: uh, that, that, you know, that they don't, it's like, oh,
Prasanna Malaiyandi:
what, what app we don't know about?
Prasanna Malaiyandi:
You know, we don't know anything about that app.
Prasanna Malaiyandi:
But, uh, but then the other criticism that it only backs up to OneDrive and
Prasanna Malaiyandi:
then the backups intermingle somehow with the, with the stuff that's in OneDrive.
Prasanna Malaiyandi:
There, there, yeah.
Prasanna Malaiyandi:
There just nobody seemed to like it,
Prasanna Malaiyandi:
yeah, so I will say also for WhatsApp, on an iPhone,
Prasanna Malaiyandi:
you can only back up to iCloud.
Prasanna Malaiyandi:
That's the only source IT support.
Prasanna Malaiyandi:
It's not anything else.
Prasanna Malaiyandi:
So not saying that Microsoft did the right thing with just going to OneDrive and it
Prasanna Malaiyandi:
could have, like you said, had a better experience, but it's not unheard of,
Prasanna Malaiyandi:
W. Curtis Preston: Yeah.
Prasanna Malaiyandi:
Yeah.
Prasanna Malaiyandi:
Well, it just goes back to our, you know, our friend Daniel's thing,
Prasanna Malaiyandi:
you know, about, about, um, the, basically the consumer, the, the
Prasanna Malaiyandi:
ability to back up consumer stuff.
Prasanna Malaiyandi:
Just, it stinks in general.
Prasanna Malaiyandi:
Yeah, absolutely.
Prasanna Malaiyandi:
Um, you want to talk about this, um, this US and Australia, uh, warning
Prasanna Malaiyandi:
Yeah.
Prasanna Malaiyandi:
So yeah, this just came out.
Prasanna Malaiyandi:
What last?
Prasanna Malaiyandi:
Oh no, today actually today is December 19th, so it just came out and it
Prasanna Malaiyandi:
is talking about a ransomware group called the Play Ransomware Group and
Prasanna Malaiyandi:
talking about how they're still active.
Prasanna Malaiyandi:
They've had sort of 300 attacks since June of 2022, and they sort of are.
Prasanna Malaiyandi:
Talking about what you should be doing and how they currently exploit the
Prasanna Malaiyandi:
environments and what you can do to protect yourself from being exploited.
Prasanna Malaiyandi:
Um, Curtis, I know you were looking through it and you're like, a lot of what
Prasanna Malaiyandi:
they were, how they got into systems, a lot of it is kind of old issues.
Prasanna Malaiyandi:
W. Curtis Preston: Uh, that, that part when I was looking at the actual
Prasanna Malaiyandi:
report, they're like, this is this group, and they're really bad and
Prasanna Malaiyandi:
they're, you know, and they're, you know, and I, and I get that, I'm
Prasanna Malaiyandi:
glad that they're warning people.
Prasanna Malaiyandi:
Apparently they use double extortion, which, you know, as, as you know,
Prasanna Malaiyandi:
is really difficult to deal with.
Prasanna Malaiyandi:
Uh, but when they literally talked about how they gained initial,
Prasanna Malaiyandi:
the initial, uh, access, it's all via stolen credentials and, um.
Prasanna Malaiyandi:
Exploits that have been available for at least a year, or they've
Prasanna Malaiyandi:
been fixed at least a year.
Prasanna Malaiyandi:
One of them was the not Petia attack was five years ago.
Prasanna Malaiyandi:
Um, and the, and then also using things that we talk about, like RDP, uh, you
Prasanna Malaiyandi:
know, you know that RDP, that's, that is on by default and that it's available.
Prasanna Malaiyandi:
Available.
Prasanna Malaiyandi:
Yeah.
Prasanna Malaiyandi:
W. Curtis Preston: Uh, so.
Prasanna Malaiyandi:
I just, if, if, if people would just, if people would just listen to this
Prasanna Malaiyandi:
podcast Prasanna, just do what we say, like, we're not even, like, I don't
Prasanna Malaiyandi:
consider myself a security expert, but I will say this article, which we'll link
Prasanna Malaiyandi:
to in the, um, you know, it says a lot of the same stuff that we say, right.
Prasanna Malaiyandi:
You know, they talk about obviously having a data recovery plan, right.
Prasanna Malaiyandi:
Obviously the, you know, obviously we're fans of that.
Prasanna Malaiyandi:
Uh, then, you know, have good passwords have MFA, uh.
Prasanna Malaiyandi:
Keep the, the operating systems up to date.
Prasanna Malaiyandi:
Right.
Prasanna Malaiyandi:
Um, and here's another one that we talk a lot about, about segmenting networks.
Prasanna Malaiyandi:
Uh, you wanna talk about that a little bit?
Prasanna Malaiyandi:
Basically everything doesn't need access to everything else.
Prasanna Malaiyandi:
So segment your network.
Prasanna Malaiyandi:
So in case something gets hit, it doesn't take out your entire network
Prasanna Malaiyandi:
and can traverse laterally through your environment and attack all your systems.
Prasanna Malaiyandi:
So you really wanna firewall off certain segments so they're not all able to
Prasanna Malaiyandi:
see each other unless they have to.
Prasanna Malaiyandi:
W. Curtis Preston: Yeah, and you can, and again, I'm not a network, uh, person, but
Prasanna Malaiyandi:
I believe that you can put like laptops, you can put laptops on a vlan and you can
Prasanna Malaiyandi:
configure that VLAN in such a way that the laptops can't, cannot see each other.
Prasanna Malaiyandi:
Um, if, if that's possible because they don't need to, right.
Prasanna Malaiyandi:
Laptops do not need to see each other.
Prasanna Malaiyandi:
Uh, at least 99.9% of 'em don't.
Prasanna Malaiyandi:
Right.
Prasanna Malaiyandi:
And if they do need to see each other, the question is why.
Prasanna Malaiyandi:
And then figure out if there's a different way to do that.
Prasanna Malaiyandi:
Right.
Prasanna Malaiyandi:
And, and in fact,
Prasanna Malaiyandi:
W. Curtis Preston: go ahead.
Prasanna Malaiyandi:
and for a lot of that actually you
Prasanna Malaiyandi:
don't even need to use a vlan.
Prasanna Malaiyandi:
A lot of access points, especially corporate based access points, they allow
Prasanna Malaiyandi:
you to sort of isolate guests on the wifi networks so you can have that same
Prasanna Malaiyandi:
functionality without necessarily having to do VLANs or segmentation to protect
Prasanna Malaiyandi:
within each of the devices in the network.
Prasanna Malaiyandi:
W. Curtis Preston: Yeah.
Prasanna Malaiyandi:
And, and then they've got more advanced stuff.
Prasanna Malaiyandi:
They talk about monitoring for abnormal activity, filtering the network traffic
Prasanna Malaiyandi:
and, and validate security controls.
Prasanna Malaiyandi:
Um, you know, those are a little bit higher level, but honestly I think
Prasanna Malaiyandi:
they would stop 90 to 95% of most.
