Kraken IT Services Blog

A typical setup in smaller organizations is to have a singular backup solution in place to backup mission-critical data. This type of setup does tend to be cost-effective and protect core organizational data but has several flaws. For instance, is your singular backup method a full backup (image) or file-level? If you're running full backups only, what is your restoration plan? Full backups would require you to either restore the mission critical system in its entirety back to the state of the backup taken or bring in an additional endpoint to restore onto. If you're running file-level backups only, what is your restoration plan then? If the endpoint suffered a hardware failure or operating system corruption, are you going to spend time rebuilding that, reinstalling the applications, printers, etc. and then wait for the files to be downloaded again? In either case, is the backed up data stored on an external hard drive or tape drive on-premise or in the cloud? If on-premise what if the backup media gets damaged? And if in the cloud what if you're experiencing a severe network issue? This is why we want many different types of eggs in different types of baskets.

These recommendations are based on very common environments and recommendations for your environment may be different:

• Full Backups (Images) - Taken on-site stored to rotating storage media. i.e. Using two external hard drives swapped daily or weekly. Full backups should be taken on-premise because these backups tend to be of larger size and will be quicker to restore from locally versus downloading over the internet. Ex. Veeam, Macrium, Acronis
• File-Level Backups - Taken using a cloud backup service scoping only pertinent organizational data. Most cloud backup services charge by data amount used, so scoping these backups to only necessary organizational data keeps your costs down. File-level backups are better taken via the cloud because the backed up files tend to be smaller and provides redundancy beyond your premises. Ex. Infrascale Cloud Backup, Carbonite, Crashplan, Backblaze
• User-Level Backups - If using Microsoft 365, having users setup with OneDrive for user account backups on their Windows computers is great and provides the quickest restoration time. Similarly if using Google Workspace having users configured to backup to Google Drive on their computers provides the same restoration benefits.
• Periodic Backup Duplicates to the Cloud/Premises - With full backup and file-level backup strategies in place it's also important to periodically copy your on-premise full backups to the cloud and your file-level backups from the cloud to on-premises. This can be automated by having your file-level backup solution periodically scope the full backup location and by having your file-level backup solution periodically backup to a local storage media.

​At Kraken IT Solutions we partner with Veeam for full backups and Infrascale for file-level backups.

Disaster-Recovery-as-a-Service (DRaaS) is a relatively new backup strategy aimed for larger organizations who require maximum uptime and quick restoration times. DRaaS providers like Infrascale and Datto provide appliance devices that get physically installed in your environment. These appliances then take full backups of your servers and store them locally before also duplicating these backups to their cloud. Then in the event of a disaster like a ransomware attack, server hardware failure, operating system corruption, etc. the appliance can spin up a clone of the server in question in the same state as it was when backed up. As a result, this provides your organization access to mission-critical systems within minutes while IT steps in to begin the standard restoration process on the original host. At Kraken IT solutions we partner with Datto for smaller organizations and Infrascale for larger organizations.

Email threat protection is an aspect in IT that does require attention to the concept of defense in depth, or, implementing as many different safeguards along as many links among the chain of the system in question. For email, we can start at the fundamentals with your domain's DNS records. Many email providers support the use of SPF, DKIM, and DMARC records which all do different things to add credibility to your own domain and help protect against certain email attacks. Most commonly implementing these features don't introduce any new costs and just requires the IT labor to configure.

Microsoft 365 and Google Workspace natively have their own email threat protection mechanisms in place but are more on the rudimentary side of effectiveness. Choosing an email threat protection platform like Proofpoint, Mimecast, or AppRiver can help accomplish many needs when it comes to email security. To start, these providers act as a relay for your email, meaning before a message from an external sender hits your mailbox it gets scanned by them first. These providers scan emails to detect malicious links and attachments, signs of spoofing, or more simply spam and junk. With an inbound filter in-place less potentially malicious emails will ultimately land in your users' mailboxes, malicious attachments can be removed, and links evaluated and removed if malicious. Additionally, these providers also offer outbound relay services which is just as important as it means that if a user account was compromised or if a user goes rogue, these providers can scan outbound emails before being sent to customers, vendors, and partners to keep your domain and business' reputations in good standing. At Kraken IT Solutions we partner with Proofpoint for inbound and outbound email threat protection relay services.

