Speaker 1: 0:02

Hi, I'm Paul Stringfellow, and welcome to another episode of Tech Takeaways On this week's show. As ever, I'm joined by my erstwhile co-host and part-time zookeeper, Jason Fitzgerald. Hi, Jason, how are you doing? Hi, yeah, great, yeah, Hi, Hi everyone. Should we explain why you're a part-time zookeeper? It's just a green isn't it?

Speaker 2: 0:20

Yeah, just a green T-shirt.

Speaker 1: 0:25

I like the green, but the comments that you got from your loved ones as you left the house this morning were, I feel, more connected to nature when I wear green so, yeah, excellent, so that's good. You'll notice we've got a cup on the desk here that says it says Liverpool Podcast Studios, which is where we're recording. So, hi everyone, liverpool Podcast Studios for all your podcasting needs. Check them out. But apparently it looks on screen like it just says podcast, so we thought we'd put it there just to remind us what we're doing.

Speaker 2: 0:51

It's just a note. I'm sat here.

Speaker 1: 0:54

I'm not in the lounge, I'm actually doing a podcast, so, um, so yeah. So now we know why we're here. We know why Jason is being called Zookeeper. We know who we are. I think we do pretty much. So, yeah, we've been doing this long enough. If I just watch back the intro, I think I introduced myself. So, yeah, I know who I am.

Speaker 1: 1:13

Anyway, I bet you're all glad you've joined in for this week's episode for this quality content. So why don't we jump into some quality content? So we're going to cover it on this show. We're going to cover it on this show we're going to talk about and it's actually been something that's been news recently, particularly off the back of and sorry to pick on CrowdStrike again. The CrowdStrike incident was the idea of backing up endpoints, and so this is one of Jason's hobby horses. So let's start with a controversial premise, jase, about endpoint backups, and I'm going to say why on earth do we bother? You know I've got all my data in the cloud. You know I'm using, I'm syncing up to cloud storage. I've only got really basic stuff on my endpoint. Why on earth would I bother backing it up?

Speaker 2: 1:55

Absolutely yeah, fair statement. To be honest, it's where I always start. Why would I bother backing up my endpoint device? Okay, wow, this is going to be a short episode. What's what? What's what's on an endpoint? Okay, what are we talking about when we talk about an endpoint? Well, we're talking about a, you know, a computer that you use for work. Um, and on that we're going to have, we're going to have data, uh, we're going to have applications, we're going to have, uh, customizations on that device. So, okay, why do we back it up?

Speaker 2: 2:24

For me, the reason why I back up my device so, first of all, if I was to lose or have my device stolen, I can go and get a new device, you know, new laptop, turn it on, I can log into M365. I can access all of my company files, but I can't access anything that was on the old device. That's not so much of a problem so long as my data is where it should be. Onedrive, sharepoint, company file shares that's all great, but not everyone keeps the data where it needs to be. Some people do keep it locally on the device and that introduces risk.

Speaker 2: 3:02

But for me, it's around customizations. My laptop is personalized to me. I've got a lot of keyboard shortcuts. I've got a lot of application customizations in there. So things like when I type in Word, if I put in certain phrases, it'll change that phrase to read something else. So if I put Gardner Systems, I actually just type GS and it puts Gardner Systems, make me more efficient in what I do and it takes forever to set up. So really I don't want to be setting that up on each and every device. I want to be able to recover my device effectively should I need to.

Speaker 1: 3:41

So great points, excellent insight into your efficiency. I've never really thought about doing that, so that's why Jason does what he does and I don't. So it's really interesting stuff that you said in there, though, and I suppose one of the things that I've not really thought about actually. You know, and I mentioned in the intro, that it kind of came about when we saw this kind of CrowdStrike incident lots of devices suddenly inaccessible. But if we look at one of the kind of big concerns that organizations have, so we stopped picking on CrowdStrike, but it's the idea of ransomware, so the idea that suddenly we find all of our endpoints and all of our data encrypted and suddenly we can't access our devices.