Prasanna Malaiyandi:
If they just did the things that we've already talked
Prasanna Malaiyandi:
Yep.
Prasanna Malaiyandi:
W. Curtis Preston: Um, and, uh, yeah.
Prasanna Malaiyandi:
Anyway, that is the news of the week
Prasanna Malaiyandi:
As you know, on each episode, we like to di dive deep into one topic.
Prasanna Malaiyandi:
This topic that I want to start with this week is way too big for one episode.
Prasanna Malaiyandi:
And
Prasanna Malaiyandi:
too.
Prasanna Malaiyandi:
W. Curtis Preston: gonna take, we're gonna take a few episodes.
Prasanna Malaiyandi:
Yeah.
Prasanna Malaiyandi:
Yeah.
Prasanna Malaiyandi:
It is it, and it's super, super important.
Prasanna Malaiyandi:
And in fact, I, I can't think of like, of all the topics that we talk about,
Prasanna Malaiyandi:
I know sometimes I, I say this, but like, considering what's happening
Prasanna Malaiyandi:
these days, would you not agree that this is like really, really important?
Prasanna Malaiyandi:
Yes.
Prasanna Malaiyandi:
Yeah.
Prasanna Malaiyandi:
Oh yeah.
Prasanna Malaiyandi:
If you're not thinking about this, you have issues.
Prasanna Malaiyandi:
W. Curtis Preston: You, you have issues?
Prasanna Malaiyandi:
Or you have
Prasanna Malaiyandi:
W. Curtis Preston: So what we're talking What's that?
Prasanna Malaiyandi:
You have problems?
Prasanna Malaiyandi:
Yeah.
Prasanna Malaiyandi:
So what we're talking about this week is disaster recovery.
Prasanna Malaiyandi:
Things have really changed, you know, since back in the date, right?
Prasanna Malaiyandi:
So a hundred years ago.
Prasanna Malaiyandi:
When I started this, my DR plan at, at this $35 billion corporation, our DR plan
Prasanna Malaiyandi:
was a box of tapes and some, and some procedures on how to read those tapes
Prasanna Malaiyandi:
Prasanna Malaiyandi: Which may or may not have
Prasanna Malaiyandi:
W. Curtis Preston: there, which may or may not have worked Right.
Prasanna Malaiyandi:
Um, that, that just doesn't fly anymore.
Prasanna Malaiyandi:
Right.
Prasanna Malaiyandi:
And there were a lot of companies who.
Prasanna Malaiyandi:
Their DR plan wasn't even as good as that.
Prasanna Malaiyandi:
Basically, they, they, well, first off, there were a lot of people that
Prasanna Malaiyandi:
just didn't send their tapes off site.
Prasanna Malaiyandi:
I, I don't, I pity the fool that didn't do that, but, but there were
Prasanna Malaiyandi:
plenty of people who their entire DR.
Prasanna Malaiyandi:
Plan was, I put my tapes in a box and I sent to Iron Mountain.
Prasanna Malaiyandi:
That's it.
Prasanna Malaiyandi:
Right?
Prasanna Malaiyandi:
And that's never been a good DR.
Prasanna Malaiyandi:
Plan.
Prasanna Malaiyandi:
What do you think?
Prasanna Malaiyandi:
It's, it's better than nothing,
Prasanna Malaiyandi:
W. Curtis Preston: Yes.
Prasanna Malaiyandi:
Good, good, better, best.
Prasanna Malaiyandi:
Right?
Prasanna Malaiyandi:
We talk about that a lot, right?
Prasanna Malaiyandi:
It's good, better, best.
Prasanna Malaiyandi:
Right?
Prasanna Malaiyandi:
but it
Prasanna Malaiyandi:
W. Curtis Preston: start somewhere.
Prasanna Malaiyandi:
You gotta crawl before you can walk, right?
Prasanna Malaiyandi:
but I would also say in some cases, maybe that is
Prasanna Malaiyandi:
acceptable, where you're okay with it taking two, three weeks potentially
Prasanna Malaiyandi:
to bring yourself back up from a disaster that's going to the good right.
Prasanna Malaiyandi:
W. Curtis Preston: Yeah, that, that, yeah.
Prasanna Malaiyandi:
So if, if you have an RTO that's measured in weeks and a really patient
Prasanna Malaiyandi:
customer base and management chain
Prasanna Malaiyandi:
Yeah.
Prasanna Malaiyandi:
W. Curtis Preston: that perhaps, perhaps that's sufficient.
Prasanna Malaiyandi:
It probably isn't.
Prasanna Malaiyandi:
But the, um, and also it was a very, and it was a very different.
Prasanna Malaiyandi:
Risk profile back then if you didn't live in tornado alley.
Prasanna Malaiyandi:
If you didn't live in Florida and or California and Earthquake
Prasanna Malaiyandi:
Central, you, you, this is also, remember, you, you have to go back.
Prasanna Malaiyandi:
This was a time before we had, uh, terrorist attacks in the us.
Prasanna Malaiyandi:
Yeah.
Prasanna Malaiyandi:
W. Curtis Preston: It was, it was a very, very different time.
Prasanna Malaiyandi:
So we, we've moved past that.
Prasanna Malaiyandi:
We moved to a point where you started to say, well, maybe if I don't live
Prasanna Malaiyandi:
in tornado alley, and again, this is a very US-centric part of the world,
Prasanna Malaiyandi:
but it's what I know geographically.
Prasanna Malaiyandi:
I'm sure there are.
Prasanna Malaiyandi:
I.
Prasanna Malaiyandi:
Plenty of examples elsewhere in other countries, you might have
Prasanna Malaiyandi:
started to develop the idea of like, well, I don't live in a place
Prasanna Malaiyandi:
like New York or near the Pentagon.
Prasanna Malaiyandi:
I'm probably not going to be the subject of a, um, like a, a terrorist attack.
Prasanna Malaiyandi:
So you, you still might have had a, a similar, uh, felt that you
Prasanna Malaiyandi:
were under a similar, similar risk.
Prasanna Malaiyandi:
Profile as we were 30 years ago, but then one little thing happened.
Prasanna Malaiyandi:
What?
Prasanna Malaiyandi:
What do you suppose that is?
Prasanna Malaiyandi:
Yeah.
Prasanna Malaiyandi:
So I know it's one of our favorite topics on this podcast.
Prasanna Malaiyandi:
Right.
Prasanna Malaiyandi:
And that's ransomware.
Prasanna Malaiyandi:
W. Curtis Preston: Yeah.
Prasanna Malaiyandi:
So suddenly the thing that probably wouldn't happen to you
Prasanna Malaiyandi:
very much could happen to you.
Prasanna Malaiyandi:
And we look at the, all the statistics, they're horrible, right?
Prasanna Malaiyandi:
Every, every survey of of hundreds of companies come back.
Prasanna Malaiyandi:
Uh, you know, uh, I remember when I worked for dva, right, that, that we did
Prasanna Malaiyandi:
a survey and I, I think it came back, it was like, I thought it was 50 50 of
Prasanna Malaiyandi:
people that had been attacked and of the people that had been attacked, it was
Prasanna Malaiyandi:
something like 60% had paid the ransom.
