You are not connected. The newsletter may include some user information, so they may not be displayed correctly.

Cyber Insurance Requirements are Changing

Cyber Insurance Requirements are Changing

‍VMsources

‍Secure Cloud and Business Continuity

‍Saturday, 24 August 2024 19:45 ‍

 

Hello  ‍

 

The requirements for Cyber Insurance are changing; Insurance providers and underwriters are now requiring three essential protections before providing Cyber Insurance coverage:

  1. Multifactor Authentication (MFA / 2FA)
  2. Backups in compliance with the 3-2-1 Rule
  3. Endpoint Protection

VMsources already provides all of these critical Business Continuity components to some of the largest Organizations in New Jersey education. Let us help protect your Organization as well, and not only will you get our famous Concierge Service through the entire process, we'll provide a legal certification that protections are in-place and actually working! We also have excellent professional references in your community who would be glad to speak with you! 


In the meantime, please read-on for vendor-neutral information about choosing an Offsite Backup provider who will best serve your needs.

 

Your Business Continuity Specialist,

 

John Borhek

CEO, Lead Solution Architect

VMsources Group Inc.

Mobile: +1 928.606.0483

Direct-dial office: +1 928.864.0850

Email: john@vmsources.com

Website: https://vmsources.com


1. Business Continuity Glossary of Terms

3-2-1 Rule

Three (3) copies of protected Data on at least two (2) different storage devices with one (1) copy located at a secure remote location such as VMsources Secure Cloud

 

Antivirus

Antivirus products continually scan for known Virus Signatures on protected systems.

Antivirus systems can not protect against new vectors (Signatures) which have not been published by the Antivirus vendor.

 

Auditing and Compliance

Auditing and Compliance is the process by which facilities and systems are compared against known standards by qualified Auditors who then create reports which certify that the facility or system is in Compliance with the standards used, or make note of exceptions.

 

Backup

A Backup is an indexed archive of systems and data, usually compressed, and which needs to be Restore(d) prior to accessing the archived data.

 

Backup Copy

A Backup Copy job sources a (usually) Incremental Backup and copies the data to an alternate location. Backup Copy jobs are the normal source for Offsite Backup(s) and have the advantage of being non-disruptive if it takes many hours to transfer data to an Offsite location such as VMsources Secure Backups.

 

Backup Repository

A random-access storage system which can be used as the primary target of a Backup.

 

Best Effort

Best Effort represents resources which are not reserved or pre-assigned and may not be available in the event of greater than normal demands on Infrastructure, such as during a large regional Disaster event.

 

CDP

Continuous Data Protection (CDP) is near-synchronous Replication of data from source to target.


 Cloud Computing

Cloud Computing provides ubiquitous, convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.

 

Compute Resources

The resources required by the active state of a computing system while it is powered on (CPU and RAM)

 

CPU

Central Processing Unit (CPU) provides logic, controls I/O and performs all calculations based on information stored in RAM

 

Datacenter

A secure and audited location where Cloud Computing resources are housed. SEE ALSO: Server Room

 

Disk /vDisk / HDD

A computer Disk (AKA: vDisk, Virtual Disk, Hard Disk, HDD, SSD) is a non-volatile, random-access storage system on which data is stored.

 

DR

Disaster Recovery (DR) is the notion of how an Organization would recover following a Disaster such as physical loss of data (such as in a Fire), logical loss of data (such as in a Ransomware Event) or temporary loss of data (such as during a power outage).

 

DRaaS

Disaster Recovery as a Service (DRaaS) is a combination of Service Levels which includes at least Secure Backup and Replication.

 

DR Plan

A DR Plan is the written and documented procedure for an organization to recover during / following a disaster.

 

DR Test

A DR Test is the execution of the DR Plan sufficient to demonstrate that the Organization could recover following a disaster.

 

Endpoint Protection

Endpoint Protection differs from Antivirus in that it looks for specific behaviors which represent suspicious activity on protected systems. When discovered, Endpoint Protection will isolate (“quarantine”) systems until reviewed by an authorized administrator.

Some Endpoint Protection platforms are comprehensive enough to be considered to be complete Antivirus replacement, while others need to be used in conjunction with traditional Antivirus systems.

 

Failover

The process by which Replicated VMs are powered on and prepared for use at an alternate location, such as at a DRaaS Datacenter.

 

Full Backup

A Full Backup is an archive of protected data and systems which can exist on its own, without any other supporting files.

 

Grandfather-Son (GFS) Backup

Long-term retention of full backups on a schedule (Weekly, Monthly, Yearly)

 

Hardened / Immutable Repository

Veeam Hardened / Immutable Repositories are tested and proven by  Cohasset Associates meeting the requirements for non-rewritable, non-erasable storage as specified by SEC 17a-4(f), FINRA 4511(c) and CFTC 1.31(c)-(d) – WORM Equivalency

 

Hypervisor

A platform which draws resources from its physical host hardware and allocates those resources to VMs which run as independent and isolated systems.

