#veeamchallenge: Replicating legacy technology

A Blog by Joe Brain, Support Apprentice at virtualDCS.

In the office this quarter we’ve been celebrating old technology, from the solar-powered calculator to the wonderful Waddington’s Wizard, but we didn’t stop there.

We’ve wanted to combine our love of old technology with one of the world’s leading backup and replication solutions, Veeam Cloud Connect and this is where the virtualDCS technical team were challenged to protect the oldest legacy system we could find.

We are pleased to say that we’ve managed to complete the challenge and replicate MSDOS. Naturally, we couldn’t go back any further than that as it’s one of the oldest Microsoft Operating Systems.

The hardest part about replicating the system was finding a copy of it in the first place! After that, everything was straightforward since Veeam doesn’t differentiate between operating systems, there are no special requirements for replicating MSDOS, which means any operating system can be replicated.

In a real world scenario, if someone has to keep a specific application running that can only be deployed on MSDOS, the programme would still require replicating in order to protect its enclosed data. Using Veeam, this doesn’t have to be a concern.

The process

To protect our customer privacy we decided to upload some screenshots of the process instead of a video demonstration as we have done previously, however if you’d like to see a demo we’re more than happy to accommodate if you get in touch with the team.

 

 

 

 

Since the setup is the same as other replications we didn’t set it to repeat.

 

Here the replication is in progress with no errors occurring.

 

The replication has completed successfully and is working correctly.

 

For more information on our legacy challenge or our Veeam Cloud Connect suite, please follow the links or contact virtualDCS on 03453 888 327 or by emailing sales@virtualDCS.co.uk.

Is your data at risk after Brexit? 5 ways to protect it now

With an unknown Brexit on the horizon, many organisations are concerned about international data protection and security. And they’re right to be. The UK economy is heavily reliant on the free flow of data. Data is responsible for £240bn of UK economic activity, and three quarters of our data transfers are with EU countries.

If data flow restrictions are put in place after Brexit, UK businesses will be at a competitive disadvantage, and the security of our data could be compromised.

 

Brexit data security risks

So what are the risks and how can you minimise them?

(1) Data access

data centre

The EU has high data protection standards. All EU countries have signed up to these standards, including the recently implemented General Data Protection Regulation (GDPR). This means that personal data can be transferred freely throughout European Economic Area (EEA) member states with a guarantee that it will be secure and protected.

If the UK leaves the EU without a deal, it will be classed as a “third country” by the EU and will no longer be able to access and utilise this data. The UK has proposed a new data protection agreement and is currently negotiating on the basis that there will be a 21-month implementation period, during which existing legislation will continue, giving organisations more time to meet compliance rules for any new regulations.

 

(2) Data adequacy

The EU has said that UK will need to apply to be put on the list of safe countries for data access, by showing that it meets the EU requirements for data adequacy. Until then, it may be illegal to hold any data in the UK that refers to EU citizens until access is granted.

Data adequacy assessments for other countries have taken between 18 months and five years, so it is possible but not probable that the proposed 21-month implementation period will allow enough time for this.

 

(3) Data protection and security

Not only does the data adequacy decision pose uncertainty for the future of data outside of the UK, legal snags (like the US Patriot Act) are already causing headaches for UK businesses protecting their data internationally.

When entrusting your data to an American company, you’re also unknowingly laying down the red carpet for the US Government; inviting them to take a look around, copy and in some cases, even delete your information.

You can read more about the US Patriot Act in our blog post ‘Finding the right disaster recovery provider’.

The EU has declared that US and Canada only provide partial data adequacy. As the UK shares data with the US, this may prevent the UK from meeting the EU’s data adequacy requirements.

 

How to protect data from Brexit risks

Time is running out to protect your organisation’s data from the impacts of Brexit before the March 2019 deadline. But there’s no need to panic, there are steps IT managers can take now to mitigate the risks.

 

(1) Standard Contractual Clauses (SCCs)

In the absence of a post-Brexit data adequacy decision or an alternative agreement, data transfers to the UK from the EEC would require extra safeguards to ensure compliance. The onus would be on individual organisations to arrange these safeguards.

One option for individual businesses is to create and apply SCCs between themselves and all the other organisations they share data with. SCCs provide a written agreement between the data sender and data receiver, which guarantees that European Commission privacy standards will be upheld by both parties.

This option is likely to be costly and cumbersome, especially for small businesses. Smaller organisations may not want to sign up to SCCs provided by their partners if the extra administrative burden is prohibitive. The ECJ can also mount a legal challenge to SCCs, and is currently doing so for this one between Facebook Ireland and Schrems.

 

(2) Binding Corporate Rules (BCR)

Multinational companies that move EEA data through the UK also have the option to implement BCRs. These are a strict set of rules governing how data can be moved around different countries, but only within the same corporate group.

BCRs can be complicated, and even once all the work has been done to put them together, submitted applications can take a year or more to be authorised by the numerous data protection authorities in each of the EEA and EU member states. Again, the administrative costs can be high.