Prasanna Malaiyandi:
But I've seen surveys, other surveys and more recent surveys where the numbers
Prasanna Malaiyandi:
are more like 60 70% of people have been successfully attacked by ransomware.
Prasanna Malaiyandi:
I think
Prasanna Malaiyandi:
W. Curtis Preston: And unfortunately the percentages that of, um,
Prasanna Malaiyandi:
yeah, the Veeam study, right?
Prasanna Malaiyandi:
The Veeam study is a great one.
Prasanna Malaiyandi:
And, and that, and, and again, I wanna reiterate that was
Prasanna Malaiyandi:
a, like a double blind study.
Prasanna Malaiyandi:
It wasn't of Veeam customers, it was of, you know, many, many
Prasanna Malaiyandi:
companies that, um, didn't know that Veeam was sponsoring the survey.
Prasanna Malaiyandi:
And it came out really scary of the number of people that were
Prasanna Malaiyandi:
attacked and the number of people that still paid the ransom and the
Prasanna Malaiyandi:
number of people that lost data.
Prasanna Malaiyandi:
that was a scary one, is the people who
Prasanna Malaiyandi:
couldn't recover their environments.
Prasanna Malaiyandi:
W. Curtis Preston: Yeah, and so, so I would say that a DR has moved from
Prasanna Malaiyandi:
a should have to a, have to have.
Prasanna Malaiyandi:
What is there, is there, is there better words for
Prasanna Malaiyandi:
Yeah.
Prasanna Malaiyandi:
No, I, I agree.
Prasanna Malaiyandi:
I, I think also, like we talked about before, it's, you need to have,
Prasanna Malaiyandi:
everyone should be thinking about what data and services do they need
Prasanna Malaiyandi:
disaster recovery for at what level?
Prasanna Malaiyandi:
Because also, I think environments have gotten very complicated
Prasanna Malaiyandi:
versus what they had back then.
Prasanna Malaiyandi:
And I know we'll talk about this in a little bit about data centers and
Prasanna Malaiyandi:
other types of environments, but.
Prasanna Malaiyandi:
Back then, you just have to worry about a data center.
Prasanna Malaiyandi:
Now, I have data spread throughout the world in different services, some
Prasanna Malaiyandi:
owned by me, some not owned by me.
Prasanna Malaiyandi:
Some with different levels, like maybe the stuff that I work for.
Prasanna Malaiyandi:
Internal projects is our priority in terms of getting it back up and running,
Prasanna Malaiyandi:
and so I can wait longer versus like sales and financial records, right?
Prasanna Malaiyandi:
I need to keep the business going and keep my customers happy, so that
Prasanna Malaiyandi:
becomes more critical for me as well.
Prasanna Malaiyandi:
W. Curtis Preston: Yeah, agreed.
Prasanna Malaiyandi:
Uh, it, it's just, um, I think everybody needs something.
Prasanna Malaiyandi:
I.
Prasanna Malaiyandi:
The, the question is in terms of what your, so that's the, that's
Prasanna Malaiyandi:
the, that's sort of the bad news.
Prasanna Malaiyandi:
I don't know if that's, that's the bad, the, the bad news.
Prasanna Malaiyandi:
The good news is, and, and we'll talk about this in later episodes, not in
Prasanna Malaiyandi:
this episodes, but the good news is DR is way easier than it was back in the day.
Prasanna Malaiyandi:
Right.
Prasanna Malaiyandi:
A, a million times easier.
Prasanna Malaiyandi:
And the more virtualized you are, the more that is true.
Prasanna Malaiyandi:
And the, uh, there's a different.
Prasanna Malaiyandi:
Thing as to how much you're using SaaS in Pass.
Prasanna Malaiyandi:
But, uh, we'll talk about that.
Prasanna Malaiyandi:
But I, I think Dr is way easier than, than it used to be.
Prasanna Malaiyandi:
Um, yeah.
Prasanna Malaiyandi:
So one of the things I like to, uh, like to bring up, and of course, what
Prasanna Malaiyandi:
we're doing here is we're, we're, as we've been doing for, uh, our backup to
Prasanna Malaiyandi:
basic series, we've been working our way through my book, modern Data Protection,
Prasanna Malaiyandi:
holding up a copy for the camera.
Prasanna Malaiyandi:
Uh, for the, you know, couple of dozen of you that watch on, on YouTube.
Prasanna Malaiyandi:
Most everybody listens to this on the, on the audio format.
Prasanna Malaiyandi:
But, uh, for those of you that wanna see us on the Shining, see our shining
Prasanna Malaiyandi:
faces, you can go to the YouTube channel, uh, sa by the same name.
Prasanna Malaiyandi:
Um, we're working through the DR chapter and there there's this, I
Prasanna Malaiyandi:
have this, uh, sidebar called Excuses for Days, and these are things that
Prasanna Malaiyandi:
I heard from people back in the day when I was being a, a consultant
Prasanna Malaiyandi:
and I would work with these people.
Prasanna Malaiyandi:
Um, if our building blows up, I'll probably be dead and won't care.
Prasanna Malaiyandi:
Right.
Prasanna Malaiyandi:
Um, if our town is destroyed by a disaster, I'll be a lot more concerned
Prasanna Malaiyandi:
about saving my family and my house and won't care about any DR plan.
Prasanna Malaiyandi:
Um, and the, this, this is, if, if the company is destroyed
Prasanna Malaiyandi:
by a terrorist attack, I won't have a job, so I won't care.
Prasanna Malaiyandi:
wow.
Prasanna Malaiyandi:
W. Curtis Preston: Uh, these are reasons that actual people that.
Prasanna Malaiyandi:
You know, I was working with when I would say, what's the DR plan?
Prasanna Malaiyandi:
They're like, we don't know.
Prasanna Malaiyandi:
We don't care.
Prasanna Malaiyandi:
Yeah, it's interesting and I'm sure those
Prasanna Malaiyandi:
excuses wouldn't fly today.
Prasanna Malaiyandi:
W. Curtis Preston: Yeah.
Prasanna Malaiyandi:
Um, unfortunately these were excuses from my senior management.
Prasanna Malaiyandi:
Oh boy.
Prasanna Malaiyandi:
W. Curtis Preston: Uh, yeah.
Prasanna Malaiyandi:
Um, but yeah, so ransomware has really changed everything because
Prasanna Malaiyandi:
it significantly changes the chances that you would re need to
Prasanna Malaiyandi:
recover your entire company, right?
Prasanna Malaiyandi:
It, it used to be that while you might not be subject to a terrorist attack, or
Prasanna Malaiyandi:
you might not be subject to a flood or an earthquake, you might be subject to
Prasanna Malaiyandi:
a fire that takes out a server, right?
Prasanna Malaiyandi:
And so you are worried primarily about protecting a server.
Prasanna Malaiyandi:
Now you really have to be concerned with making sure you protect.
Prasanna Malaiyandi:
Or have the ability to recover your entire environment, whatever that is.