Speaker 1: 4:16

Yeah, and you said before, because one of the questions might be well, why bother backing it up? Because I could just get my laptop out, I could go to autopilot, have a new image kind of dropped, almost reset the device, have a new image dropped on, but actually that, but actually that takes quite a lot of time. So you know, even that initial autopilot set, then you're pushing out a load of company customizations on top of that. That can be quite a lengthy process. So how does the process of maybe recovering from some endpoint backup how does that compare in terms of doing that?

Speaker 2: 4:50

Yeah, so generally quicker. You know, if we look at, you know, recovering from a device that's been fully ransomware'd up needs to be completely flattened. And actually, you know, ransomware is not the only case where you're going to need to fully erase a device before you restore it. You know, if we think about a hardware failure on a laptop that's under warranty, the first thing that the service provider will ask before sending it into them is wipe your hard disk, because they don't want your data in their center, because if they have a breach or lose your data, that's their responsibility to look after it. So you may be requested to remove that data and then, okay, so you've removed your data. How do you get it back?

Speaker 2: 5:37

So the recovery process is normally you boot off a USB key and that USB key will then pull the data back. So we use a cloud-based backup system. So, as long as you're internet connected, when you plug in that USB key and run through the wizards, it will just download the content. What does that mean once it's done? So you know, obviously it's going to do a download. That download, depending on internet speeds, you know, could take some time half an hour, couple of hours, depending on how quick your speed is, but what you get at the end of it, you get the same device that you started with. You know the same device that you started with. You know the same device that we used a couple of days ago, with all of the efficiencies, with all of your data on there, with all of your applications. When we're doing something like autopilot, we're essentially recreating that device from scratch. So we're installing the applications and we're restoring some data, but it's not the same laptop.

Speaker 1: 6:29

It doesn't have. You're not getting the customizations, you're not getting your type GS infogardener systems, kind of stuff.

Speaker 2: 6:34

Yeah, exactly, exactly, and you know. When we look at a cyber instance, it's always useful to understand what has happened. You know, when a cyber incident happens, you've got to be able to go back and say, okay, when did the attacker get in the network? What happened? Let's build up a story from step one to step. You know whatever it is within that, and having that backup gives you the opportunity to do a restore on that device and then interrogate that device after the fact. So if you've got a ransomware device, you know you're going to have to destroy that. All forensic evidence is then gone. If you've got a backup of it, you know and that attacker has maybe been, you know, messing around with that endpoint for a couple of days you're going to be able to go back, check the event logs on that from the backup and work out exactly what's going on. So it is often overlooked endpoint backup, but it does have high value.

Speaker 1: 7:31

It's probably like all backups, isn't it? You know, part of the reason we wanted to talk about this was it was one of the kind of the bits of the fallout you know from when we had the CrowdStrike incident obviously impacted lots and lots of devices. Actually, one of the bits of fallout from that was that companies who had endpoint backups had the ability to recover their infrastructure maybe more quickly than those that didn't you know, and obviously we're finding out more and more about what happened in terms of numbers.

Speaker 1: 7:56

You know, I think the thing about I think on one of the episodes we talked about this where the initial number was 8 million impacted devices, but Microsoft have actually said subsequently that it was way more. That was just the 8 million that they knew about.

Speaker 1: 8:09

You know which was you know, just tells you how widespread this is. But actually for companies who had that ability to restore quickly back to a known state, because I think sometimes as well, you know, while we talk about, you know, relatively light customizations, maybe that make us more efficient there will be devices out there that are heavily customized to do very specific roles. Yeah, absolutely yeah. So one question for you then. So people watching this and maybe thinking, yeah, you know what, maybe I should have a look at endpoint backup, so what kind of options do they have open to them?

Speaker 2: 8:41

well, there's loads of options available, um. So you know there's options that will utilize cloud storage, um. So, being able to back up your data into cloud so that you can recover it from there, you don't have to um store it on any kind of storage that you manage USB drive, for example. Often it's an application that you install and then you can set up your backup based on your schedule. Now, obviously, make sure your device is on when you set the schedule, because you don't want to set a schedule that says backup the device at midnight and then the person goes home at 5pm. Yeah, it's never going to get backed up.