 

cloud computing and big data storage

(3) Migrate to a UK-based hosting and disaster recovery solution

Not all cloud based hosting and disaster recovery systems offer the same level of security, and Brexit could impact a significant number of solutions and providers. Backing data up offsite provides an additional level of reassurance. But there’s no point protecting your data offsite if you’re opening it up to additional vulnerabilities in doing so. Migrating to a UK-based system mitigates the impact of UK data adequacy non-compliance, for organisations that wish to use data in the UK.

 

(4) Choose an industry-leading cloud based system

Veeam software is on course to become the world’s leading disaster recovery solution, especially with the recent addition of Veeam Cloud Connect, its offsite backup and replication facilitator. Businesses all over the world are utilising Veeam to protect their data offsite. As the industry standard, it’s the system we recommend as we believe it offers the best protection.

 

(5) Work with an experienced strategic partner

Brexit is shining a light on data privacy and data residency. But of course these should be key considerations in any IT infrastructure design project.

Creating a robust IT infrastructure system that facilitates the free flow of data around the world without any disruption or delays is a complex undertaking. Add the increasingly complex data laws of numerous different countries into the mix, and the task becomes too onerous for most in-house IT teams to manage.

Now more than ever, it’s vital to evaluate both the physical and legislative significances of working with providers of offsite data solutions. Good providers should have a strong background in infrastructure and consultancy – someone who can work closely with your organisation to plan your cloud based data infrastructure around your business needs rather than simply deliver an off the shelf solution that may not be future proofed against changing legislative requirements such as Brexit.

virtualDCS has been involved with and worked on pioneering cloud technology since its inception. We have sat on BETA panels and testing systems so that we can deliver solid, leading edge solutions to our customers. We are proud to have been awarded accolades such as UK’s Most Cutting Edge Cloud Hosting Services Provider (TMT News), Best Cloud Hosting Services (AI Magazine) and Best International Cloud Computing Solutions Provider (CV Magazine).

 

What next for UK data adequacy?

Until the data adequacy decision is made, there is much debate around whether data flows can continue interrupted between UK and EU countries. The decision needs to be made before the 29th March 2019 and will confirm that the UK has taken enough steps to ensure a security level that is equivalent to the EU’s.

If the UK doesn’t get the “ok” from the European Union Committee, then official safeguards will have to be debated and put in place. If data adequacy isn’t granted before the deadline, any information stored outside of the UK would have to rely on alternative legal methods, which would cause both delays and costs for organisations trying to continue business as usual. Obviously, this includes organisations utilising Veeam offsite backup internationally.

 

Provider security and Veeam offsite backup

Unfortunately, as it stands there isn’t much anyone can do to speed along the decision making process. The fate of the UK and its data adequacy is set on the shoulders of our government, yet UK businesses aren’t entirely powerless.

By selecting a Veeam Cloud Connect partner based in the UK and transferring information to UK based data centres, when the deadline hits you can mitigate the implications, should data adequacy not be granted.

For more information or to speak to a team about Veeam Cloud Connect, call 03453 888 327 or email enquiries@virtualDCS.co.uk

Google Beacon – persistent project or privacy predicament?

Just another day at the office when an unexpected parcel from Google drops on the door step… the random gift of a Google Beacon!

The organisation is pushing the initiative once more by sending businesses free Beacons to encourage implementation. Unfortunately, in today’s security conscious environment these deliveries are sparking more privacy questions than implementations.

What is Project Beacon?

Project Beacon provides proximity experiences for customers using Bluetooth low energy (BLE) technology to send signals to local smart devices. The device continuously broadcasts an identifier which connects to a user’s device. Once your device has interacted with the Beacon it can then transmit its programmed action to the device.

Google Beacon

What are they and why is Google promoting Beacons?

Google is promoting the advantage of improved offline attribution with Google ads. Since the Beacons can be used to pinpoint a physical location, you can track conversion from online advertising to in store visits.

For example, if someone searches for a winter coat locally and visits a Google advertisement for your store but then clicks off before purchasing it wouldn’t have been classed as a conversion. However, with Google Beacon, the device can be tracked into the store as a physical visit.

For the customer, Beacons enable promotions to be broadcasted to receptive devices in the Beacon range to encourage in-store visits. You can read more about the features and benefits of Google Beacon here.

What does this technology mean for privacy?

The concerns around Beacon privacy and security is not just relevant to Google, but other distributors as well, including Apple. Although many may consider these threats minimal, they are still concerns according to Kontakt.io.

Hijacking

As default, most Beacons do not encrypt the data that’s transferred to them from connected devices. Kontakt.io explains a hacker could change the connected Beacon password and change it so that they have full control of the device, putting the entire IoT infrastructure at risk.

Physical tampering

Unsurprisingly, as a Beacon is a physical box, it is also subject to physical attacks. Although this is extreme and unlikely, someone could physically remove the device, take it apart to access its information.

Cloning and Piggybacking

One of the largest threats is from cloning, where an attacker listens to the device and captures Beacon data, copying the information to an external application without consent. After capturing the data, the hacker may clone it, copying the configuration and contents to another Beacon in order to mislead customers. Using a duplicate Beacon opens up an array of possibilities for the hacker, including triggering in-app payments.

As the latest drive continues and technology gets smarter, so do the hackers and the future of project Beacon is still undecided.

1 2 3 146