Prasanna Malaiyandi:
Uh, any comments on that?
Prasanna Malaiyandi:
Yeah, and I think going back to talking about
Prasanna Malaiyandi:
the entire environment piece.
Prasanna Malaiyandi:
People develop business assets everywhere, right?
Prasanna Malaiyandi:
It's in SaaS applications, be it Google Drive or Microsoft 365.
Prasanna Malaiyandi:
Um, it is on their laptop or desktop because these systems are now so powerful
Prasanna Malaiyandi:
versus before you had to have dedicated servers for running these instances.
Prasanna Malaiyandi:
Uh, you might have.
Prasanna Malaiyandi:
Data sitting in an AWS EC2 instance with EBS storage and stored in object
Prasanna Malaiyandi:
store in AWS S3 that you're using for your application, because that's just
Prasanna Malaiyandi:
how you've built it, because there's new technologies available, or you
Prasanna Malaiyandi:
might be using serverless technologies.
Prasanna Malaiyandi:
And so there are all these different pieces.
Prasanna Malaiyandi:
Going back to what you said about your environment, it's no longer
Prasanna Malaiyandi:
just restricted to your data center.
Prasanna Malaiyandi:
It's everywhere.
Prasanna Malaiyandi:
And so you need to start thinking about all of that data and how do you
Prasanna Malaiyandi:
bring back everything you need to get your business back up and running.
Prasanna Malaiyandi:
W. Curtis Preston: Yeah, and I'm, I'm glad you brought that up because it, we need
Prasanna Malaiyandi:
to talk about sort of each of those, sort of three areas where you might have, um.
Prasanna Malaiyandi:
Computing infrastructure that needs to be restored after an attack.
Prasanna Malaiyandi:
And we're going to include, you know, every time we talk about this, we'll,
Prasanna Malaiyandi:
we'll include all of the different things that might take your environment out.
Prasanna Malaiyandi:
Right?
Prasanna Malaiyandi:
So let's start with the, the good old fashioned data center there.
Prasanna Malaiyandi:
There are still plenty of companies who run their environment on data
Prasanna Malaiyandi:
center, and every time something goes on with the cloud, some sort of cloud.
Prasanna Malaiyandi:
Outage I watch online on Reddit or on the comments on the register.
Prasanna Malaiyandi:
It's always, I told you I not on the cloud.
Prasanna Malaiyandi:
The cloud sucks.
Prasanna Malaiyandi:
The leaky cloud, there's a guy that's a security guy that's, he
Prasanna Malaiyandi:
refers to it as the leaky cloud.
Prasanna Malaiyandi:
And uh, and I'm not gonna make that point, but my point is there are plenty
Prasanna Malaiyandi:
of people who still have sizable data centers that need to be restored.
Prasanna Malaiyandi:
What do you think, what's your feel for today's data center and the
Prasanna Malaiyandi:
percentage, uh, to which it is, or the degree to which it is virtualized?
Prasanna Malaiyandi:
What do you think?
Prasanna Malaiyandi:
So I would probably say 99% of a physical data
Prasanna Malaiyandi:
center is probably virtualized.
Prasanna Malaiyandi:
W. Curtis Preston: Yeah.
Prasanna Malaiyandi:
I, I think so too, and, and, and,
Prasanna Malaiyandi:
Maybe not 99, but maybe 90.
Prasanna Malaiyandi:
W. Curtis Preston: Right.
Prasanna Malaiyandi:
Yeah.
Prasanna Malaiyandi:
Yeah.
Prasanna Malaiyandi:
Because how you address the disaster recovery of a virtualized data center
Prasanna Malaiyandi:
is very different than the way you were, uh, you do of a physical data center.
Prasanna Malaiyandi:
Because the, the challenge really is, um, the, the, the challenge is not just
Prasanna Malaiyandi:
where do you get the infrastructure.
Prasanna Malaiyandi:
The challenge is how you get an image of the operating system, not just the
Prasanna Malaiyandi:
data, because you need to restore the server, and it's a lot more challenging.
Prasanna Malaiyandi:
It's, it's not, it's not impossible, but it's a lot more challenging
Prasanna Malaiyandi:
to do what we call a bare metal recovery of a physical server.
Prasanna Malaiyandi:
It is doable, right?
Prasanna Malaiyandi:
Um, I know there's plenty of server or plenty of products.
Prasanna Malaiyandi:
Um, you know, I've been spending some time with a company that
Prasanna Malaiyandi:
works with Veeam and does Dr.
Prasanna Malaiyandi:
Lately, and they.
Prasanna Malaiyandi:
Um, they can use any, you know, Veeam does backup of a physical
Prasanna Malaiyandi:
server and they're able to use that and do restorative physical server.
Prasanna Malaiyandi:
It's just more challenging, right?
Prasanna Malaiyandi:
Um, and if you are a virtualized environment, you need to address
Prasanna Malaiyandi:
the restore of all those images at a virtualized level, right?
Prasanna Malaiyandi:
You need to cater it to the, the hypervisor that you happen to be using.
Prasanna Malaiyandi:
Do you wanna talk a little bit about some of the hypervisors that are out there?
Prasanna Malaiyandi:
Yeah.
Prasanna Malaiyandi:
So there are a lot.
Prasanna Malaiyandi:
Um, the most popular one I would say, or prevalent one is.
Prasanna Malaiyandi:
Do we call it Broadcom now, or is it called VMware?
Prasanna Malaiyandi:
W. Curtis Preston: It's still called VMware
Prasanna Malaiyandi:
Right,
Prasanna Malaiyandi:
W. Curtis Preston: of a couple days ago.
Prasanna Malaiyandi:
Broadcom the owner, but it's still called
Prasanna Malaiyandi:
So VMware, right, which is very popular, but
Prasanna Malaiyandi:
there are other ones coming up.
Prasanna Malaiyandi:
So you also have Microsoft with Hyper V, which is available for any
Prasanna Malaiyandi:
system that runs Windows, right?
Prasanna Malaiyandi:
It's provided free of charge, uh, almost free of charge, I believe, right?
Prasanna Malaiyandi:
And it's available for everyone.
Prasanna Malaiyandi:
So that's another popular one.
Prasanna Malaiyandi:
You also have other ones that come up like Zen.
Prasanna Malaiyandi:
You also have Nutanix with a HV, and so there are a lot of.
Prasanna Malaiyandi:
Virtualization platforms out there that people use.
Prasanna Malaiyandi:
We could also start to talk about, uh, Kubernetes.
Prasanna Malaiyandi:
Right?
Prasanna Malaiyandi:
Which to some extent is also virtualization, right?
Prasanna Malaiyandi:
Containers and
Prasanna Malaiyandi:
W. Curtis Preston: it's sort of virtualization on steroids, right?
Prasanna Malaiyandi:
Yeah.
Prasanna Malaiyandi:
So Kubernetes containers, Docker, right.
Prasanna Malaiyandi:
All of those I would also classify as sort of virtualized environments.
