Blogs

Managed Service Providers ultimately have the same goal – growing business and providing clients with the best IT solutions. However, in the plight of winning business, some fundamentals are often overlooked and the MSP is either left with unhappy clients or lost business. Below are five mistakes MSPs should avoid.

1. Assuming that all customers/organizations are familiar with all the facets of cloud. MSPs often think and rely on their clients to know their technical needs, however, the reality is that customers don’t have a complete understanding of the complexities and various solutions of backup systems. Potential clients need help understanding the benefits, risks, and costs associated with cloud models. Work with your potential clients to develop (or enhance) a data recovery strategy that will back up and protect their business data, ensuring their business critical data is safe and can be recovered.

2. Over-promising, yet under delivering. In some circumstances, Service Providers don’t like to admit that they don’t offer certain services/solutions…they fear that this honesty will hinder them from acquiring new business. When you over promise, you’re actually spending more time trying to learn on the job while trying to deliver; which in fact hinders your business as you’re selling your clients short. Be clear on the services you provide, don’t make false promises and be upfront at all times with your client.

3. Selling products, not a service. As an MSP, not only do you sell technology, you should strive to also sell your expertise, reliability and services. Most organizations are not extremely tech savvy, and they rely on you to provide sound advice and monitor systems to ensure everything is working up to the contractual expectations. By checking in sporadically (not only during the onboarding process but throughout the duration of the contract), you have a pulse on your clients’ needs and are able to fix any issues when and if they were to arise.

4. Little to no content on website to describe products/services. Most consumers (if not all) are informed buyers, they are doing their due diligence in their research before making a purchasing decision. Therefore, having strong content about your services helps people find you, and also demonstrates that you have the technical wherewithal to deal with IT issues. By having information on the services provided and general industry information, you have forged a relationship of trust with your prospective clients…they begin to trust you and are much more likely to engage with your company and seek your expertise for their business.

5. Not having a thorough understanding of what your clients really want. Assuming that one solution will suit the needs of all your clients or not selecting the right/suitable service package for your clients’ business needs will hurt your bottom line. Your clients are relying on your expertise to provide them with guidance as well as a sound solution that most adequately suits the needs of their business. By not providing the clear definitions of the scope of your offerings, you’re really undermining the success of your own relationship with your potential client.

By steering clear of these mistakes, new and veteran MSPs can significantly boost their success.

This is part three of five in a series on Ransomware that will discuss a new variation of ransomware (known as fileless ransomware), the most targeted verticals, how it works and what IT executives and administrators need to know to combat the ever-changing strains of ransomware.

There is a new variant of ransomware – it’s stealthy, nearly impossible to detect and is forcing more banks, telecommunication companies, government agencies and healthcare organizations globally to pay the ransom to cyber criminals. These attacks are known as fileless or non-malware ransomware and it leverages Microsoft’s PowerShell’s scripting language to target organizations through documents and/or applications that run through macros.

What is PowerShell?

PowerShell is a programming language designed to automate tasks on MS Windows operating environments and includes over 100 command line tools.

How does Fileless Ransomware Work with PowerShell?

Non-malware aka fileless ransomware (unlike traditional ransomware) does not use files to encrypt your data; instead it writes scripts/macros which derive from PowerShell to encrypt the files.

What are the two ways fileless ransomware can penetrate your systems:

Via Phishing Attacks: An email is opened on a device and automatically writes macros directly to your device’s (i.e. tablet, laptop, cellphone or desktop) memory which starts dictating commands of payment as well as encrypting your data.

Via Compromised Websites: An employee browses or visits a compromised/malicious website in which the cyber criminals write scripts to the computer’s RAM to capture some pertinent information which will then either ask for cryptocurrency or immediately encrypt your files.

Why is fileless ransomware unique?

