Endpoint Data Protection Best Practices Part 1 — Planning

Rakesh Ramakrishnan, Product Manager — Data Governance and Cyber Resilience

The goal of backing up data from endpoints has grown from merely having a point-in-time copy in the event of a disaster to including aspects like compliancesensitive data governance, and eDiscovery. So it is important to follow proven best practices to ensure a smooth and efficient deployment that meets key business objectives. 

Druva’s endpoint deployment best practices can be categorized into:

  1. Planning
  2. Setup
    • Security
    • Deployment and configuration
  3. Monitoring and integration
    • Console live activities and active alerts
    • IT/Security monitoring tool integration (SIEM tools like Splunk, etc.)

Before implementing a technology stack, your team will need to plan and gather information. It is a very important stage to ensure a successful deployment, and in Part 1 of this blog series, we’ll explore:

  • Importance of planning
  • Building the best strategy 
  • Outlining impact/issues of improper or no planning

Deployment Best Practices — Planning

Scope and information gathering

  1. Identify the list of administrators or departments who would need admin access to the Druva console.
  2. Define the different access roles required for different tiers of admins. For example, legal/eDiscovery, compliance, security, helpdesk, read-only, finance, etc.
  3. Collect details on the tools used to onboard, offboard and manage users, such as Microsoft on-prem or Azure Active Directory, Open LDAP, Okta, or other user management applications.
  4. The infrastructure or backup team needs to define the scope of deployment:
    • Number of office location sites (e.g. ROBOs) to be backed up/protected.
    • Number of users to be backed up/protected.
    • Different departments to be targeted for backup.
    • Any priority on the level of the user, for example: 
      • Providing executives or CEO-level users enhanced permissions.
      • Office vs. remote employee distribution of permissions.
    • Inventory the operating system platforms to be captured and their distribution, e.g. how many Mac, Windows, or Linux-based desktops/laptops.
  5. Onboarding key stakeholders for the deployment — internal network, security, deployment, backup, IT, and helpdesk teams.
  6. Making a note of details like proxy server configuration in the environment.
  7. Data and access
    • List directories/folders and file extensions needing protection.
    • List directories and file extensions to be excluded.
    • Permissions by user for backup and restore.
  8. Identify GDPR requirements from your legal team for relevant regions (Americas, APAC, EMEA, etc.). For example, can users in Germany back up data to storage in Ireland?

Network capacity planning

  1. Get Wide Area Network (WAN) pipe numbers for all sites.
  2. Verify if Quality of Service (QoS) is set on the network or firewall for third-party applications.
  3. Identify low bandwidth sites.
  4. Identify the maximum bandwidth that can be used on different sites.
  5. Draft a plan of the user rollout, including:
    • Which sites will be targeted first.
    • Which devices should be activated first.
    • How many devices per site should be deployed.

Impact of improper planning

Not having a plan or improper planning can cause a variety of problems, for example:

  • Not setting up more than one administrator can result in loss of backup data if the administrator forgets their login credentials. Druva cannot reset the credentials as we do not have access to the customer environment.
  • Not defining the correct role-based access to administrators with restricted access can result in misuse of data.
  • If an important set of user data is not captured, there will be data loss when the user tries to restore deleted data from the backup. 
    • Similarly, backing up too much data results in longer backup times and increases storage consumption.
  • Incorrect bandwidth usage settings can result in impacted production with reduced internet speed, and can bring the corporate internet down in extreme instances.
  • Improper CPU priorities can result in performance issues like slowness when performing day-to-day tasks. This could include delays switching between applications like Outlook or PowerPoint, etc.

These issues directly impact your team’s performance and productivity, negatively affecting:

  • End-user experience and increasing stress on the helpdesk.
  • Administrator productivity, increasing time spent to resolve issues.
  • Adoption across the organization, increasing data protection risks.

Looking ahead

Read Part 2 of this blog series to discover best practices for the Setup of endpoints, including their security, deployment, and configuration.

Visit the endpoints page to learn more about how Druva provides a secure, reliable and fast endpoint backup solution, so your teams can always recover clean end-user data. Druva’s integrated backup, eDiscovery, and compliance monitoring simplify endpoint data protection, ensure regulatory compliance, and improve data visibility for the mobile workforce.