Prasanna Malaiyandi:
W. Curtis Preston: Yeah.
Prasanna Malaiyandi:
And I would make the same statement that I said there, you need
Prasanna Malaiyandi:
to have a Kubernetes centric.
Prasanna Malaiyandi:
Disaster recovery plan for that part of your environment.
Prasanna Malaiyandi:
You can't just, well, obviously in that case, you can't just
Prasanna Malaiyandi:
pretend like it's regular servers.
Prasanna Malaiyandi:
You, you have to, uh, with, with, with regular hypervisors, you can kind of
Prasanna Malaiyandi:
pretend like they're physical servers and you can do things, but generally
Prasanna Malaiyandi:
speaking, you're gonna want to do something that works with that hypervisor.
Prasanna Malaiyandi:
And we're gonna, again, cover this more with the data centers in
Prasanna Malaiyandi:
the, you know, in later episodes.
Prasanna Malaiyandi:
But, you know, you gotta find a place.
Prasanna Malaiyandi:
You, you, if you've lost your data center, depending on what your
Prasanna Malaiyandi:
disaster is, the first thing you gotta do is replace the, the hardware.
Prasanna Malaiyandi:
Right?
Prasanna Malaiyandi:
Right.
Prasanna Malaiyandi:
Yeah.
Prasanna Malaiyandi:
Uh, that's gonna, that could be one of your biggest challenges.
Prasanna Malaiyandi:
But, uh, I think the answer to that for most people is probably the cloud.
Prasanna Malaiyandi:
Well, and I don't, I just read an article the other day,
Prasanna Malaiyandi:
basically, with all of AI being very popular now, even coming across servers,
Prasanna Malaiyandi:
I think Dell was saying that it's a 39, wait, a 39 week wait time in order
Prasanna Malaiyandi:
to get a server with the built-in AI capabilities with the AI hardware.
Prasanna Malaiyandi:
W. Curtis Preston: 30.
Prasanna Malaiyandi:
That's like almost a year,
Prasanna Malaiyandi:
Yeah.
Prasanna Malaiyandi:
W. Curtis Preston: Wow.
Prasanna Malaiyandi:
So if you are, yeah.
Prasanna Malaiyandi:
So if you are looking for hardware, make sure you're planning
Prasanna Malaiyandi:
upfront for these DR scenarios.
Prasanna Malaiyandi:
Rather than realizing, Hey, I hit an issue, I need to fail over.
Prasanna Malaiyandi:
Let me go procure hardware because procuring hardware is
Prasanna Malaiyandi:
going to be a good chunk of time.
Prasanna Malaiyandi:
You wanna make sure you have that ahead of time before the DR scenario hits.
Prasanna Malaiyandi:
W. Curtis Preston: Yeah.
Prasanna Malaiyandi:
Can I, can I poke fun at you a little
Prasanna Malaiyandi:
Yeah.
Prasanna Malaiyandi:
W. Curtis Preston: Is there any way to not plan upfront?
Prasanna Malaiyandi:
Can you plan in the back?
Prasanna Malaiyandi:
You can't
Prasanna Malaiyandi:
Yeah, you can plan.
Prasanna Malaiyandi:
You can plan on the side, you can plan on the side.
Prasanna Malaiyandi:
W. Curtis Preston: plan on the side.
Prasanna Malaiyandi:
I just, I just thought it was funny that you say you should plan up front.
Prasanna Malaiyandi:
I'm like, well, when else do you plan
Prasanna Malaiyandi:
You can plan last
Prasanna Malaiyandi:
W. Curtis Preston: I love you, man.
Prasanna Malaiyandi:
Uh, anyway.
Prasanna Malaiyandi:
Yeah.
Prasanna Malaiyandi:
Let's talk about, uh, let's talk about the, I.
Prasanna Malaiyandi:
I, I always wanted take, you know, ias, IAAS infrastructure as a service.
Prasanna Malaiyandi:
This is basically, you know, things like EC2, uh, you know, high,
Prasanna Malaiyandi:
I'm sorry, um, uh, Azure, VMs, gcp, VMs, that, you know, and I.
Prasanna Malaiyandi:
This sort of stuff.
Prasanna Malaiyandi:
And then also PAs, which is very close to that, right?
Prasanna Malaiyandi:
Um, you know, not everybody gets the difference between the two.
Prasanna Malaiyandi:
Basically a platform as a service is where they, they basically
Prasanna Malaiyandi:
give you the entire platform.
Prasanna Malaiyandi:
And basically like an application, you're, you're going to use RDS
Prasanna Malaiyandi:
is a platform as a service, right?
Prasanna Malaiyandi:
So then you're, you, you've got access to a.
Prasanna Malaiyandi:
Um, to a database that you can use.
Prasanna Malaiyandi:
You don't have to maintain the infrastructure, even the server, like
Prasanna Malaiyandi:
in the case of EC2, you have to maintain the server, the vm, the, the oss and the
Prasanna Malaiyandi:
application in the, in the case of a pass, you don't have to maintain any of that.
Prasanna Malaiyandi:
You just use the application.
Prasanna Malaiyandi:
But in most, in both cases, a dr.
Prasanna Malaiyandi:
It's very different.
Prasanna Malaiyandi:
Talking about the DR of.
Prasanna Malaiyandi:
EC2 or, uh, a RDS type database.
Prasanna Malaiyandi:
Let, let's just talk about this for a minute.
Prasanna Malaiyandi:
Um,
Prasanna Malaiyandi:
is it, but is
Prasanna Malaiyandi:
W. Curtis Preston: well, so here's, here's the thing.
Prasanna Malaiyandi:
So this is a, um, with a caveat, right?
Prasanna Malaiyandi:
Again, we're talking about risk profiles, right?
Prasanna Malaiyandi:
Chances are.
Prasanna Malaiyandi:
You're either going to be dealing with the restore of your entire,
Prasanna Malaiyandi:
um, cloud environment in another area of that same cloud, right?
Prasanna Malaiyandi:
Yep.
Prasanna Malaiyandi:
W. Curtis Preston: Or you are going to be restoring your entire cloud
Prasanna Malaiyandi:
environments, maybe to the same area, maybe to a different cloud provider.
Prasanna Malaiyandi:
The Restore is kind of the same.
Prasanna Malaiyandi:
It's just you're gonna direct it to a different target.
Prasanna Malaiyandi:
You're not, most likely you could, this is part of your DR plan, but you most
Prasanna Malaiyandi:
likely are not going to be req like.
Prasanna Malaiyandi:
The entire, again, with caveats, the entire AWS infrastructure is probably
Prasanna Malaiyandi:
not gonna go down the entire Azure infrastructure, probably not gonna go
Prasanna Malaiyandi:
down, at least not for a period of time.
Prasanna Malaiyandi:
That will make you, that will for it to make sense to activate your DR plan.
Prasanna Malaiyandi:
Azure, I, I can remember when Azure went down a few years ago, I dunno if you
Prasanna Malaiyandi:
remember this, when they forgot to renew their, their, uh, their certificate.
Prasanna Malaiyandi:
Yeah.
