Incident response and disaster recovery are some of the biggest opportunities for managed services providers (MSPs).
Most clients of MSPs are unprepared for a disaster. One survey found that only 44 percent of MSPs can say a quarter of their clients actually have an incident response plan in place. That same survey found that the biggest IT challenges for MSPs are security, business continuity and disaster recovery, and managing remote workers.
Lack of preparedness for cyber attacks and disasters leaves customers wide open to major data loss and could cost them thousands of dollars, if not millions, in ransomware payments or mitigation expenses. And being shut down for an extended period of time, whether due to a cyber attack or disaster, can put a company out of business.
If you’re an MSP looking to add disaster recovery services or Disaster-Recovery-as-a-service (DRaaS) to your repertoire, here are some tools, services and resources to help you on your way.
Also read: Best Incident Response Tools for MSPs and MSSPs
A Disaster Recovery Plan Template
When creating a disaster recovery plan, you first need to understand the maximum amount of downtime and lost data your client’s organization can tolerate during a disaster. In order to minimize downtime, you’ll need to determine which systems are the most critical and address those first.
Additionally, you need an inventory of all the software and hardware that’s on your client’s network. Then prioritize these assets based on how critical they are to the organization. For example, security software is critical, especially during the vulnerability of a disaster, but applicant tracking software could wait to come back online. And intellectual property (IP) and customer data should be backed up and ransomware-proof. You should regularly check and update this inventory to make sure you always have the most up-to-date information and you won’t miss anything if a disaster does happen.
Once you have an inventory, then you can start assigning roles to your client’s team. Who’s in charge of declaring the disaster to the organization and initiating the plan? Who contacts vendors and customers to let them know what’s going on? Provide concrete steps that each person can follow, so they know exactly what they need to do. The plan should include the name and contact information of everyone involved.
You’ll also need a list of any disaster recovery sites your client has available. For example, if they have data stored offsite or another office location that employees can work at, those need to be listed in the plan. If a client doesn’t already have data backup available, well, that’s something no client should be without.
One thing to note is that the disaster recovery plan shouldn’t be set in stone. It should change and grow as your client learns from past mistakes.
Five downloadable disaster recovery templates: IBM | The Council on Foundations | Evolve IP | Micro Focus | SmartSheet
Also read: Starting an MSP Backup and Recovery Service: IT Partner Options
Offsite Storage and Backup for Your Clients
Having data stored in just one location is a recipe for disaster, no pun intended. The second there’s a flood or fire, all that data would be gone forever. Over a three-year period, approximately 96 percent of organizations experienced some type of outage. Offsite storage can minimize the effects of these outages and keep your clients from losing valuable data.
As an MSP, you’ll want to either provide offsite storage for your clients or help them set it up for themselves if they have multiple locations. For smaller MSPs, it may not be possible to store all your clients’ data on your own servers, but you can use cloud backup and storage services to fill the gaps. However, they may also need to have physical storage available based on compliance and other requirements.
Use Automated Backups
Similar to offsite storage, your clients need automatic file and data backups so they don’t lose data during a disaster. These backups typically live in the cloud and are easy to restore when needed. They’ve become quite dependable over the years too, so they can be an MSP’s best friend.
Automated backups also make it easy to restore any data that the business lost during an outage. And because the cloud storage wouldn’t be affected by a natural disaster, chances are slim that a cloud outage would happen at the same time the physical business is dealing with a disaster. However, you’ll need to regularly (at least once per month) test backups for your clients to ensure they’re complete and recoverable.
Have A Service-Level Agreement (SLA)
Businesses want to know that you’re motivated to help them get back to normal as quickly as possible, and a service-level agreement (SLA) provides them with that guarantee. Many SLAs offer reimbursement or a discount on services if the SLA is not met. For example, an MSP that guarantees 99.9 percent uptime but only achieves 99.5 percent, may reimburse their client for the additional downtime with the amount specified in the contract.
