Your SaaS Data May Not Be As Safe As You Think

Rachel Dines

DELETE. It's a button we hit every single day. But normally, we are comforted by the fact that if we need to get something back that we accidentally deleted, backup software can save the day. But what happens when you delete data within a SaaS application? In some cases it is as simple as pulling up the virtual trash can and retrieving it. Sometimes, however, its not so simple. While the majority of the enterprise-grade SaaS offerings have robust methodologies for backing up and restoring data to protect against data loss or disaster, they may or may not make this technology available to you as the user. In cases where data is deleted accidentally or maliciously, tied to the account of departing employees, wiped out by rogue applications or lost during a migration, the vendor may or may not work with you to retrieve data from its backups. 

How well do you know your SaaS provider's SLAs for retrieving data? Chances are, this isn't something you've spent much time thinking about. In a recent report, we dug through the backup and restore policies of dozens of SaaS vendors and found the results extremely variable. Some vendors will help restore data, but only for a hefty fee, others will take no part in assisting you with restoring data, and the vast majority, simple don't disclose their policies. Here are excerpts from several SaaS provider's restore policies that we found particularly interesting:

Read more

Quantifying The Impact Of Downtime: What We Can Learn From Recent New York Times, Google, And Amazon Outages

Rachel Dines

Last week there were several of outages that got me thinking more about the cost of downtime. I get this question a lot: what is the industry average cost of downtime? I hate answering "it depends," but that's the truth. So much depends on the organization, the industry, the duration of the downtime, the number of people impacted, etc. And not all of it is about dollars and sense. Reputation, customer retention, employee satisfaction, and overall confidence can be shaken by even a short outage. Take, for example, the New York Times' mysterious outage on August 14, 2013, of around two hours. While two hours might not seem like much, in the middle of a news-heavy weekday, it made a lasting impression. The stock dropped, twitter exploded, and the Wall Street Journal dropped their paywall to try and capture readers. In this case, I argue the biggest impact of downtime was not the drop in stock price, but the loss of confidence and loss of competitive advantage.

Here is a very different example: Google experienced between one and five minutes of downtime (amazing that this is news, but it is), on August 17. While this outage reportedly cost the company upwards of $500,000 (making their hourly cost of downtime astronomical), but as a result, internet traffic overall dropped by 40%. Their biggest impact was on customers and strategic partner over the long term.

Read more

Backup Data Growth Is Out Of Control, Make Sure You Have The Right Tool To Manage It!

Rachel Dines

Have you heard the big news? Data is growing at an insane pace. Ok ok, this isn't really news, I hear this almost every day. But what many people don't realize is that one of the guiltiest culprits behind data growth is actually backup data. Between 2010 and 2012, the average enterprise server backup data store grew by 42%, while file storage (which is often the scapegoat of data growth) grew by 28%. And with more and more mobile workers, it's no surprise that PC backup storage is also growing at an explosive rate, almost 100% over the past two years.

Backup data growth being what it is, it's no surprise that a lot of people are re-evaluating their enterprise backup software. That's why I recently embarked on Forrester's first Wave on Enterprise Backup and Recovery Software. As part of that report, I developed a list of key criteria that are necessary to evaluate your backup and recovery software. At a high level, here is what I came up with:

Product offering:

  • Data reduction capabilities and scalability. What data reduction techniques does the product support, and how well do these techniques scale?
  • Backup targets. What targets and backup methods does the solution support?
  • Advanced backup options. What advanced backup options does the solution support?
  • Encryption. What are the native backup encryption and encryption key management capabilities? What encryption solutions does the product integrate with?
Read more

The Era Of Now And The Age Of The Customer — Why Resiliency Is More Critical Than Ever

Rachel Dines

We live in the era of NOW. If a website takes too long to load, or doesn't load at all, we will move on in a matter of milliseconds. If an ATM can't dispense cash — unacceptable. Our favorite online store is unavailable — unheard of. Not only have our expectations risen to astronomical heights, but our increasing dependence on technology means we can't cope without it. If our electronic medical records are unavailable — lives are at stake. If the utility's critical IT systems go down — millions are left without power.

Read more

Despite An Affair With My iPad, I Just Can’t Give Up My Laptop. . . Yet

Doug Washburn

A year and a half ago I broke up with Blackberry and started dating iPhone. It was a clean but cruel breakup: AT&T cancelled my T-Mobile contract on my behalf, the equivalent of getting dumped by your girlfriend’s new boyfriend.

This year I’ve been cheating on my laptop with my iPad. But it’s an on-again, off-again relationship. While I tell my iPad it’s the only one, I keep going back to my laptop. When I travel, my iPad is with me meeting clients. Meanwhile my laptop is in the hotel room surfing the online menu for a turkey club.