Speaker 2: 9:20

So the software that we use actually takes frequent backups throughout the day. So it's about every two hours it backs up and then we retain data for roughly about a year on there. So something that is set and forget is always a lot better than something that you've got to manage yourself, because if you're managing it yourself, you've got to develop new habits around that, and you know people look at it and say, well, that's extra effort that I don't really want to go to something that you can set, something that you can forget about, but is sitting there doing what it needs to do in eventuality that you need to call upon it I suppose from a kind of from an enterprise point of view as well, you know that that set and forget, yeah, the end users not even doing the setting and forgetting.

Speaker 1: 10:00

Actually, that's that's probably centrally administered. Here's our policy for protecting our endpoints absolutely, yeah, you know so set it once, deploy it across all devices.

Speaker 2: 10:08

Know that your devices are then protected. You don't have to nurse it, you don't have to. You know you need to monitor it. Obviously you'll get some email alerts if things have failed. But um, on the whole, deploy it it, let it run.

Speaker 1: 10:22

So I'm going to ask you a question now that we didn't really talk about beforehand, so I'm not doing this to try and trip you up. So in terms of backing up an estate, so you know, I mean, for us we don't have loads of laptops, so actually backing up the laptops we have is not too big a deal. But actually if you've got tens of thousands of endpoints that you're looking to protect, would you protect all of them? Is there some that maybe you wouldn't bother with? Is there? You know, I know it's probably how long is a piece of string kind of question, but just in general, you know.

Speaker 2: 10:51

Yeah, I think. For me, it's about getting people operational. You know, if we look back at lost productivity through things like not just ransomware, but things like a device has failed, we need to send it off to a manufacturer to do a warranty claim. If you're working on a state of, say, 10,000 endpoints, that is going to be happening quite frequently. You know devices fail, you know they go in, and so it's really a measure there of is it worth backing up everything or do we only do, you know, maybe key personnel or key departments? My view with everything really is have a policy and stick to it. If your policy is we're going to back up devices, back them all up, because the same thing is true for every single user. If your goal is to minimize lost productivity and get users back online, you need to be doing it for everyone.

Speaker 1: 11:44

Oh, that's a great tip. It feels like a good place to end. I mean, I can see the podcast studio staff now running around thinking are we protecting all our endpoints? Busy installing some backup software right now it's got top quality content like this sat on their devices, so hopefully they're all effectively protected and if not, we'll be selling them some endpoint backup afterwards, so, but anyway, yeah, hey, it's always an opportunity. So, jay, so, in terms of summing up, is there a couple of key takeaways that you'd give our audience?

Speaker 2: 12:15

Yeah, I'd encourage everyone to go and use endpoint backup. You know it's not just a case of getting the data back. That's already in OneDrive and already in SharePoint or already on servers. That's already taken care of. You're already backing that up If you've got it deployed. You're backing it up as an organisation of if essentially the lost productivity get people back operational, use some endpoint backup. The cost of endpoint backup versus that lost productivity it far outweighs it.

Speaker 1: 12:46

That's great. Well, I think that's a great place to end, and I believe it's feeding time for the lions now.

Speaker 2: 12:50

Yeah, best go. We need to get going.

Speaker 1: 12:53

So we're going to go and do that. I'm going to throw Jason some fresh meat to pass to Simba and his mates. But yeah, I think it's a really interesting topic and I think not a topic that gets talked about particularly often, but maybe that's because it's not as interesting as we think it is. But for now we're going to go with that's a really interesting topic and I think it's absolutely right that actually the ability to recover those endpoints quickly but, importantly, to recover them in the state they were when something went wrong, yeah Is you know for returning people to efficient, getting people back up and running, getting operations running again, I think it's a really important part of any data recovery strategy, whether that's for servers or endpoints. So, jase, thanks for your insight, really appreciate it.

Speaker 1: 13:35

If you enjoyed this show which why wouldn't you, you know? Do make sure you subscribe so you don't miss future episodes of Tech Takeaways. The subscription button for those YouTubers is down there somewhere, or maybe that side, who knows? I just don't know and give it a thumbs up as well. That'll help other people to find the show and you can subscribe. Here on YouTube, you can subscribe in all good homes of podcasts possibly a podcast, possibly some bad ones as well, but until next time. I'm sure you've enjoyed this episode. I'd love to have your comments as well, but until next time, thanks for watching Tech Takeaways.