 

Incremental Backup

An Incremental Backup utilizes one Full Backup followed by successive increments of the data which contain only the portion that has changed since the preceding Incremental Backup. When a Restore is needed, the restoration process requires the last Full Backup plus all the Incremental Backups until the point of restoration.

 

MFA

Multifactor Authentication (MFA) is a process which requires external validation, in addition to the username/password combination. The most common form of MFA is 2FA (2 Factor Authentication) which sends a “push” notification or uses a hardware hey in addition to the username/password combination to validate users

 

Offsite

To a geographically separated location, usually with a minimum distance requirement of 100 KM., but possibly much more depending on: Power Grids, Flood areas, Geologic earthquake zones and much more.

 

Onsite

To the same location as active Workloads and mission-critical data.

 

Pool

Shared resources, such as IP addresses, CPU, RAM and Disk which are assigned Best Effort.

 

RAM

Random Access Memory (RAM) stores volatile data which can be accessed and changed frequently while a computer system is powered on.

 

Replication / Replica

Replication provides a ready-to-run (immediately accessible) Replica copy of a Virtual Machine at an alternate location. The primary advantage of Replication is that Replicated systems require no Restore prior to being accessible.

 

Restore

The process of extracting data from a Backup and placing that data in a location where it is accessible. The Restore process is often time-consuming, depending on the format of data and systems used.

 

Restore Points

A Restore Point is the state protected by a Backup Job each time it runs

 

Retention Policy

Retention Policy is the number of Restore Points which will be kept

 

RPO

Replication Point Objective is the time between Replication cycles that occurs in Asynchronous Replication. When met, the RPO is the maximum period of data loss to be expected.

 

RTO

Recovery Time Objective (RTO) is the amount of time for systems to become functional after a disaster, including the time required to update public DNS and other service pointers. RTO can vary from just a few minutes for DRaaS protected systems to many hours for systems which need to be restored from Secure Offsite Backup

 

S3 Object Storage

S3 Object Storage systems may be deployed to retain bulk or long-term Backups which were created targeting a random-access repository.

S3 Object Storage is not suitable for random-access or transactional data, and cannot be used as the first generation of a Full Backup or Incremental Backup because it does not support the locking and sharing mechanisms needed to maintain a single, accurately updated version of a file.

 

Secure Cloud

Secure, on-demand and elastic Compute and Storage resources located in geographically diverse areas.

 

Server

A dedicated Compute resource, either physical or virtual, which provides resources or services to users to access remotely.

 

Server Room

A dedicated area where Servers and other Compute resources are housed. The primary difference between a Server Room and Datacenter is that the Server Room has not been Audited against standards (Such as AICPA, NIST, ISO) whereas the Datacenter is Audited and in compliance with those standards.

 

VM

Virtual Machine (VM) any form of Compute resource which runs on a Hypervisor.

 

WORM

Write Once Read Many (WORM) refers to media which cannot be changed after creation for purposes of auditing and/or protection from Ransomware

PLEASE NOTE: Veeam Hardened / Immutable Repositories are tested and proven by  Cohasset Associates meeting the requirements for non-rewritable, non-erasable storage as specified by SEC 17a-4(f), FINRA 4511(c) and CFTC 1.31(c)-(d) – WORM Equivalency.


1. Business Continuity FAQ

Q: How does VMsources pricing work? Are there hidden charges?

A: We offer some of the easiest to understand pricing you will find anywhere, and are the ONLY provider offering a guaranteed TCO for your Secure Offsite Backup or DRaaS protection!

·         We charge for actual space used by Backups or Replicas at some of the lowest rates in the industry.

·         We have Veeam Backup and Replication available as SaaS/Rental so you pay only for what you use, while you are using it

There are never any ingress, egress, Block Blob or other hidden surcharges to access or use your data. Plus, our famous Concierge Service is included for every customer/job, no matter how small or large!

 

Q: What advantages does VMsources provide over the Big Cloud like Azure or AWS?

A: Personalized service, guaranteed TCO, 100% USA-based support.

 

Q: How quickly can VMsources protect my environment with Secure Offsite Backup or DRaaS?

A: In just a few days.

 

Q: How does VMsources Secure Backup protect our organization from Ransomware?

A: First and foremost, our backup systems are entirely separated from your Organizational AD, so Threat Actors will not have the ability to exploit credentials to gain access. Secondly, we use Veeam Hardened / Immutable Repositories to prevent any changes to data after it is written.

 

Q: What’s the 3-2-1 Backup Rule?

 A: The 3-2-1 Backup Rule requires three (3) copies of your data on two (2) devices with at least one (1) copy offsite.

 

Q: How does VMsources implement the 3-2-1 Backup Rule?

A: We create a local Backup job, a Backup Copy job and a DRaaS Replication job to protect your mission-critical data.