Prasanna Malaiyandi:
W. Curtis Preston: Oopsies.
Prasanna Malaiyandi:
Right.
Prasanna Malaiyandi:
They fixed it.
Prasanna Malaiyandi:
Right.
Prasanna Malaiyandi:
It was back up and I mean, it was, it was a major disruption, but it's
Prasanna Malaiyandi:
not something that takes your DR.
Prasanna Malaiyandi:
Environment.
Prasanna Malaiyandi:
Right.
Prasanna Malaiyandi:
Um, e even if an entire region goes down of your cloud provider, it, it, it
Prasanna Malaiyandi:
probably won't take down a second region.
Prasanna Malaiyandi:
Depends.
Prasanna Malaiyandi:
Depends.
Prasanna Malaiyandi:
W. Curtis Preston: to, okay.
Prasanna Malaiyandi:
Prasanna Malaiyandi: There have been cases.
Prasanna Malaiyandi:
W. Curtis Preston: statistically speaking.
Prasanna Malaiyandi:
Yes.
Prasanna Malaiyandi:
Depending on how they're
Prasanna Malaiyandi:
W. Curtis Preston: There have been cases.
Prasanna Malaiyandi:
Yeah.
Prasanna Malaiyandi:
Depending on how they do their services and if there's any dependencies
Prasanna Malaiyandi:
on that region that is down.
Prasanna Malaiyandi:
So there have been cases where authentication or other things stop
Prasanna Malaiyandi:
working because the main region where that was running went down
Prasanna Malaiyandi:
and things weren't able to fail over properly or couldn't be operational.
Prasanna Malaiyandi:
W. Curtis Preston: So I would say that
Prasanna Malaiyandi:
That's an
Prasanna Malaiyandi:
W. Curtis Preston: have these conversations, right?
Prasanna Malaiyandi:
And you need to.
Prasanna Malaiyandi:
I think you should solve for the thing that's most likely to happen first
Prasanna Malaiyandi:
before you solve for the maybe, you know, should have coulda, woulda thing
Prasanna Malaiyandi:
that probably won't happen to you,
Prasanna Malaiyandi:
So I think at some point we are gonna
Prasanna Malaiyandi:
be talking about testing Dr.
Prasanna Malaiyandi:
And other things later in this episode or in these series on dr.
Prasanna Malaiyandi:
But one thing I did wanna point out, since we were talking about AWS and
Prasanna Malaiyandi:
region failing and all the rest at their latest reinvent, they actually
Prasanna Malaiyandi:
announced a tool that you can simulate regional failures and other types of
Prasanna Malaiyandi:
infrastructure failures in AWS to be able to check and see what happens
Prasanna Malaiyandi:
to my environment when that happens.
Prasanna Malaiyandi:
W. Curtis Preston: God, that's really scary.
Prasanna Malaiyandi:
Um, so literally take your environment down.
Prasanna Malaiyandi:
I don't think it actually physically takes your
Prasanna Malaiyandi:
environment down, but it allows you to simulate what would happen.
Prasanna Malaiyandi:
W. Curtis Preston: Okay.
Prasanna Malaiyandi:
All right.
Prasanna Malaiyandi:
I gotta check that out.
Prasanna Malaiyandi:
That sounds really interesting.
Prasanna Malaiyandi:
It is
Prasanna Malaiyandi:
W. Curtis Preston: Um,
Prasanna Malaiyandi:
yeah, it can simulate major outages.
Prasanna Malaiyandi:
Uh, what is it?
Prasanna Malaiyandi:
It's called the fault injection service.
Prasanna Malaiyandi:
W. Curtis Preston: it's like the chaos monkey.
Prasanna Malaiyandi:
Yes.
Prasanna Malaiyandi:
It's like Chaos Monkey.
Prasanna Malaiyandi:
W. Curtis Preston: All right.
Prasanna Malaiyandi:
Yeah, so I, I guess what I'm saying here is generally speaking, the most
Prasanna Malaiyandi:
likely thing you're going to need to restore is your entire environment
Prasanna Malaiyandi:
within the same exact infrastructure, probably in a different place, right?
Prasanna Malaiyandi:
Because the most likely thing that will happen in a cloud world
Prasanna Malaiyandi:
is you receive some sort of, uh, digital, you know, cyber attack.
Prasanna Malaiyandi:
And you've got to restore that data in another region.
Prasanna Malaiyandi:
Does that seem fair?
Prasanna Malaiyandi:
I think that's fair.
Prasanna Malaiyandi:
Yeah.
Prasanna Malaiyandi:
W. Curtis Preston: Yeah, I mean, they've got a lot of things built in
Prasanna Malaiyandi:
to protect you against other things.
Prasanna Malaiyandi:
We know that sometimes those things don't work, right?
Prasanna Malaiyandi:
We OVH fire, OVH, fire.
Prasanna Malaiyandi:
Um, so I'm just saying most likely thing that would happen given
Prasanna Malaiyandi:
everything that we're talking about.
Prasanna Malaiyandi:
And I do think that if you are planning, as I've already said, you
Prasanna Malaiyandi:
should plan for the most likely thing.
Prasanna Malaiyandi:
First, solve that first before you move on to the less
Prasanna Malaiyandi:
Now, just because running it in a different area is.
Prasanna Malaiyandi:
Probably slightly easier.
Prasanna Malaiyandi:
Make sure you're doing all the things you need to do to make sure that's actually
Prasanna Malaiyandi:
feasible, because you might need to worry about IP connectivity and other things.
Prasanna Malaiyandi:
So yeah, my services may be up, but no one can actually
Prasanna Malaiyandi:
get to anything in the DR site.
Prasanna Malaiyandi:
W. Curtis Preston: Exactly, exactly.
Prasanna Malaiyandi:
Um, we, we've talked about that in previous DR episodes.
Prasanna Malaiyandi:
So the next is SaaS.
Prasanna Malaiyandi:
And this is a, a little bit different in that I do think it's highly possible that
Prasanna Malaiyandi:
a region could go down of an application and that application could become.
Prasanna Malaiyandi:
Unavailable to you for some period of time because it's happened and
Prasanna Malaiyandi:
you, it's not sup SaaS is different
Prasanna Malaiyandi:
You're up, you're up the creek at that point, right?
Prasanna Malaiyandi:
W. Curtis Preston: Yeah, you're, you are up the creek.
Prasanna Malaiyandi:
Because it's not like, it's like if, let's say you have Office 365, right?
Prasanna Malaiyandi:
Or Microsoft 365.
Prasanna Malaiyandi:
It's not like you could take your backup of Microsoft 365,
Prasanna Malaiyandi:
which I know you're doing.
Prasanna Malaiyandi:
If you, because you listen to this podcast, you know you should back up SaaS.
Prasanna Malaiyandi:
It's not like you could take that backup and then very easily, uh,
Prasanna Malaiyandi:
migrate to whatever is Gmail.
Prasanna Malaiyandi:
Yeah, you can't.
Prasanna Malaiyandi:
Take a backup of Microsoft 365 and migrate to Gmail.
