Welcome to Cash in the Cyber Sheets. I'm your host, James Bowers, and together we'll work with business leaders and industry experts to dive into the misunderstood business of cybersecurity and compliance to learn how to start making money from being secure and compliant. Welcome to Cash in the Cyber Sheets.
Hey everyone welcome to Cash in the Cyber Sheets. I'm your host, James Bowers, Chief Security and Compliance Architect here at Input Output. Very happy to have you back here with us today.
So today we want to talk about, we've been talking about data backups, different structures, different things to consider, strategies, different types, and we haven't really gotten too much into continuous data protection, continuous data backups, and want to dive into that today, because one, it can definitely save your bacon. Number two, like everything else, it's a seesaw. It's there's pros and cons, and there's things you want to make sure that you do to not paint yourself into a corner and also not spend way more money than you need to be spending.
So we're going to get into that before we do, please click that subscribe button, whether you're listening to us on YouTube, Apple Podcasts, Spotify, wherever you're at, please click that subscribe, tell your friends about us, leave us some comments. We'd love to hear from you. So getting into continuous data backup.
Now, before we do that, to give a quick recap on some data backup metrics, which is why this is really going to where CDP continuous data protection really comes in, is the RTO and RPO, recovery time objective, recovery point objective. So RTO, as a reminder, is our recovery time objective. That's basically how quickly do we need to be able to restore data? Our RPO, recovery point objective, easiest way to put that is it's how much data we can lose.
So if our RPO is eight hours, that means that we can't lose any more than eight hours worth of data, which typically is covered if we're doing nightly backups, which a lot of times is okay. A lot of times, two, three, four, even five days RPO, while not ideal, is actually perfectly okay. However, in some cases where we've got extremely critical systems, we've got extremely critical processes and data, we can't lose a lot of it.
It's going to, we can only say be without a few minutes of the data. So sometimes our RPO is an hour, 30 minutes, a single minute, 60 seconds. And in those cases, a nightly backup is not going to do it, especially if it's something to where we need to be able to restore data no longer than a minute ago.
Very high volume locations, something like an Amazon actually would probably be in the seconds or milliseconds. But real critical data with a lot of transactions is typically where you get that low RPO. And like we said, a traditional nightly backup isn't going to do it.
So in comes CDP, continuous data protection. And what that is, easily in a nutshell, is it's continuous data backup, almost a mere copy of everything that's going on. So essentially every change that you're making is just about getting backed up immediately.
So whatever you've done is what's in that backup. And there's some really cool things about that, but there's also some caveats. So initially looking at it, it seems like this is how we want all of our backups to be.
And a lot of times that that's the case, especially if it's coming from management. Their initial reaction is we've got to have everything backed up. It's got to be backed up to the minute and we can't lose anything.
And great. So I think I'll start with the negatives there. If we're doing that, it can get to be very, very expensive.
So a CDP product, one, if we're backing up everything as we're changing it, that's quickly taking a lot of backups. That's creating a lot of storage, a lot of data that's being retained because we're keeping all of those different changes. And that can quickly turn into a thing of now we're paying tons of money for a lot of, a lot of storage space.
It's also, if we're backing up that much, that quickly, we need the infrastructure to support that. We need servers that can, that can process that. We need the storage disk that can save that fast, read and write.
We need the network infrastructure to be able to transmit that fast. And just with a few of those things that are considered, we can quickly see how the cost of a CDP solution can just spiral out of control. The pros of it, however, are basically we eliminate or not eliminate.
We have basically a near zero, typically RTO, RPO to where if we're backing up constantly with every change, if we need to restore something, we've backed up every change we've done. So there's no RPO, there's no recovery point worries because we've got every change. And typically if, if your CD, CDP solution is supported in the right way to be able to take all that data, to munch it up, to, to, to retain it, to store it, it typically can do the inverse and restore it very quickly to where a lot of times with a CDP solution, we have a, an RTO, how long it takes us to recover in minutes.
And that is typically the longest part of that is us making the request that we need the data and the technician or whoever actually getting it restored, not the system itself, taking, taking the time to, to restore it. So that's one of the, the most powerful parts of a CDP solution. We're backing up all of it.
That also lends itself to any type of disaster recovery, any type of business continuity, we've got everything backed up. It's right there. It's, it's immediately available typically.
And we can get the business running and restored the fastest way possible. We've just got to remember that with great speed and power comes great responsibility or actually not responsibility, but great cost. Another thing to consider, and this we're going to put in the, the con section, that area is if it's not set up right, you can quickly paint yourself into a corner.
And what that means is if we have changes happening to our data, if say everything gets encrypted, like a ransomware attack, well, depending on how we've set up that CDP solution, that's immediately going to, to store that. That's immediately going to retain that. And if we don't have multiple copies, if we don't have other areas that we can pull the data from, that could, that could basically invalidate, make all of these backups that we have completely useless.
