StorageCraft Technology Corporation
X

The changes in the regulatory landscape have had a significant impact on the area of data management and security. In the process of providing better protection and privacy for consumers, these changes have created a mixed bag of challenges and opportunities for all parties involved. Combined with existing mandates and changing requirements, the risks associated with failure to comply have made compliance management a daunting task for organizations of all sizes. Interestingly, not all is lost and there is a group of problem solvers waiting on the sidelines, ready to jump in for help.

Verizon’s 2015 PCI DSS Compliance Report found that four out of five organizations are still not compliant. This shocking statistic does more than uncover the glaring problem in the payment card industry. It also highlights the opportunity for third-party service providers to capitalize on the issue and assist struggling companies with their compliance needs. Adding Compliance-as-a-Service (CaaS) to your menu of service offerings is a strategic way for MSPs to not only attract new business, but cater to the regulatory requirements of existing clients as well.

Compliance is a virtual goldmine for service providers with the management expertise to simplify and satisfy the complex requirements associated with regulations such as HIPAA, PCI-DSS, and GDPR. At the same time, hopping on that bandwagon is akin to opening Pandora’s Box because of the requirements that come with the territory. MSPs must walk a fine line in order to ensure that the convoluted legal component of compliance doesn’t land them in hot water.

Lingo and Liability

Borrowing the “as-a-Service” moniker popularized by cloud computing, CaaS is far more than a cleverly named fad. It’s recognized as a legitimate industry on the rise. CaaS providers make their money by customizing solutions around individual compliance requirements. Their management efforts are designed to help organizations prioritize internal policies and processes per mandated regulation and rule. In a perfect world, CaaS is a cost-effective solution that enables regulated businesses to minimize the risk, cost and complexity of meeting compliance.

Trendy name aside, CaaS is a rather vague term that could be interpreted in more ways than one. Based on the name’s general nature, one might assume that the provided service involves direct handling or securing of confidential information. On the other hand, a potential customer may assume that it refers to managing internal processes typically performed by employees or actually guaranteeing compliance for one legislation or another. There’s ambiguity in the CaaS term that can lead to a lot of confusion.

Third-party providers are often needed to help with aspects such as auditing, storage management, and disaster recovery. These services come in handy and allow organizations to free up valuable time and eliminate some of the challenges associated with meeting industry regulations. However, the burden of achieving and maintaining compliance falls on the customer’s shoulders. Therefore, MSPs’ contracts should accurately describe service offerings and make it clear that those services alone can’t ensure compliance. MSPs should also consider avoiding the term CaaS altogether and invest in liability insurance for added protection.

Technology and Expertise

The same regulations and rules that have companies scrambling for compliance solutions can be equally perplexing for MSPs. Take the healthcare field, for example. HIPAA requires organizations to assess their level of data security risks, implement policies and technology to mitigate those risks, regularly report their assessments to industry regulators, and in worst case scenarios, notify regulating bodies within 72 hours should a breach occur. These and other responsibilities demand that MSPs acquire the security expertise to help healthcare organizations meet HIPAA compliance.

The move from MSP to CaaS requires a special set of tools and procedures. While the targeted field and legislation will determine the specifics, every successful transition is built around three key elements:

  1. Providing rock-solid security that prioritizes data protection
  2. Training personnel on the finer details of the regulations in question
  3. Integrating new technology in a manner that is consistent with billing cycles and overall service offerings

If there were ever a time to call on your vendor partners for assistance, this would be it. IT networking powerhouses like Cisco offer solutions that are a custom fit for MSPs and designed to support regulatory standards in numerous industries. These vendors can provide valuable insight into delivering compliance-friendly services, so there is a lot to gain from tapping into their expertise.

Practitioners in emerging businesses such as medical marijuana are buckling under the pressures traditionally regulated industries have been dealing with for years. When it comes to CaaS or compliance work in general, MSPs must be careful not to take on risks they cannot properly asses or manage—or the risk to their own business will quickly outsize the rewards.

View Comments

  • VMware Player is not a Type 1 hypervisor, and therefore does not have better performance than Virtualbox "because it runs directly on the hardware."

  • Yes, a span size of two means that each span is as small as possible. So a span size of two in RAID 100 means that you are actually getting RAID 10 without anything extra (it is the middle RAID 0 that is eliminated.) So the advice is good, basically you always want a span size of two if the option exists. Some controllers cannot handle a RAID 10 large enough to accommodate all attached drives and so larger spans are required. Typically this does not happen until you have at least ~18 drives or so.

