Many of us remember the days of trying to recover data off of a physically damaged drive, human error of deleted files, and many other scenarios. I sit down with Sarah Farrell and Andy Maus of Drive Savers to debunk a few myths around drive recovery and many new technologies developed to recover data that seem near impossible to save.
[00:00:06] Welcome to MSP 1337. I'm your host, Chris Johnson, a show dedicated to cybersecurity challenges, solutions, a journey together, not alone.
[00:00:22] Welcome everybody to another episode of MSP 1337. We're kicking off this week as IT Nation will be going live tomorrow.
[00:00:32] But I had an opportunity to bring a vendor onto the show, which we know is typically not something we do on MSP 1337.
[00:00:40] But after talking to one of the employees of Drive Savers while I was at Comptia's Channel Con Amea, I realized how little I knew about saving data off of drives outside of physical failure.
[00:00:59] And so I asked Sarah and Andy to join me today. So Andy and Sarah, welcome to the show.
[00:01:08] Thank you very much. So I'm Sarah. I have been with Drive Savers for 22 years now in multiple roles.
[00:01:19] So I work with our business development team, largely with our engineering team, sales.
[00:01:26] And Andy, you tell more about what you do.
[00:01:29] Sure. Well, thanks for having us, Chris. We certainly appreciate the opportunity to talk to the Comptia community as we are members and really have supported the community for a long time.
[00:01:47] So I am responsible for business development at Drive Savers, specifically working with the incident response and cyber response community or ecosystem of companies.
[00:02:01] The incident response companies, the restoration services firms, the forensics firms, all the firms that encounter data loss as part of a cybersecurity incident.
[00:02:11] That's crazy.
[00:02:41] 200 plus episodes.
[00:03:11] Yes, I always say I want to support Comptia. That's a great part about this.
[00:03:14] But I can also bring vendors on and have conversations that may get maybe a little bit less neutral.
[00:03:24] But the goal always is to be vendor neutral as is Comptia.
[00:03:28] But I think it's part of just being candid. It's a raw conversation to share with our community.
[00:03:33] Understood. All right.
[00:03:34] All right. Cool.
[00:03:35] So disclaimers out of the way.
[00:03:39] I want to go back a little bit because this was the part that was intriguing to me.
[00:03:43] And for anybody that's been in the industry more than 10, 15 years knows that once upon a time, the spinning disks of the world were the nightmare for any IT company, whether it was inside a laptop or desktop or server.
[00:03:57] And so, Sarah, I thought it'd be good to kind of have you take us through some of the, you know, we don't have to go too deep in the challenges of physical drive failure back then.
[00:04:06] But I think what I really want to get to is that it's 2024 and physical drive failure still exists.
[00:04:11] And then I want to shift it to talking about the, which I never even thought about, like, is that there's companies out there that specialize in recovering data because an incident has occurred off of a physical medium.
[00:04:24] So, Sarah, walk us through a little bit, like, you know, the intriguing, I think intriguing, of what it was like to pull data off of essentially, you know, a failed drive.
[00:04:36] So, it is.
[00:04:37] It's changed so much.
[00:04:39] When I started, of course, it was spinning drives.
[00:04:43] I feel like DriveSavers is still really known as being the experts in physical failure, which we are.
[00:04:53] And then as time went on and, you know, SSDs came in and it was all like, oh, they're never going to be recoverable.
[00:05:02] And there, we have, you know, a full department that specializes specifically in flash memory.
[00:05:11] It's a different beast entirely, but they're recoverable.
[00:05:16] And then the cloud came on.
[00:05:18] It was like, oh, data recovery, it's going to be over.
[00:05:21] Everything's going to be in the cloud.
[00:05:22] No one is going to, you know, ever need their data recovered again.
[00:05:29] And unfortunately, you know, that's not true.
[00:05:32] Sure.
[00:05:33] You know, first you have to back up, then you have to verify the backup.
[00:05:40] And then we, you know, we came into this current landscape with, you know, threat actors and ransomware.
