How Confident Are You in Your BCDR Solution and Why?
How do you know a vendor can deliver the security and protection they claim? Phrases like ‘best in class,’ ‘world class,’ and ‘industry-leading’ are often used, but where’s the proof? Between regulatory compliance demands, work from anywhere endpoint backup, and rising cyberattacks, business continuity and disaster recovery (BCDR) is crucial. Managed Service Providers (MSPs) and their customers can’t afford to just roll the BCDR dice, and hope backups recover when disaster strikes.
It’s up to MSPs to do your due diligence when vetting vendors. Your customers trust that if you say something is going to work, you have a reason to believe it will. Discuss the following protection proof points with vendors to verify business continuity, gain confidence in your stack, and provide peace of mind to customers.
Security standards and regulation compliance
Regulatory breaches can cost tens of thousands of dollars in penalties. Even if a business can survive such a violation, the impact to both your customers’ reputation, and your own, could be devastating. Reputable vendors are happy to provide certification reports, compliance standards, encryption methodologies, and complete security questionnaires on a regular basis, whenever you ask. Whatever is necessary to meet the regulations in your industry, it’s your vendors’ responsibility to ensure that they do.
Take HIPAA for example. To ensure Axcient remains compliant over time, we regularly…
- Conduct a HIPAA risk analysis with HIPAA consultants and third-party experts
- Review policies and procedures, employee training, and operational standards
- Update everything necessary to meet the HIPAA Security Rule
- Provide MSPs with a letter attesting to our HIPAA-compliant solutions and practices, which can be used to build trust with customers.
Alan Helbush, Axcient partner and President and CEO of Where to Start, Inc. says, “Axcient is willing to do what few other backup and BDR vendors won’t – mitigate and share risk with their partners. These compliance guarantees allow us to continue to operate in the medical vertical and command higher margins. Compliance is a primary competitive advantage.”
Third-party, independent testing
While BCDR solution security is tested internally throughout production, an independent, third-party test identifies any existing flaws. It’s like a dress rehearsal for the solution to work out any remaining kinks, or prove it’s ready for real life. Experienced ‘ethical hackers’ attempt to infiltrate the infrastructure, delete backups, escalate privileges, break systems, and so on, in order to expose vulnerabilities and validate the efficacy of solution features. Test results prove how susceptible the solution is to a breach, and the extent to which a breach affects customers and their data.
Prior to testing, vendors and the third-party – which could be a threat or security management company – identify test objectives, scope, and methodology. While a variety of penetration tests exist, the most common are external and internal. External penetration testing finds open doors to external attackers who could gain access to internal systems. With internal penetration testing, you give the ethical hackers the key to the castle. Once in your system, internal penetration testing shows the level of effort required to overcome your security infrastructure with a focus on configuration issues, security clearances, and access to data, assets, and information.
Vendors who proactively conduct these tests are providing that additional layer of proof, transparency, and effort to build trust. Axcient enlisted the help of FRSecure to conduct both automated and manual internal penetration testing on Axcient AirGap. Core Security completed external network penetration testing on the x360Recover feature – which keeps data safe, even after a security breach. Axcient partner, and CEO at Data Trends, Kevin Dunn says, “We upgraded to Axcient x360Recover without conversion or migration and are already benefiting from valuable features like Axcient AirGap. We’re very security conscious, so the Axcient AirGap feature is critical to our managed services offering.”
See it to believe it
Of course the best way to make sure anything does what it’s supposed to do, is to see it with your own eyes.
- Product demos and individual product training allow you to run real-life scenarios in real time.
- Intelligent dashboards provide insight into the health of your backup system.
- Warning alerts let you see potential issues before they become problems.
Hopefully you see these functions in action before partnering, but check in regularly with your support manager to maximize solution value, and disaster recovery readiness.
Axcient AutoVerify automatically confirms data on the protected system, then virtualizes the latest backup recovery point, and finally, runs a variety of tests to ensure backup integrity. The entire process, including test results and an in-depth, detailed report, along with daily proof of backup recoverability are available in real time. AutoVerify also alerts MSPs to anything that looks fishy, so you can act quickly. Phillip Long, the Founder and CEO of Business Information Solutions, Inc. says, “AutoVerify is a really key component that I like. And we didn’t trust it for a long time. We’ve been manually verifying that it works and the image is able to start backing up. We were going through on a quarterly basis, and we’ve been doing that forever – because backups are that important – and we’re still doing it, but we haven’t found any discrepancies.”
Axcient x360Recover also includes Virtual Office for self-managed virtualization in the cloud within minutes. Equipped with ‘test mode,’ Virtual Office allows MSPs to demonstrate near-instant virtualization, and minutes-long RTO to validate disaster recovery effectiveness, meet compliance requirements, and provide peace of mind for customers. Just as you would in a real crisis, you have a fully functioning virtual network almost immediately.
Confidence is key
As new state legislation begins to creep into the channel, there’s a spotlight on MSPs and your ability to protect customers. You need to be extremely confident that the solutions in your stack are performing as promised. Security standards and regulation compliance should be verified on-demand and without question. If your vendor is not willing to provide these things, stop working with them! Now! Independent, third-party testing validates product performance, and live tests confirm business continuity. If your vendor isn’t eager to prove their capabilities, explore your options before it’s too late.
Additionally, utilize these proof points with customers during the sales process. They’ll be glad to know you’re double checking the solutions you provide, and take a security-first approach to BCDR. If a vendor claims it, they need a way to prove it.
If you want to see Axcient prove our BCDR solutions, start your Free 14-day Trial, Schedule a Demo, and come see us at Upcoming Events. We’d love to show you Axcient x360 – One Platform for MSPs to Protect Everything™.
About the Author:
Liz Mellem // Technical Copywriter, Axcient
Liz Mellem has been a freelance copywriter for over three years in the technology, education, and alternative medicine industries. She produces content, sales collateral, and email marketing campaigns that contribute to digital marketing strategies for sales growth and brand awareness. In her free time, Liz enjoys reading, exploring Austin, and Netflix with her cat, Harlem.