  • The one question I have coming out of this results from the conversation that I believe possibly prompted this blog post, namely that in this thread on SpiceWorks:

    http://community.spiceworks.com/topic/548896-raid-10-2-spans-a-cautionary-tale-it-can-happen-to-you

    The recommendation/default for at least one DELL controller model was a span-size of 2, with comments referring to this being referred to as the optimal configuration for larger arrays. Is there any evidence to support this being the optimal configuration? Your blog post, and my (albeit limited) understanding of RAID would suggest that this advice is flawed. Then again, maybe I am misunderstanding something at a fundamental level?

    Furthermore, would there be any benefit to adding in multiple RAID-0 layers above the RAID-100 so that the member size of all arrays involved is kept as small as possible?

  • I like the article, to be honest I've seen many posts on newspapers, magazines and even blogs that praises the open-source as it without being put on glory or hell, just neutral

    I'll like to add some other software like Thunderbird (for email), Git (for developers) and maybe replace Notepad++ with Geany/Gedit/Kate (or the text editor of your preference, yours being the Notepad); otherwise I like your choices and those are apps that I use a lot, even if in my workplace they don't want to replace it

    • Hey Dom, depending on where you're located there are a number of ways you can dispose of VHS tapes. Most thrift shops will take them off your hands, assuming they're actual movies and not simply blank tapes. Another option is to use Greendisk (greendisk.com), which allows you to mail in your old VHS tapes for recycling. Beyond that, there may be some options specific to your location (there are waste recycling facilities that can handle this type of trash all over), a quick Google search might reveal some of them.

  • Hi there, I think your web site may be having internet browser compatibility problems.
    Whenever I look at your web site in Safari, it looks fine
    however when opening in I.E., it has some overlapping issues.
    I simply wanted to provide you with a quick heads up!
    Besides that, wonderful site!

    • Thanks for letting us know, we really appreciate it. Do you happen to know which version of IE you're using? I know that sometimes the older versions don't cooperate. I can't seem to reproduce the results you're seeing, but we're looking into it. Thanks again for bringing this to our attention.

  • I think you are missing the point entirely here. I have a home with 5 PCs all running same Windows OS version and same versions of Office. MOST of the file data on the machines are copies of same files on other machines: the Windows OS files and Office binaries. I want to backup full system snapshot images (not just photos and music) daily to a NAS on my LAN, or even a headless Windows machine acting as a NAS (like the old Windows Home Server product). I want the bandwidth savings of laptops backing up over wifi to notice that those windows files are already stored and not transmit them over wifi. I also want the total NAS storage of all combined backups reduced so that I can copy the NAS storage to either external drive for offsite storage, or more interesting up to the cloud for redundancy. ISP bandwidth caps, limited upstream bandwidth, and cloud storage annual cost per GB mean that deduplicated backup storage is essential. The cost of additional local storage is NOT the only consideration.

    I don't care about Windows Server's integrated deduplication. The deduplication has to be part of the backup system itself, especially if you are doing cluster or sector level deduplication, to avoid sending the duplicate data over the wire to the data storage in the first place.

    I've been looking at different backup solutions to replace Windows Home Server (a decade-old product that offered deduplication), and your product looked very interesting, but unfortunately the lack of built-in deduplication rules it out for me. I can only imagine how this affects 100-desktop customers when I wont't even consider it for 5-desktop home use.

    • Thank you for your comments. We appreciate all points of view on this topic.

      I agree that ISP bandwidth caps, limited upstream bandwidth, and cloud storage cost per GB show how critical it is to minimize data transmissions offsite. I also believe that much like modems and BETA video tapes, the bandwidth of today is giving way to higher access everywhere. For example, Google Fiber is now available to some of my peers at the office. Cellular LTE and satellite technologies are also increasing bandwidth for small business and home offices. At the same time, our data consumption and data creation is increasing at a rate that may outpace this increased supply of bandwidth. Either way, there are ways to work around data transmission limits.

      One way we help with data transmission over slower networks is we incorporate WAN acceleration and bandwidth scheduling technologies into our offsite replication tools. These allow you to not only get the most efficient use of available bandwidth but to also schedule your data replication during off-peak hours. Another way we help with data transmission is through compression. Deduplication is after all simply another form of data compression which reduces the near side (source) data before it is transmitted over the wire (target).

      In your case, you could use our product to store images on a local volume which has deduplication. You could then replicate data over the wire to offsite storage using ImageManager or some other tool. Many of our customers do this very thing.