[00:05:47] And I think because of that, manufacturers and, you know, IT companies, systems are so much more robust that, you know, there is, the failures are different.
[00:06:01] And much more of what we do is needing to access data that is, it's not physically damaged, but somehow logically.
[00:06:13] It's been deleted.
[00:06:14] It's been corrupted.
[00:06:16] It's inaccessible.
[00:06:17] So while we still do, you know, physical damage, you know, every day, so much more of our work is with data that's logically inaccessible.
[00:06:28] It makes me think about, like, the, you know, Android, iPhone, you know, mobile devices basically are a, in essence, somewhere between a 64 and a 512 roughly storage device that's storing all kinds of stuff on it.
[00:06:43] I remember the first time I had to go from one iPhone to the next and realized that because I didn't follow the exact instructions, I essentially wiped my new device empty.
[00:06:54] Had I not had a backup of my phone, I would have essentially been starting over with everything.
[00:06:59] And surprisingly, you know, we use our phones, like when it's time to load apps back onto a mobile device, it's way different than trying to load it on your desktop or laptop because it's like all that data at your fingertips.
[00:07:11] And when you have to log back into an app and the cache isn't there and all of those things, it's a nightmare.
[00:07:18] Like, I had no idea.
[00:07:19] It'd been so long since I had swapped phones, which is, gives you an idea how long I hold onto my iPhone.
[00:07:24] So, so you guys do a lot, just on the physical recovery side, you guys do way more than just hard drives.
[00:07:31] You do like iPhones and I see them Android and really there's probably, if it stores data and is digital, that's probably in your wheelhouse.
[00:07:39] If it stores data with a one and a zero, we will work on it.
[00:07:42] We've worked on AEDs, fish finders.
[00:07:48] Sure.
[00:07:49] Anything.
[00:07:50] Yeah.
[00:07:51] Well, really?
[00:07:52] Wow.
[00:07:52] That's, that's really interesting.
[00:07:54] So going back, so you guys have been around a long time, like since the 80s, if I recall.
[00:07:58] So like, do you still see drives from that long ago coming up with needing to have data recovered?
[00:08:06] We still sometimes see floppy drives.
[00:08:10] So, yeah.
[00:08:12] Well, on the floppy side, when you say floppy, we're talking five and a quarter or the three and a halves?
[00:08:18] You know, I couldn't say, but again, if it stores data with the one and a zero, we will find a way.
[00:08:25] Well, yeah, there's, there actually is a story in the news very recently about San Francisco MTA moving off of floppy disks.
[00:08:37] That's why I was asking.
[00:08:38] That was what came to mind for me too.
[00:08:40] Those are five and a quarters.
[00:08:42] Yeah, they were five and a quarter or they are five and a quarter.
[00:08:44] And there's a lot of them.
[00:08:46] Yeah, that would be quite a, quite a stack of what would be considered almost disposable media.
[00:08:53] All right.
[00:08:54] Well, our lab looks like a museum when it comes to read-write devices.
[00:09:00] Wow.
[00:09:00] Yes, we do have a museum and the hallways are full of really fantastic things.
[00:09:05] It's, someone once described it as Disneyland for geeks.
[00:09:09] That sounds about right.
[00:09:10] Like there is some nostalgia when you see those, especially for those of us growing up in the 80s and 90s of things like, you know, how we, how we modded three and a halves.
[00:09:19] So like, you know, if you were, if you bought software from a vendor, like let's just say it was Microsoft Office or Windows and it came on floppy drives that the three and the three and a halves, you know, people figured out real quick that they could go and flip the little switch and make it a writable disk and, or put tape over it to make it writable.
[00:09:39] And then you'd order more disks and it was a really cheap option for those that needed floppies, right?
[00:09:44] Like you didn't have to go to Radio Shack.
[00:09:45] Oh my word.
[00:09:46] I just aged all of us Radio Shack.
[00:09:49] Yes, you did.
[00:09:51] Thanks for not sharing that hack at the time.
[00:09:53] Right, right.
