" disaster recovery Archives - LuxSci

Posts Tagged ‘disaster recovery’

LuxSci Tips and Tricks: WebAides Password Manager

Thursday, October 20th, 2022

We are starting a new blog series to help you understand some of the more advanced LuxSci features. First, did you know that LuxSci has a password manager tool? We designed this tool to make it easy to securely share passwords across your organization.

What is a Password Manager?

Password managers are software applications designed to store passwords securely. They require the use of one primary password to access an encrypted vault where passwords for other accounts are stored. There are many different password managers out there, with varying features and levels of security.

LuxSci’s WebAides Password Manager

WebAides Password Manager allows LuxSci users to create and securely store lists of passwords. It was designed to suit the needs of businesses and IT administrators.

With just a single primary password to remember, it’s easier to protect and store unique, complex passwords. This offers both security and convenience. WebAides Password Manager uses PGP encryption to safely store passwords for individual users or groups. This setup means that LuxSci employees cannot access the password data of our customers.

The tool is flexible, allowing administrators to control access to shared passwords. If someone is not a group member, they cannot decrypt the password. Administrators can easily add or remove users from groups to tightly control access to sensitive accounts.

Why Use WebAides Password Manager

The granular level of access control makes it extremely easy to share passwords among designated individuals from a central, secure location. Administrators can create multiple password folders to tightly control access to sensitive credentials. For example, when an employee is promoted, they may need to access different accounts. The administrator can add the employee as a member of a management password group and provide them with the primary password to access those account logins.

The tool also includes an export feature for business continuity and disaster recovery. Administrators can decrypt and backup the entire password web archive for offline storage. An offline backup of company passwords protects the organization in case of a catastrophe that brings standard systems down.

LuxSci’s WebAides Password Manager also includes a notes section for each entry. This is a great place to securely document account numbers, previously used passwords, and the security question and answers used to reset passwords or verify identity.

These features are useful for organizations with complex security and compliance needs.

How to Set Up WebAides Password Manager

Detailed instructions can be found in our Help documentation. To access your WebAides Password Manager, log in to your WebMail account and look under Apps -> Passwords. Before creating a new entry, you’ll need to generate a PGP certificate to encrypt the password. This can be done by going to the Account Settings –> Security -> Security Certificates settings.

Our support team is also available and ready to help. Contact us today to learn more.

Business Continuity Planning: RTO vs RPO

Tuesday, August 30th, 2022

When working in a critical sector like healthcare, business continuity planning is an essential task. In fact, organizations subject to HIPAA regulations must create a risk assessment that identifies the systems that contain sensitive data and plan for what happens to that data in case of an emergency. Once you understand what data is at risk, you can begin to understand your tolerance level and plan for the worst-case scenario. Two key factors to consider are RTO and RPO. This article explains the difference between RTO and RPO and how to account for each in business continuity planning.

 

rto vs rpo

Recovery Time Objective (RTO)

RTO stands for Recovery Time Objective. This term refers to the length of time it takes to restore operations from the start of an issue to when the system is again fully functional. Essentially, it refers to how much unplanned downtime can be tolerated before it leads to significant business impacts.

Unplanned downtime of critical systems can be extremely damaging to business operations. For example, if a hospital system’s electronic medical records go down because of a ransomware attack, patient care may need to be stopped or diverted until systems are back online. This could have not only devastating financial impacts but could also lead to loss of life.

Every system will have a different tolerance level for downtime. The Recovery Time Objective will vary based on the importance of various systems and the costs to your business. For example, maybe the EHR can be down for 15 minutes without causing severe business impacts. On the other hand, a less crucial system, like the hospital phone system, could be down from three to six hours without causing significant impacts on the business. Each system requires its own disaster recovery plan and has a different RTO.

Recovery Point Objective (RPO)

RPO stands for Recovery Point Objective. This term refers to how much data could be lost due to an unplanned outage. Organizations must know how frequently to backup data so it can be restored without data loss in an emergency.

Once again, this will vary based on the business and the importance of the data. Some organizations may find that daily backups are sufficient for less critical systems, while others may prefer to employ more frequent backups. Take our last example of a ransomware attack on an EHR. In this scenario, the time of the last backup is crucial. If the attack occurred at noon, and the system is only backed up once a day at 10pm, all the patient data added to the EHR that morning will be missing. For a critical system like an EHR, more frequent backups are appropriate.

The Difference Between RTO and RPO

Both RTO and RPO are vital to creating a business continuity plan. If backups of data are readily available, there will be less downtime. Taking our ransomware example from the previous paragraph, if data is backed up and stored separately from the EHR system, a well-trained and prepared IT team can restore the data onto new servers without severely impacting business operations. Frequent backups will allow the IT team to restore the system with zero data loss and limited downtime.

