Enterprise resilience: Backup and management tips for iOS, Mac

Credit to Author: Jonny Evans| Date: Fri, 06 Mar 2020 06:30:00 -0800

Apple’s solutions are seeing increasing use across the enterprise, but do you have a business resilience strategy in place in case things go wrong?

If you’re one of the estimated 73% of SMBs that have not yet made such preparation, now might be a good time to start.

It’s challenging enough when a consumer user suffers data loss as precious memories and valuable information go up in the digital smoke. Natural disasters, technology and infrastructure problems or human-made problems such as burglary, cyberattacks or civil unrest can all impact the sanctity of your systems, whatever platform you use. It matters because in today’s connected world, your data is your business.

One way to approach business resilience is to adopt a mind-set in which you think about what happens if every piece of hardware your business uses fails at once.

While this might seem extreme, fire, flood or successful cyberattacks all threaten damage to your systems. And while the iPhones in your fleet may be left untouched, your internally hosted servers and on-site Macs and other equipment could suffer.

One part of the response is to put together and follow a data backup policy, but even if you do (and many do not), how robust is your protection? Do you have first line, second line, online and offline backups? Do you have a remote backup system in place? Do you use a password management system – and if you do are all the relevant master passwords held securely off-site?

[Also read: Enterprise resilience: iOS, Mac tools for remote collaboration]

It’s also important to develop a backup and recovery policy that companies and employees can easily maintain, including the use of cloud-based services.

Data stored in the normal course of business needs to be cohesively kept, as you do not want to have to explore every employee’s private Dropbox, Box, OneDrive or iCloud Drive account as you attempt to forensically pull all your information back after a disaster strikes.

It is also quite important to think about how your data flows.

While it’s less of an inherent problem for Apple systems, what happens if malware gets into your deployment? To what extent are your primary data backups sequestered from your day-to-day business, and what security verification policy do you have in place in order to ensure the integrity of the information you store in your primary backups?

The reason this matters is that in the event malware gets into your backup systems (perhaps hidden in something as seemingly innocuous as a PDF document), the problem could recur once you put all your enterprise kit back together.

Reading around this topic and in previous discussions with people in this field, I’ve learned that businesses that manage to put good systems in place generally adopt a three-part strategy:

It is important to note that whatever backup system is used is robustly protected with highly secure password systems. And make sure of clear role responsibilities so that someone is responsible for ensuring backups are successful. 

While full backups are essential, not every piece of data is as valuable as everything else. This is why organizations should prioritize their data in terms of its importance. Typically, the order goes:

In most cases, it makes sense to run daily backups of the most important information. Automated systems (and it’s best to automate the process as much as possible) can be set to run these.

If you use a Mobile Device Management system to handle your fleet, you should find it a little easier to deploy and equip replacement systems in the event of disaster, as long as you maintain backups offsite for access by your device management provision system.

Combined with regular backup policy, such as arranging weekly or monthly device backups from iOS devices locally to Macs using the Finder, and subsequent Mac backups using Apple’s Time Machine system, it’s possible to ensure that data integrity is near complete.

(Independently stored information should be thoroughly vetted before being introduced to core backup systems to avoid malware infection.)

A good MDM system equipped with robust security and management tools should help with the process.

The first line of defense is prevention and while you can’t prevent every imaginable crisis, you can prevent some. It means preemptive risk management and fostering situational and security awareness across your teams.  Empoyees may be the first to notice any anomalies that signal a threat, and you need to work with them to provide a supportive culture in which they feel empowered to come forward with any concerns.

This is also why it’s important to develop a friction-free approach to your backup resilience strategy, ensuring whatever protections you put in place are used. Consumer-level backup services may form part of your preparedness strategy, but only if this is strategically managed through enterprise storage systems or emerging solutions that can work with consumer options, such as Challo.

Finally, it is extremely important to put together a plan to reconstruct your systems after a crisis. In an ideal world, if crisis strikes your organization then your people should already know their roles and be aware of what steps they should immediately take as you prepare to rebuild your organization.

Even the most die-hard Mac user knows that putting things together after data loss can be a lengthy and frustrating task if you are unprepared. (iCloud Drive helps a great deal with this.)

Please follow me on Twitter, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.

http://www.computerworld.com/category/security/index.rss