[00:09:54] Like this, yeah.
[00:09:55] This is not for those of you that need floppies today.
[00:09:57] You should not do that, right?
[00:09:59] Go to Radio Shack and buy some new floppies if you can find one.
[00:10:02] Um, I did see one internationally, so they do exist in places that are just very, very rare.
[00:10:09] So shifting gears a little bit, um, you know, I think the physical part is, is, is still super cool.
[00:10:15] I think it's just, it blows my mind that, you know, there's the other side of it too.
[00:10:20] And I don't know if you guys do this, but the need to wipe data completely off the drive.
[00:10:25] So do you do that as well?
[00:10:26] Just curious.
[00:10:29] Well, before we dispose of anything, we make sure that, you know, something's gone and we do do some erasure verification, but we pretty much stick to, to recovery.
[00:10:40] Just getting the data on there.
[00:10:42] Yeah.
[00:10:42] It's not, you're, you're not a data disposal service.
[00:10:46] That could, that could jeopardize the integrity of this whole conversation if that was included.
[00:10:51] Uh, shifting gears.
[00:10:54] Um, I, I, I get super excited thinking about the shift from the physical side.
[00:10:59] I think that's more of the nostalgia in me, but like shifting gears to where anime started talking about the whole, uh, you know, threat landscape, what happens to infrastructure that's been hit by, uh, encryption, whether it's done accidentally or it's done through threat actors.
[00:11:16] Um, what do you guys generally see?
[00:11:19] I mean, I've been through lots of, um, I shouldn't say a lot.
[00:11:24] I've been through plenty of, of negotiations with threat actors trying to reduce the amount of cost or, or literally just usually buying time to see what we can or can't do with regards to do we need to actually ever pay the ransom and get stuff back through them.
[00:11:40] Or if we have what we need, um, what do you guys see?
[00:11:46] I'll let you take this one, Andy.
[00:11:48] Sure.
[00:11:49] Uh, well, we really see three primary types of scenarios relative to, um, you know, cybersecurity incidents, whether it's ransomware or malware or whatever the attack type is.
[00:12:03] The three primary scenarios we see are deletion, whether it's malicious and intentional deletion or an accidental deletion, uh, corruption.
[00:12:14] Uh, and, um, and then, uh, a, um, oh gosh, I just blanked on the third.
[00:12:26] Crypto.
[00:12:26] Oh, yeah, no, I think the corruption had two subsets.
[00:12:31] Oh, gotcha.
[00:12:32] Uh, corruption that can occur on the encryption side and corruption that can occur, that can occur as a part of the decryption process.
[00:12:39] Sure.
[00:12:39] So those are really the three scenarios.
[00:12:42] Incomplete encryption.
[00:12:44] Andy was what we were missing there.
[00:12:45] Incomplete encryption.
[00:12:47] Exactly.
[00:12:48] So we see, so really those are the, you know, the three basic scenarios that the deletion can occur anyway, but it's a deletion is a deletion.
[00:12:57] Sure.
[00:12:58] And then that corruption are really, you know, broken down into two, either encryption related or decryption related.
[00:13:05] Gotcha.
[00:13:07] I find there's, I think this was recently within the last couple of weeks.
[00:13:11] I thought I found it fascinating.
[00:13:12] There was a scenario where, uh, cryptocurrency, um, that was the wallet was encrypted.
[00:13:18] And when the wallet had been initially created, I forget how many, uh, coins were on it or whatever the currency was, but it was worth about, I think, six or $7,000 at the time.
[00:13:31] So it's been going on 10, 10 years now.
[00:13:34] And, uh, today it's, it's worth a little over three and a half million dollars.
[00:13:38] And what was interesting is the way in which they were able to recover it was they basically turned back time.
[00:13:45] Uh, and essentially the idea behind randomly generated passwords.
[00:13:50] If you can go back to the timeline or get close enough to when the password was generated, it may in fact generate the exact same password again, proving that while it's random, as far as the usage of the password, if you have the right tools in place, things aren't so random as we see them on the, you know, from the human eyes perspective.
