Tech/Engineering

Best practices for remote office backup and protection

Stephen Manley, CTO

Remote offices are the most vulnerable part of your organization’s infrastructure, and now they are increasingly the target of ransomware attacks. Remote offices have limited IT staff, non-technical users, and connect into the corporate VPN — a cybercriminal’s dream. In some industries, the remote office itself is the high-value target. In healthcare, manufacturing, education, and government, remote offices are where the real work is done and sensitive information is gathered. Remote office protection is not just “nice to have,” it’s a business-critical requirement.

In this blog, we will discuss the best practices for protecting remote offices, including managing at scale, network requirements, what to protect, and how to meet compliance and business requirements. Finally, we will discuss how remote office data protection can lay the foundation for a more comprehensive protection strategy.

Managing remote office protection — zero-touch data protection

Whether you have to protect one remote office or dozens, you need a solution that eliminates daily management; you need zero-touch data protection. 

The first way to eliminate management overhead is to eliminate solution components. First, there should be no hardware for remote office protection, because even appliances require maintenance and capacity planning. Second, there should be no software for remote office protection. Coordinating updates across central and remote office sites is time consuming and error prone. 

The second way to eliminate management overhead is to make the solution completely automatic. Remote office backups must adhere to the modern 3-2-1 rule — at least three versions, on two types of media, one of which is stored offsite in a different account. Neither manual effort nor scripting should be required because both will require human effort. 

The third way to eliminate management overhead is to enable self-service recovery. Otherwise, you will find yourself coordinating remote restores for environments you cannot control. All of the efficiency on backup will be lost at the first restore. 

In summary, the ideal remote office data protection solution is completely automated with no hardware or software, and self-service user recoveries. 

Network efficiency — deduplication and beyond

Remote offices have limited network bandwidth, so to move the backups offsite, the data protection solution must optimize its network usage. 

First, minimize your daily bandwidth consumption with global source-based deduplication. By sending only unique blocks of data across all applications and sites, you transfer the minimal amount of data needed for a viable backup.

Second, send your backups directly to the cloud; don’t route them through the VPN. A surprising number of organizations send their data from remote locations through the VPN before writing it to the cloud. Not only do they overload the VPN, but it simply adds an additional hop for the data. 

Third, leverage the cloud for recovery. Too often organizations have either not planned for remote recovery, or the recovery process is a copy of the data center plan. If “Step one” of your remote office recovery plan is “Transfer TBs of data to the remote site,” you need a more realistic plan. Since the backup is in the cloud, why not recover there? You can either set up a standby disaster recovery copy (one-hour recovery), or make a plan to restore the workloads in the cloud (24-hour recovery). Later, you can move workloads back onsite if necessary.

Protect everything

All of the data and devices in your remote office need protection. You never know when business-critical data will land on a server, laptop, or Microsoft OneDrive. Not only do you need to protect it from loss, but if ransomware invades the environment, you need to know what was exposed to the cybercriminals. Protect everything.

First, begin with the core remote office applications. These are usually VMs, servers, and maybe some databases. Remember, you want to enable direct-to-cloud backup — no hardware, no VPN connection. 

Second, protect the cloud applications. If you’re like most organizations, you shifted to applications like Microsoft 365 in the remote offices to eliminate management overhead, simplify protection, and improve security. Just remember that, even though the data is no longer in the remote office or the data center, you still need to protect it — and enable your users to recover their data.

Third, protect endpoints, such as laptops. Since end users are the primary target for ransomware attacks, laptops are usually the first devices to be compromised. An effective protection solution can help detect a ransomware attack, identify the data that has been exposed, and preemptively eliminate sensitive data so that it cannot be compromised.

All of the data either stored in your remote office or owned by your remote office team must be protected, retained, and made recoverable. “Partially protected” just means “largely exposed.”

Central oversight, local protection

While you do not want to manage remote office backups, you do need the confidence to know that the data is protected, recoverable, and compliant. If anybody — executive, auditor, or employee — asks if the remote offices are protected, you want to say “yes” with confidence.

First, you need central oversight and reporting. You should be able to see that all the data in all the remote offices are protected. 

Second, you need to follow data residency rules. Many countries do not allow data to be sent across their borders, even for protection. Therefore, remote office protection must be able to store the data in a location that meets data residency requirements. 

It may seem mundane, but the basics — reporting, alerting, and breadth of coverage — matter in backup, especially as your data, applications, and users sprawl around the world. 

Doing more with your data

While the primary job of data protection is just that — to protect your data — you can do more. 

With cloud backup, sprawled data is now centralized and accessible by the most powerful compute infrastructure the world has ever known. Rather than trying to centralize yet another copy of the data (violating network efficiency) with a new movement mechanism (violating zero-touch management) that leverages only some of the data (violating the desire to use all data), many companies use their cloud backups to drive their data pipelines.

Some manufacturing companies consolidate log data from their facilities. Hospitals and pharmaceutical organizations centralize access to patient and trial data. Media and entertainment organizations bring the data into the cloud and use high-performance region-to-region networking to share data among their sites. 

Once your backup brings data into the cloud, the journey is not over. The innovation has just begun. 

Druva’s role in the remote office

Druva offers best-in-class remote office data protection. With our industry-leading data protection-as-a-service (DPaaS) — there is no hardware or software required, backups are stored offsite in our account, and users can restore their data themselves. 

Druva’s global, source-based deduplication sends backups directly to the cloud, minimizing your network load. Customers can restore in the cloud, either via traditional recovery or disaster recovery options, and shift back to their site on their own schedule.

Druva protects all of your data — from the data center to cloud applications, to cloud-native environments, to endpoints. It offers centralized, policy-based management while enabling backup to over 14 regions around the world. Customers can use their backup data for more than protection, including ransomware detection, legal hold, and analytics. 

Key takeaways

Every generation, disruptive backup technology has started in the remote office because the challenges and pain are so intense. In the early 2000s, remote office tape backups were so unreliable that organizations deployed the first disk-based backup solutions. Today, however, the threats have evolved, and it is time for a new generation of remote office data protection. 

Data protection should no longer be a task that you solve — it has evolved into a service. Nowhere is that service more important than in your remote offices. Cybercriminals are targeting remote offices, and you do not have the time, staff, or technology to protect yourself on your own. 

Data protection-as-a-Service (DPaaS) is the future. With your remote offices, you can start now. 

Download this Druva white paper for an in-depth look at how comprehensive cloud backup and data recovery can lower costs and prevent data loss across your organization’s remote and branch offices.