  • Three (3) copies are: the local Backup, the Backup Copy, and the Replica.
  • Two (2) devices are the local repository and the Offsite Backup Repository.
  • The one (1) copy offsite is either the DRaaS Replica VM or the Backup Copy.

Q: How will my customers/auditors know that my Organization is in compliance with the 3-2-1 Backup Rule?

A: VMsources will provide a Backup and DR Certificate of Compliance confirming compliance and the compliance period.

 

Q: How do I know if my Backup jobs are running successfully?

A: VMsources monitors your jobs and will notify you if there is an issue.

PLEASE NOTE: Many providers simply provide you instructions on how to setup notification – VMsources takes a proactive approach and makes sure you know if there is a problem with protection.

 

Q: If I have Secure Offsite Backup, can I restore my VMs, Servers or PCs to the Secure Cloud in the event of a disaster?

A: Yes. You can restore them to VMsources Secure Cloud or any other cloud hosting service!

 

Q: What is the recommended Retention policy for Backup Jobs / Secure Offsite Backup?

A: We recommend retaining:

·         14-days Onsite (incremental Backup)

·         30-days Offsite (incremental Backup Copy)

·         12-months Offsite (GFS, Backup Copy)

 

Q: What is the minimum practical Retention policy for Backup Jobs / Secure Offsite Backup?

A: While it is less than ideal, the minimum practical Retention is:

·         7-days Onsite (incremental Backup)

·         14-days Offsite (incremental Backup Copy)

 

Q: Can I do Secure Offsite Backup without DRaaS Replication, but convert my Secure Offsite Backups to the Secure Cloud in the event of a disaster? In other words, can I avoid the cost of DRaaS Replication?

A: Yes, but the restores may take many hours to complete, so it’s not recommended for low Recovery Time Objective (R.T.O.) scenarios. Also, with Offsite Backup, compute resources pre-provisioned on-demand and may not be available at the exact moment you need them:

·         Public IP addresses are assigned from available IPv4 pool to VMs when Restored to Secure Cloud

·         Compute Resources are assigned “best effort” to VMs when Restored to Secure Cloud

 

Q: What is the advantage of having DRaaS Replication to the Secure Cloud?

A: DRaaS Replication provides a ready-to-run replica provisioned in our Secure Cloud. This accomplishes two important goals: RTO is drastically reduced and Secure Cloud resources are reserved in advance for your Organization:

·         Public IP addresses are pre-assigned to DRaaS Replication

·         Compute resources are reserved for DRaaS Replication automatically

 

Q: What’s the RTO if we implement DRaaS Replication to the Secure Cloud?

A: The VMs will be available almost immediately after a Disaster or for a DR test. How long it takes your organization to update DNS and re-connect users can vary widely.

 

Q: How do we execute DR Tests if we have DRaaS Replication with VMsources?

A: VMsources will have first created a custom DR Plan for your Organization. As part of our famous Concierge Service, a VMsources Business Continuity specialist will help you to execute your DR Test (according to the DR Plan) and document the successful results or adjust the DRaaS protections and/or DR Plan until we achieve total success.

 

Q: Does a DR Test cost anything?

A: NO, VMsources does not charge for running DR Tests, either for out time or the Secure Cloud Compute used during the test.

PLEASE NOTE: Most providers do not assist you during tests and will charge extra for Cloud resources consumed during the test.

 

Q: How many VLANs/Networks/DMZs can I have?

A: We place no limit on that. Additional VLANs/Networks/DMZs are provided at no cost.

 

Q: How many public IP addresses do I get?

A: We have no set limit to the number of IP addresses you can have. We assign a minimum of one public IP for all Secure Offsite Backup and DRaaS clients.

DRaaS clients with replication will get pre-assigned static public IP addresses for each of their public services, such as: Mail, Web, VDI, etc. These pre-assigned static public IP addresses will remain yours for the life of the Solution

PLEASE NOTE: Most providers assign public IP addresses from a “pool” as failover is performed, so there is no possibility of pre-arranging whitelists or DNS

 

Q: Can I provide and manage my own Firewall / Layer 3 for DRaaS?

A: Yes! We’ll rack your Customer Provided Equipment (CPE) for DRaaS at no extra cost! This allows you the complete ability to manage NAT / Security / Client VPN during failover

 

Q: What are the specific advantages VMsources can provide with DRaaS Replication?

A: We understand no job is “cookie-cutter” and we’ll provide our famous Concierge Service to every client no matter how large or small.

 

  • We schedule DRaaS Replication according to your Organizational needs; for example: If your office hours are 09:00-17:00 M-F, we’ll schedule replication to match those hours so we copy mission critical data as it is created and does not copy problems such as Ransomware should it occur over the weekend.
  • We create your DR plan for you, as soon as you engage us.
  • We help you perform DR Tests (Concierge Service)
  • We’ll certify the results and provide documentation of the success of DR Tests
  • Our solutions use trusted commodity products (such as Veeam) and platforms (such as VMware) without proprietary overlays tying you into a specific vendor.

 +1 866 644 7764