Prasanna Malaiyandi:
I don't even know if that's possible or if anyone has done that.
Prasanna Malaiyandi:
By the way, if anyone's done that, I'd love to hear from you.
Prasanna Malaiyandi:
But, um, the, your most likely, again, your most likely scenario
Prasanna Malaiyandi:
that you're going to be using your backups for is you are restoring
Prasanna Malaiyandi:
after some sort of cyber attack
Prasanna Malaiyandi:
Yeah, because.
Prasanna Malaiyandi:
W. Curtis Preston: you do go ahead.
Prasanna Malaiyandi:
Because for that SaaS service like Microsoft
Prasanna Malaiyandi:
365, they are responsible for the availability of the service.
Prasanna Malaiyandi:
So if something happens to Microsoft 365 in the US West region, right?
Prasanna Malaiyandi:
Microsoft has SLAs and infrastructure to make sure that the Microsoft 365
Prasanna Malaiyandi:
service is available in, say, the US East Coast region or whatever else it takes.
Prasanna Malaiyandi:
W. Curtis Preston: Right, right.
Prasanna Malaiyandi:
And so they, they will be doing everything they can to get the
Prasanna Malaiyandi:
service back up and running.
Prasanna Malaiyandi:
You may, depending on what took the service down in, in the
Prasanna Malaiyandi:
beginning, you may have to restore your data after that service.
Prasanna Malaiyandi:
Imagine.
Prasanna Malaiyandi:
Imagine the news story that would be.
Prasanna Malaiyandi:
If, if a region of Microsoft 365 went down and then they go, okay,
Prasanna Malaiyandi:
we've got the service back up.
Prasanna Malaiyandi:
Now all you guys restore your backups.
Prasanna Malaiyandi:
Now,
Prasanna Malaiyandi:
Yeah.
Prasanna Malaiyandi:
W. Curtis Preston: can you imagine the, the news that that would be,
Prasanna Malaiyandi:
I mean, I mean, something very similar happened to Rackspace, right?
Prasanna Malaiyandi:
It was, it was, it wasn't Microsoft 365.
Prasanna Malaiyandi:
It was hosted exchange, but.
Prasanna Malaiyandi:
They basically, they, they said, look, you know, we had a large ransomware attack.
Prasanna Malaiyandi:
Our entire environment is fubar.
Prasanna Malaiyandi:
Uh, if you don't know what that means, Google it.
Prasanna Malaiyandi:
The, um, and then they basically migrated users over to Microsoft 365,
Prasanna Malaiyandi:
but they migrated them with blank accounts and then they brought the
Prasanna Malaiyandi:
old email back in, in a way that you could download it and import it.
Prasanna Malaiyandi:
But, you know, it was, it, it was months before people got their data back.
Prasanna Malaiyandi:
Yeah.
Prasanna Malaiyandi:
And so I wonder, Curtis, as we're talking about disaster recovery, maybe
Prasanna Malaiyandi:
it's important, at least on the SaaS side to differentiate the types of, uh,
Prasanna Malaiyandi:
scenarios that you're recovering from, because I think a ransomware scenario is
Prasanna Malaiyandi:
very different because a SaaS provider is probably gonna be like, that's not my
Prasanna Malaiyandi:
problem, versus an infrastructure failure that the SaaS provider is recovering from.
Prasanna Malaiyandi:
Which is probably they are going to help you with that.
Prasanna Malaiyandi:
Like they will deal with everything.
Prasanna Malaiyandi:
W. Curtis Preston: Wait, say that last part again.
Prasanna Malaiyandi:
So,
Prasanna Malaiyandi:
W. Curtis Preston: is gonna help?
Prasanna Malaiyandi:
so if, say Microsoft 365, if their infrastructure
Prasanna Malaiyandi:
goes down because of an infrastructure
Prasanna Malaiyandi:
W. Curtis Preston: right.
Prasanna Malaiyandi:
Yes, yes, yes.
Prasanna Malaiyandi:
They're gonna help.
Prasanna Malaiyandi:
Yeah.
Prasanna Malaiyandi:
yeah.
Prasanna Malaiyandi:
They are gonna help you out.
Prasanna Malaiyandi:
They're gonna recover their infrastructure with hopefully all of your data
Prasanna Malaiyandi:
because they're giving you the service.
Prasanna Malaiyandi:
Right, and it's an infrastructure failure.
Prasanna Malaiyandi:
W. Curtis Preston: I.
Prasanna Malaiyandi:
I don't, I don't know if that's the case.
Prasanna Malaiyandi:
I really don't.
Prasanna Malaiyandi:
You think you're still on your own.
Prasanna Malaiyandi:
W. Curtis Preston: to indicate.
Prasanna Malaiyandi:
There's nothing in your contract to indicate that they're doing
Prasanna Malaiyandi:
anything to bring your data back
Prasanna Malaiyandi:
So
Prasanna Malaiyandi:
W. Curtis Preston: the event of a catastrophic failure of Microsoft 365.
Prasanna Malaiyandi:
We do know, for example, that they do have delayed replicated
Prasanna Malaiyandi:
copies of exchange, but.
Prasanna Malaiyandi:
We, we don't, we don't know.
Prasanna Malaiyandi:
There's nothing in the contract to specify that in a catastrophic failure
Prasanna Malaiyandi:
of Microsoft 365, that they will restore their entire environment,
Prasanna Malaiyandi:
which brings your data with it.
Prasanna Malaiyandi:
There's nothing to indicate that in your contract.
Prasanna Malaiyandi:
So yeah.
Prasanna Malaiyandi:
So there's no guarantee they will try their best effort, but
Prasanna Malaiyandi:
W. Curtis Preston: right.
Prasanna Malaiyandi:
is not good enough for your company to survive, you should
Prasanna Malaiyandi:
probably have other alternatives.
Prasanna Malaiyandi:
W. Curtis Preston: Yeah.
Prasanna Malaiyandi:
Best effort that's not documented with the possibility of nothing.
Prasanna Malaiyandi:
Uh, yeah, definitely.
Prasanna Malaiyandi:
Um, which is why I think everybody should be backing up 365, but, but each of
Prasanna Malaiyandi:
these different things, you have to look at your part of your, your environment.
Prasanna Malaiyandi:
You have to look at the things that are most likely to take out
Prasanna Malaiyandi:
that entire environment, which.
Prasanna Malaiyandi:
Has to always start with, at this point, some sort of cyber attack.
Prasanna Malaiyandi:
And then the second one is some sort of, um,
Prasanna Malaiyandi:
Infrastructure
Prasanna Malaiyandi:
W. Curtis Preston: type of physical disaster.
Prasanna Malaiyandi:
Um, yeah, server failure as well, right?
Prasanna Malaiyandi:
So, so literally equipment failure can take out an, an environment, but
Prasanna Malaiyandi:
then you talk about fires, floods, earthquakes, terrorist actions.
Prasanna Malaiyandi:
These all take out sort of the physical infrastructure and the data along with it.
Prasanna Malaiyandi:
So you just need to look at those things and look to see which you
Prasanna Malaiyandi:
think is most likely to happen.