Fileless malware is unique and difficult to detect because the malicious code is embedded into a native scripting language or written straight into the computer’s RAM, where it hides in isolated spots within the computer’s memory. It’s not written to disk nor does the malicious code rely on the hard drive to run these commands.

What are the problems associated with Fileless Ransomware?

1. Fileless ransomware leaves little trace behind nor can it be detected with any antivirus software.
2. This ransomware strain allows cyber criminals to have access to your systems, meaning that they can infiltrate your computers, steal your information and encrypt your files without your IT staff even knowing.  
3. It can lead to more attacks. As the cyber criminals are writing scripts they’re also gathering as much data from the victim’s computer as possible.

What can end users do to protect themselves?

1. BACKUP YOUR DATA. Monitor your systems frequently and backup regularly so you can revert back to specific points-in-time when you’re systems were free of malware and malicious attacks.
2. BE VIGILANT. Disable all macros or do not open any files unless the end user is 100 per cent certain the file is not malicious. If there is any cause for concern, contact your MSP or IT administrator immediately.
3. BLOCK all infected emails, pages, and communication with browsers and servers. Since the cybercriminals will write code to infect email and webpages, block anything that is odd, unfamiliar or sketchy.

Interested in learning how to keep your networks and systems protected against ransomware threats?

Contact a Recoverability Specialist

Toronto, ON – April 3, 2017 – Asigra (www.asigra.com) has recently been awarded a 2017 top rated endpoint backup service badge on TrustRadius based on 40+ in-depth reviews and user ratings. This badge recognizes the best products in a category based on user reviews and ratings. Badges are awarded to products that have an above average satisfaction rating in any segments within their category.

Since receiving our first review in 2014, Asigra has maintained an 8.8 overall rating of our user’s satisfaction of our products which is depicted through the TrustMap*. Included in this total is over 60 per cent of respondents rating Asigra a 9 or higher out of 10.

"Asigra is one of our Top Rated products for 2017, with very strong reviews from end-users on TrustRadius," said Megan Headley, Research Director at TrustRadius. "Asigra is a strong data backup solution and end-users praise the dedupe and compression capabilities, support for cloud, on-premise and hybrid data sources, and the agentless architecture, which reduces the support burden.”

Visit our TrustRadius page to read the positive reviews that we have gotten about our solutions. While there, feel free to write us a review as well to share your experience using Asigra.

If you require any more information on any of our solutions, contact a recoverability specialist at 1-877-736-9901 or email info@asigra.com.

About Asigra

Trusted since 1986, Asigra provides organizations around the world the ability to recover their data now from anywhere through a global network of partners who deliver cloud backup and recovery services as public, private and/or hybrid deployments. As the industry’s first enterprise-class agentless cloud-based recovery software to provide data backup and recovery of servers, virtual machines, endpoint devices, enterprise databases and applications, SaaS- and IaaS-based applications, Asigra lowers the total cost of ownership, reduces recovery time objectives, eliminates silos of backup data by providing a single consolidated repository, and provides 100 percent recovery assurance. Asigra’s revolutionary patent-pending Recovery License Model provides organizations with a cost-effective data-recovery business model unlike any other offered in the storage market. More information on Asigra can be found at www.asigra.com.

*The TrustMap™ is a visual depiction of the best software products as rated by users on TrustRadius within each market segment. TrustRadius does not endorse any vendor, product, or service depicted in its TrustMaps and does not advise software users to select only those vendors with the highest ratings.

What is the Break/Fix Service Model?

The Break/Fix model is a fee-based model – as in when something within your IT infrastructure breaks you contact your IT service provider to fix the issue and they bill you accordingly. Considered to be a reactive approach to IT, the broken system can only be used once the IT contractor is on-site, identifies and fixes the problem.

What are Managed Services?

A Managed Service (MS) is where your IT networks are continuously monitored by a third party, who mitigates risk and problems before issues arise. Unlike the break/fix model, the managed service model bills on a monthly basis and is considered more proactive as they employ preventative care. They work to identify potential challenges and threats before these issues disrupt business operations.