The iPad beats my laptop on size, weight, connectivity, and battery life. It also improves the human element when I’m having a face-to-face conversation but need to take notes. These are all critically important to me when I'm out of the office visiting clients or at an event.

But my laptop wins when I need to perform other important activities. For example, the larger screen really helps to write and edit research reports (John Rakowski, you’ll have your edits soon!). Or when I need to approve expenses behind the VPN or access files on my hard drive that I haven’t stored in Google Drive (yes, Forrester sanctioned).

Now that I've had a few months of compare both devices, I come back to outcomes . . .

Read more

If The End Of The World Is Coming, Are You Prepared?

Rachel Dines

The world may or may not be ending on December 21, 2012. I'm not an expert on the ancient Maya (although I've climbed many Mayan pyramids and have long been fascinated by their history, see proof below), but I've heard a rumor that this week marks the end of the Long Count calendar, meaning a new era begins on Friday, December 21, 2012, bringing a new civilization. Also, potentially a planet called Niburu might crash into the earth (although NASA has confirmed they have seen no evidence of this).

So, what's your plan? Will it be a space ark? A time machine (i.e., a TARDIS)? Wormhole (a la Fringe)? Should you consider sending your data to Mars? How do you even prepare for the unknown, the black swan events that are highly improbably, but highly disruptive?

Read more

A Week After Hurricane Sandy: How Did Our Business Technology Resiliency Plans Fare?

Rachel Dines

A little more than a week after Hurricane Sandy barreled through the Eastern seaboard, I wanted to take a moment and share some of my thoughts on business technology resiliency* and how we fared during this significant weather event. While there are still over a million people without electricity and significant recovery efforts underway, I'm overall impressed with the level of resiliency and preparedness many organizations exhibited during (and since) Sandy. I stress resiliency over recovery here because I believe that is the future of disaster recovery and business continuity. Our official definition is: “The ability for business technology to absorb

Read more

Risk Management & Business Technology Resiliency – What’s Changed Since 2009

Chris McClean

Guest post from Researcher Nick Hayes.

Take a second to think back to the year 2009. The US was in the thick of the financial crisis; companies were slashing budgets, and the unemployment rate was in double-digits. And do you remember a little thing called the “swine flu”? The World Health Organization (WHO) deemed the H1N1 strain of the swine flu influenza a global pandemic in June 2009. These were just some of the events top of mind for much of the nation and the broader global community three years ago.

2009 was also the year that the annual Forrester And Disaster Recovery Journal (DRJ) Survey focused on the role of risk management in business technology (BT) resiliency and crisis communications programs. Needless to say, the survey was fairly timely. Forrester found risk management was becoming a more common practice for business continuity teams, but that there was still more room for further collaboration with their risk management counterparts.

Fast forward three years, and the 2012 Forrester/DRJ survey is again focusing on the role of risk management in BT resiliency and crisis communications (you can take the 2012 survey by clicking here). A lot has changed since 2009 with a number of new events, technologies, and organizational challenges currently plaguing business continuity and risk management professionals.

Read more

Musings During A Hurricane: Why We Still Need Workforce Continuity Plans In A Mobile World

Rachel Dines

I'm having a frustrating day. It's only partly because there is a hurricane raging outside and I'm cooped up inside with a hyperactive dog. The main source of my frustration is my inability to communicate with the outside world. Yes, I still have power, and the Internet, but unfortunately, with cell networks overloaded, no landline (hello, this is 2012), and VPN failing, I can't seem to talk to anyone. At least comprehensibly. Of course, since I'm a resilient and resourceful employee, I've tried everything from GoogleTalk to Skype to our internal VOIP systems all with no success. Who would have thought in this modern era of the anytime, anywhere worker, that I would be rendered mute?

Read more

What Makes A Resiliency Program Mature?

Rachel Dines

I've been tackling an interesting challenge recently: how to define a mature business technology resiliency (aka disaster recovery)  program. It's something I've been thinking about for years, but it was only a few months ago that I sat down to develop a concrete framework that enterprises could use to compare themselves to. Yes, I know there are existing frameworks for defining what maturity is for a business technology resiliency program, but in my model, I was trying to accomplish the following:

  • Simplicity. Without going overboard, I wanted to put together a model that could be completed within a few hours, rather than something that would take weeks to complete. The tradeoff, of course, is that this model is much less detailed than others. However, with many conflicting priorities, I know that many IT leaders can't take the time to fill out an assessment the length of the last installment of Harry Potter.
  • Objectivity. One of the benefits I have at Forrester is the ability to address this from a vendor-neutral perspective. I have no ulterior motives with this model and no vendor allegiances that could influence the outcomes.
  • Process-orientation. I strongly believe that a mature business technology resiliency program is built on a bedrock of repeatable, standardized, and streamlined processes. In the model, you will see there is a section on technology maturity, but the emphasis overall is on the process components.
Read more