Prasanna Malaiyandi:
Um, and then start there, uh, and then work your way back.
Prasanna Malaiyandi:
I would just add to that, Curtis, that your business
Prasanna Malaiyandi:
probably encompasses data across all three of these areas, and so it's not
Prasanna Malaiyandi:
necessarily gonna be a one size fits all solution that you're gonna leverage.
Prasanna Malaiyandi:
So make sure you're thinking through it, understand where your
Prasanna Malaiyandi:
data is, and then go from there.
Prasanna Malaiyandi:
W. Curtis Preston: Yeah, exactly.
Prasanna Malaiyandi:
Yeah.
Prasanna Malaiyandi:
That, that's, that's the key to anything I think that we talk
Prasanna Malaiyandi:
about is the first thing I.
Prasanna Malaiyandi:
That we talk about is inventory, right?
Prasanna Malaiyandi:
Knowing where everything is, right?
Prasanna Malaiyandi:
I, I just published the, the, uh, copy data management, um, episode.
Prasanna Malaiyandi:
And the step number one is knowing where everything is.
Prasanna Malaiyandi:
And, uh, step number two, I think, is determining your risk profile,
Prasanna Malaiyandi:
determining the things that are likely to happen to your, uh, infrastructure.
Prasanna Malaiyandi:
Then determining the possibility, of each of those things, right?
Prasanna Malaiyandi:
And I mean, and your risk profile is going to be different if you live in a
Prasanna Malaiyandi:
metropolitan area versus, or if you live in a place like New Orleans that is under
Prasanna Malaiyandi:
sea level and, um, the, your, your, your risk profile is going to be different.
Prasanna Malaiyandi:
You have to take it all those things into account.
Prasanna Malaiyandi:
And I think you also have to take into account compliance
Prasanna Malaiyandi:
because there may be things that.
Prasanna Malaiyandi:
If you are, if you are the type of organization that is regulated by
Prasanna Malaiyandi:
another, by a set of regulations, there may be things that you are forced by
Prasanna Malaiyandi:
regulation to be able to restore in a, you know, under any circumstance.
Prasanna Malaiyandi:
And so you.
Prasanna Malaiyandi:
You might not have the option like earlier, right?
Prasanna Malaiyandi:
I was saying, you know, do the thing, the most important things first.
Prasanna Malaiyandi:
You also have to make sure that you're doing the things that
Prasanna Malaiyandi:
are covered under regulation.
Prasanna Malaiyandi:
What, there is one thing that I think we did not touch
Prasanna Malaiyandi:
upon, which actually may not be in your book, um, but what do you think about
Prasanna Malaiyandi:
data that lives on people, on users, end devices that is not synced to the cloud?
Prasanna Malaiyandi:
Right.
Prasanna Malaiyandi:
We haven't,
Prasanna Malaiyandi:
W. Curtis Preston: Yeah, I don't,
Prasanna Malaiyandi:
on that, but hopefully you are doing a backup of
Prasanna Malaiyandi:
some sort and maybe in a later chapter we can talk more in detail about this.
Prasanna Malaiyandi:
But I think that's also another thing to consider.
Prasanna Malaiyandi:
W. Curtis Preston: yeah.
Prasanna Malaiyandi:
I don't think of that.
Prasanna Malaiyandi:
Perhaps I should think of that when I think about a disaster recovery.
Prasanna Malaiyandi:
The um.
Prasanna Malaiyandi:
Obviously, I think that any data, wherever it resides needs to be backed up.
Prasanna Malaiyandi:
And I do strongly believe in backing up in devices.
Prasanna Malaiyandi:
I'm backing up this in device, right?
Prasanna Malaiyandi:
And the, uh, to the cloud for the record.
Prasanna Malaiyandi:
Um, because I, 'cause that's, I, I just think that's the best option
Prasanna Malaiyandi:
for an absent-minded person like me.
Prasanna Malaiyandi:
The, um, I just, I don't think of that.
Prasanna Malaiyandi:
Because I think where it'll come
Prasanna Malaiyandi:
W. Curtis Preston: there's nothing I have against of it.
Prasanna Malaiyandi:
I just don't think of it.
Prasanna Malaiyandi:
Right.
Prasanna Malaiyandi:
But there could be a mass, uh, cyber attack that takes out all
Prasanna Malaiyandi:
of your infrastructure and you do need to be able to restore that.
Prasanna Malaiyandi:
And especially when it comes to the restore aspects, right,
Prasanna Malaiyandi:
or the recovery aspects, it's how do I now bring all my users back online so they
Prasanna Malaiyandi:
can continue functioning and the business can continue functioning after an attack.
Prasanna Malaiyandi:
For instance, if I was during the pandemic, right, you had a bunch of
Prasanna Malaiyandi:
people working remotely and they had data, and sure we could say the data
Prasanna Malaiyandi:
was synced to the cloud, and so it's not as important about the data,
Prasanna Malaiyandi:
it's how do I recover that hardware?
Prasanna Malaiyandi:
After a ransomware attack across my environment.
Prasanna Malaiyandi:
Right.
Prasanna Malaiyandi:
I think those are the sort of things which will become interesting.
Prasanna Malaiyandi:
W. Curtis Preston: Yeah, I think, I think all of us found out just how
Prasanna Malaiyandi:
much fun it was to do mass orders of hardware during the pandemic.
Prasanna Malaiyandi:
It was a very good couple of quarters for Dell and, and
Prasanna Malaiyandi:
Apple I'm sure with everybody ordering as much as they ordered.
Prasanna Malaiyandi:
No, it's, I think that's a real, that's a really good point.
Prasanna Malaiyandi:
Thanks for that extra, um, flavor.
Prasanna Malaiyandi:
Um, alright, well that's, I think, I think that's enough as an overview of Dr.
Prasanna Malaiyandi:
We got.
Prasanna Malaiyandi:
We have plenty more to talk about, but, uh, again, you gotta first
Prasanna Malaiyandi:
figure out everything that you have.
Prasanna Malaiyandi:
You got to then figure out what your risk profile is and figure
Prasanna Malaiyandi:
out what you're gonna tackle first.
Prasanna Malaiyandi:
Uh, from a DR standpoint, and I, I do believe in the concept of
Prasanna Malaiyandi:
low hanging fruit and grabbing and taking care of that first, where
Prasanna Malaiyandi:
you can get success and or where.
Prasanna Malaiyandi:
Basically tackling the most likely thing to happen first.
Prasanna Malaiyandi:
Right.
Prasanna Malaiyandi:
All right.
Prasanna Malaiyandi:
Well thank you again for a great conversation.
Prasanna Malaiyandi:
Uh, always a pleasure, Curtis.
Prasanna Malaiyandi:
I like our chats.
Prasanna Malaiyandi:
W. Curtis Preston: Me too.
Prasanna Malaiyandi:
And, uh, thank you again to our listeners for listening.
Prasanna Malaiyandi:
We'd be nothing without you.
Prasanna Malaiyandi:
That's a wrap.