[00:14:12] That's a great story.
[00:14:13] Very true.
[00:14:14] And a great story.
[00:14:16] Why don't we talk about like a recovery that we've done to give some examples of, of how we do it.
[00:14:23] Great.
[00:14:24] About, um, the one we talked about earlier with, um, incomplete encryption.
[00:14:29] Sure.
[00:14:30] Yeah.
[00:14:31] I think this is a, this case that we handled, um, you know, over the last 120 days was from, uh, from the beginning to end.
[00:14:41] Um, it, it took place in the last 120 days.
[00:14:45] So it's recent news, a very recent case for us.
[00:14:48] Uh, it, it, it really illustrates two, uh, two components of the, the, the effects of an, a cyber incident.
[00:14:58] Um, so we, uh, we were contacted by an incident response company that was working on a case.
[00:15:06] They had, um, they had been engaged with this client for, um, over a month.
[00:15:12] They had, um, they had worked with, they had negotiated with the threat actor group.
[00:15:18] They had acquired a, uh, a decrypter and, um, and begun decrypting, you know, decrypting systems and files, uh, or they cleaned the environment and they were decrypting the files that had been encrypted.
[00:15:32] So, um, when they first called us, they said, we, you know, we have one, uh, critical file server that we, um, you know, that, that stores, you know, 1.6 or 1.7 million files that is encrypted.
[00:15:50] And we, and we can't, and it's stored in a virtual disc and we can't get, we can't access that virtual disc.
[00:15:57] So when, on that first call, we started talking about that virtual disc, what had happened as a, you know, during the attack, after the attack, um, you know, what steps had been taken to, um, you know, try to access that information.
[00:16:12] And then we asked them about the rest of the environment as well and found out that, you know, this was, well, this was their primary file server.
[00:16:21] They also had been using Veeam as a backup, uh, as a backup tool and found out that they had, um, that they had a copy of their backup file.
[00:16:34] That was, um, that was, um, that was damaged as well.
[00:16:38] And that was on a separate server.
[00:16:41] So to illustrate kind of the point, um, the primary server had been deleted, the, the VM, the VMDK, the backup server had, we found through our, using our techniques and our tools that, um, that the.
[00:17:00] The database file that the beat, where Veeam stores its eight, its backup information had been, um, was corrupted because of an incomplete encryption, which were the words that I was looking for in Sarah.
[00:17:13] Sure.
[00:17:14] We went through a couple of minutes ago.
[00:17:15] So what we had to do in this case was pursue parallel paths, data recovery for both of those two scenarios.
[00:17:23] So that what we, so at the end conclusion, we ended up with about 98% of the files recovered out of 1.6 or 1.7 million files.
[00:17:33] Uh, we had to do those, put together all the files that we recovered from the primary file server, where there was a deletion of the virtual disc and the files that we recovered from the Veeam recovery.
[00:17:45] So we have, um, so what it really illustrates is that we need both custom software recovery tools that, that the drive savers team has built over time to do data recovery from virtual environments.
[00:17:58] And then separately custom data recovery software to recover specifically Veeam backup files.
[00:18:06] So there are multiple layers, uh, involved in the recovery process.
[00:18:11] And this is a great illustration of two different, you know, deletion scenarios or inaccessibility scenarios, um, where it requires different techniques, different tools.
[00:18:21] Um, but the same team actually worked on it.
[00:18:25] I mean, to me, this is exciting.
[00:18:27] They, I mean, not for the poor person going through it, company going through it because, you know, they lost their data.
[00:18:33] They had to, you know, pay the ransom.
[00:18:37] Some of it worked, but these, you know, critical, critical files that they needed for their business were inaccessible.
[00:18:43] And then for us to, to be able to do, you know, the first one where there was deletion and we got some of the data, but there was, you know, file tree structure damage.
[00:18:53] Yeah.
[00:18:54] You know, the other one with the incomplete encryption work with that layer, the two of them together, you know, sort of like, you know, taking two puzzles.