Business Continuity Planning RTO vs RPO

Every organization addresses business continuity planning differently, depending on the data and systems they utilize. Budget limitations, compliance risk, and data sensitivity are three factors that prominently affect how disaster recovery plans are created.

An easy solution would be to make every system as resilient as possible to avoid system downtime or data loss. However, this is often unrealistic. For most organizations, implementing highly available solutions for every system is too expensive and is somewhat nonsensical.

Conducting a risk analysis helps identify the most significant risks to the business. This information makes it easier to allocate resources efficiently. Extremely frequent backups of minor systems are unnecessary at best and can be outright wasteful. It’s better to focus business continuity efforts on the most sensitive systems and data, especially if a breach has regulatory consequences. In practice, this means creating highly redundant and available configurations for the most vital systems to business operations.

Reduce RTO and RPO with High Availability Solutions

Once you understand your tolerance for downtime and data loss, it is possible to create infrastructure solutions that minimize (or practically eliminate) RTO and RPO. LuxSci’s high availability solutions offer practically zero downtime and data loss. One way to achieve this is by using load balancers to redirect traffic away from unavailable servers. To reduce downtime and data loss, it’s a good idea to use geographically redundant MySQL databases.

To learn more about LuxSci’s high availability solutions, check out our other blog articles or contact our sales team.

Increasing Resiliency with Data Backups

Tuesday, June 21st, 2022

Making backups of collected data is a critically important part of risk management. Backups provide redundancy in case of human errors, hardware failure, cyberattacks, power failure, and natural disasters. Properly implemented backups reduce risk and provide organizations flexibility when systems go down. Server outages, whether accidental or malicious, can be detrimental to business operations, and adequately implemented backups can help mitigate the effects and save time and money.

data backups

What is a Data Backup?

Backups are copies of data, files, and directories found on the disk at a specific time. Backups are used to restore files in case of an outage or accident. They are not the same as an email archive and are insufficient to meet compliance data storage requirements. This is because backups may not capture all sent and received data. If files are added and deleted in between backup times, they will not appear on the most recent backup. See Email Backup or Archival: What’s the Difference for more information.

LuxSci performs daily and weekly backups of email, WebAides, Widgets, MySQL databases, FTP, and website data in customer accounts. If data is misplaced or deleted accidentally, LuxSci’s support team can quickly and easily restore it from any available snapshots.

Ways to Configure Data Backups

How backups are configured can drastically affect how information is stored and retrieved. Backups are typically located on-site or off-site. On-site backups are located in essentially the same place as the original data, while off-site backups are located far away from the originals. It is fast and easy to recover data using an on-site backup. Still, if the location is affected by a cyberattack or natural disaster, both the original data and the on-site backups could be compromised or destroyed. Off-site backups are isolated from the original system and act as a fail-safe. It is slower to recover data from off-site backups and often costlier to maintain.

At LuxSci, we provide both on-site and off-site backups. This enables fast daily backups of recent changes and longer-term weekly backups. This backup schedule also ensures that separate, independent copies are kept in geographically distant locations for disaster planning reasons. We also create custom backup schedules for enterprise customers.

Preparing for Disaster

Cyberattacks like ransomware allow criminals to take control of an organization’s systems and hold data hostage. By backing up systems properly, administrators can restore data without paying the ransom.

Ensuring copies of data remain available even in an emergency requires extensive preparation and planning. It’s important to understand which systems and data are the most crucial and create a plan to protect them. Cyberattacks and natural disasters may limit access to on-site backups. In this case, it is helpful to have off-site backups available. Isolating off-site backups from the main infrastructure helps protect data in the event of a cyberattack or natural disaster.

Administrators should also take special consideration for confidential or sensitive information. When drafting a backup policy for disaster recovery, some issues to consider include:

  • Identifying who is responsible for performing backups.
  • Specifying where the backup data are to be located.
  • Establishing how to access the files and how to log access to sensitive information.
  • Creating a schedule for backing up data.
  • Performing backups of digital data.
  • Automating backups.
  • Backing up the metadata along with the data.
  • Encrypting data at rest.
  • Determining how long to keep backups.

HIPAA Considerations

Compliance regulations may also influence the organization’s backup policy. It goes without saying that organizations that work with protected health information need to use a backup solution that is HIPAA-compliant. Backups need the proper access controls and encryption to comply with HIPAA regulations. To keep sensitive data protected and resistant to cyberattacks, contact LuxSci today.

Is Email Archival Required by HIPAA?

Tuesday, April 5th, 2022

Customers often inquire if email archival is required by HIPAA regulations.

