CPA and IT Consultant Firm sought multi-tenant, security-first mindset and got much more
Whether a small business or a large enterprise, effective data governance is essential. Data must be maintained in a way that keeps it secure, private, available, searchable, and fully recoverable when needed. This has never been more important as recent vendor attacks, accidental deletion, nation-state threat actors, technological failures, and legal or regulatory mandates burden IT teams more than ever before.
Being prepared is a deliberate choice. It doesn’t happen by accident, and it can’t happen in a vacuum. Business-technology teams must put the right tools in place to guarantee certain data is not only protected from misfortune but recoverable when misfortune does strike. It’s not a matter of IF, but WHEN.
Christopher White, a partner at the regional CPA and IT consulting firm Hutchinson and Bloodgood LLP (H&B), is intimately familiar with these challenges. Founded in 1922, Hutchinson and Bloodgood built its reputation on the trusted advice and quality service given to their clients in the areas of tax planning, auditing, information technology consulting, business valuations, and business advisory services throughout California.
As part of their IT Assurance services, Hutchinson and Bloodgood performs Service Organization Control 1 (SOC 1) and Service Organization Control 2 (SOC 2) examinations, Sarbanes-Oxley (SOX) evaluations, as well as Health Insurance Portability Act (HIPAA) and Health Information Trust Alliance (HITRUST) preparedness and attestation services. As part of their full-stack MSP and MSSP offerings, they support small-to-midsized businesses (SMB) with complete or co-managed solutions based on current cybersecurity frameworks and best-practices. Together, they know what it takes to satisfy regulatory and compliance requirements while understanding reality on the ground for IT teams. Clearly, for Hutchinson and Bloodgood and its clients, good data management practices are crucial, including data backup and eDiscovery.
While data backup and e-discovery solutions are foundational in the design of any system, that doesn’t mean finding the ideal vendor partner is easy. White explains how challenging it was for Hutchinson and Bloodgood to find a backup service they were comfortable using long-term. Over the past several years, Hutchinson and Bloodgood evaluated numerous backup services for Microsoft 365 and Google Workspace, and none of them matched the type of service he sought. Crucial for any solution selected by H&B’s technology practice, a multi-tenant security-first mindset was a must. Many services adequately supported core backup functionality but became overly complex and unreliable when used for multiple clients and thousands of mailboxes a day.
“We needed effective backup not “so-so” backup and 47,000 other features added on top,” explains White. And, too often, the setup of these services proved cumbersome and painful due to manual setup of users and security roles, things White ultimately wrote PowerShell to automate. One example was the change from legacy to modern authentication in Microsoft 365. Despite advanced notice, other vendors were slow to adapt. “When something went wrong with the authentication function, it was so painful to set back up and restore. It took an hour and a half per client,” says White.
Their vendor partner promised a self-service portal for several years so users could restore their own content, but the portal never arrived, and Mr. White was advised he could build it himself with the available API. “We decided to go in another direction,” White says. Ironically, that vendor delivered version 1 of their self-service restore portal shortly before this article was published.
Hutchinson and Bloodgood’s primary vendor partner, Pax8, advised they look into Dropsuite for their data backup and e-Discovery. “That’s exactly what we did,” says White.
Dropsuite’s cloud platform provides cloud backup, eDiscovery, archiving, and recovery solutions so that businesses can better protect and utilize their data. Initially, Hutchinson and Bloodgood deployed Dropsuite’s Microsoft 365 backup internally for the entire firm. “We wanted to be sure about Dropsuite before sharing it with our customers. We are big believers in eating our own dog food. If it’s not a good fit for us, then it’s not something we would ever try to advise our clients to use,” stated White.
Dropsuite turned out to be a great fit and initial setup was much better than expected. “Compared to other vendors, the ease of setup was astounding. I was expecting something much more painful. Dropsuite’s streamlining of initial authentication and authorization was superior to other solutions we evaluated. It’s very straightforward and my level one techs were able set up all clients in about two days.” White says.
Dropsuite’s onboarding and ongoing support also proved superior over the long haul. “Whenever we had questions, Dropsuite got back to us very quickly and happily took feature and enhancement requests,” he says.
Not only did Dropsuite provide a practical and easy to administer solution, but the data is also highly portable should Hutchinson and Bloodgood decide they ever wanted to switch the service. “That kind of data portability is significant. Dropsuite doesn’t hold the data hostage for email archiving. If they no longer provide what our customers or we want, then it’s straightforward to move elsewhere.” he says. “As a Managed Service Provider, the ongoing monitoring of client’s backups is critical, especially to regulated industries where the success or failure of backups is reported and maintained as part of their ongoing documentation. Dropsuite’s e-mail alerting is simple and straight forward, easy to ingest by our service desk, and descriptive. On the rare occasion there is an issue, it’s easy to diagnose and resolve.”
Hutchinson and Bloodgood’s use of Dropsuite is expanding. While White and his team were getting their customer accounts established within the Dropsuite service, several clients expressed their need for eDiscovery services. “I took a look at Dropsuite’s eDiscovery service and was very impressed with the workflow. Simply conduct the search, wait for the results, and start downloading the content. It’s very straightforward and much easier to manage than traditional Microsoft 365 e-Discovery searches.”
“Whether it’s because of regulations, compliance, privacy, or security concerns, there’s increased considerations around data governance. That’s why, even though every organization does not necessarily have a regulatory or compliance concern, we want to deliver that level of experience from the get-go. You or a client don’t want to run into a legal issue or need an urgent email with no way to recover it. As my wife is fond of saying “Better to have it and not need it, than need it and not have it.” This level of due diligence is just baked into our philosophy,” says White. “This is also what makes Dropsuite a great partnership for us.”