An SLA also tells customers what they can expect from your services and a timeline for responses. It should cover all of the services you’ll handle for them and what they’re expected to take care of on their end to keep any critical duties from falling through the cracks. For example, you may handle 24/7 monitoring and data restoration, but the client may actually have to handle their own offsite physical file storage.
Best Disaster Recovery Tools for MSPs
Here are some of the tools you’ll need to offer disaster recovery services to your clients.
Backup & Recovery Software and Services
Backup and recovery software is the tool that handles those automatic data backups and stores them on servers on-premises or in the cloud. It can also help protect your clients from ransomware attacks. Consider software that offers data immutability and the ability to access data while offline.
Top Backup & Recovery tools
Acronis offers continuous data protection from a single management console and supports 20 types of workloads. It also includes antivirus and anti-malware solutions to protect data both at rest and in transit. However, there can be a learning curve with the system.
Carbonite Safe offers unlimited automatic backups on all plans and supports all file and photo types. It’s easy to set up and includes security features, like encryption and antivirus protection. However, it can be expensive when backing up multiple computers since the number of devices affects your licensing.
Arcserve provides automatic data backups for servers and provides detailed logs. It’s easy to use, and the support team is helpful and responsive. However, the user interface and reports are not very customizable.
Want more options? See our lists of the Best Backup Solutions for MSPs and Best Backup Services for SMBs.
Business Continuity Management Software
Business continuity management (BCM) software can help you make a plan for disaster recovery or incident response and track how effective the plan is. The software is often cloud-based, allowing all involved parties to access the plan, track progress, and add notes as they learn things about the disaster. They should also be able to edit the plan to incorporate what they’ve learned from previous disasters.
BCM software may also be able to keep critical systems running during an outage.
Top Business Continuity Management Tools
iGrafx provides full visibility into critical business processes to help organizations meet their compliance requirements. It includes a visual process builder and a customizable approval process to make planning easy. Customer support can sometimes be slow to respond to requests.
Castellan includes operational resilience, disaster recovery, business continuity, crisis management, and compliance tools in a single platform. It offers a user-friendly interface and the customer support is helpful and responsive. However, it doesn’t offer as many customization options as similar products do.
Archer Business Resiliency offers risk assessments and impact analyses that give organizations better insight into how their business would respond after a disaster. It also includes third-party risk management features to protect against third-party vulnerabilities. It can be expensive compared to similar solutions.
Not sure any of these is right for you? Get a full list of the Best Business Continuity Software on eSecurity Planet.
Security information and event management (SIEM) software allows MSPs to monitor their clients’ networks, helping them identify a disaster before it causes too much damage. It aggregates logs and other security data from other systems on the client’s network, like firewalls and endpoint protection platforms, to provide a single console MSPs can use to monitor and manage the network. SIEM tools are critical for gaining visibility into a network and mitigating both natural disasters and cyberattacks.
Top SIEM Tools for MSPs
Securonix offers strong behavioral analytics and data monitoring tools that are easy to use and provide a lot of value for the price. However, asset discovery and forensics cost extra, but they’re probably worth the additional cost for MSPs.
LogRhythm is slightly more expensive than the average tool, but it also provides above-average security, response, and management capabilities. It’s easy to use and deploy, although user and entity behavior analytics (UEBA) and network monitoring aren’t included in the base plan.
IBM QRadar is easy to use and offers a variety of standard features that MSPs will find especially useful. It’s good for teams that need a high level of security, but it doesn’t include an endpoint detection and response (EDR) system. Additionally, the licensing can be complex.
Also see our picks for the Top MSSP Tools and Cybersecurity Vendors.
Good Disaster Recovery Cements Client Loyalty
Showing your clients that you can keep their critical systems running and restore data quickly after a backup is a great way to prove your value to them. This will make them more likely to stay with you for the long term and can even get them to refer other businesses to you. Additionally, good disaster recovery allows you to build trust with a client, which may lead to them purchasing more services from you.
The good news is that many of the same steps that are required for disaster recovery correlate to incident response, making it easy to offer both services.
Read next: Top 15 Managed Security Service Providers (MSSPs) of 2022