      Keep in mind that the deduplication process has to occur at some point: either at the source or at the target. If you wanted to deduplicate your 5 PCs you would be best served with a BDR solution that can read each of those PCs, see the duplicate files on each, and avoid copying those files to storage. In this example, deduplication would occur on your BDR but you're still reading data from each PC over the wire to your BDR. In addition, your BDR would control the index for data stored on a separate volume or perhaps has the storage volume incorporated in the BDR. This creates a single point of failure because if your BDR crashes then the backup images for your 5 PCs wouldn't be recoverable and current backup processes cease.

      At StorageCraft we focus on the recovery. Our philosophy means that we take the smallest fastest backup images we can and then we give you ways to automatically test those images for reliability, compress them into daily/weekly/monthly files according to your retention policy, and replicate those images locally and offsite. This gives you a solid foundation from which to recover those images quickly to almost any new environment. I have yet to see a faster more reliable solution among our competitors.

      Cheers,
      Steven

  • Regarding Shadowprotect desktop:
    I am looking for the following capabilities
    1. Windows 8.1 compatability
    Everything I've examined says Win 8 but nothing about Win 8.1
    2. I want to be able to do the following on an ACER S-3:
    320gb hd with Win 8.1
    create an image of the 320gb drive.
    Install a 120gb drive in the ACER.
    Install the image to the 120gb drive.
    I am assuming that I can boot from the Shadowprotect
    CD, use an external usb connected dock with the 320gb
    image, and successfully install the image from the
    external dock to restore to the 120gb drive installed in the ACER.
    3. Does Shadowprotect take care of setting up the needed
    partition and format for the target drive (120gb in this case)

    I've looked at several of the alternatives to your product
    posing the same questions above and get vague or downright
    misleading answers to my items 1, 2 AND 3 above.

    If I purchase your product will I be able to do what I
    want as stated in items 1,2 and 3 above?

    I have done exactly what I described in items 1,2 and 3
    above for WIN 7 using a product called EZGIG II and am
    pleased with the results. I am looking for the same
    capability for Win 8.1.

    Please avise,
    Joe O'Loughlin

    • Hello Joe,

      Thank you for your questions. I'm sorry that other vendors have disappointed you with vague or misleading answers. Fortunately I have good news for you.

      1) Yes, we are compatible with Microsoft Windows 8.1 technology. The ShadowProtect ReadMe file contains information about version compatibility (near the bottom). Here's a link to the ReadMe file stating that we are compatible with Windows 8.1 and Windows 8.1 Enterprise.

      2) Yes, you can resize the image of a larger disk to fit on a smaller disk. This is typical of SSD upgrades where the less expensive and larger HDD is replaced with a smaller and faster SSD drive. Please keep in mind that we cannot shrink a partition past the data written on the volume. Here are some articles on shrinking disk volumes that you can read in our knowledgebase:

      Shrink volume size: Removing free space from an image.
       
      Alternative Methods to Shrinking volume size for your drives.
       
      Why can't ShadowProtect shrink the volume further?

      Also, I find that our StorageCraft CrossPlatform Recovery Environment tools seem to shrink a disk volume the best. If you purchase ShadowProtect I would recommend that you download the Recovery Environment and burn it to a USB key or CD/DVD to assist you in the process.

      3) Yes, ShadowProtect takes care of the needed partitioning and format for the target drive. Please keep in mind that if this is an SSD drive, these drives typically have a manufacturer's disk utility you should run to properly condition the drive first. When you run the Restore Wizard you will be able to see your target drive and properly format and initialize it within ShadowProtect.

      Lastly, you can download an evaluation copy of our software and test the first two of these three questions: namely Windows 8.1 compatibility and shrinking your disk volume. You will need to purchase a licensed copy of the software to be able to restore to new hardware, but once you do you'll have a reliable backup solution to continually protect your system and data. I use a continuous incremental backup on my work and home computers to ensure no matter what happens I will always be able to recover my important Windows systems and data.

      Cheers,
      Steven

  • Hi Steven
    at 6 august 2013 you wrote:
    " Another release will have the complete tools for backing up and recovering both Linux and Windows systems. I can tell you that this later release will be out before the end of the year."

    But now we are already in 2014.

    when we can have this "complete tools for backing up and recovering both Linux and Windows systems" ?

    Thanks

    • Hello Carlo,

      Yes, you have pointed out the travails of being both a Techie and a Marketer, namely predicting software release dates. We both know how fast technology changes these days. What with Microsoft updates, new hardware (and the associated drivers), the constant flow of Linux distros, and StorageCraft's penchant for getting everything perfectly aligned before a release and my job as a Technical Marketer job becomes nigh impossible. I apologize for getting the date wrong, and will post more information about the upcoming software release as soon as I get it.

      Thank you for keeping me honest.

      Cheers,
      Steven

    1 2 3 11