What is an appropriate situation that a company would use the break/fix model as opposed to a managed service?

• If a company was looking to cut costs
• If a small or medium sized enterprise did not have the financial capital to sustain the monthly bills that are associated with managed services, but has the money to handle fluctuating or ad-hoc costs associated with IT problems
• If an organization rarely has IT/Technology issues
• If there was an onsite IT staff who could handle the majority of requests

What are some disadvantages when using the break/fix model?

• Your IT staff/administrators do not have line of sight into how much the issue will cost, so the unpredictable fees can quickly blow your budget
• It increases down time which translates into lost business and revenue
• IT contractors charge on an hourly billing basis and therefore aren’t really interested in making your networks stable in the long run. Typically, they fix the immediate problem as a Band-Aid solution and rarely offer any preventative measures to avert these problems from occurring again

What are some advantages of implementing the MS model?

• The fees are predicable which most IT departments can support
• This model comes with easy access to IT professionals
• Downtime is minimized as risks are monitored and mitigated

Does the Break/Fix Model achieve economic efficiency in the long run?

No. It may save organizations a few dollars in the short term, however, when systems/networks are down your organization is losing money…and the longer the systems are down the more money your organization loses.

Which is the more efficient solution… break/fix or hiring a third party managed service?

The managed services approach is a better solution for businesses of any size because it involves constant monitoring of your network 24 hours a day. A Managed Service Provider (MSP) will detect issues before they develop into larger problems which is all included in their monthly fees.

If you’re still questioning whether your organization should choose the break/fix or the managed service model, consider your organization’s dependency on IT. Long periods of downtime are detrimental to companies of any size, therefore it’s best to have a team of experts at your disposal handling issues before they arise.

Read our data sheet for helpful hints on how to select an MSP that suits your organization’s needs.

Read the Data Sheet

This is part of a series of interviews with Asigra Partners. In this post we’re talking with Mark Saville, Director at Data2Vault who discusses why companies would need an insurance policy for critical data, the risks associated with only having cyber insurance and the best way to reduce the risks associated with residual loss.

VM: What is Data Insurance (DI)?

MS: DI is a policy issued by underwriters and brokers to protect against the residual risk of permanently losing critical data. It allows you to protect your organisations most critical, unique business assets and offers full financial protection in the case of data loss. We are a unique solution because we are currently the only solution that compensates for data loss as well as the value of our payouts are higher. Think of it like this: data insurance is like fire insurance. You try to avoid the risk as much as possible, but you’ll still need insurance in case the building were to burn down. It’s the same thing in the world of IT… the best practice is that an organisation would have firewalls, antivirus, backup and replication in place, but there is still a residual risk that you may still lose your critical data, and for that reason, this is why you have a data insurance policy.

VM: Why is an Asigra Service Provider involved in Data Insurance?

MS: As an Asigra Service Provider, we have built an Insured Data Environment, which has been certified to give our clients the extra protection they need for peace of mind. It also provides the underwriter with a proven method to recover the clients’ critical data and therefore reduce the likelihood to have to make a significant payout.

VM: If a client has Cyber Insurance, why will they still need Data Insurance?

MS: Cyber Insurance is a valuable policy, but it only protects personal identifiable data and personal sensitive information against copy theft or loss of data through a cyber-threat. If there is no cyber-attack there is no basis for a claim. Data Insurance, on the other hand protects against the permanent loss of critical data. As an example, a pharmaceutical or a food/beverage company may have a loss of formula or patents, which contains no personally identifiable data, and could only be covered by data insurance.

VM: All my data is critical, how do I determine what should be insured vs. what shouldn’t?

MS: That’s really up to the client to determine what is critical vs. what is not. If any of our clients need further clarity to assess what should be covered, we have risk analysts and data classification consultants who will help with the identification and valuation of data if the customer needs assistance. Once the client defines what should be insured, together, with the underwriters Allianz, a fair value will be agreed.