There is a great deal of confusion and uncertainty here because:

  1. HIPAA lists many requirements but does not provide specific instructions on implementing them. It’s ambiguous but provides a great deal of flexibility for organizations.
  2. Email archival adds a fixed cost to any email solution – and everyone prefers to avoid unnecessary costs.
  3. Due to time and budgetary constraints, many organizations want to do the minimum needed for compliance.

email archival hipaa

In our opinion, email archival is an implicit requirement of HIPAA for all organizations that send ePHI via email. In the next section, we’ll review why.

Read the rest of this post »

High Availability High Volume Email

Tuesday, June 8th, 2021

High volume email sending is essential to the business operations of many different companies. Whether these emails involve onboarding messages to new users, form a crucial part of an organization’s marketing strategy, or are sent for a wide range of other purposes, they are often a core component of how a company spreads necessary information.

If the suitable systems aren’t in place, high volume email can go down. This stops all transactional and marketing emails from being sent, which can cause delays or disruptions to business operations. These outages can have significant effects on a company’s bottom line.

If critical email systems cannot go down, then a high availability, high volume email system needs to be in place. This creates redundancy to keep systems online in case of an outage.

high volume email

What Is High Availability?

As we discussed above, the goal of high availability is to keep an organization’s email up and running as much as possible. This is known as high availability, an engineering term applied to many systems, especially in computing.

High availability is commonly used when talking about websites–a high availability service has redundancies in place that keep a website online, even if the main server fails. In addition to the server that hosts the site itself, high availability web apps also need high availability MySQL so that databases are still accessible if the main server that hosts them goes down.

These high availability services are critical for businesses that cannot perform their core functions if their websites or databases go offline.

If a high availability service isn’t used and there aren’t redundancies in place, outages to the servers will force the site down. This means that customers will no longer be able to access the platform or some of the site’s essential services.

It’s not just websites and web services that can go down. If a company’s high volume email doesn’t use a high availability infrastructure, it can go down when a server fails. This grinds all of an organization’s email to a halt, delaying or disrupting its marketing and transactional emails.

If these emails aren’t sent and received by customers, the company won’t be able to perform many of its necessary business functions until the server comes back online. This can lead to the loss of customers, increased complaints, reduced sales, and many other serious problems. With this in mind, high availability high volume email services are critical for any organization that relies on its email to perform its core functions.

Why Do Systems Go Down?

Some of the most common reasons that online systems go down include:

  • Hardware failures bringing down critical components such as the memory, CPU, or power.
  • Crashes or bugs in an operating system or other software.
  • DDoS and other attacks against the server.
  • Excessive amounts of traffic.
  • Failure of the network.
  • Overloading the network.
  • Failures at the data center, including human error or power outages.

How Can Load Balancing Help to Give You High Availability High Volume Email?

As we discussed above, there are many reasons services could go offline. These causes of failure are inevitable, and they can occur at random. If the organization’s high volume email needs to be operational as much as possible, put redundancies in place to take over when these inevitable failures happen.

A core component of this is load balancing, which shares the workload between servers. This boosts the capacity, allowing servers to share the volume with others when they get overwhelmed by traffic. Load balancers can also detect server failures and automatically redirect traffic to healthy servers when necessary. When high volume email services are equipped with load balancing, they will continue to send emails even when a server in the cluster goes down.

Many providers have their servers and load balancers in the same place, making it easier to operate but creating additional risks. If everything is located in the same data center, a failure at the data center or in the network can still bring the email system down. Load balancing won’t help if the servers’ data center goes down because of a power outage or extreme weather.

At LuxSci, we offer a more robust alternative by placing servers in separate data centers in the same geographic region. Having servers in different physical locations makes high volume email services far more resistant to going offline. Even if one data center fails, there will be backups online at other sites.

High Availability MySQL For High Volume Email

High volume email requires databases for tracking, logging, and other purposes. If the database goes down, so does the ability to send transactional and marketing emails. If high volume email is critical to business operations, high availability databases should also be put in place.

LuxSci’s solution is its regional high availability MySQL service. This offering includes a cluster of Enterprise MySQL servers, each located in separate locations within the same geographic region. It automatically replicates the databases across all servers, with features including automated:

  • Failover and recovery
  • Zero-downtime system
  • Software updates

Our high availability MySQL service is excellent for organizations that rely on their high volume email for business operations because it makes databases extremely resistant to going offline. It’s a solution that can help organizations survive the failure of a data center all maintaining HIPAA compliance.

Together with LuxSci’s high availability load balancers, our high availability MySQL makes bulk email systems incredibly resistant to downtime.

LuxSci’s High Availability High Volume Email Solution

High availability services are highly recommended if marketing and transactional emails are critical to an organization’s operations. When you consider the costs of the service going down, it’s best to choose a solution that offers high availability.

Nothing will stop systems from failing, but with redundancies such as high availability load balancers and MySQL in place, we can ensure common failures don’t impact your business. Contact us now to find out more on how LuxSci’s offerings can help to keep high volume email systems online as much as possible.