Proofpoint, Webroot, and KnowBe4 offer customizable cybersecurity awareness campaigns that can be tailor-made for your organization. These campaigns can consist of short videos, slide decks, quizzes, and more and can be delivered monthly, quarterly, or annually to provide your userbase a refresher on good cyber hygiene practices. At Kraken IT Solutions we partner with Proofpoint to create, distribute, and lead cybersecurity awareness campaigns.

There are times where email is either ultimately the preferred method or only method for sending sensitive files externally. Sending such files over un-encrypted emails can have dire consequences if malicious hands were to intercept the email or access the recipient's computer/mailbox where the message will be delivered to. With tools offered by Proofpoint, Mimecast, and AppRiver you can give your workforce the tools necessary to securely send email, At Kraken IT Solutions we partner with Proofpoint to offer encrypted email services, send us an email at secure@krakenitsolutions.com and we'll send you an encrypted email as an example.

Google Workspace is Google's cloud Software-as-a-Service (SaaS) platform offering select à la carte tools and features at a monthly cost. This helps keep your IT budget predictable month-to-month and provides enough tools and features for smaller new organizations.

Google Workspace tenants can be created at any time and can be created on a demo/trial basis at first. The standard trial period is 30 days and the amount of trial licenses is dependent on licensing type and size of your organization. Google also offers discounted pricing for non-profit organizations. Note that Google Workspace does not include the Microsoft Office desktop applications and while many tools in the Google Workspace ecosystem have apps for computers and mobile devices, leveraging any of these services will ultimately be cloud-based. If you conduct business in an online-only fashion, don't need full fledged word processing programs like Outlook, Word, and Excel, and don't have a considerable on-premise server ecosystem then Google Workspace is the SaaS solution for you.

Microsoft 365 is Microsoft's cloud Software-as-a-Service (SaaS) platform offering à la carte tools and features at a monthly cost. This helps keep your IT budget predictable month-to-month and provides the productivity tools that fit most if not all needs of the majority of smaller organizations.

You can create a Microsoft 365 tenant at any time and can even demo/begin service on no-questions-asked trial licensing. The trial period is one month and includes 25 licenses of whichever license type you're interested in. Adding and licensing user accounts is simple and quick, and after a typical provisioning period of 15 minutes new users will have full access to whatever they're licensed for. Microsoft also provides discounted pricing for non-profit organizations only requiring 501(c)(#) verification.

Many small businesses will start off using an email address given to them by their internet service provider such as abcinc@internetcompany.com. These common beginnings are effective and typically suitable enough during the sunrise periods of business, but as a business grows having your own business email address such as contact@abcinc.com provides an additional layer of formality and as a more behind-the-scenes result introduces new features and possibilities all tied to your domain name.

Some organizations will go a step further before launch or early on by utilizing email services from their domain name registrar or webhost and doing so makes sense in a lot of ways. Off the bat your company domain name will be used so you can create addresses such as contact@abcinc.com and many such providers provide a low downtime percentage of service year to year. However, when utilizing such providers you sacrifice a lot of control, customization, and potential workflow solutions for a more immediate use of business email.

There are two Software-as-a-Service (SaaS) suites that are well-tailored to organizations of any size and need being Microsoft 365 and Google Workspace. Many organizations will already be well-acquainted with Microsoft for access to the Microsoft Office desktop applications like Outlook, Word, and Excel but Microsoft offers an entire ecosystem of cloud solutions with à la carte licensing options. For instance, if you just need business email through Microsoft 365, they offer Business Standard licensing at $6/user/mo which tends to be a price well inline with options from your registrar or webhost. If you need access to the Microsoft Office desktop applications as well as business email, instead of paying for both separately and at a higher cost, they offer Business Standard licensing which includes both services. Google Workspace also offers business email at $6/user/mo and accounts setup in this ecosystem have access to the Google cloud family of tools like Gmail, Drive, and more. Both suites also offer a multitude of other features with no extra costs and we will make a separate post on both SaaS solutions.