VM: We have seen from the CRA case study that companies operating in high hazard industries (i.e. Nuclear Energy, Rail, Oil, Gas as well as Airlines) should seriously consider insuring their data. Why?

MS: In high hazard industries there is already an appreciation of residual risk, and the cost associated with minimising residual risk to an acceptable level. As these industries increasingly become more digital, the principles of safeguarding against residual risk of data loss becomes equally important. Organisations in high hazard industries are also conscious that the loss of critical data could have extremely negative ramifications on the business (i.e. shutting down after a data loss) and therefore discussing data insurance to residual risk with business executives is a language they understand.

VM: How does Data Insurance reduce the residual risk of data loss?

MS: Even if every possible step to prevent data loss was taken, there would always be a residual risk of data loss. Data Insurance, through an assessment of risk and use of the Insured Data Environment helps reduce the residual risk to an acceptable level and provides both the ability to recover lost data or financial compensation if the data cannot be recovered from the Insured Data Environment.

VM: Why would an organisation need Data Insurance as well as a backup and recovery solution in place?

MS: A commercially licensed and supported Backup and Recovery solution or service is a pre-condition of Data Insurance as it demonstrates the organisation follows good practices in safeguarding their data. With a conventional backup and recovery solution there is no 100 per cent guarantee that any lost critical data can be recovered. Data Insurance covers that residual risk of data loss.

VM: Why is it a pre-requisite that an organisation has a backup and recovery solution prior to obtaining data insurance?

MS: Data Insurance does not replace Backup and Recovery solutions, it augments existing protection. Like many other insurance policies, the client has a small number of pre-requisites to qualify for Data Insurance. A Backup and Recovery solution is a best business practice and the client must also identify and value their critical data which will then be placed into the Insured Data Environment, at this point a Data Insurance policy will be issued.

Interested in learning more about Data Insurance and how to minimise residual risk? Data2Vault is running a series of free seminars throughout March and April across the UK to educate organisations of all sizes on how to protect their business critical assets.

Click on the button below to register and select the venue that suits you best.

Register Now

When choosing a cloud service provider, a question often asked by IT professionals is “where is my data going to be stored?” This question is now prevalent more than ever as stricter data compliance controls and measures are trending in the IT global community. To combat these risks, it’s crucial for organizations to have a fundamental understanding of data security and data sovereignty.

What is it?

Data sovereignty refers to when digital data is subject to the laws or legal jurisdiction of the country in which it is stored.

Why is it important?

Due to the fact that privacy regulations are not the same in every country, organizations should pay close attention to where their data is stored and know the exact location to ensure they’re compliant with regulations to mitigate legal and financial risks.

Seven things you need to know about Data Sovereignty:

1. Countries such as Canada and EU member states (with the introduction of the GDPR) have stricter data residency and sovereignty laws, which require data to remain in country in order to protect their citizen’s personal information.
2. Compliance, privacy and auditing are the number one concern and poses the greatest security challenge for IT professionals.
3. Privacy and data residency requirements vary by country and cloud service users need to consider the rules that cover each of their local jurisdictions they operate in as well as the rules that govern how data is treated at locations/data centres where CSPs run their services.
4. Data Sovereignty is similar to, but not the same as data safety. Good practices of keeping data safe is common within most organizations to safeguard personal or company data. Data sovereignty on the other hand is regulated on the government level and is a set of laws cloud providers have to abide by.
5. No solutions provider can actually guarantee data sovereignty, therefore organizations should be fully abreast of their CSPs position on sovereignty and know all the risks associated.
6. To ensure you remain compliant, understand the laws where your organization is based but also in every country where you do business…this may be of utmost importance if you are in a heavily regulated industry (i.e. banking, healthcare).
7. You may not consider data sovereignty to be a big deal, but it is. It’s important to know the location of your cloud based provider, where your data is stored and backed up as these factors could affect your legal liabilities and regulatory compliance.