[00:19:03] Right.
[00:19:04] And together and got back every, you know, we got 98% of the data, but luckily every critical file that they needed.
[00:19:11] So it makes me think of trying to do, you know, buying, you know, three puzzles.
[00:19:16] They all have different pictures, but they're the same puzzle pieces and you have to put them together upside down.
[00:19:21] Without the box.
[00:19:22] Without the box.
[00:19:23] Like some of it is, you know, and then you flip the puzzles back over and only one of the pictures looks close to the right, just because of the way in which they're put together.
[00:19:31] But, you know, that whole experience just, I don't, I don't think I could work in that model because to me, like as soon as I start trying to restore something or fix something, like if I can't, it's like somehow my fault that I can't get their data back.
[00:19:48] Or just, you know, someone tells you their horror story of the incident that they're going through or the event that they went through.
[00:19:53] And you're like, you start to like take on more than empathy.
[00:19:57] Like you start to feel like you're going through this same thing, like as if it's a VR experience and it's not.
[00:20:03] But like these things are so stressful to those that go through it that I think anybody that's trying to help starts to take on some of that pain a little bit.
[00:20:13] Do you guys run into that at all?
[00:20:15] Is there an emotional attachment that happens or are you able to just sort of separate the two?
[00:20:21] No, there's, I mean, for me, there's definitely an emotional attachment.
[00:20:27] When I was doing the recoveries myself, I was with the team that did the physical flash memory damage for several years.
[00:20:36] I actually had to try avoiding looking at the notes.
[00:20:39] I just like tell me, tell me about the device and the damage because, you know, if I looked at the stories behind it, I would just think, well, I never need to go home again.
[00:20:49] You know, I'll work on this until, until I get it back for you.
[00:20:53] Sure.
[00:20:54] So, so what's the question, though?
[00:20:56] I was just going to add that, um, that there, you know, since we just wrap up the world series and for any baseball fans out there, uh, there, there are times in the clean room or in the lab environment where it looks like a home run celebration.
[00:21:11] You know, when the, when the player, you know, it's a home run and goes back to the dugout and high fives everybody.
[00:21:17] It looks like that in our, in our lab sometimes where, you know, all of a sudden we, the, something is unlocked and we have access to those files that we've been working on.
[00:21:28] That's a, it, there's a real celebration and real joy that comes along with that.
[00:21:32] I can't imagine.
[00:21:33] I'm not going to share what it is, but I, I had a celebration song that I would put on and dance around the room.
[00:21:38] I got a really hard one.
[00:21:41] So I would, I would venture that you probably spend, you mentioned, you know, of working with a forensics company.
[00:21:48] Um, do you, do you often or, or deal with, I shouldn't say often, but do you deal with at all, uh, forensics coming to you?
[00:21:56] And the urgency is we need to figure out because it's encrypted.
[00:22:00] We can't tell maybe even where it originated, like just to get a level of data off of it.
[00:22:06] That says we we've got, cause I imagine like, you know, that's kind of the first question.
[00:22:11] And the second question would be like, you know, I'll just even say 10 years ago, 10 years data recovery for whatever you were throwing at it.
[00:22:17] The, the time factor on what that processing power requirements are to, to, to do that, that workload.
[00:22:27] I would imagine that today, the workload timeline wise, regardless of who's asking and how urgent it might be, you're able to do things a whole lot faster.
[00:22:35] I mean, I mean, you saw with Elon Musk putting together a supercomputer in 19 days and previously it was like 12 months.
[00:22:41] So, I mean, like hardware and horsepower to, to do some of this work.
[00:22:46] I mean, what has that been like over the, like, especially the last couple of years?
[00:22:53] That's hard for me to ask because also people have so much more data.
[00:22:58] I'm thinking about what we were talking about with phones earlier.
[00:23:01] I mean, did you ever imagine you would need that much data that you would carry around with you in your pocket?