It's also where we've got to consider if we have a situation like that, are we completely negating our ability to quickly restore the data? So if we have say a ransomware attack, it encrypts all of our data, our CDP solution, which is, is storing everything every single second, every single change. It grabs all of that. Now, all of our past few minutes backups are, are all encrypted.
We can't get to that data. Even if we have other backups that we can step back to, well, they may not fit within that minute or two minutes RPO that the organization needs that could put us in a situation where we're losing a lot more data than we originally thought we were. And that's when we're doing our audits, when we're working with companies, that's typically the biggest failure point that we see is that everything, everything's jiving well, everything looks great.
And it's going to continue to work great unless we have anything that corrupts our original data and then we're kind of SOL. So those are, those are some of the immediate pros and cons. There's, there's others, there's, there's other pros and cons like there is with everything, but I think, I think for the sake of our discussion, for keeping it succinct, um, cause I always do that.
I think that's where I think those are the big ones. Those are the big hitters. So there's a nice thing with the, with the CDP.
There's a nice thing with a lot of security controls, a lot of compliance controls that if you spend the time to, to understand your organization, if you spend the time to understand your risk, how everything's put together, what you actually need to operate, you can typically have your cake and eat it too. And CDP is no exception to that. And here's what I mean.
So it's very easy for the boardroom, for us in IT to say, we need to back up everything, it needs to be backed up to the minute so we don't lose anything at all. Ever. That's an easy statement.
That's a knee jerk reaction. Truth is, is even if we have data like that, that we need to back up, even if there are things that we need to make sure we can't lose seconds of data, chances are that's not everything in the company. HR data, that's not changing that quick.
Some of our documents, probably not changing that quick. Sales data, transactions, uh, logs, records, things like that. Those would probably fall into the needing a CDP solution.
But for a lot of the organization, for a lot of our data, we don't need to make that major expense. So what we can do is start segregating it to where we've got a little part of our data that has that super speed, that super, super backup, our CDP and other areas of our organization are using more quote unquote, traditional backups. You know, the nightly backup, um, the daily backup hourly and are storing in ways that they're not creating such a large, uh, storage repositories.
They don't need as much money to maintain and operate. So that's where our, our discussions of understanding the business, taking a few steps back to not just a few, taking steps back to some of the first podcast is understanding the core metrics. And as a brief overview, that's understanding the number of leads we get.
Understanding what our conversion percentage is. What is our average lifetime value for clients? What is our average lifetime? How long do our relationships last with those clients? And what are the expenses? What's our margin? And with those identified, we can identify, we break all those out into the kind of their own columns, easy, easiest way on a piece of paper and just start listing all the systems and all the data that supports those well, all of our leads coming in, if we're a very high volume, very high transaction, very quick paced organization, then that might be data that we want to make sure is constantly backed up. Because if we lose a chunk of it, uh, perhaps we lose our ability to reach those customers in that golden hour or that golden minute, whatever it is with within our organization, but that golden timeframe of where we have the best chance of closing them.
In some companies, it, that doesn't matter so much. It can be days, it can be weeks and it wouldn't really make an impact. In other organizations, if they don't reach that client, that prospect, prospect's a better word.
If they don't reach that prospect within the first 30 minutes, their conversion rate goes from 80%, say down to 15 or 10%, which with a lot of transactions can be a huge impact to the business. So that's a case where those leads, that information, we want to make sure we have up to the minute. We we've got so little time to be able to reach these people.
That is, that is money sitting in our database. It's, it's just, we, we, we can't lose it. That's where we'd want to put a CDP solution.
Perhaps, however, once we close or more specifically, once we contact that, that prospect, once we get the information down, well, maybe in our sales process, we can see that. You know what? Once we, once we've made that initial contact, it doesn't matter if it's another day or another two days. When we, when we reconnect or when we get the data to them, or when we close the sale, that's not really changing our, our closing percentage.
So that data maybe doesn't need to, to be retained as at such a, at such a low RPO, we can do a more traditional data backup. So rather than where we initially came in and we just want to back up everything to the minute, now we're doing it on a very small subset of our data. And that is much more economical to manage.
It is much easier to manage from an administrative, technical, and financial perspective. And that's why it's so important to understand our key business metrics, leads, conversions, average lifetime value, average lifetime, and margin slash expenses. We have to understand those things.
We have to understand what's supporting it and what affects it so that we can make informed decisions here about how we're going to manage our risk, about where we're going to spend our limited resources to make the most impact in the company. And this is when we look at most implementations, most data, data backup setups, is those things are never considered. It's, it's more of a knee jerk reaction to, or an assumption, which we all know what happens when we assume it's more of an assumption of what we need rather than being driven by business data.