Ready to learn how Asigra makes it easy to meet your regulatory compliance needs?

Contact a Recoverability Specialist

Losing business critical data can cost companies millions of dollars and force some companies to go out of business, which is why having a solid disaster recovery plan in place is critical to your business. IT decision makers are left with a complex quandary: do you create your own in house solutions or to go with a DRaaS solution? In this blog we will help to simplify this decision by going through some of the differences as well as the pros and cons of both options.

Traditional Disaster Recovery (DR)

Traditional DR is when a company owns and operates their own disaster recovery strategy. This typically involves:

• protecting data through tape backup and/or imaging, or
• replicating their production environment to an onsite DR hub

Both of these come with a number of best practices that will have to be followed by their IT team, however, organizations normally lean more towards a more traditional DR approach because they do not feel comfortable with having their data stored externally. Key problems with the traditional approach is the fact that it hinders RTOs and RPOs, involves hidden costs which accrue quickly and is a very timely process.

Disaster Recovery as a Service (DRaaS)

Disaster Recovery as a Service (DRaaS) is a cloud-based offering that replicates and hosts your applications and business critical data to Virtual Machines (VMs). Your third-party vendor creates snapshots/instances of your data either on timed or scheduled intervals and then stores this information on a cloud, which can then be loaded back on to your machine in the event of a disaster (i.e. file deletion, malicious ransomware attacks, etc.). As long as there are no major network issues as a result of your disaster, you can recover your data fairly quickly to minimize down time. DRaaS also offers substantial cost savings organizations don’t have to invest in the infrastructure or resources required to manage their backup solutions.

The key take away is that your company makes the right decision that fits your specific business needs. Ready to learn more about how cloud backup helps IT professionals proactively protect themselves from unforeseen disasters?

Read More

This is part two of five in a series on Ransomware that will discuss Canadian trends, why Canadian organizations are so susceptible to attacks and why your strategy needs to change to adapt to the ever-changing world of ransomware.

A recent Osterman report cited in IT world Canada found that 51 per cent of Canadians feel “fairly confident” in their ability to stop ransomware. However, this may be a false sense of security as 72 per cent of Canadian companies suffered a security attack within the last 12 months. So this raises the question: are Canadian companies really prepared for ransomware? The simple answer to this question is no…however the reasons behind that answer appear to be more complex.

Although we’re neighbours, Canadian and American companies are not as similar in the way that they are targeted by malicious attacks as they are in other situations. As a matter of fact, if you were to do a comparison, Canadians are actually the outliers to the typical ways other regions are attacked by ransomware and cybercriminals.

So what makes Canadian companies such a good target for malicious attacks? Canadian businesses are 75 per cent more likely to pay a ransom than other regions. The most recent example was shown in late 2016 from the University of Calgary which paid $20,000 in bitcoin currency after some of their systems were attacked. So whether Canadian companies are either more wary about breaking news reports citing that they’ve fallen victim to ransomware, or Canadian companies do not have the necessary backup solutions in place in order to avoid paying these ransoms, Canadian organizations are just as susceptible to malicious attacks just like any other global organization. While these two issues are not mutually exclusive, solving the latter of these issues is an easy way to fix the former.

The key to Canadian businesses fighting ransomware is better educating themselves on the causes of these attacks. While typical international findings citing email being the number one cause of ransomware vulnerability, Canada debunks these findings as business applications are the most common vector for spreading ransomware throughout an organization.

In 2017, make sure that your company is prepared to fight off malicious attacks from Ransomware. To learn more about how you can prepare your company against ransomware, take a look at our previous blog to find out three reasons why your IT strategy needs to change in order to better adapt to ransomware.

This is part one of five in a series on Ransomware that will discuss what ransomware is, key trends, types of malware, how to prevent attacks and how to safeguard your business critical data.