[00:23:08] So for us looking for a specific file out of, you know, terabytes and terabytes and terabytes of data, it is a lot of processing.
[00:23:19] So it's something that, yeah, you know, even a handful of years ago would have been impossible.
[00:23:24] Sure.
[00:23:25] But it does still, it can take some time.
[00:23:31] And there are times, you know, like Andy was saying that we, you know, build custom tools that, you know, we need to, you know, to understand the data loss.
[00:23:42] Build a test environment, you know, delete or corrupt some data on it ourselves, you know, figure that out.
[00:23:51] So, you know, some data recoveries are, you know, we can have a company back up and running by the next morning.
[00:23:59] And, you know, others, unfortunately, can take more time.
[00:24:03] It seems like that's kind of, you know, you know, you and I briefly talked about this when we were in London about, you know, the evaluation process and how that's kind of part of like, you know, do a discovery, have a conversation.
[00:24:15] And, you know, at least it's kind of like taking your car in for an estimate, right?
[00:24:19] Like, you know, my wife just got hit, had a deer hit the side of the car.
[00:24:23] You know, they're really bright animals.
[00:24:25] Like somehow they think that they can go through moving objects.
[00:24:28] And then, of course, the police report showed that there was a, well, the icon on the dot matrix printer made it look like it was a reindeer.
[00:24:35] So we're pretty confident there's going to be no Christmas this year because, well, Santa is going to be short a reindeer.
[00:24:41] We do not have those here, but that's what it looked like on the paper.
[00:24:44] But it made me think about like the when you're talking to insurance, like just the steps that go through this and then thinking about things like, you know, I give you a hard drive or virtual or otherwise.
[00:24:57] And it's like, well, what kind of data is on it and what laws and requirements are put on, you know, because you're suddenly going into like it could be CUI data.
[00:25:08] It could be patient health information.
[00:25:10] And you're dealing with now on a global scale.
[00:25:14] So that would include things like GDPR.
[00:25:16] How does that how do you guys navigate that ecosystem, if you will?
[00:25:21] Let's go back to the evaluation, because we do on, you know.
[00:25:29] Single drives.
[00:25:32] It's an absolutely free evaluation.
[00:25:35] Sure.
[00:25:35] So you you call us up.
[00:25:38] We'll talk you through it on the phone, but we will.
[00:25:42] Send an overlay label, get the device to us, evaluate it, call back, tell you, you know, what we think, where the price is and the customer can then decide at that point, is this worth it to them?
[00:25:55] Is it not?
[00:25:55] And it is absolutely free to find out.
[00:25:58] I want to ship you my car then because it's got a hard drive.
[00:26:02] I would have liked just the drive.
[00:26:05] And, you know, we have done, you know, car systems.
[00:26:09] I can think of one from a Tesla where someone was, you know, blaming the accident on, you know, the other driver and they had brought the car in for repair and that drive that it has had been reset.
[00:26:22] So it showed up as nothing on it.
[00:26:25] And again, Andy was talking about the celebrations.
[00:26:27] We got the data back and, you know, we're watching it just to be sure, you know, we have the critical file.
[00:26:33] And it was so obvious that the other driver was at fault and our customer, you know, was not liable.
[00:26:40] We were celebrating in the lab.
[00:26:42] That is a celebration.
[00:26:44] I think I've narrowed it down to it was I know who it is now.
[00:26:49] So and then you want to talk about our sort of evaluation consultation process on complex jobs.
[00:26:58] Yeah.
[00:26:58] You know, one of the basic, you know, situations that we see are, you know, well, think about the the common attribute across all these cyber incidents.
[00:27:13] Is it while the threat actors are getting access into those corporate networks and they are deploying their their malware.
[00:27:26] They are also operating in that environment to to delete the collect information, exfiltrate sometimes the most valuable data and then deleting backups.
[00:27:39] So there is this, you know, common scenario of deletion, whether it's the primary server, the backup server.
[00:27:45] It just depends on how the threat actor is is conducting the attack.
[00:27:52] Sure.