And from, from a business perspective, if I'm, if I'm looking at it from the business owner, from the C level, I want to know these things so I can understand the business. I can understand where to apply the resources and maximize my dollar. If I'm looking at it from the IT perspective, I want to be able to bring this same type of business action to the company.
The same understanding when I'm making resource recommendations, when I'm making budget requests. And as we look at these metrics, this is where we can marry business side, IT side, all the other sides, we can all start speaking the same language because ultimately in the business, we all want the same thing. And that's all that our data backups are supporting.
Bottom line, being able to close sales, being able to retain customers, to be able to increase our relationship value and increase how much money we're making off those customers. At the end of the day, that's, that's what all the IT systems are for. That's what all the networking equipment, everything that we're doing is to support that.
So when we're looking at our backups, when we're looking at the CDP, that's where we want to look at those business metrics. And I harp on that a lot and it's because it's so important and it's, it's the core of everything. And it's what everybody wants to skips because they, they think it's fluff.
They think it's fugazi that, that it's feel good coaching and kumbaya stuff that really doesn't matter, but it's truly the core of understanding the business is truly the core of understanding your risk, which then allows us to make informed decisions, allows us to see where to use these excellent solutions like a CDP solution and where we can, where we can back off and not spend that amount of money. And there's not an incredible about more that I think would be interesting to share about a CDP here with the exception of a good way that you can, another good way that you can have your cake and eat it too. And it's, it's a way that we set things up is leveraging different systems for different backup capabilities.
So a nice way is using SharePoint and retaining every single version change that's made. So that way throughout the day, I've got all of those changes. I can, I can immediately go back to something and then nightly with like a cloud backup, I can back all of that up.
So I have all of those changes, all of those versions for each of the days, and I've got all of the backups for multiple days and then retained. If we're doing a son, father, grandfather type of storage or towers of annoying, however, we're doing the backup strategy. We've got all of those.
Just remember, we want to make sure that if we have some sort of catastrophic event, if we have some sort of cybersecurity, something that comes through and starts radically changing all of our data, are we going to be able to meet that RPO requirement? Are we going to lose more data than we should be able to? So those are the biggest considerations. However, you're looking at setting it up. Make sure that it's the core data that you need.
Make sure that you're only backing up in a CDP solution, the data that you really need to, because otherwise your costs are just, they're going to skyrocket. They're going to spiral out of control. And you want to ask yourself, what are the different ways that this house of cards could fall apart? What are the ways that the data could be impacted in a way that I wouldn't be able to restore the data I need? So we could probably restore data, just not what we need.
What could keep me from restoring the data I need to the minute? And then in those cases that will allow you to see how to best set up your CDP solution, whether that's something like Acronis or a solution like an onsite or cloud infrascale solution, which we personally really like because you can also do a zero knowledge that way. They don't even have your access to your data. They're just, they're just storing all the encrypted stuff.
So that's another, have your cake and eat it too, because we've got a great backup, but we're not replicating our risk because they only have the encrypted stuff. We, we retain the keys, but whatever solution you use, once it's set up, mapping it out, then try to poke some holes in it because what you don't want to have happen, especially if you're on the it side, supporting the business. I don't know if that's worse.
Um, cause if it's the business losing the business, that sucks. If it's it, that made a recommendation and then it's not actually protecting the business, that sucks. That's definitely egg on the face and, um, typically a nice pink slip.
But if you're it making these recommendations, you want to make sure that everything is covered so that you don't get into an uh-oh situation that now we've lost data, now we've lost systems, now we've lost access in a way that we might not be able to recover from, or that's going to cost us so much more money to recover from than if we had just spent a little bit more in our solution. So I think that's about all I can, all I can talk about a CDP solutions without really starting to ramble. I ramble a little bit.
I'm getting, getting better, but I ramble, but that's a good part. Again, about CDP solutions, continuous data protection. Um, I've got a lot more information on the website that you'll be able to check out that that can expand on it.
And like we, like we just scrape the surface here. There's, there's a lot of considerations there. There's, there's a, there's a lot of things to that could go sideways.
Uh, and there's also a lot of ways that you can quickly spiral costs out of control. So more than happy to connect with you to give another set of eyes to help give that outside look in to make sure that you're asking the right questions to make sure that you've set it up in the right way and to make sure that ultimately you're protecting the business the way you need to protect it.
Thanks for joining us today. Don't forget, click that subscribe button, leave us a review, and share it with your network. Remember, security and compliance aren't just about avoiding risk. They're about unlocking your business's full potential. So stay secure, stay compliant, and we'll catch you next week on Cash in the Cyber Sheets. Goodbye for now.