What Is Ransomware?

Ransomware is a type of malware that encrypts a single user or company’s files, data and information. Most commonly found in email, social networks and infected websites, it takes one click or download to encrypt business critical data. To be able to access your files again, the cyber criminals’ entice you to pay the ransom to not only decrypt the data but to also regain access into your files.

How does it work?

It takes one person, or a single workstation to cause havoc to your network. Cyber criminals study your general browsing habits: they will examine your social networks and other pieces of information to learn details about you to make their phishing emails (an email that is designed to look like it comes from a trusted source) more believable. For example: emails coming from trusted financial institutions encouraging you to update personal information (this information has to be updated in telephone or in writing) are a popular scam. By either clicking on a link in an email, or visiting a website containing malicious code, ransomware can travel across your networks and encrypt both mapped and unmapped files which brings all business operations to a stand-still. Once the scam artists have successfully encrypted all of your files, they will then provide you with details on how to regain access to your files (normally in the form of bitcoin­ currency). Average ransoms are $679 US dollars.

How to Prevent Malicious Attacks?

Should you ever pay the hackers – Never. A recent study conducted with over 150 IT professionals showed that only five per cent paid the ransom. Reasons being:

• There is no guarantee that cyber criminals will fully recover your data (in fact, like most criminals they renege on their promises of data decryption)
• It’s often a laborious and timely process to decrypt the files
• Once you’ve been hit with ransomware once, you’re a target. One encryption does not prevent you from being attacked again

Therefore, the only way to prevent attacks is by having a comprehensive and reliable backup and recovery solution in place. There are millions of ransomware threats being developed every day. Rather than trying to find solutions that will combat ransomware, have a rigorous data protection plan in place – one that includes regular back up of all files (whether they be stored in the cloud or with traditional backup). Therefore if you were to ever be hit by ransomware, regular backup means easy recovery, faster RTO’s and RPO’s and business continuity.

Three Reasons Why Your 2017 Strategy Needs to Change:

• 2016 was a very successful year for ransomware. Attacks and threats increased, and trends have shown that attacks are becoming more targeted towards businesses as opposed to individual users because the criminals know that more money lies in business.
• Cyber criminals are becoming more sophisticated and their delivery and evasion tactics are becoming more advanced to make them more profitable. They’re spending their profits to develop new malware that is resistant to security defenses and decryption software.
• Ransomware attacks are growing, multiplying and infecting more organizations. No security solutions will be 100 per cent effective against all threats. So rather than overinvesting in new security, antivirus and endpoint protection solutions, invest more time in training your staff as the entry point of the majority of attacks are still due to individual users endpoint devices.

Ready to Learn How Asigra Can Help You Combat Ransomware?

Request a Demo

This is part of a series of interviews with Asigra Partners. In this post we’re talking with Nikolaos Prapas, Data and Recovery Solutions Engineer at TAS France who shares the importance of having a sound disaster recovery plan/DRaaS solution, trends in the European market related to backup and recovery, his opinion on ransomware best practices and the best way to prevent malicious attacks.

VM: Can you tell us a little bit about yourself, the organization and the solutions/services provided by TAS France?

NP: TAS France is the French subsidiary of TAS Group, a European Fintech software company focused on state of the art services for digital payments and online financial transactions. As part of our core business strategy, we host and house services for TAS Group, deliver SaaS solutions to our clients and also act as a cloud and managed service provider for corporate companies who are looking to outsource IT services. We also run several data centers and hosted infrastructures mainly in France and Italy.

VM: What are some of the most common requests your company receives?

NP: Our clients approach us with questions about security, sustainability, economy and how our data centers can help facilitate their Business Recovery Plan (BRP).

VM: In your opinion, what should organizations/businesses look for when choosing a Cloud Service or Managed Service Provider (MSP)?