[00:27:52] So what we will do, though, since a lot of those deletions or corruptions, as we've said, are on servers, you know, we will also do a discovery phase.
[00:28:05] And a lot of times we can do it remotely because we and and kind of back to your question about, you know, how do we work with the ecosystem?
[00:28:14] So I'll I'll speak to that in a second.
[00:28:17] The you know, usually the I.T. teams have been mobilized.
[00:28:21] The security, depending on the size of the organization, if that I.T. team also has security responsibility.
[00:28:27] They've also called their MSP.
[00:28:29] They've also called, you know, third parties.
[00:28:33] And, you know, when they're in a lot of times when there is cyber insurance, the insurance company recommends a data privacy law firm that specializes in cyber to protect and manage protect the the client and manage the risk associated with that that incident.
[00:28:51] And then there are incident response and restoration services firms.
[00:28:57] So you talked about what happens from a restoration standpoint.
[00:29:00] You know, they have to eradicate the malware, clean the environment.
[00:29:05] And they're often just, you know, faced with rebuilding systems and getting that company operational again from a network infrastructure, file server, application server and communications perspective with voice and email, that kind of thing.
[00:29:23] So when they run into those deletions, though, what you know, we get a phone call.
[00:29:29] Sometimes it's from the MSP, sometimes who's being asked to, you know, restore files into the environment or from the I.T. team or from the incident response and restoration firms saying, hey, we found data loss.
[00:29:42] And we will work in collaboration with those teams to, if possible, conduct a remote evaluation.
[00:29:49] So just by connecting remotely with secure software, we can do an examination and an assessment.
[00:30:00] Otherwise, if we see kind of the attributes that would prevent us from accessing it remotely in a secure manner or the system's completely just, you know, inoperable, that's when we'll have, you know, ship the system in and we'll do conduct a more paid discovery.
[00:30:21] But I wanted to back up and kind of illustrate that and answer your question about how we work with the ecosystem.
[00:30:28] Yeah.
[00:30:28] We complement all those other service providers with really what looks like a, what is a specialty service that helps them in their efforts.
[00:30:40] So let me ask kind of a final question.
[00:30:43] I think this is probably a really loaded question.
[00:30:46] So my, my job day to day is I oversee the cybersecurity compliance programs for membership at CompTIA.
[00:30:54] We have a trust mark as a program for MSPs to get audited or assessed against a set of safeguards.
[00:31:03] The trust mark is not unique.
[00:31:05] It's Frankenstein of several different frameworks.
[00:31:08] But I was curious, I know that you guys have gone to great lengths to meet certain regulatory requirements and have aligned yourself to ensuring that you meet things like GDPR and, and others.
[00:31:20] Do you have within that, how you help organizations satisfy safeguards by incorporating?
[00:31:27] I feel like if I was an MSP today, that I would want an organization like DriveSavers in, in, as a vendor that I work with.
[00:31:36] And I have, you know, established, you know, policies and process and procedures in place so that, you know, when it comes to things like business disruption and business continuity and DRIR, that I'm not just saying, oh yeah, we're using XYZ vendor and we got your data.
[00:31:51] You know, it's backed up.
[00:31:52] I feel like this is getting into, like, setting the groundwork for when there is an incident to reduce that blast radius and be, you know, minimize the impact to the organization.
[00:32:07] So, like you said, you know, we have, we've done, you know, a lot of work to have, you know, all of our certifications in place where, you know, HIPAA compliant, we're SOC 2 type 2 compliant.
[00:32:19] It's, you know, we're going to see your data.
[00:32:22] Yeah.
[00:32:23] So, you need to send it someplace secure.
[00:32:26] And, you know, like you said, you, you rarely have, you know, vendors on your show.
[00:32:30] And, you know, I felt that last week in London that, you know, there was some hesitation to engage with a, with a vendor.
[00:32:42] But, you know, we're a service.
[00:32:44] We don't have a product to sell you.
[00:32:47] And in engaging with us sooner, we, you know, we can get that in place.
[00:32:51] We can have a master service agreement.