NP: When companies are looking for a managed service provider they should choose a provider that:

1. Understands the scope of their business needs. The MSP should have a general understanding of their processes and business needs to make improvements which align with their architecture. The service provider should also bring the expertise necessary to find efficiencies within the existing processes, in addition to deploying the hardware and software assets for net-new solutions.
2. A comprehensive MSP that offers a myriad of solutions. The cloud solutions provider should administrate their networks and systems without the need for third party/intermediate brokers or subcontractors.
3. An MSP that provides technical assistance and sound project management advice as opposed to some providers that provide only general information and online resources.

VM: Does TAS France Offer a DRaaS solution?

NP: DRaaS services are core to our business and we’ve been running this service since the inception of TAS France. After exploring and implementing a lot of solutions, we chose Asigra’s DRaaS solutions as we wanted to be able to provide stable and robust solutions for not only our own infrastructure, but for our customers’ infrastructure and technology if a disaster were ever to occur.

VM: What are some top reasons why organizations should have a DRaaS solution in place?

1. NP: Companies are exposed to many risks, but there are few as devastating as losing essential data. Therefore, having a solution that provides the robust reporting tools that managers need to assess and manage risk is essential. Most businesses without a data protection plan in place do not survive a significant data loss.
2. So organizations can be self-sufficient. Companies not only want, but expect their information to be accessible whenever they need it. The only way to ensure business continuity is to have a fast recovery, backup and disaster recovery plan before a disaster happens.
3. Failure of Technology and Hardware. Because technology and IT infrastructure aren’t immune to failure, data protection solutions such as Asigra that offer customizable backup for your data are an ideal way to ensure your business runs smoothly at all times.

VM: Data centers for the past few years are becoming more popular in the industry. What are some benefits of having centralized data centers?

NP: In general, data centers are the hubs of digital transformation. These centers provide many amenities for organizations to manage the challenges of maintaining their IT infrastructure including physical security, a footprint for their servers and power supply with venting and air conditioning in an off-site location to mitigate risks from natural disasters.

VM: Does the proliferation of data centers have anything to do with the fact that data sovereignty is becoming a hot topic within IT?

NP: Not really. The issue with sovereignty is not really related to data centers, but more related to how different countries approach data privacy. For example, the US is very different than Europe in how we manage digital identities. On a more granular level, France may have a different digital identity than Europe in general, which is why we store all of our French data locally, as there may be some instances where our privacy laws are different (i.e. we are certified PCI DSS, which may or may not be applicable in other parts of the globe).

VM: With Ransomware becoming so rampant, there is a broad mix of anti-malware services: anti-exploit, anti-malware and antivirus. Does an organization need to invest in all three security tools, or does one perform better than the other? What in your opinion is the option best suited for organizations?

NP: An organization does not necessarily have to invest in all three anti-malware services, however the option best suited for organizations is to choose an MSP that offers cloud backup, one that is able to handle cyber-attacks, penetration, malware and virus risks through a sound and robust backup and recovery solution. These solutions that MSP’s offer should be able to identify and mitigate risk, stop attacks and build resiliency plans if a client was ever hit with a ransomware attack. Backup is the best final line of defense against an intrusion, especially when it comes to recovering business critical data.

VM: In your opinion, what are some common mistakes Managed Service Providers are making today?

NP: Being too confident or presumptuous. Some MSPs tend to forget that maintaining others’ data centers is a permanent endeavor, which requires quality management, vigilance and an understanding of their customers’ expectations. A successful MSP should be curious and ask questions to make appropriate recommendations based on proven, enterprise-grade solutions, as opposed to building, running and operating fragile home-based or non-trusted solutions.

VM: What can organizations do in 2017 to ensure their data remains safe and secure?

NP: My advice to companies is to consider data protection as a global policy and choose providers that have a combination of comprehensive solutions and solid experience in implementing data security solutions.

Click here to see the full scope of services offered by TAS France.