[00:32:53] We can have a non-disclosure in place.
[00:32:56] You know, we can get all of that set up, all of that language.
[00:33:01] So, you know, the, the MSP feels secure, whoever the partner might be.
[00:33:08] And, you know, the, you know, breach coach can know that, you know, we are also a secure vendor.
[00:33:16] So, yeah, I mean, getting that in place.
[00:33:18] So, you know, an incident does occur.
[00:33:20] You can help customers so, so much more quickly.
[00:33:23] Yeah.
[00:33:23] The take action comes into play as you now have a path forward because you have a path in place.
[00:33:28] Yeah.
[00:33:28] Yeah.
[00:33:29] Exactly.
[00:33:30] And you know us, you know what we can do, what we're capable of.
[00:33:33] Yeah.
[00:33:34] Because that's another thing is that sometimes it'll be a customer that calls us because, you know, they've got people in place.
[00:33:40] And that company is doing everything, you know, they can.
[00:33:44] And they just haven't realized, like you were saying, you know, that some of this is possible.
[00:33:50] Yeah.
[00:33:50] The what is possible is something that I feel like every day in the space now is not something that most of us have thought about until it's, you know, basically put in front of us.
[00:34:02] It's kind of like going to a vendor show or a tech floor and identifying vendors that solve for problems in your organization that you didn't know you had until you go and do that.
[00:34:12] But I think the flip side of this is also true, that there's so much that is happening so fast.
[00:34:17] You know, the rate at which technology is evolving to enable us to do things that we never thought possible means that we have to stop thinking that it's not possible and start asking questions like maybe it is possible.
[00:34:31] Now, I wouldn't propose asking, say, CHI-GPT because it may actually give you, you know, three lies and a truth instead of three truths and a lie.
[00:34:40] But and then rationalize why it believes it's true.
[00:34:43] So I digress.
[00:34:45] Anything else that you guys would like to share?
[00:34:48] I think this has been great information.
[00:34:49] I think it really opens the eyes of our listeners to what is possible.
[00:34:53] And I really appreciate you guys being willing to share.
[00:34:58] Please call us.
[00:35:01] You know, we'd love to share more with you, like I said, to get things set up.
[00:35:06] You know, if you are in an unfortunate, you know, data loss, you know, it's free to find out what we can do to, you know, have a conversation, to have an evaluation.
[00:35:16] And, you know, it might end up that you don't need us or it is not worth it.
[00:35:21] But please just, you know, give us a call.
[00:35:25] Yeah.
[00:35:26] And I would add to the point that about, you know, not necessarily realizing or even thinking about data recovery in one of these, you know, when you've experienced a cyber attack and you're trying to figure out how to recover from that.
[00:35:43] But if this resonates with anyone who has been thinking about, you know, traditionally CISOs or CTOs or CIOs have had to develop their first, it was their disaster recovery plans.
[00:35:57] Now, every CISO wants their cyber incident response plan in place.
[00:36:03] And very few of them contain the line item that says, think of drive savers when data is deleted or corrupted and is inaccessible.
[00:36:14] And I think that, you know, by being on your podcast and allowing us to help spread the word and increase awareness around what is possible.
[00:36:24] Yeah.
[00:36:25] We'll hopefully encourage people to think of us.
[00:36:28] And in the case of the deletion and incomplete encryption that we shared with you, we did learn that if we'd have been involved sooner, we could have recovered more.
[00:36:40] And, you know, when we came in, and I think that's the entire point of visiting with you today and having your listeners hear about, you know, considering data loss and just sharing with us.
[00:36:54] You know, like Sarah said, it doesn't cost anything or we can at least give a quick assessment on what we think the recoverability looks like.
[00:37:02] We're happy to do that.
[00:37:04] But, you know, thank you for having us on and allowing us to spread the gospel around data recovery services.
[00:37:12] That's great.
[00:37:13] Well, for those of you listening, this has been an episode of MSP 1337.
[00:37:17] Thanks and have a great week.